Privacy Policy
Last Updated: November 15, 2025
FISSTO (Fast Integrated Sale Service Trade Online), operated by FISSTO, a company incorporated under the laws of India with its registered office at New Delhi, India ("we", "us", "our", or "FISSTO"), is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our website (**www.fisstoworld.com**), mobile app, or any related services (collectively, the "Platform**"). By using the Platform, you consent to the practices described herein.
1. Information We Collect
We collect the following types of information:
A. Information You Provide Directly
- Account Data: Name, email, phone number, business name, GSTIN, PAN, address, bank details (for payouts).
- KYC Documents: Aadhaar, PAN, business registration, GST certificate (for verification).
- Transaction Data: Product listings, inquiries, quotes, orders, payment details.
- Communication: Messages, feedback, support tickets.
B. Automatically Collected Data
- Device & Usage Data: IP address, browser type, OS, device ID, pages visited, time spent, clickstream data.
- Cookies & Tracking: Session cookies, analytics (Google Analytics), advertising IDs.
- Location Data: Approximate location via IP (with consent for precise GPS).
C. Third-Party Data
- Payment gateway logs, logistics partner updates, credit bureau reports (for trust scores).
2. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide & improve Platform services | Contract fulfillment |
| Verify identity & prevent fraud | Legal obligation & legitimate interest |
| Process payments & payouts | Contract fulfillment |
| Send transactional alerts (order updates, OTPs) | Contract fulfillment |
| Personalize recommendations & ads | Consent / Legitimate interest |
| Analyze usage & generate insights | Legitimate interest |
| Comply with laws (GST, TDS, KYC/AML) | Legal obligation |
| Resolve disputes & enforce terms | Legitimate interest |
3. Data Sharing & Disclosure
We do not sell your personal data. We share only when necessary:
| Recipient | Purpose |
|---|---|
| Sellers/Buyers | To fulfill inquiries, orders, logistics |
| Payment Gateways (Razorpay, PayU, etc.) | Process transactions securely |
| Logistics Partners | Shipping & tracking |
| Cloud Providers (AWS India, Google Cloud) | Data storage & processing |
| Analytics Partners | Platform performance (anonymized) |
| Government Authorities | Tax reporting, legal compliance |
| Successors | In case of merger/acquisition |
4. Data Security
- Encryption: SSL/TLS for data in transit; AES-256 at rest.
- AccessControls: Role-based access, 2FA for staff.
- RegularAudits: ISO 27001-aligned practices.
- PCI-DSSCompliance: For payment data (handled by certified gateways).
Despite best efforts, no system is 100% secure. We are not liable for unauthorized breaches beyond our control.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & KYC | 7 years post-account closure (per Indian law) |
| Transaction Records | 8 years (GST & tax compliance) |
| Logs & Analytics | Up to 12 months |
| Marketing Preferences | Until consent withdrawn |
You may request deletion (subject to legal obligations).
6. Your Rights (Under DPDP Act, 2023 & GDPR)
As a user in India or accessing from GDPR jurisdictions, you have the right to:
- Access your personal data.
- Correct inaccurate data.
- Delete data (where not required by law).
- Withdraw consent (for marketing, cookies).
- Data portability (structured format).
- Object to automated decisions.
Exercise Rights: Email [privacy@fissto.com] with subject "DPDP Request – @hitesshgoel".
We respond within 30 days.
7. Cookies & Tracking
| Type | Purpose | Opt-Out |
|---|---|---|
| Essential | Login, security | Cannot disable |
| Functional | Language, preferences | Settings |
| Analytics | Usage stats | [Cookie Settings] |
| Marketing | Ads, retargeting | Consent banner |
Manage preferences via the **cookie banner** or browser settings.
8. Children’s Privacy
FISSTO is not intended for individuals under 18. We do not knowingly collect data from minors.
9. International Data Transfers
Your data is processed in India. We ensure adequate safeguards (SCCs, DPDP compliance) for cross-border transfers.
10. Changes to This Policy
We may update this Policy. Significant changes will be notified via:
- Email (to registered address)
- Platform banner
- Updated "Last Updated" date
Continued use = acceptance.
11. Grievance Officer (India)
Name: Hitesh Goel (@hitesshgoel)
Email: grievance@fissto.com
Address: FISSTO, Registered Office, New Delhi, India
Response Time: Within 30 days (per DPDP Act)
Contact Us
Data Protection Officer
Email: dpo@fissto.com
Phone: [+91-9899069707]
Address: FISSTO, New Delhi, India
FISSTO: Your Data, Your Trust.
We trade fast. We protect faster.
(This policy complies with the Digital Personal Data Protection Act, 2023 (India), IT Act 2000, and aligns with GDPR principles.)
