Privacy Policy

Last updated: 28 May 2026

1. Who we are

Fitora ("we", "our", "us") is a healthy meal delivery subscription service operated from Thiruvananthapuram, Kerala. Our FSSAI registration is 21326131000217. We are committed to protecting the personal data of our customers and complying with the Indian Information Technology Act, 2000, the IT Rules 2011, and the Digital Personal Data Protection Act, 2023.

2. Data we collect

  • Account details: name, email, phone number, password (hashed)
  • Delivery details: address, pincode, delivery preferences, member count
  • Health & diet info: dietary preferences, allergies, fitness goals, BMI (optional)
  • Payment data: transaction IDs and order amounts only — full card details never reach our servers
  • Usage data: login dates, meal ratings, app/site interactions
  • Cookies & session: authentication tokens to keep you signed in

3. How we use your data

  • To prepare and deliver your meals
  • To personalise meal recommendations and health insights
  • To process payments and issue receipts
  • To send service updates, delivery notifications, and customer support replies
  • To improve our menus, recipes, and service quality
  • To comply with food safety and tax regulations

4. Third-party services

We share the minimum necessary data with these trusted processors:

  • Razorpay: payment processing (PCI-DSS compliant — they handle card data, not us)
  • Gmail SMTP: transactional emails (OTP codes, order receipts)
  • Vercel: website hosting (servers located in Mumbai, India)
  • MongoDB Atlas: database hosting (encrypted at rest and in transit)
  • Anthropic Claude: AI processing for the optional Health Assessment

We never sell your personal data to advertisers or data brokers.

5. Data retention

We retain account and order data for as long as your subscription is active. After cancellation, basic transactional records are kept for 7 years as required by Indian tax law. Health-assessment data and dietary preferences can be deleted on request.

6. Your rights

  • Access — request a copy of the data we hold about you
  • Correction — fix inaccurate personal data via your dashboard
  • Deletion — request erasure (subject to legal retention requirements)
  • Portability — receive your data in a machine-readable format
  • Withdraw consent — opt out of optional features (health assessment, marketing emails)

To exercise these rights, email fitorafood@gmail.com. We will respond within 30 days.

7. Security

We follow industry-standard security practices: HTTPS encryption everywhere, hashed passwords (bcrypt), session tokens with 8-hour expiry, role-based access controls, and encrypted database connections. Razorpay secret keys never leave the Vercel server environment.

8. Children

Fitora is not intended for users under 18. We do not knowingly collect data from minors. If you believe a child has provided personal data, contact us for immediate removal.

9. Updates to this policy

We may update this policy as services evolve. Material changes will be announced via email and the "Last updated" date at the top of this page.

10. Contact

Grievance Officer — Fitora Food, Thiruvananthapuram, Kerala, India.
Email: fitorafood@gmail.com