Privacy Policy

1 Who We Are

ZAPOTA AGROTECH PVT. LTD. ("Zapota", "we", "us", or "our") operates the Zapota agricultural marketplace — an Android application and website at zapota.in — that connects farmers, agri-service providers, and buyers directly across India.

Company	Zapota Agrotech Pvt. Ltd.
Address	Thirthhalli, Karnataka, India
Email	zapotasupport@gmail.com
WhatsApp	+91 97437 36881
Website	zapota.in

2 Information We Collect

Information You Provide Directly

Phone Number — your primary identifier, collected during OTP-based registration.
Full Name — collected on first login to personalise your experience.
Profile Photo — optionally uploaded by you.
Service Listings — title, description, price, photos, category, and delivery radius when you post a service.
Request Notes — optional messages you send to sellers with a service request.

Information Collected Automatically

Location Data — GPS coordinates to show nearby services and calculate distances. Collected only when the app is active and with your explicit permission.
Device Information — Android model, OS version, and device identifiers for analytics and crash reporting.
App Usage Data — screens visited and features used, to improve the Platform.
FCM Token — a device token used to deliver push notifications to you.

Information From Third Parties

Google Maps API — your GPS coordinates are sent to Google to return a readable location name (city, state, PIN code).
SMS Gateway — your phone number is shared with our SMS provider solely for OTP delivery.
WhatsApp Business API — used as a fallback OTP channel.

3 How We Use Your Information

Purpose	Details
Authentication	To verify your identity via OTP and maintain your secure login session.
Profile Display	To show your name and photo to other users on your listings and profile.
Location Services	To display nearby services, calculate distances, and show your location in the app header.
Service Listings	To publish your posts so buyers can discover and request your services.
Notifications	To send push notifications about requests, status updates, and announcements.
Lead Tracking	To record whether a call connection was made (via voluntary in-app prompt) for platform analytics.
Support	To respond to your queries submitted via WhatsApp or email.
Safety	To detect fraud, enforce our Terms, and protect users from abuse.
Legal Compliance	To comply with applicable Indian laws and valid legal requests.
Improvement	To analyse usage and improve features, performance, and experience.

4 How We Share Your Information

Zapota does NOT sell your personal data. We do not allow advertisers to target you. We share data only as described below.

With Other Users

When you post a service listing, your title, price, photos, category, and general location are visible to all users.
When a request is accepted, your phone number becomes accessible through the in-app Call button. This is the core bridge mechanism of Zapota.
Your name and profile photo are visible on listings and your profile card.

With Service Providers

Google Firebase — Authentication, Firestore, Cloud Storage, Cloud Messaging.
Google Maps Platform — Reverse geocoding of GPS coordinates.
SMS Gateway — Phone number transmitted solely for OTP delivery.
WhatsApp Business API — Fallback OTP delivery channel.

For Legal Reasons

We may disclose your information if required by law, court order, or Indian government authority under the Information Technology Act, 2000.

5 Data Storage & Security

All user data is stored on Google Firebase infrastructure. All data transmission uses HTTPS/TLS encryption. Firebase Security Rules ensure users can only read and write their own data.

Security Measures

OTP codes are hashed and expire within 5 minutes of generation.
Session tokens are stored in EncryptedSharedPreferences on your device.
Profile photos are in Firebase Storage with owner-only write access.
All API calls use HTTPS/TLS encryption.

Data Retention

Data Type	Retention Period
Account data	Retained while account is active
Deleted accounts	Soft-deleted for 30 days, then permanently purged
OTP logs	Deleted within 24 hours
Notifications	Retained for 90 days
Service listings	Retained until deleted by seller
Request records	Retained for 12 months for dispute resolution

6 Your Rights

Right	How to Exercise
Access	Email zapotasupport@gmail.com to request a copy of your data.
Correction	Update your name, photo, and listings directly in the app.
Deletion	Delete your account from Profile → Account → Delete Account. Data purged within 30 days.
Withdraw Consent	Disable location permission in your device Settings at any time.
Portability	Request a data export by emailing zapotasupport@gmail.com.
Opt-Out	Disable notifications via Profile → Settings → Notifications toggle.

7 Android Permissions Explained

Permission	Why We Need It
INTERNET	Required for all app functionality — Firebase, Google Maps, and our servers.
ACCESS_FINE_LOCATION	Precise GPS for showing nearby services. Requested at runtime; optional.
ACCESS_COARSE_LOCATION	Approximate location fallback when precise GPS is unavailable.
RECEIVE_SMS	Auto-reads OTP codes from SMS via the SMS User Consent API only. We never read any other SMS.
CAMERA	Captures profile and service listing photos when you explicitly tap the camera option.
READ_MEDIA_IMAGES	Accesses gallery photos (Android 13+) for profile and service listing photos.
POST_NOTIFICATIONS	Required on Android 13+ to show push notifications.
USE_BIOMETRIC	Powers the optional Biometric Lock in Profile settings.

Call Log Note: Zapota does NOT request READ_CALL_LOG permission and never accesses your call history. After a call, we show a voluntary in-app prompt — "Were you able to connect?" — to track connection outcomes. This is entirely opt-in.

8 Children's Privacy

The Zapota Platform is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at zapotasupport@gmail.com and we will promptly delete the account.

9 Third-Party Links & Services

The Platform may contain links to third-party websites or integrate with services such as WhatsApp for support. We are not responsible for the privacy practices of those services. We encourage you to read the privacy policies of any third-party services you use.

10 Future Paid Features

Zapota is currently free to use for all buyers and sellers. We reserve the right to introduce paid features, premium subscription plans, promoted listings, lead packages, or other service fees in the future to sustain and grow the platform.

Our Commitment: You will always be notified at least 30 days in advance of any new charges through in-app notification and email. You will never be charged without prior notice and your explicit consent.

Any future paid features will be optional. Free access to core services will continue to be available.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you via in-app notification and update the effective date at the top of this document. Continued use of the Platform after changes constitutes your acceptance of the updated policy.

12 Contact Us

For any privacy-related questions, requests, or complaints, please reach us through any of the following:

Company	Zapota Agrotech Pvt. Ltd.
Address	Thirthhalli, Karnataka, India
Email	zapotasupport@gmail.com
WhatsApp	+91 97437 36881
Website	zapota.in
Response Time	We aim to respond to all privacy requests within 5 business days.

If you are not satisfied with our response, you may lodge a complaint with the relevant Indian data protection authority under applicable law.