Ramio Platform (“Ramio”, “we”, “us”, or “our”) operates a technology-enabled commerce platform that enables Merchants to build, manage, and scale their online stores through various tools and functionalities, including store creation, product management, sales, marketing, payment facilitation, operations, and related offerings, including print-on-demand services (collectively, the “Services”). The Services further include such additional tools, features, functionalities, and integrations with Third-Party Services as may be made available through the Platform from time to time.

We value the privacy of individuals who interact with us and are committed to handling Personal Data responsibly, transparently, and in accordance with applicable law. This Privacy Policy explains how Ramio collects, uses, stores, discloses, protects, and otherwise processes Personal Data in connection with the Platform and Services, including in relation to Merchants, Customers, visitors, authorised users, vendors, service providers, and other relevant individuals.

For the purposes of this Privacy Policy, and depending on the context of your interaction with the Platform and Services, the terms “you” or “your” may refer to different categories of individuals:

  • End Customer: refers to an individual who accesses, browses, or interacts with a Merchant’s online store or services powered by the Platform, including placing orders or availing products or services. Ramio provides the underlying technology infrastructure but does not directly engage in transactions with End Customers, except to the extent necessary for providing the Services.
  • Merchant: refers to any individual or entity that registers on the Platform or otherwise avails the Services to create, manage, or operate an online store or to offer products or services to End Customers.
  • Affiliates / Authorised User: refers to any employee, representative, contractor, team member, affiliate entity, agent, or other individual who is authorised by a Merchant to access, manage, operate, or use the Merchant’s account, store, or Services on the Platform on behalf of such Merchant, subject to the permissions and access rights granted by the Merchant.
  • Visitor / Guest: refers to any individual who visits or interacts with the Platform, website, or communication channels without being logged into a Merchant account or otherwise actively using the Services, including individuals making enquiries or exploring the Platform.

For the avoidance of doubt, this Privacy Policy governs the privacy practices of Ramio only and does not apply to any independent website, storefront, application, product page, or business operated by a Merchant through or using the Platform, except to the extent Ramio directly processes Personal Data on behalf of such Merchant in connection with providing the Services. Merchants may maintain their own privacy policies, notices, and data handling practices, for which they remain solely responsible.

This Privacy Policy further does not apply to websites, applications, or services operated by third parties that are not controlled by Ramio, including third-party payment gateways, logistics providers, social media platforms, or independent websites linked through the Services. The privacy practices of such third parties shall be governed by their respective privacy policies and terms.

This Privacy Policy shall be read together with our Terms of Service, Merchant Terms, Cookie Policy, Disclaimer, and any other applicable policies or supplemental notices made available by Ramio from time to time. Capitalised terms used but not defined in this Privacy Policy shall have the meanings assigned to them under the applicable Terms.

We may update this Privacy Policy from time to time to reflect changes in our Services, technology, legal obligations, or privacy practices. Where required under applicable law, we will take reasonable steps to notify you of material changes.

If you do not agree with this Privacy Policy, you should discontinue use of the Services. If you have any questions regarding this Privacy Policy or our privacy practices, you may contact us using the details set out in the Contact Information / Grievance Redressal section below.

1.Scope

This Privacy Policy applies to the collection, use, storage, disclosure, transfer, protection, and other processing of Personal Data by Ramio in connection with the Platform and Services.

Without limitation, this Privacy Policy applies to Personal Data processed by Ramio relating to the following categories of individuals:

  • Merchants who register for, access, or use the Services;
  • Authorised Users / Affiliates who access a Merchant Account or otherwise use the Platform on behalf of a Merchant;
  • Customers who browse, interact with, or place orders through Merchant storefronts powered by the Platform, to the extent Ramio processes such data in connection with providing the Services;
  • visitors to our website, landing pages, applications, or communication channels;
  • individuals who contact Ramio for support, sales, grievances, partnership enquiries, or other correspondence;
  • vendors, service providers, consultants, contractors, and business partners who engage with Ramio; and
  • any other individuals whose Personal Data is lawfully provided to or collected by Ramio in connection with the Services.

Where Ramio processes Personal Data on behalf of a Merchant in connection with the Services, such processing may be subject to separate contractual terms between Ramio and the relevant Merchant.

In the event any supplemental privacy notice, product-specific notice, or separate written agreement expressly applies to a particular Service or relationship, such notice or agreement shall prevail to the extent of any inconsistency with this Privacy Policy.

2.Definitions

Capitalised terms used but not defined in this Privacy Policy shall have the meanings assigned to them under the applicable terms governing the Services. Where necessary, specific terms may be defined within this Privacy Policy for the purposes of clarity and interpretation.

3.Collection, Usage & Sharing of Personal Data by Category of Users

A. Merchants / Prospective Merchants

Information Collected

When a Merchant or prospective Merchant interacts with Ramio, including by registering for an Account, subscribing to the Services, accessing the Platform, requesting demos, or communicating with us, Ramio may collect and process information such as:

  • Account and registration information (including name, email address, phone number, login credentials, and account preferences);
  • Business and compliance information (including business name, GST details, PAN, EID, bank account details, and other regulatory information);
  • Transaction and billing information (including subscription details, invoices, payment status, and payout information);
  • Technical and usage information (including IP address, browser type, device information, and usage activity);
  • Communication and support information (including emails, chats, feedback, and support requests); and
  • Security-related information (including authentication data and fraud detection indicators).

Information Usage

Ramio processes such information as a data fiduciary / controller for the purposes of:

  • providing, operating, and managing the Services;
  • onboarding and verifying Merchant accounts;
  • processing subscriptions, billing, and payouts;
  • providing customer support and resolving disputes;
  • improving, customising, and developing the Platform and Services;
  • detecting, preventing, and addressing fraud, security, or technical issues;
  • communicating with Merchants regarding their accounts, transactions, and updates;
  • complying with legal and regulatory obligations; and
  • such other purposes as may be permitted under applicable law or based on consent.

Ramio may, where necessary, use automated tools and systems to assist in fraud detection, risk analysis, and operational efficiency.

Information Sharing

Subject to applicable confidentiality obligations, Ramio may share such information:

  • with Third-Party Service Providers (including payment gateways, hosting providers, analytics providers, and communication tools) for operational purposes;
  • with professional advisors, auditors, and consultants under appropriate confidentiality arrangements;
  • with regulatory authorities, law enforcement, or government bodies where required by law;
  • with service providers or partners engaged by the Merchant through integrations or Third-Party Services; and
  • within Ramio’s internal teams for operational, compliance, and support purposes.

B. Customers (Shoppers on Merchant Stores)

Information Collected

When Customers browse, interact with, or make purchases through a Merchant storefront powered by the Platform, Ramio may process, on behalf of the Merchant:

  • Contact and identity information (such as name, email address, and phone number);
  • Order and transaction information (including product details, purchase history, billing and shipping details);
  • Technical and usage information (including IP address, browser type, device information, and session activity); and
  • Payment-related metadata (such as transaction identifiers, payment status, and settlement information) received from authorised third-party payment service providers.

Payment Information

Ramio does not directly collect, process, or store sensitive financial credentials of Customers, including card numbers, CVV, or UPI PIN. All payments are processed through authorised third-party payment service providers.

However, Ramio may receive and process limited payment-related information from such providers, including transaction identifiers, payment status, settlement details, and related metadata, for the purposes of:

  • facilitating transaction tracking, reconciliation, and reporting;
  • displaying payment and order status to Merchants;
  • enabling order management and fulfilment; and
  • complying with applicable legal and regulatory obligations.

Information Usage

Ramio processes such Customer information primarily as a processor on behalf of the Merchant for the purposes of:

  • enabling and facilitating transactions between Customers and Merchants;
  • processing and managing orders, fulfilment, and logistics support;
  • providing Platform functionality and operational support; and
  • detecting and preventing fraud or misuse of the Platform.

To a limited extent, Ramio may process certain data as a controller for internal purposes such as platform improvement, analytics, and security. Customers who have questions regarding how their Personal Data is used should primarily contact the relevant Merchant, who acts as the primary data fiduciary / controller in respect of such data.

Information Sharing

Subject to applicable confidentiality obligations, Ramio may share Customer information:

  • with the relevant Merchant to enable order processing, fulfilment, and customer management;
  • with third-party service providers engaged in connection with the Services, including payment service providers, logistics and delivery partners, hosting providers, analytics providers, and communication tools;
  • with vendors or service providers engaged by the Merchant through integrations or Third-Party Services;
  • with regulatory authorities, law enforcement agencies, or government bodies where required by applicable law or legal process; and
  • internally within Ramio for purposes of operations, support, compliance, and security.

No Sale of Data

Ramio does not sell Customer Personal Data to third parties.

C. Visitors and General Users

Information Collected

When individuals visit the Platform, browse our website, or interact with us without registering as a Merchant, Ramio may collect:

  • Technical and usage information (including IP address, browser type, device information, and usage patterns);
  • Contact information (where voluntarily provided, such as through forms or communications); and
  • Communication and support information.

Information Usage

Ramio processes such information to:

  • operate and maintain the Platform;
  • improve user experience, performance, and security;
  • respond to enquiries and provide support;
  • analyse usage trends and enhance Services; and
  • comply with legal obligations.

Information Sharing

Such information may be shared with:

  • Third-Party Service Providers supporting analytics, hosting, and communications;
  • regulatory authorities where required; and
  • internal teams for operational purposes.

D. Vendors, Service Providers, and Business Partners

Information Collected

When vendors, consultants, contractors, or business partners engage with Ramio, we may collect:

  • Contact and identification information;
  • business and contractual information;
  • payment and invoicing details; and
  • communication records.

Information Usage

Such information is processed to:

  • manage contractual relationships;
  • facilitate payments and financial compliance;
  • communicate regarding services and engagements; and
  • comply with legal and regulatory requirements.

Information Sharing

Such information may be shared with:

  • financial institutions and payment processors;
  • professional advisors and auditors;
  • regulatory authorities where required; and
  • internal teams for business operations.

E. Aggregated and De-Identified Data

Ramio may collect, use, and analyse data derived from the use of the Services in aggregated, anonymised, or de-identified form for purposes including analytics, benchmarking, security enhancement, service improvement, and development of new features and functionalities.

Such data will not identify, and cannot reasonably be used to identify, any Merchant, Customer, or individual. This data may be used by Ramio for internal business purposes and to improve the performance, functionality, and security of the Platform.

4.How We Collect

Ramio may collect Personal Data through various means in connection with the Platform and Services, including:

A. Information Provided Directly by You

We collect Personal Data that is voluntarily provided by you, including when you:

  • register for an Account or use the Services;
  • create or manage a Merchant store;
  • fill out forms, submit information, or upload content;
  • communicate with us through email, chat, or support channels; or
  • participate in surveys, promotions, or other interactions.

B. Information Collected Automatically

We may automatically collect certain technical and usage-related information when you access or use the Platform, including through cookies and similar technologies. This may include:

  • IP address, browser type, and device information;
  • access logs, session data, and usage patterns; and
  • interactions with the Platform, features, and communications.

C. Information from Third Parties

We may receive Personal Data from third parties in connection with the Services, including:

  • payment service providers (such as transaction status and payment metadata);
  • logistics and fulfilment partners;
  • analytics providers and infrastructure service providers;
  • identity verification or compliance service providers; and
  • integrations or Third-Party Services enabled by the Merchant.

D. Information Processed on Behalf of Merchants

In providing the Services, Ramio may receive and process Personal Data relating to Customers and other individuals on behalf of Merchants, in accordance with the Merchant’s instructions and applicable law.

5.Our Role in Processing Data

A. Dual Role of Ramio

Depending on the nature of the interaction and the type of Personal Data involved, Ramio may act either as a data fiduciary (controller) or as a data processor.

B. Ramio as Data Fiduciary (Controller)

Ramio acts as a data fiduciary in respect of Personal Data that it collects and processes for its own purposes, including:

  • Personal Data of Merchants, prospective Merchants, and Authorised Users;
  • Personal Data of visitors interacting with the Platform or communicating with Ramio;
  • Personal Data processed for account management, billing, compliance, security, analytics, and platform improvement.

In such cases, Ramio determines the purpose and means of processing such Personal Data and is responsible for ensuring that such processing is carried out in accordance with applicable law.

C. Ramio as Data Processor (On Behalf of Merchants)

In relation to Personal Data of Customers (i.e., individuals who browse or transact on Merchant storefronts), Ramio generally acts as a data processor on behalf of the relevant Merchant. In such cases:

  • the Merchant acts as the primary data fiduciary / controller;
  • Ramio processes such Personal Data solely for the purpose of providing the Services, in accordance with the Merchant’s instructions and applicable law; and
  • Ramio does not determine the independent purposes for which such Personal Data is processed, except as required for limited operational, security, or legal purposes.

D. Limited Independent Processing

Notwithstanding the above, Ramio may process certain Customer-related data as a data fiduciary to the limited extent necessary for:

  • ensuring the security and integrity of the Platform;
  • detecting and preventing fraud, abuse, or misuse;
  • complying with legal or regulatory obligations; and
  • generating aggregated and anonymised insights for service improvement.

6.Merchant Responsibilities

Merchants acknowledge and agree that, in relation to Customer Personal Data processed through the Platform, they act as the primary data fiduciary / controller, and Ramio provides the Services as a technology-enabled intermediary.

Accordingly, each Merchant shall be solely responsible for ensuring that its collection, use, disclosure, and other processing of Personal Data complies with all applicable laws, regulations, and industry standards. Without limiting the generality of the foregoing, each Merchant agrees to:

  • Privacy Compliance and Notices: Ensure that it provides clear, accurate, and legally compliant privacy notices and policies to Customers, including disclosure of how Personal Data is collected, used, shared, and retained in connection with its storefront and business operations conducted through the Platform.
  • Lawful Basis and Consent: Ensure that all Personal Data collected through its use of the Platform is processed on a lawful basis, and where required under applicable law, obtain valid, informed, and explicit consent from Customers for such processing.
  • Controller Responsibility: Acknowledge that it is the primary data fiduciary / controller in respect of Customer Personal Data collected via its storefront, and is solely responsible for determining the purposes and means of such processing.
  • Accuracy and Legitimacy of Data: Ensure that all Personal Data collected and processed through its use of the Platform is accurate, relevant, and collected in a fair and lawful manner, and is not misleading or unlawfully obtained.
  • Security and Safeguards: Implement appropriate technical and organisational measures to protect Personal Data collected through its use of the Platform against unauthorised access, disclosure, alteration, loss, or misuse.
  • Compliance with Applicable Laws: Comply with all applicable data protection, consumer protection, e-commerce, tax, and other laws and regulations in relation to its use of the Platform and processing of Personal Data.
  • Sensitive Personal Data: Where the Merchant collects any sensitive personal data or special category data (if applicable under law), it shall obtain explicit and informed consent from the relevant data subjects and ensure compliance with additional safeguards required under applicable law.
  • Indemnity: The Merchant shall be solely responsible for any claims, losses, liabilities, damages, or regulatory actions arising out of or in connection with its breach of this Section or its processing of Personal Data through the Platform in violation of applicable law.

7.Cookies

A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We and our Third Party Service Providers use cookies and other similar technologies (“Cookies”) in order for us to provide our Service and ensure that it performs properly, to analyse our performance and marketing activities, and to personalise your experience.

You can learn more about how we use cookies and similar technologies and how you can exercise control over them in our Cookie Policy, which forms an integral part of this Privacy Policy and is available at our Website.

8.Security

Ramio implements reasonable technical, organisational, and administrative safeguards designed to protect Personal Data against unauthorised access, alteration, disclosure, loss, misuse, or destruction, in accordance with applicable law and industry standards.

Such safeguards may include, where appropriate, encryption, access controls, authentication mechanisms, secure servers, and monitoring systems.

Access to Personal Data is strictly limited to authorised personnel, service providers, and third parties who require such access for legitimate business purposes and who are bound by appropriate confidentiality and data protection obligations.

Security Disclaimer

While Ramio takes commercially reasonable measures to safeguard Personal Data, no method of transmission over the internet or method of electronic storage is completely secure, and absolute security cannot be guaranteed.

Accordingly, to the maximum extent permitted under applicable law, Ramio shall not be responsible or liable for any unauthorised access, loss, misuse, alteration, or disclosure of Personal Data arising from circumstances beyond its reasonable control, including but not limited to cyber-attacks, security breaches, or failures of third-party systems.

Users acknowledge that the processing of Personal Data is subject to inherent risks associated with digital platforms, and agree that Ramio shall not be held liable for any claims, damages, or legal proceedings arising solely from such risks or from events outside Ramio’s reasonable control.

In the event of a personal data breach, Ramio will take reasonable remedial and mitigation measures and, where required under applicable law, notify affected individuals and relevant regulatory authorities in accordance with statutory obligations.

9.Retention

Ramio retains Personal Data only for as long as it is necessary to fulfil the purposes for which it was collected, or for such longer period as may be required or permitted under applicable law.

The criteria used to determine retention periods include:

  • the duration for which an account remains active or Services are being provided;
  • the nature of the relationship with the user (Merchant, Customer, visitor, or other);
  • legal, regulatory, tax, accounting, or reporting obligations applicable to Ramio; and
  • the necessity of retaining data for the establishment, exercise, or defence of legal claims.

Upon termination or deactivation of an account, Ramio may retain certain Personal Data for a limited period as necessary for compliance, dispute resolution, fraud prevention, or legitimate business purposes, after which such data will be deleted or anonymised in accordance with applicable law.

Where data is retained in anonymised or aggregated form, it will no longer be considered Personal Data and may be used for analytical, statistical, or business improvement purposes.

Subject to applicable legal requirements, users may request deletion of their Personal Data, and Ramio will take reasonable steps to honour such requests in accordance with applicable law and internal policies.

10.User Rights

Subject to applicable law, including the Digital Personal Data Protection Act, 2023 and other applicable data protection laws, individuals whose Personal Data is processed by Ramio (including Merchants, Authorised Users, Customers, visitors, and other data principals) may have the following rights in relation to their Personal Data.

A. Right to Access

You may have the right to request confirmation of whether Ramio processes your Personal Data and, where applicable, access to such Personal Data along with information relating to:

  • the categories of Personal Data being processed;
  • the purposes of processing;
  • the categories of recipients with whom Personal Data has been shared; and
  • any other information required to be provided under applicable law.

B. Right to Correction and Updating

You may have the right to request correction, updating, or completion of inaccurate, incomplete, or outdated Personal Data held by Ramio, subject to verification and applicable legal requirements.

C. Right to Erasure / Deletion

You may have the right to request deletion of your Personal Data where:

  • the data is no longer necessary for the purposes for which it was collected; or
  • you withdraw consent (where processing is based on consent); or
  • retention is not otherwise required under applicable law.

However, Ramio may retain certain Personal Data where necessary for compliance with legal obligations, dispute resolution, fraud prevention, enforcement of agreements, or legitimate business purposes, as permitted under applicable law.

D. Right to Withdraw Consent

Where processing is based on consent, you may withdraw such consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal.

Please note that withdrawal of consent may affect your ability to access or use certain features of the Platform or Services.

E. Right to Grievance Redressal

You have the right to raise grievances regarding the processing of your Personal Data, including concerns regarding:

  • accuracy or completeness of data;
  • unauthorised use or disclosure;
  • breach of applicable data protection obligations; or
  • non-compliance with this Privacy Policy.

Ramio will address such grievances in accordance with applicable legal timelines and internal policies.

F. Right to Information About Processing

You may request information regarding how your Personal Data is being processed by Ramio, subject to applicable law and any restrictions relating to confidentiality, security, or legal obligations.

G. Role-Based Limitations on Rights

Where Ramio processes Personal Data on behalf of a Merchant (for example, Customer data processed through Merchant storefronts), such rights may need to be exercised directly with the relevant Merchant, as the Merchant is the primary data fiduciary / controller in respect of such Personal Data. Ramio may, where required and technically feasible, assist in facilitating such requests.

H. Identity Verification

To protect Personal Data from unauthorised access or misuse, Ramio may require Users to verify their identity before processing any request under this Section. Requests may be denied or delayed if identity verification cannot be completed or if the request is manifestly unfounded or excessive, to the extent permitted by applicable law.

I. Method of Exercising Rights

All requests for exercising rights under this Section may be submitted through the contact details provided in the “Grievances” or “Contact Information” section of this Privacy Policy. Ramio will make reasonable efforts to respond within the timelines prescribed under applicable law.

11.Minor’s Information

The Platform and Services are not intended for use by individuals who are below the age of 18 years. Ramio does not knowingly collect, solicit, or process Personal Data from children.

If Ramio becomes aware that it has inadvertently collected Personal Data from a person below the age of 18 years without verifiable parental or legal guardian consent, it shall take reasonable steps to delete such information from its systems, in accordance with applicable law.

If you are a parent or legal guardian and believe that a child under your care has provided Personal Data to Ramio without consent, you may contact us using the details provided in the “Grievances” or “Contact Information” section of this Privacy Policy, and we will take appropriate steps to address the concern.

Ramio disclaims any liability arising from the misuse of the Platform by individuals who falsely represent their age or provide incorrect information regarding their eligibility to use the Services.

12.Changes to This Privacy Policy

Ramio may update, modify, or revise this Privacy Policy from time to time to reflect changes in legal, regulatory, operational, or business requirements, or changes in the manner in which the Platform or Services are provided.

When we make changes to this Privacy Policy, the updated version will be made available on the Platform and will indicate the “Last Updated” date.

Where required under applicable law, we may also notify Users of material changes through reasonable means, which may include email notifications, in-platform alerts, or other communication channels made available through the Platform.

We encourage Users to review this Privacy Policy periodically to stay informed about how we process Personal Data. Continued use of the Platform or Services after the updated Privacy Policy becomes effective shall constitute acceptance of the revised terms, to the extent permitted under applicable law.

13.Intellectual Property

All rights, title, and interest in and to the Platform, including its design, software, systems, interfaces, content (excluding Merchant or Customer data), and all related intellectual property rights, are owned by or licensed to Ramio and are protected under applicable intellectual property laws.

Nothing in this Privacy Policy shall be construed as granting any licence or right to use Ramio’s intellectual property, except as expressly permitted in connection with the use of the Platform and Services.

All trademarks, logos, service marks, and trade names displayed on the Platform are the property of Ramio or their respective owners, and may not be used without prior written consent.

14.Contact Information / Grievance Redressal

Ramio is committed to addressing concerns relating to the processing of Personal Data in a fair, transparent, and timely manner, in accordance with applicable law.

A. Grievance Redressal Mechanism

Users may raise any grievances, complaints, or concerns relating to the processing of their Personal Data, including but not limited to:

  • access, correction, or deletion of Personal Data;
  • alleged misuse, unauthorised access, or disclosure of Personal Data;
  • concerns regarding compliance with this Privacy Policy; or
  • any other privacy-related issue arising from the use of the Platform or Services.

Such grievances may be submitted using the contact details provided below.

B. Contact Information

All grievances and privacy-related communications shall be mailed to the address below. Users are encouraged to provide sufficient details in their communication to enable Ramio to properly review and address the concern.

Ramio Platform

Grievance & Privacy Team

compliance@ramio.in

C. Acknowledgement and Resolution

Ramio shall acknowledge receipt of grievances within a reasonable time and shall endeavour to address and resolve such concerns within the timelines prescribed under applicable law or within a reasonable period, where no specific timeline is prescribed.

Where additional information or verification is required to process a request, Ramio may seek such information from the complainant.

D. Good Faith Resolution

Ramio will make reasonable efforts to resolve grievances through internal review and good faith engagement with the concerned individual.