ROTORCRAFTORY • Chandannagar, Hooghly • GSTIN: 19AAPCR3770A1Z8
Privacy Policy
This policy explains how Rotorcraftory collects, uses, protects, and deletes personal data when you use our PWA, website, shop, services, forum, marketplace, wallet, and support channels.
Last updated: June 11, 2026
Our DPDP Role
Rotorcraftory Private Limited acts as a Data Fiduciary for personal data you submit to us. You are the Data Principal for your personal data. We process digital personal data under the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 as they become applicable.
Information We Collect
When you create an account, place an order, use wallet, request a service, list or buy marketplace items, contact support, or join forum features, we may collect your name, email address, phone number, profile details, shipping/billing address, service requirements, product details, messages, uploaded images or proofs, and transaction information.
For manual bank/UPI transfer and wallet top-ups, we may collect transaction reference details (UTR/UPI reference), payer information, uploaded payment proof screenshots, admin approval records, and wallet ledger entries for verification, accounting, fraud prevention, and support.
We also collect technical information such as IP address, device/browser metadata, user account identifiers, timestamps, route access, referrer, logs, and security events for reliability, abuse prevention, debugging, and legal compliance.
Purpose of Processing
We process personal data only for lawful and necessary purposes connected with Rotorcraftory products, services, and platform operations.
- Account registration, sign-in, profile completion, and account security
- Order management, shipping, delivery, invoices, returns, warranty, and service fulfillment
- Wallet balance, wallet ledger, top-ups, refunds/credits, and manual/admin top-up verification
- Marketplace listings, purchases, forum messaging, notifications, and user support
- Payment processing through Razorpay, Cashfree, manual bank/UPI transfer, and related records
- Fraud prevention, abuse detection, rate limiting, dispute resolution, and audit logs
- Legal, tax, accounting, regulatory, cybersecurity, and law-enforcement compliance
- Product/store updates only where you have consented or where permitted by law
Consent and Withdrawal
We ask for a first-open privacy choice in the PWA and use clear notices across forms and checkout flows. Your consent must be free, specific, informed, unconditional, and unambiguous. You can browse public pages without consenting to account, order, wallet, or service processing.
If you submit a form, create an account, use wallet, place an order, upload a payment proof, request a service, or contact support, we process the personal data you provide for that specific purpose. You may withdraw consent by contacting [email protected], but withdrawal may limit account, wallet, checkout, service, or support functionality and does not affect processing already required for legal, tax, security, dispute, or completed-transaction purposes.
Payment Processing and Wallet
Payments may be processed through Razorpay, Cashfree, manual bank/UPI transfer, wallet balance, or other enabled payment methods. We do not store full card numbers, CVV, UPI PIN, or net-banking credentials on our servers.
We may store limited payment and wallet records such as order ID, payment ID, top-up ID, amount, payment method, gateway status, wallet debit/credit entries, coupon adjustments, proof references, and admin review notes for accounting, support, refunds, fraud prevention, and legal compliance.
Disclosure and Service Providers
We do not sell your personal data. We may share limited data with payment gateways, shipping/courier partners, hosting providers, email/messaging providers, Telegram/admin alert systems, analytics/security tools, professional advisers, and government or law-enforcement authorities where needed for the purposes stated in this policy.
Third-party providers process data under their own privacy policies and contractual/security controls. Where personal data is processed outside India, such transfer is subject to applicable Indian law and any Central Government restrictions or requirements.
Cookies, PWA Storage and Similar Technologies
We use cookies, local storage, and session storage for essential app behavior, security, language choice, privacy choices, cart storage, and PWA continuity.
- Essential sign-in cookie
rc_sessionkeeps you authenticated and protects account sessions for a limited period. - Logged-in indicator cookie
rc_logged_inhelps client-side experiences know when an account session is active. - Language cookie/local storage
rc_localerecords your preferred app language. - Privacy consent cookie
rc_dpdp_consentrecords your DPDP privacy choice. - Cookie preference cookie
rc_cookie_consentrecords your optional-cookie choice for cart storage. - Cart cookie
rc_shop_cartstores product IDs and quantities on your device only when optional cookies are allowed. - PWA service worker cache may store app shell files to make the site load faster and work better.
- Push subscriptions are used only if you grant browser notification permission.
You can manage cookies through browser settings. Disabling essential cookies may limit sign-in, checkout, wallet, cart, or account functionality.
Security Safeguards
We use reasonable technical and organisational safeguards including HTTPS/TLS, access controls, encryption or masking where appropriate, operational logs, monitoring, backups, and security review of processors to reduce risk of unauthorised access, loss, misuse, or personal data breach.
No system is completely risk-free. We continuously work to maintain appropriate safeguards and improve security practices.
Personal Data Breach
If we become aware of a personal data breach, we will take steps to contain, investigate, remediate, and prevent recurrence. Where required, we will notify affected users without delay and notify the Data Protection Board of India within the timelines required by DPDP Rules, including the detailed update within 72 hours of becoming aware of the breach unless the Board allows more time.
Data Retention and Erasure
We retain personal data only for as long as needed for the stated purpose, account/order/service continuity, wallet ledger integrity, tax and accounting law, payment disputes, fraud prevention, support, cybersecurity, or legal compliance.
Security logs and related records may be retained for at least one year where required for detection, investigation, remediation, and continued processing after a security incident, unless another law requires a different period.
When retention is no longer necessary, we delete, anonymise, or archive data according to applicable law and operational requirements.
Children and Guardians
Our services are intended for adults and lawful business/customer use. If you are under 18 years of age, use this site only with involvement and consent of a parent or lawful guardian. We do not knowingly run behavioural monitoring or targeted advertising directed at children.
Your Rights
Subject to applicable law, you may request access to a summary of your personal data, correction, completion, updating, erasure, grievance redressal, consent withdrawal, or nomination of another person to exercise your rights in case of death or incapacity.
To exercise these rights, write to [email protected] from your registered email or provide verifiable information that allows us to identify your account/order. We may ask for reasonable verification to prevent unauthorised disclosure or deletion.
Grievance Redressal and Contact
For privacy questions, rights requests, consent withdrawal, or grievances, contact Rotorcraftory Private Limited, Hatkhola Muktarpara, Chandannagar, Hooghly - 712136, West Bengal, India, or email [email protected].
We aim to respond to privacy grievances within a reasonable period not exceeding 90 days, subject to identity verification, complexity, and applicable law.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes become effective when posted on this page. For material updates, we will revise the last-updated date and, where appropriate, provide additional notice in the PWA or by registered communication channels.