Last updated November 19, 2025

Privacy Policy

HitsTheSpot is built for food lovers, not data brokers. This policy explains what we collect, how we use it, and the choices you have to stay in control.

DISCLAIMER

The use of this Platform in any of its forms (as described below) is subject to the terms and conditions stated in this document. By accessing this Platform, you agree to abide by these terms and conditions.

This Privacy Policy governs the usage of ‘HitsTheSpot’ which is maintained by Vitely Ventures Private Limited (hereinafter referred as "We" and/or "us" and/or "Vitely" and/or "Company") is designed to help you understand how we collect, use, disclose, and safeguard your personal information when you use our mobile application, website, and related services (collectively, the "Platform"). By accessing or using the Platform, you agree to the terms of this Privacy Policy.

This Platform: HitsTheSpot (including its web application, iOS and Android mobile applications, pages, extensions, and any other related interfaces or versions) and other as may be launched from time to time (hereinafter referred to as "Platform") is developed, operated and maintained by Vitely Ventures Private Limited ("The Company"), a Company, having office at: 3rd Floor, II, Judges Bungalow Rd, opp. Pushparaj Tower, Sumeru, Bodakdev, Ahmedabad, Gujarat, 380054.

In the Privacy Policy, "we", "our" and "us" means "the company"; "you" and "your" means any person who accesses and uses this Platform; This Privacy Policy covers this Platform’s treatment of personally identifiable information that the company collects when you are on this platform and afterwards, and when you use this platform’s services. This policy also covers the company's treatment of any personally identifiable information (“PII”) that users share and/or the PII which the company may fetch/collect from various service providers with whom the company has integrated its systems to provide the necessary services to you. This policy does not apply to the practices of companies that the company does not own or control or to people that the company does not employ or manage.

This policy is in compliance with the Digital Personal Data Protection Act (DPDPA), 2023, General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability Act (HIPAA).

We ensure that all personal data is processed lawfully, fairly, and transparently. We respect your rights as a data principal, including the right to access, rectification, erasure, restriction, and objection to data processing.

DATA FIDUCIARY/DATA CONTROLLER AND DATA PRINCIPAL/DATA SUBJECT

  • Our Company is the Data Fiduciary under this Privacy Policy. As a Data Fiduciary, we determine the purpose and means of processing personal data collected from individuals using our Platform.
  • A Data Principal is any natural person whose personal data is collected, processed, or stored by us.

For any concerns or queries regarding data protection, you may contact us as mentioned in the Contact Us section.

In Brief

At Our Company, your privacy is not just a legal obligation, it’s a commitment. We believe that your trust is built on how transparently and securely we handle your personal information. This Privacy Policy is designed to provide you with a clear understanding of how we collect, use, protect, and share your data whether you provide it directly to us or we obtain it from reliable third-party service providers integrated with our systems.

WHY THIS POLICY MATTERS

We want you to feel confident using our platform, knowing that your personal data is in safe hands. This policy answers key questions:

How Do We Use Your Data?

We use your data to provide personalized restaurant recommendations, enable dining reservations, ensure a secure user experience, enhance platform functionality, and comply with legal obligations. Data is also used for marketing (with your consent) and analytics to improve our services.

Who Do We Share Your Data With?

We share your data with carefully chosen partners, including restaurant partners (for improvement in their services and analytics purpose, analytics providers, regulatory authorities (as required by law), and service providers who help us deliver our services.

Your Consent and Control:

By continuing to use our Platform, you agree to the terms of this Privacy Policy. You always have control over your data and can access, update, delete, or withdraw your consent at any time.

Staying Updated:

Privacy is an evolving landscape, and so is this policy. We may update it from time to time without prior notice to reflect changes in our practices or to comply with legal requirements. We encourage you to revisit this page periodically for the latest version.

Your Choice, Your Experience:

By accessing our Platform and consenting to the use of cookies, you enable us to offer a more personalized experience, remembering your preferences, conducting data analytics, and enhancing Plaftform performance.

YOUR PERSONAL DATA

  • We also collect data automatically, including device information, IP address, usage patterns, location data, transaction details, browsing behavior and details received from trusted partners, such as restaurant partners and payment gateways.
  • Data You Provided Directly: Your name, Contact details, Registration details, Allergy information, location details, food related posts – images and reviews, time and details of restaurants visits, order details, other users you go with, images (including those of people) dining preferences, reviews, and customer support queries and any other information that you may provide including any personal data or information to access the platform and its features.
  • Data from Trusted Partners: Data including but not limited to Reservation confirmations, payment processing data, and restaurant feedback.

COLLECTING AND PROCESSING OF PERSONAL INFORMATION

We collect and process personal information in the course of providing our services as mentioned in Section C and D of this policy. This includes data collected from individuals associated with our users, restaurant partners, and other stakeholders, in compliance with the Digital Personal Data Protection Act, 2023 and General Data Protection Act.

Please note that the following details may or may not be collected. The specific information collected will depend on the type of user you are and the nature of your interaction with our services.

The data listed below is processed to enable platform functionality, create and manage user accounts, facilitate transactions, and personalize services. It is also used to ensure security, detect fraud, fulfill contractual obligations, provide customer support, and improve overall user experience. Additionally, certain data is processed to comply with legal, regulatory, and audit requirements.

SubjectPersonal Data Collected
Customers (B2C / CRM)
  • Name
  • Email
  • Phone number
  • Date of birth
  • Gender (optional)
  • Login credentials
  • Social login tokens (Google/Apple/Facebook)
  • OTP verification logs
  • Saved addresses
  • Marketing interaction data (opens/clicks)
  • Dietary preferences, allergies
  • Cuisine preferences
  • Favorite dishes
  • Past orders, reservation habits
  • Ratings & reviews
  • Order history
  • Reservation history
  • Payment method (card type, wallet/UPI)
  • Masked card details
  • Payment gateway transaction IDs
  • Refund/dispute records
  • Loyalty points balance & redemption history
  • Referral and coupon usage data
  • Friends list, following, shared recommendations
  • User-generated content
Restaurant Partners (B2B)
  • Contact person’s name
  • Business contact details
  • Legal business name
  • Registration details
  • GST/VAT/Tax IDs
  • FSSAI or food safety license numbers
  • Business address, phone, email
  • Operating hours
  • Restaurant category/type
  • Outlet/branch information
  • Documentation provided for verification
Restaurant Operational Data (B2B)
  • Menu items (pricing, ingredients, calorie info)
  • Order history (POS & online)
  • Table management & seating layouts
  • Reservation data
  • Role/permission configurations
  • Discounts and coupons
  • Customer segmentation rules
Transactional & Financial Data (B2B)
  • Sales history
  • Payment settlements
  • Refunds, voids, disputes
  • Taxes collected/remitted
  • Revenue reports
  • Outstanding dues/invoices
  • Bank account/UPI details
  • Payment gateway integration details
Employees / Staff (B2B)
  • Name
  • Contact details
  • Email
  • Role/designation
  • Username/display name
  • Gender
  • Encrypted passwords (via Firebase)
  • POS PIN codes
  • Access levels & permissions
  • Session activity logs
  • POS actions performed
Device & Network Data (Both B2B and B2C)
  • Device model
  • OS type
  • Browser type
  • App version
  • Device identifiers (IDFA, GAID, hashed ID)
  • IP address
  • Carrier info
  • Network type
  • Pages/screens visited
  • Click patterns
  • Time spent
  • Crash logs
  • Navigation flow
  • API logs
  • Approx/precise location (if permitted)
Communication Data
  • Support ticket history
  • In-app chat with merchants
  • Emails to support
  • Call log metadata
Sensitive Data (User-Provided)
  • Dietary preferences
  • Food allergies
  • Accessibility requirements
  • Device biometrics (FaceID/TouchID used locally, not stored)
Analytics & Derived Data
  • Customer value scoring
  • Churn prediction
  • Popularity rankings
  • Business performance metrics
  • Sentiment analysis
  • Predictive recommendations
Data Collected from Third Parties
  • Payment gateway verification data
  • Third-party analytics data (Google Analytics, Mixpanel, etc.)
  • Social media profile data (when linked)
  • Ad network identifiers
Compliance & Regulatory Data
  • User consent logs
  • Opt-in/opt-out preferences
  • Invoice & tax records
  • KYC documents (if payouts required)
  • GDPR/CCPA/DPDPA request logs (access/delete/rectify)

Processing Personal Information

Our Company and its partners collect and use your personal information and other information only as follows ("The purpose") :

  • Administrative Communication: To send you essential notifications, offer alerts, and other transactional communications relevant to your use of our services.
  • Product and Service Facilitation: To enable you to apply for or access products and services offered by us , ensuring a seamless experience.
  • Market Research and Analytics: To conduct market research, plan projects, troubleshoot technical issues, and detect and prevent fraud or other criminal activities.
  • Compliance and Legal Obligations: To comply with legal requirements, enforce our terms and conditions, and support regulatory or investigative processes, including responding to legal notices, claims, or litigation.
  • Site Usage and Security Enhancement: To monitor and analyze your usage of our platform, improve user experience, and ensure robust security measures.
  • Contractual Obligations: To fulfill our contractual commitments with you and deliver products or services as per your interest.
  • User Experience Improvement: To perform various analytics aimed at enhancing the quality of user experience, products, and services.
  • Service Updates and Promotions: To inform you about other services, events, and offerings that may interest you, provided you have consented to receive such communications.
  • Account Management: To notify you about changes or updates to your user account, ensuring you remain informed.
  • User Support: To respond to your requests, inquiries, comments, or concerns in a timely and effective manner.
  • Interactive Features: To allow you to participate in interactive features of our services when you choose to do so.

CONSENT TO OVERRIDE DND

By using our Platform and its services, you explicitly consent to receive essential communications from us, regardless of your registration on any Do Not Disturb (DND) registry, including those maintained by the Telecom Regulatory Authority of India (TRAI), the Department of Telecommunications (DoT), or any other appropriate authority.The said consent shall be obtained through a checkbox mechanism, with the option for the user to withdraw or unsubscribe from such consent at any time thereafter.

This may include, but is not limited to:

  • Multi-Channel Communication:You consent to receive such communications via multiple channels, including email, SMS, phone calls, and instant messaging platforms (such as WhatsApp), which may be integrated with our platform in the future.

SHARING OF PERSONAL DATA: ACCESS TO PERSONAL DATA WITHIN OUR PLATFORM AND BY THIRD PARTIES (SEC. 8 OF DPDP ACT, 2023)

At Our Company, we prioritize the confidentiality and security of your personal data. We do not disclose personal information except to those who require access for legitimate purposes, including our employees, officers, professional advisors, third-party contractors, and service providers, as necessary for the purposes specified in this policy.

DISCLOSURE TO THIRD-PARTY SERVICE PROVIDERS

Your personal data may be shared with such third-party service providers, subject to confidentiality arrangements and strictly on a need-to-know basis. These providers may include

  • IT and Security Service ProvidersFor secure management of our digital platforms, data storage, and cybersecurity.
  • Payment Processing ProvidersFor processing payments for services availed, including digital payment gateways.
  • Identity Verification AgenciesFor secure access control and verification processes.
  • Digital Communication and Marketing AgenciesFor customer communication, including service updates and product information.

Disclosure for Legal and Compliance Purposes

Notwithstanding the above, we reserve the right to disclose your personal data as follows:

  • As Required by LawIn compliance with any applicable laws, regulations, legal processes, or enforceable government requests.
  • To Protect Rights and SafetyWhere we believe in good faith that disclosure is necessary to protect the rights, property, or safety of us, our customers, or others.
  • In Connection with Legal ProceedingsFor ongoing or prospective legal actions.
  • In Business TransactionsIf Our Company is involved in a merger, acquisition, or sale of all or part of its assets, your personal data may be disclosed to the prospective parties involved, subject to confidentiality obligations.
  • In Business RestructuringIf the business is sold, merged, or restructured, your data may be shared with advisors and prospective buyers, with appropriate notifications.
  • For Aggregated Data AnalyticsWe may generate anonymized or aggregated data (which does not identify any individual) and share it for research, analytics, or business purposes.

Security of Your Personal Information

We ensure that all personal data is processed lawfully, fairly, and transparently. We respect your rights as a data principal, including the right to access, rectification, erasure, restriction, and objection to data processing.

  • We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it.
  • We implement multiple layers of security including network firewalls, data encryption, and secure authentication to safeguard your information and protect it from unauthorized access.
  • All electronic financial transactions entered into through our Platform will be protected by encryption technology.
  • When you register for the Service, this platform requires a password from you for your privacy and security. The platform transmits information such as your Registration Information for the company/ this platform or Account Credentials securely.
  • Our databases are protected from general employee access both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us.
  • You acknowledge that no method of transmission over the Internet, or method of electronic storage, is 100% secure, however, therefore, we cannot guarantee its absolute security. If you have any questions about security on our Platform, you can contact us on the email provided in contact us segment on our website.

Data Transfers

The Platform currently operates across multiple countries and territories worldwide. Accordingly, the information we collect may be stored and processed on secure servers located in countries other than your own, including India. All such transfers are carried out in compliance with applicable data protection laws, and we maintain robust technical and organizational safeguards, including encryption, access control, and monitoring, to ensure the security and confidentiality of your personal information. You expressly consent to the cross-border transfer, storage, and processing of your personal information as described in this Section. The Platform does not practice data localization and functions independently of territorial restrictions.

    USING YOUR INFORMATION FOR MARKETING PURPOSES

    From time to time, we may request more personal information in order to provide you with other benefits of the Service. The company may aggregate personal information and disclose such data in a manner to:

    We need your personal data in order to:

    • Third parties for their marketing and promotional purposes
    • Users of the Service for the purpose of comparing with relative to the broader community
    • Such information may not identify you individually. We may also use third party service providers to help us provide the Service to you, such as sending e-mail messages on our behalf or hosting and operating a particular feature or functionality of the Service. Our contracts with these third parties outline the appropriate use and handling of your information and prohibit them from using any of your personal information for purposes unrelated to the product or service they're providing.

    RETENTION OF PERSONAL INFORMATION

    We need your personal data in order to:

    • Provide our products and services to you.
    • Manage our business for our legitimate interest.
    • Comply with legal obligations, if any.
    You may choose not to share personal data or withdraw consent but doing so may limit the services we are able to provide to you. However, once you choose to withdraw the consent the personal data which has been shared, shall continue to remain with us for as long as the applicable law provides.We may retain your Personal Data for a period of time consistent with the purpose of collection.

    CHANGES TO YOUR PERSONAL INFORMATION

    We will retain your information for as long as your account is active or as needed to provide you services or as may be required for internal analysis purpose or as may be required by law, whichever is later. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at email provided in contact us section of website. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

    LOG FILES

    As is true of most web sites/ Application, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, security, analytics, or site functionality

    BEHAVIORAL TARGETING / RE-TARGETING

    We may partner with a third party to either display advertising on our platform or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. There are a number of products and services that may be offered by third parties on our Site, (collectively, "Offers"). If you choose to apply for these separate products or services, disclose information to the providers, or grant them permission to collect information about you, then their use of your information is governed by their privacy policies and they will be acting as data controllers of your information. You should evaluate the practices of these external services providers and should view their privacy policies or contact them directly for further information before deciding to use their services. The Company is not responsible for their privacy practices.

    SINGLE SIGN-ON

    In our Application/Website, there are options wherein you can log in to our site using sign-in services such as Facebook, Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain personal information with us such as your sign-in information, name and email address to link between the sites.

    THIRD-PARTY LOGIN AND AUTHENTICATION

    We allow you to sign in to the App using third-party authentication providers such as Google or Facebook. When you choose to log in through these services, we only receive the limited information necessary to authenticate your account, such as your name, email address, and profile picture. This information is shared with us solely as permitted by the respective provider and authorized by you during the login process. At no point do we receive or access your Google, Facebook, or any other third-party account password. Additionally, these providers do not receive any information about your activities within our App, including any content you view, create, or interact with. Your use of third-party login options is subject to the privacy policies and terms of the respective providers.

    LINKS TO THIRD PARTY SITES

    Our Site includes links to other Web sites whose privacy practices may differ from those of the company. If you submit personal information to any of those sites, your information is governed by their privacy policies and they will be acting as data controllers of your information. We encourage you to carefully read the privacy policy of any Website you visit.

    OPTING OUT

    We provide our registered customers with periodic emailers and email/SMS alerts. We also allow users to unsubscribe/opt-out to email newsletters and from time to time may transmit emails promoting the company or third-party goods or services. The company's subscribers may opt-out of receiving our promotional emails and terminate their newsletter subscriptions by following the instructions in the emails. Opting out in this manner will not end transmission of service-related emails/SMS, such as email/SMS alerts

    If you have any complaints, security related concerns, please contact nodal officer at the email mentioned on contact us segment on our website. We will work closely with you to ensure a rapid and personal response to your concerns.

    You are responsible for maintaining the confidentiality of your login id and password. You are responsible for maintaining the security of your Login ID and Password and may not provide these credentials to any third party. If you believe that they have been stolen or been made known to others, you must contact us immediately at details mentioned in contact us segment of website. We are not responsible if someone else accesses your account through Registration Information they have obtained from you or through a violation by you of this Privacy and Security Policy or the Company’s Terms & Conditions

    CHANGES TO THE POLICY

    We may update this Privacy Policy to reflect changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.

    CONTACT US WITH QUESTIONS OR CONCERNS

    If you have questions, comments, concerns or feedback regarding this Privacy and Security Policy or any other privacy or security concern, send an e-mail to Nodal Officer, as per details mentioned in contact us segment of our Platform.

    This Policy shall be governed by and construed in accordance with the laws of the Republic of India and the courts at Ahmedabad, Gujarat, India shall have sole and exclusive jurisdiction in relation to any disputes arising out of or in connection with this Policy.

    IPR Ownership

    • OWNERSHIPAll intellectual property rights (IPR) in the products, services, content, designs, trademarks, innovations, and any other materials provided by our Company are owned exclusively by us solely .
    • RESTRICTED USEYou shall not copy, modify, transmit, distribute, reverse engineer, or exploit our products or materials without written permission. This restriction also applies to allowing any third party to do the same.
    • PROHIBITION OF RECORDING OR REVERSE ENGINEERINGYou shall not (and shall not permit any third party to) copy, record, or reverse engineer any design, ideas, structure, preferences, or other proprietary content provided by us.
    • CONSEQUENCES OF INFRINGEMENTAny unauthorized use of our IPR may lead to legal action, including criminal prosecution, at your own risk, cost, and consequences.

    CHILDREN’S PRIVACY

    Our Services do not address anyone under the age of 18. We do not knowingly collect personal identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you have any questions or concerns regarding this Privacy Policy, please contact us using the details provided on our Contact Us page.

    DATA PROTECTION OFFICER (DPO)

    In compliance with Section 8(9) of the Digital Personal Data Protection Act, 2023, and Article 37 of General Data Protection Act, our Company has appointed a Data Protection Officer (DPO) .The DPO is responsible for overseeing our data protection strategy and implementation to ensure compliance with DPDPA requirements. The DPO also serves as the primary point of contact for Data Principals regarding the processing of their personal data and for addressing any grievances.

    Email: dpo@hitsthespot.app

    COOKIES POLICY

    • INTRODUCTION:This Cookies Policy outlines how We ("Vitely Ventures Private Limited", "we", "us", or "our") utilizes cookies and similar tracking technologies on our platform. It aims to inform you about what cookies are, how we use them, and how you can manage your preferences.
    • WHAT ARE COOKIES?Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They help websites remember your preferences, enhance user experience, and provide relevant information.

    TYPES OF COOKIES WE USE

    COOKIE TYPEDESCRIPTION
    Essential CookiesNecessary for the website's functionality and cannot be disabled. They enable core features like security, network management, and accessibility.
    Performance CookiesCollect information about how you use our website, such as which pages you visit most often. This data helps us improve website performance.
    Functional CookiesRemember your preferences and choices to provide a more personalized experience, such as remembering your login details or language preferences.
    Analytical CookiesHelp us understand how users interact with our website by collecting and reporting information anonymously.
    Marketing CookiesTrack your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad.

    • THIRD-PARTY COOKIES:

      We may allow third-party service providers to place cookies on your device to enhance Platform functionality and deliver targeted advertisements. These providers may include:

      • Analytics Providers (e.g., Google Analytics)
      • Social Media Platforms
      • Advertising Networks

    • HOW TO MANAGE YOUR COOKIES:

      You can manage your cookie preferences through your web browser settings. Most browsers allow you to block or delete cookies, but disabling certain cookies may affect your experience on our website.

    • UPDATES TO THIS POLICY:

      We may update this Cookies Policy from time to time to reflect changes in technology, legislation, or our practices. We encourage you to review this policy regularly for any updates.

    • CONTACT US:

      If you have any questions or concerns regarding this Cookies Policy, please contact us using the details provided on our Contact Us page.

    Data Protection Officer (DPO)

    In compliance with Section 8(9) of the Digital Personal Data Protection Act, 2023, and Article 37 of General Data Protection Act, our Company has appointed a Data Protection Officer (DPO) The DPO is responsible for overseeing our data protection strategy and implementation to ensure compliance with DPDPA requirements. The DPO also serves as the primary point of contact for Data Principals regarding the processing of their personal data and for addressing any grievances.

    Data Protection Officer

    dpo@hitsthespot.app

    Primary contact for data privacy questions and grievances

    If we make material changes to this policy, we will notify you via in-app message or email before the new terms take effect. Please review this page periodically to stay informed about how we protect your privacy.

    Version 1.0 | This policy is governed by the laws of the Republic of India, and courts at Ahmedabad, Gujarat, India shall have sole and exclusive jurisdiction.