Privacy policy

Effective Date:  01 Jan 2025 
Website: https://www.kamour.in
Operating Entity / Data Fiduciary: Kapeefit Health Brand Private Limited (brand: Kamour), India
Contact: [email protected] | +91‑9045599288

Grievance Officer:Users may contact Kapeefit Health Brand Private Limited at the addresses above or via [email protected]. Grievances shall be addressed within timelines prescribed by law.

1) Who We Are & Applicability

Kamour is a men’s wellness brand operated by Kapeefit Health Brand Private Limited. For Indian privacy law purposes, Kapeefit acts as the data fiduciary (controller‑equivalent) for personal data processed via our consumer website, e‑commerce operations, and tele‑consultations.

This Policy is intended to align with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the SPDI Rules, 2011, the Consumer Protection (E‑Commerce) Rules, 2020, and the Telemedicine Practice Guidelines, 2020, as updated from time to time.

We will revise this Policy as and when underlying laws, rules, or regulatory guidance evolve.

2) The Data We Collect

We collect data in three ways:
(1) data you provide directly,
(2) data collected automatically, and
(3) data from third parties (e.g., payment and logistics partners).

A. Data You Provide

• Identity & Contact: name, age (18+ confirmation), phone, email, billing and shipping addresses.

• Account & Authentication: passwords and/or OTP‑based login credentials (stored/handled securely; passwords hashed).

• Order & Billing: products purchased, transaction amount, mode of payment, tax invoice details, coupon usage, and related records.

• Tele‑Consultation Intake & Records: health concerns, lifestyle inputs, medical history you choose to disclose, consultation notes, audio/text/video logs where applicable, prescriptions (where permitted), follow‑up recommendations, and chat/call history with Practitioners conducted via our systems.

• Support & Exchange Evidence: support tickets, communications, unboxing or product‑issue videos/photos, uploaded invoices and IDs for verification/refund processing.

• Marketing Preferences: opt‑ins, survey responses, feedback, ratings, reviews, and content you voluntarily submit.
  
  

B. Data Collected Automatically

• Device & Usage: IP address, device and browser type, operating system, app version (if any), language, referral URLs, pages viewed, time spent, clickstream, app events, and crash logs.

• Cookies & Similar Tech: session cookies, analytics cookies, A/B testing tags, fraud‑prevention identifiers, and advertising identifiers (where permitted). See Section 10.
  
  

C. Data from Third Parties

• Payments: tokenized instrument identifiers, payment status, and limited metadata from payment gateways/aggregators; we do not store full card or UPI credentials (PCI‑DSS responsibility remains with the payment processor).
  

• Delivery & Logistics: shipment tracking IDs, delivery status, reverse‑pickup events, and courier updates.
  

• Practitioners: consultation outcomes, recommendations and prescriptions that are documented and shared through our platform as part of your care record.
  

• Ad/Analytics Partners: aggregated or pseudonymized campaign performance metrics and attribution data.
  
  

Children: Our Services are for adults (18+) only. We do not knowingly collect data relating to children. If you believe a minor has provided data, please contact us to request deletion.

3) Why We Use Your Data (Purposes)

We use personal data for the following purposes:

• Commerce & Fulfilment:
   To process and deliver orders; manage payments, invoices, returns and exchanges; provide customer support; and communicate order status.
  

• Tele‑Consultations & Prescription‑Based Services:
   To enable booking of consultations, connect you with independent registered medical practitioners (Practitioners), support secure audio/video/text interactions, store clinical notes and prescriptions as required, and enable continuity of care.
  

• Account & Security:
   To authenticate users, prevent fraud and abuse, detect suspicious or prohibited activity, enforce our Terms, and maintain service integrity.
  

• Legal & Compliance:
   To maintain tax and accounting records, comply with obligations under health, telemedicine and e‑commerce regulations, respond to lawful requests, and assist competent authorities where mandated by law.
  

• Improvement & Analytics:
   To understand usage patterns, diagnose technical issues, improve user experience, and refine our content, products and services.
  

• Marketing (with consent/opt‑in):
   To send offers, newsletters, updates, and personalized recommendations via email/SMS/WhatsApp or in‑product messages. You can opt out at any time.
  

• Business Operations:
  For internal audits, quality checks, training, and in connection with potential corporate transactions (e.g., merger, acquisition, restructuring), subject to this Policy.
  
  

4) Our Legal Grounds

We process personal data based on one or more of the following legal grounds (as available under Indian law):

• Your consent, for example for marketing communications or collection of sensitive health data for tele‑consultations.
  

• Performance of a contract, for example order fulfilment, delivery, refunds, and provision of consultation services you request.
  

• Compliance with law, for tax/accounting records, consumer protection requirements, or regulatory reporting.
  

• Other legitimate and reasonable purposes, such as fraud prevention, network and information security, and service improvement.
  
  

Where we rely on consent, you may withdraw it as described in Section 12. Withdrawal does not affect processing already carried out lawfully.

5) How We Share Data

We do not sell your personal data. We share it only as necessary for the purposes described above, with:

• Practitioners (Independent Professionals):
  To provide tele‑consultations, issue prescriptions where appropriate, and deliver follow‑up advice. Practitioners are independent professionals responsible for their own clinical decisions and record‑keeping.

• Payment Partners:
   Payment gateways/aggregators that process payments, refunds, and chargebacks.
  

• Logistics Providers:
   Courier and logistics partners that handle shipping, reverse pickups and delivery notifications.
  

• Technology & Cloud Service Providers:
  Hosting, storage, infrastructure, analytics, communication tools (email/SMS/WhatsApp), and customer support platforms that process data on our behalf under contractual safeguards.
  

• Affiliates & Professional Advisors:
   Group entities, auditors, accountants, and legal counsel engaged for legitimate business or legal needs.
  

• Regulators & Authorities:
   Where required to comply with applicable law, court orders or government directions; to enforce our terms; or to protect our rights, safety, or property or that of other users.
  

• Business Transferees:
  In connection with a merger, acquisition, restructuring, or sale of assets, subject to continued protection consistent with this Policy.
  
  

All processors are required to maintain appropriate confidentiality and security and may process personal data only on our documented instructions.

6) International Data Transfers

While primary processing occurs in India, some service providers (e.g., cloud, communications, analytics) may process data on servers located outside India. Where cross‑border transfers occur, we use contractual and technical safeguards to help ensure a level of protection consistent with applicable law.

7) Data Retention

We retain personal data only for as long as necessary for the purposes described above or as required by law, and then delete or irreversibly anonymize it. Indicative retention periods:

• Orders & Invoices: up to 8 years (for tax and legal record‑keeping).
  

• Tele‑Consultation & Prescription Records: typically 3–5 years from the last interaction, or longer/shorter where mandated by medical or telemedicine regulations.
  

• Support & Exchange Evidence: typically up to 180 days after case closure.
  

• Marketing Preferences & Logs: until you unsubscribe or withdraw consent.
  
  

• Security & Access Logs: about 12–24 months for fraud/abuse detection and system integrity.
  Actual retention may vary depending on specific legal obligations and business needs.

8) Your Rights & Choices

Subject to identity verification and applicable legal exemptions, you may be able to:

• Request access to your personal data and obtain a copy.

• Request correction of inaccurate or incomplete data.
  
  

• Request erasure of data that is no longer necessary or where consent is withdrawn and no other legal basis exists.

• Withdraw consent where processing is based on consent (e.g., marketing, certain tele‑consultation processing).
  

• Request data portability where technically feasible and applicable.
  

• Seek grievance redressal through our Grievance Officer.
  

• Lodge a complaint before the Data Protection Board of India (once constituted) or another competent authority.
  
  

How to exercise rights:
Email :[email protected] with the subject “Data Rights Request” and include your registered email/phone. We may request additional information to verify your identity and will respond within timelines prescribed by law.

9) Security Practices

We implement reasonable security practices and procedures, including but not limited to:

• Encryption in transit where appropriate.

• Access controls and least‑privilege permissions.

• Role‑based access to sensitive data (including health data).

• Monitoring, logging, and periodic security reviews.

• Backups and basic disaster recovery measures.
  
  

Despite safeguards, no system is completely secure. You are encouraged to use strong passwords, protect your devices, and never share OTPs, passwords or sensitive details with anyone claiming to be from Kamour.

10) Cookies & Similar Technologies

We use cookies and similar technologies to:

• Enable essential operations: login sessions, cart and checkout, and fraud control.
  

• Measure performance & analytics: track usage, diagnose issues, run A/B tests.
  

• Personalize & market (where permitted): remember preferences and show relevant content or offers.
  

Your choices:

• Manage cookies through our on‑site banner/controls (where available) and your browser settings.
  

• Opt out of marketing emails/SMS/WhatsApp at any time using unsubscribe links, in‑message options, or by contacting us.
  Blocking certain cookies may affect site functionality.

11) Communications

• Transactional:
   Order confirmations, shipment updates, OTPs, consultation‑related notifications, and important service announcements. These are necessary for service delivery and you generally cannot opt out of them.
  

• Marketing:
   Sent only where you have opted in; you can unsubscribe or change preferences at any time.
  

• WhatsApp/SMS:
   By opting in, you authorize us to send transactional messages and, where you consent, promotional messages over WhatsApp/SMS in line with applicable telecom and spam regulations.
  

12) Consent Management & Withdrawal

Where we rely on your consent (for example, marketing communications or certain tele‑consultation data), you may withdraw consent at any time via account settings (where available) or by contacting us.

Withdrawal will not affect processing already lawfully carried out, but may limit or disable certain features or Services (e.g., we may not be able to continue a tele‑consultation if you withdraw consent to process health data).

13) Practitioner & Vendor Privacy

Practitioners and vendors engaged through or by us may receive limited personal data strictly for service delivery:

• Practitioners receive data necessary for consultation and follow‑up recommendations and are responsible for their own professional and record‑keeping obligations under medical and telemedicine regulations.
  

• Vendors (such as logistics, cloud, communication providers) act as processors and must process data only on our documented instructions and under appropriate contractual safeguards.
  
  

14) Children’s Privacy

Our Services, including kamour.in and associated consultations, are intended for adults aged 18 years and above. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us so we can take appropriate steps to delete such data where required.

15) Links to Third‑Party Sites and Services

Our website may contain links to third‑party websites or services (such as payment gateways, logistics tracking pages, external telemedicine tools, or social media). Their privacy practices are governed by their own policies, which we do not control. You should review those policies before interacting with such third‑party services.

16) Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. When we do, we will post the updated version with a new Effective Date. If changes materially affect your rights or how we process your data, we will provide additional notice and seek fresh consent where required by law.

17) Contact & Grievance Redressal

For privacy queries or to exercise your data rights:

• Email: [email protected]
  

• Phone/WhatsApp: +91‑9045599288
  

Grievance Officer (per Consumer Protection (E‑Commerce) Rules, 2020 and applicable IT rules):

Users may contact Kapeefit Health Brand Private Limited at the addresses above or via [email protected]. Grievances shall be addressed within timelines prescribed by law.
Address: Anoop Tower, P‑5/3, Stadium Rd, Deen Dayal Puram, Bareilly, Uttar Pradesh 243122

We will endeavour to acknowledge and resolve grievances within timelines prescribed by applicable law.

18) Quick Summary (Non‑Binding)

• We collect identity, contact, order, and tele‑consultation data to deliver services you request.
  

• We do not store full card/UPI details; payment processors handle those under PCI‑DSS or similar standards.
  

• We use cookies for essential operations, analytics, and (with consent) marketing.
  

• You can control marketing opt‑ins and exercise access/correction/erasure rights, subject to law.
  

• We keep data only as long as needed or required by law, then delete or anonymize it.
  

• We apply reasonable security measures, but security is a shared responsibility.