PRIVACY POLICY – SCOOM
Version 1.0 — Last Updated: 6 April 2026
Operated by Praveen Kumar Kotoju, trading as NEXORA (Sole Proprietorship), a registered business in India.
1. Consent & Lawful Basis
By clicking “Continue” and completing registration, you provide explicit, informed consent to the collection and processing of your personal data for the purposes described in this Policy (account operation, payments, order fulfillment, analytics, and marketing).
You may withdraw consent at any time by contacting support@nexorasoftware.in. If you withdraw consent, we will cease processing your data for non-statutory purposes, which will result in the termination of your account and access to the Service. Withdrawal does not affect the legality of processing completed prior to withdrawal.
2. Categories of Data We Collect
A. Account & Identity: Name, phone number, email address, and self-declared college affiliation.
B. Authentication: OTP verification event records (not the OTP value itself), device session tokens, and the version of the Terms of Service and Privacy Policy in effect at the time of registration.
C. Transaction & Payment: Order history, order metadata, and platform or convenience fees applicable to each transaction. Payments are processed via Razorpay; we do not store PAN, CVV, or UPI PINs.
D. Technical & Diagnostic: Device model, OS version, pseudonymous device identifiers (identifiers that do not directly identify you but can identify your device when combined with other data), and IP-derived coarse location. Crash reports and diagnostic logs are collected through Firebase Crashlytics to fix application errors.
E. Usage & Analytics: Screen views and feature interactions collected through Firebase Analytics for the purpose of improving app performance and user experience.
F. Push Notification Tokens: Tokens (APNs or FCM) used solely to deliver notifications such as order updates, event alerts, and promotional messages.
3. Local Device Storage
The mobile application stores session tokens and cart information locally on your device to maintain your login session and order flow. This data is cleared when you log out or uninstall the application. Session tokens may also expire automatically after a period of inactivity.
4. Marketing & Promotional Communications
We may send promotional notifications (special offers, canteen discounts, and campus event announcements).
Opt-Out: You can opt out of these non-essential communications via App Settings > Notifications or your device notification preferences. Transactional messages (order confirmations) remain active for service delivery. Your consent to receive marketing is not a condition for using the core food ordering service.
5. Data Sharing & International Transfers
We share data with Google (Firebase) and Razorpay. These service providers process data on our behalf to provide infrastructure, analytics, messaging, and payment services. We are bound by their standard Data Processing Agreements. While primary storage is in India (asia-south1), some telemetry may transit through other regions in accordance with applicable data transfer safeguards and Indian law. We will comply with any cross-border data transfer restrictions notified by the Central Government under the DPDP Act, 2023.
6. Data Retention & Deletion
In-App Deletion: Navigate to Profile > Your Profile > Delete Account.
External Request: Submit a request via our Official Deletion Form: https://forms.gle/A2T4aer78MsxsuLU6
Retention: Profile data is removed within 30 days. Transactional metadata is retained for 7 years for GST and Income Tax compliance. Push notification tokens are deregistered and removed upon account deletion. Residual data may remain in secure backups for up to 90 days.
7. Your Rights under DPDP (2023)
You have the right to access, correct, erase, and nominate a representative.
Access & Erasure: To request access to or erasure of your data, email support@nexorasoftware.in with the subject “Data Rights Request.”
Correction: You may correct profile information directly in the app via Profile > Edit Profile or by contacting us.
Nomination: To register a nominee, email us with the subject “Nominee Registration” including the nominee’s name and contact details.
We acknowledge requests within 24–48 hours and aim to resolve them within 90 days.
8. Security & Breach Notification
We use industry-standard safeguards (TLS encryption, secure cloud infrastructure). In the event of a reportable data breach, we will notify affected users and the Data Protection Board of India without undue delay, as required by law, including in accordance with CERT-IN directions where applicable.
9. Governing Law
This Policy is governed by the laws of India. Any disputes shall be subject to the jurisdiction of courts in Karimnagar, Telangana, without prejudice to applicable consumer protection forums.
10. Grievance Officer
Data Fiduciary: NEXORA (Sole Proprietorship)
Grievance Officer: Praveen Kumar Kotoju
Email: support@nexorasoftware.in
Address: H.No.: 8-7-301/2/F, Kothirampur, Karimnagar, Telangana 505001
Grievances will be acknowledged within 24 – 48 hours and resolved within 90 days.
11. Changes to this Policy
We may update this policy from time to time. Material changes will be communicated via in-app notification at least 15 days before taking effect. The “Last Updated” date in the header will be updated accordingly.