← Back

Privacy Policy

Version 2 · Effective 8 June 2026

IRA ORA (the "Platform", "we", "us", "our"), operated by Ira Ora Pvt. Ltd., a company incorporated in India, is committed to protecting the privacy of the jewellers ("you", "your shop") and the authorised users who use the Platform to run gold-savings schemes and manage their customers. This Policy explains what personal data we process, how and why, and the rights available to you under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian law.

1. Information we collect

  • Account & shop information. Your name, email address, phone number, shop / company name, business address, and the role assigned to each user.
  • Authentication data. A securely hashed password (we never store your password in plain text) and server-side session records.
  • Customer & business records you enter. Customer names, phone numbers, email and postal addresses, savings-plan enrolments, ledger entries, payments, and reminders that you create within your shop's workspace.
  • Payment metadata. Transaction references and status from our payment processor. We do not store full card numbers.
  • Usage & device data. Log data such as IP address, request identifiers, timestamps, pages accessed, and audit records of actions taken in the Platform.

2. How we store and protect your information

  • Tenant isolation. Each shop's data is logically isolated using database row-level security so that one shop can never read another's data.
  • Encryption. Sensitive personal data (such as phone numbers and email addresses) is encrypted at the application boundary; data in transit is protected with TLS.
  • Access control & audit. Access is governed by role-based permissions, and mutating actions are recorded in an append-only audit trail.
  • Hosting. Data is hosted with reputable infrastructure providers, with a preference for data centres located in India.

3. How we use your information

We use personal data to: (a) provide, operate, secure and improve the Platform; (b) authenticate users and protect accounts; (c) process payments and send transactional reminders on your behalf; (d) provide support; (e) comply with legal obligations; and (f) detect and prevent fraud or misuse.

4. Data retention and deletion

We retain personal data for as long as your account is active and as required to provide the Platform, resolve disputes, and meet legal, accounting, and tax obligations. On verified request, or when no longer required, data is deleted or irreversibly anonymised. Append-only audit and ledger records may be retained for the period mandated by law.

5. Your rights

Subject to applicable law, you may: access the personal data we hold about you; request correction or completion; request erasure; withdraw consent; and nominate a person to exercise your rights in the event of incapacity. To exercise these rights, contact us using the details below. You may also escalate unresolved concerns to the Data Protection Board of India.

6. Children

The Platform is intended for businesses and is not directed at children. We do not knowingly collect personal data from children.

7. Changes to this Policy

We may update this Policy from time to time. Each version is numbered and retained. When we make a material change, you will be asked to review and accept the latest version before continuing to use the Platform.

8. Contact us

For any privacy question, to exercise your rights, or to raise a grievance, email us at [email protected].