Privacy Policy

Last Updated On: 19th May, 2025

1. INTRODUCTION

1.1. Purpose and Scope

This Privacy Policy (“Policy”) explains how HaaBtek Labs Private Limited (“Misto,”, “Misto Platform”, “Company,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects the personal information of users when they interact with:

• The Misto Platform, which includes the Misto and Misto Business mobile applications and the website www.misto.life (“Domain”).
• Online stores created by Sellers (“Stores”) that operate on the Misto Platform.
• Third-party service providers (“Partners”) who facilitate payments, logistics, and other services.

This Policy applies to all users, including:

• Sellers: Businesses and individuals creating online Stores on the Misto Platform.
• Customers: Buyers who access and transact on Stores.
• Partners: Third-party service providers offering logistics, payments, or analytics services.
• Affiliates: Individuals or entities promoting Misto in exchange for commission or fees.
• Partners: Third-party service providers offering auxiliary services, such as logistics, advertising, or payment processing.

1.2. Acceptance of the Privacy Policy

• By accessing or using the Misto Platform, Stores, or Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy.
• If you do not agree with this Policy, you must immediately discontinue use of the Misto Platform.
• If you use the Services from outside India, you do so at your own risk and are solely responsible for compliance with applicable local laws.

1.3. Interpretation in consonance with Terms of Use

This Privacy Policy is an integral part of the Misto Terms of Use which can be accessed (www.misto.life/tou). All terms not explicitly defined in this Policy shall have the meaning ascribed to them in the Terms of Use.

2. DATA COLLECTION AND USAGE

2.1. Categories of Data Collected

Misto collects different types of data from users to provide, improve, and secure its services. The categories of data collected include:

2.1.1. Personal Identification Data

• Full Name (for individuals) or Registered Business Name (for Sellers).
• Email Address, Mobile Number, and Postal Address for communication and account verification.
• Government-Issued Identification Details (e.g., Aadhaar, PAN, GSTIN, Passport, or other regulatory documentation) for KYC (Know Your Customer) compliance and fraud prevention.

2.1.2. Financial and Transactional Data

• Bank Account Details, UPI IDs, and Payment Methods used for transactions, refunds, and payouts.
• Order History, Payment Transactions, and Refund Requests for processing and dispute resolution.
• Wallet Balances and Misto Coins Usage to track rewards, credits, and deductions.

2.1.3. Behavioural and Usage Data

• Browsing Activity, Product Searches, and Clickstream Data to enhance the user experience.
• IP Address, Device Identifiers, and Location Data for fraud detection, security monitoring, and personalized content.
• Advertisement Interactions and Marketing Preferences for targeted promotions and analytics.

2.1.4. Communication and Support Data

• Messages Exchanged between Users via Misto’s chat or order communication system.
• Customer Support Conversations (phone, email, live chat) for service improvement and dispute resolution.
• User Feedback, Complaints, and Ratings to maintain service quality.

2.2. Purpose of Data Collection

Misto processes user data for the following purposes:

2.2.1. Service Provision and Account Management

• Creating and managing user accounts, Stores, and transaction records.
• Enabling secure login, password recovery, and authentication mechanisms.

2.2.2. Payment Processing and Financial Transactions

• Facilitating seamless transactions, refunds, and chargebacks through third-party payment providers.
• Verifying Seller payment details for commission settlements and Wallet withdrawals.

2.2.3. Platform Security and Fraud Prevention

• Detecting and preventing unauthorized access, account takeovers, or financial fraud.
• Identifying and blocking bot-generated traffic, phishing attempts, and malicious activities.

2.2.4. Personalization and Marketing

• Recommending relevant products, promotions, and discounts based on user activity.
• Sending marketing emails, SMS alerts, and push notifications, subject to user consent.

2.2.5. Compliance with Legal and Regulatory Obligations

• Fulfilling tax, accounting, and financial reporting requirements.
• Responding to government or law enforcement requests as required by applicable laws.

2.3. Data Collection Methods

Misto collects user data through the following methods:

2.3.1. Direct User Input

• When users sign up, log in, update profiles, or place orders.
• When Sellers list products, accept orders, or request payouts.

2.3.2. Automated Data Collection

• Cookies, tracking pixels, and session data for website analytics.
• Automated logs for fraud detection and cybersecurity monitoring.

2.3.3. Third-Party Data Sources

• Payment gateway partners for transaction verification.
• Logistics providers for order delivery status updates.

3. LEGAL BASIS FOR DATA PROCESSING

Misto processes personal data in compliance with applicable laws.

Misto processes personal data under the following legal bases:

3.1. Contractual Necessity

Processing of user data is necessary to fulfil our contractual obligations, including:

• Creating and managing user accounts.
• Facilitating transactions, payments, refunds, and payouts.
• Providing customer support, resolving disputes, and enforcing platform policies.

3.2. Legitimate Interests

Misto processes personal data based on legitimate business interests. This includes:

• Enhancing platform security and fraud prevention.
• Improving platform usability, performance, and personalization.
• Conducting internal business analytics, market research, and statistical reporting.
• Detecting and preventing misuse, fraud, or policy violations.

3.3. Legal Obligations

Misto is required by law to process certain user data to comply with:

• Tax, financial, and accounting regulations (e.g., GST, TDS, audit records).
• Regulatory filings and consumer protection requirements.
• Law enforcement requests and court orders.

3.4. User Consent

In certain cases, Misto relies on user consent to process data. This applies to:

• Marketing communications (e.g., promotional emails, SMS, and push notifications).
• Cookies and tracking technologies for personalized advertising.
• Voluntary participation in surveys, loyalty programs, or research initiatives.
• Third-party data sharing (where consent is explicitly required by law).
• Users have the right to withdraw consent at any time by updating their preferences in their account settings.

3.5. Data Processing for Legal Claims

• Misto may process user data to establish, exercise, or defend legal claims, including cases involving:
• Dispute resolution with Sellers, Customers, or third parties.
• Protection against fraudulent activities or financial loss.
• Compliance with regulatory inquiries and investigations.

4. DATA SHARING AND THIRD-PARTY DISCLOSURES

Misto does not sell or trade user data to third parties. However, we may share personal data under specific circumstances as outlined below:

4.1. Data Sharing with Third-Party Service Providers

Misto shares user data with trusted third-party service providers who assist in operating the Platform. These providers process data only under contractual obligations that ensure compliance with privacy laws.

4.1.1. Payment Processors

To process transactions, refunds, and payouts, Misto shares financial data with payment gateways and banking partners.

4.1.2. Logistics and Delivery Partners

To facilitate order fulfillment and shipping, Misto shares data with logistics providers.

4.1.3. Fraud Prevention and Security Services

Misto may share data with cybersecurity firms and fraud prevention agencies to:

• Detect and prevent unauthorized access, payment fraud, or identity theft.
• Investigate and mitigate hacking attempts or bot activity.
• Implement two-factor authentication (2FA) and account verification measures.

4.1.4. Marketing and Advertising Partners

Misto collaborates with third-party advertisers, analytics firms, and digital marketing platforms for:

• Targeted advertisements based on user behaviour.
• Measuring and optimizing ad performance.
• Email marketing and promotional campaign.

4.2. Regulatory and Legal Disclosures

Misto may disclose user data to government authorities, regulatory agencies, or courts as and when directed under law.

4.3. Data Sharing for Mergers, Acquisitions, or Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user data may be transferred to the acquiring entity, provided that:

• The acquiring company agrees to uphold the same data protection standards.
• Users are notified in advance of significant changes to data processing policies.

4.4. User Control Over Data Sharing

Users may:

• Opt out of marketing data sharing via account settings.
• Restrict the use of cookies and tracking technologies (see Clause 7 on Cookies and Tracking).
• Request details about third-party data sharing by contacting us.

5. DATA SECURITY MEASURES

Misto is committed to safeguarding user data through industry-standard security practices and technologies. We implement administrative, technical, and physical measures to protect personal data against unauthorized access, disclosure, loss, or misuse.

5.1. Security Protocols Implemented

To ensure the confidentiality, integrity, and availability of user data, Misto employs:

5.1.1. Data Encryption

• AES-256 encryption for storing sensitive data (e.g., passwords, payment information).
• TLS (Transport Layer Security) encryption for data transmission between users and the Misto Platform.

5.1.2. Access Control Mechanisms

• Role-based access controls (RBAC) to ensure only authorized personnel can access user data.
• Multi-factor authentication (MFA) for high-risk administrative actions.
• Automatic session timeouts and logout features to prevent unauthorized access.

5.1.3. Fraud Prevention and Anomaly Detection

• Real-time fraud detection systems that monitor transactions for suspicious behaviour.
• Machine learning algorithms to detect unauthorized login attempts and account takeovers.
• Automatic account locking for multiple failed login attempts.

5.1.4. Regular Security Audits and Compliance Checks

• Periodic vulnerability assessments and penetration testing to identify potential threats.
• Compliance reviews with regulatory requirements such as IT Act, GDPR, and payment security standards (e.g., PCI-DSS).

5.2. Protection Against Unauthorized Access

Misto takes proactive steps to ensure user account security, including:

• Secure password storage using cryptographic hashing algorithms.
• One-time passwords (OTPs) for sensitive actions such as withdrawals or account recovery.
• User notifications for account activity, such as login attempts from new devices.

Users are advised to:

• Use strong, unique passwords and enable two-factor authentication (2FA).
• Report any suspicious activity or unauthorized access immediately.

5.3. Data Breach Response Plan

In the event of a data breach, Misto will:

• Assess and contain the breach to minimize impact.
• Notify affected users and regulatory authorities if required by law.
• Investigate the root cause and implement corrective measures.

5.4. User Responsibility for Account Security

Users are responsible for:

• Keeping login credentials confidential and not sharing passwords.
• Avoiding phishing scams and suspicious links pretending to be from Misto.
• Updating account security settings regularly.

6. COOKIES AND TRACKING TECHNOLOGIES

Misto uses cookies, tracking pixels, web beacons, and similar technologies to improve user experience, analyse platform performance, and deliver personalized content. This section explains how we use these technologies and how users can manage their preferences.

6.1. What Are Cookies?

• Cookies are small text files stored on a user’s device when visiting the Misto Platform. They help in remembering user preferences, enhancing security, and optimizing functionality.
• Tracking technologies include web beacons (small image files) and pixel tags, which allow us to monitor user interactions with emails, ads, and the platform itself.

6.2. Types of Cookies Used

Misto categorizes cookies as follows:

6.2.1. Essential Cookies (Strictly Necessary)

• Required for the basic functionality of the Misto Platform.
• Used for:
• User authentication and secure logins.
• Session management and fraud prevention.
• Maintaining shopping cart data for Customers.

6.2.2. Performance and Analytics Cookies

• Help analyse how users interact with the Platform to improve usability and features.
• Used for:
• Measuring website traffic and user engagement.
• Identifying areas where the platform can be optimized.
• Detecting technical errors or slowdowns.

6.2.3. Functional Cookies

• Enhance the user experience by storing preferences and settings.
• Used for:
• Remembering language preferences and region settings.
• Personalizing content, including product recommendations.

6.2.4. Advertising and Targeting Cookies

• Enable Misto and third-party advertisers to display relevant ads.
• Used for:
• Retargeting users with product advertisements.
• Tracking the effectiveness of marketing campaigns.
• Preventing repetitive ad display.

6.3. Third-Party Cookies and External Tracking

• Some cookies are placed by third-party partners, including:
• Advertising networks for targeted promotions.
• Social media platforms (e.g., Facebook, Instagram, Google Ads) for login authentication and ad tracking.
• Payment processors to detect fraudulent transactions.
• Misto does not control third-party cookies; users should refer to respective third-party privacy policies for details.

6.4. User Control Over Cookies

6.4.1. Managing Cookie Preferences

• Users can accept, reject, or customize cookie settings via browser settings to block or delete cookies manually.

6.4.2. Opting Out of Tracking and Targeted Advertising

• Users may opt out of interest-based advertising through:
• Digital Advertising Alliance (DAA) opt-out tools.
• Device settings to limit ad tracking.
• Adjusting ad preferences on platforms like Google Ads or Facebook Ads.

6.5. Consequences of Disabling Cookies

• Essential cookies cannot be disabled as they are required for platform functionality.
• Disabling analytics or targeting cookies may result in limited personalization and certain features not working properly.

7. CHANGES TO THIS PRIVACY POLICY

Misto reserves the right to modify, update, or amend this Privacy Policy at any time to reflect:

• Changes in legal and regulatory requirements.
• Modifications in data collection, processing, or sharing practices.
• Updates to platform functionality, security policies, or third-party integrations.

7.1. Notification of Changes

• Users may be notified of material changes to this Privacy Policy via:
• Email notifications to registered users, or;
• Platform announcements or website banners, or;
• Updated Privacy Policy links in the app and website footer.

7.2. Continued Use After Policy Changes

• If a user continues to use the Misto Platform after the updated Privacy Policy takes effect, it constitutes acceptance of the revised terms.

8. Grievance Redressal Mechanism

In compliance with the Information Technology Act, 2000 and applicable data protection laws, Misto has appointed a Grievance Officer to handle privacy-related complaints and regulatory concerns.

Grievance Officer Details:
Name: Mr. Asif Mohmmad
Email: grievance@misto.life

Users may escalate unresolved privacy-related complaints to the Grievance Officer. Misto will acknowledge complaints within 7 working days and aim to resolve them within 30 days, subject to legal or operational constraints.