Privacy Policy

Definitions

• Account: means a unique account created for you to access our Service or parts of our Service.
• Buyer: shall mean those user(s) who have created an Account on the Mobile App or Web App as a buyer and seek to buy one/multiple of Goods(s) from the respective Sellers using the platform.
• Seller: shall mean those user(s) who have created an Account on the Mobile App or Web App as a seller and seek to sell any of the Goods(s) to the Buyers using the Platform.
• Company: refers to BioPlanet Green Technologies Pvt Ltd, 407 H block, Jains Carlton Creek, Khajaguda, Gachibowli, Hyderabad, Telangana-500104.
• Cookies: Small files stored on your Device to enhance your browsing experience.
• Sensitive Personal Data: Aadhaar, PAN, GST details, financial data, etc. (Only used for verification; not stored).
• Country: refers to India.
• Device: means any device that can access the Service such as a computer, a cell phone or a digital tablet.
• Data Fiduciary: The company responsible for determining the purpose and means of processing data.
• Data Principal: "You" the individual whose personal data is processed.
• Personal Data: is any information that relates to an identified or identifiable individual.
• Service: refers to the services provided by BioPlanet Green Technologies Pvt Ltd, like connecting multiple users who are trading in used cooking oil, used engine oil, plastic waste, E-waste and other listed materials on the application across the country.
• Service Provider: means any natural or legal person who processes the data on behalf of the Company (e.g. third parties providing hosting, payment, verification, messaging, analytics).
• Usage Data: refers to data collected automatically, either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website: refers to BioTradX, accessible from https://www.biotradx.com/.
• You: mean the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Types of Data Collected

Personal Data

While using Our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Email address
• First Name and Last Name
• Phone number
• Aadhaar Number details (not stored by Company but used for verification only)
• PAN Number details (not stored by Company but used for verification only)
• Business Name and GST Number
• Bank/UPI details (for payment settlement)
• Address and Location Details

Usage Data

Usage Data is collected automatically when using the Service. It may include information such as your Device's Internet Protocol address (IP address), browser type, browser version, device information, location data (with permission, using Google Maps API), the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Third Party Services

We use third-party KYC providers to verify PAN, GST, and Aadhaar details. Only necessary and masked information is processed; full Aadhaar or PAN is not stored. Payment gateways process transaction details such as name, contact, amount, and UPI/bank reference. Sensitive card data is handled securely by the gateway and not stored by us. Logistics and SMS/OTP providers may receive limited information such as name, contact number, address, and message delivery data. Location data may be accessed with your permission (e.g., via Google Maps API).

Use of your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To manage your Account and registration.
• For the performance of a contract.
• To contact you via email, telephone calls, SMS, or other equivalent forms of communication.
• To provide you with news, special offers and general information.
• To attend and manage your requests to Us.
• For business transfers (merger, acquisition, asset sale).
• For other purposes, such as data analysis, identifying usage trends, determining effectiveness of promotional campaigns, and improving our Service.

Sharing of Personal Data

We may share your data with:

• Service Providers: AWS cloud hosting, payment gateway, Google Maps, OTP providers, KYC APIs.
• Buyers/Sellers: As required for trade execution.
• Government Authorities: If mandated under law or court order.
• With Your Consent: When you explicitly allow sharing for a specific purpose.
• Business Transfers: In the case of mergers, acquisitions, or restructuring of the Company.

Disclosure of your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.

Other legal requirements

The Company may disclose your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Data Storage & Retention

Data Hosting and Storage

All personal and business data collected through the BioTradX platform is stored on secure servers hosted by Amazon Web Services (AWS). Wherever technically and operationally feasible, data is stored within the India region, in compliance with applicable Indian data localization laws and industry standards.

Storage of Sensitive Personal Data

• Information such as Aadhaar Number, PAN, and GST details are used solely for identity verification, KYC, and compliance purposes. This information is not stored, saved, or retained in our databases but shared with third party APIs for verification purpose only.
• Only verification status, reference codes, and non-sensitive metadata may be retained as permitted by law.

Retention of Transactional and Financial Data

BioTradX may retain certain personal and transactional information for legal, regulatory, and audit purposes, including but not limited to:

• Invoices, payment records, trade history, contracts, and financial documents.
• Retention period: Seven (7) to Eight (8) years, in accordance with the Companies Act, 2013, Income Tax Act, and GST laws of India.

Data Deletion, Anonymization, and Withdrawal of Consent

• Personal data that is no longer required for its original purpose, or upon withdrawal of consent (where applicable), will be deleted, anonymized, or securely archived in accordance with legal obligations.
• Where deletion is not legally permissible (e.g., financial or compliance records), such data will be retained in a restricted-access environment until the retention period expires.

Cross-Border Data Transfer (If Applicable)

If data is transferred or processed outside India (e.g., by global service providers), such transfers will comply with the Digital Personal Data Protection Act, 2023, contractual safeguards, and industry-standard security measures.

Data Security Measures

The Company adopts reasonable and appropriate technical and organizational measures to ensure the protection of Personal Data from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:

• Encryption: Use of industry-standard encryption technologies, including SSL/TLS for data in transit and AES-256 for data at rest.
• Access Control: Implementation of Role-Based Access Control (RBAC) to ensure only authorized personnel have access to specific categories of data.
• Network & Infrastructure Security: Use of firewalls, secure login protocols, intrusion detection systems, and AWS cloud security standards.
• Monitoring & Audits: Regular security audits, vulnerability assessments, penetration testing, and system monitoring to detect and mitigate potential risks.

While we employ industry-standard security measures, you acknowledge that no data transmission or electronic storage system is completely secure, and the Company cannot guarantee absolute security of data.

Data Principal Rights (Your Rights)

In accordance with the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights with respect to your Personal Data:

• Right to Access: Request copies or details of the Personal Data we hold about you.
• Right to Rectification: Request correction or updating of inaccurate or incomplete information.
• Right to Erasure/Deletion: Request deletion of data where permissible and not restricted by legal or regulatory obligations.
• Right to Withdraw Consent: Withdraw previously given consent for data processing, without affecting the lawfulness of processing before withdrawal.
• Right to Data Portability (if applicable): Request to transfer your data to another service provider in a structured, commonly used format.
• Right to Grievance/Complaint: Lodge a complaint regarding data misuse or breach of personal rights.

You may exercise these rights by contacting us at: privacy@biotradx.com

Cookies and Tracking Technologies

The Service uses cookies and similar technologies to enhance user experience and ensure proper functionality. Cookies may be used for the following purposes:

• Authentication and Session Management (login, account access).
• Preferences Storage (language settings, saved filters).
• Analytics and Performance Monitoring (traffic, user interaction, trends, errors).

You may choose to disable cookies through your browser settings. However, doing so may limit certain functionalities of the Service.

Children's Privacy

The Service is intended for use by individuals aged 18 years and above. We do not knowingly collect, process, or store personal data of individuals under 18 years of age. If you believe a minor has provided us with data, please contact us to ensure prompt deletion.

Grievance & Data Protection Officer (DPO)

In compliance with Rule 5(9) of the IT Rules 2011 and Section 13 of the Digital Personal Data Protection Act, 2023, the Company has appointed the following Grievance Officer/Data Protection Officer:

• Data Grievance Officer: Deepali Tyagi
• Email: deepalityagi@biotradx.com
• Alternate: grievance@biotradx.com

Grievances or complaints relating to data processing or privacy will be acknowledged and resolved within the timelines prescribed under applicable law.

Changes to This Policy

The Company reserves the right to modify or update this Privacy Policy at any time to reflect changes in legal requirements, technology, or business practices. Any updates will be posted on the website and/or mobile application with the "Last Updated" date.

Your continued use of the Service after such updates constitutes your acceptance of the revised Policy.

This Privacy Policy was last updated on 04 November 2025.