Privacy Policy

This Privacy Policy ("Policy") explains how Impact Web Corporation Private Limited, a company incorporated in India with CIN:U62013TN2024PTC174150 and registered office at W-15 C-Sector, Anna Nagar West Extension, Chennai, Tamil Nadu, 600101 ("VIRE", "we", "us", "our"), collects, uses, shares, and safeguards Personal Data in connection with the VIRE membership and rewards platform (the "Services").

Contact: support@vireclub.com

By accessing or using the Services, creating an account, tap on NFC, scanning a QR, earning/redeeming Karats, or transacting with a participating merchant, you acknowledge this Policy. Where required by law (e.g., DPDP Act, 2023), we will obtain explicit consent.

• Account & identity data: name, mobile number, email, city, age band, referral code.
• Engagement data: check-ins, scans, Karats earned/redeemed, membership tier, in-app actions.
• Transaction metadata: date/time, outlet, bill value bands,* reward selections (we do not store card or UPI PINs).
• Merchant data (B2B): legal details, GSTIN, outlet IDs, staff contact info strictly for service operations.
• Device & technical: IP, device type, OS/browser, app version, cookies, session identifiers, crash logs.
• Communications: support chats, feedback, recorded consents.

* If a payment partner is integrated, payment credentials are handled by that partner under its policies.

• Provide and operate the VIRE platform; issue and manage Karats; enable redemptions.
• Fraud prevention; duplicate/account abuse prevention; risk analytics.
• Customer support; service notifications; transactional and service emails/WhatsApp/SMS.
• Product improvement, A/B testing, statistics (using aggregated or de-identified data where possible).
• Comply with legal obligations, tax/GST compliance (for merchants), and regulator requests.

We process data based on one or more of: (i) consent (DPDP Act, 2023), (ii) performance of a contract (Terms of Use/merchant onboarding), (iii) legal obligation, and (iv) legitimate uses reasonably expected by you (e.g., anti-fraud, service improvement). You may withdraw consent where applicable by contacting us (Section 15); withdrawal does not affect processing already performed.

We use strictly necessary and performance cookies. You can manage non-essential cookies via your browser settings. Disabling cookies may limit functionality.

Our Services are not intended for children under 18. We do not knowingly collect data from children. If we learn a child has provided data, we will delete it.

We do not sell personal data. We may share limited data with:

• Processors / service providers: hosting, analytics, SMS/email, customer support, anti-fraud—bound by contracts and confidentiality.
• Participating merchants: only the minimum data necessary to validate Karats and fulfill redemptions for visits at their outlets.
• Law enforcement/regulators: when legally required.
• Corporate transactions: merger, acquisition, asset sale, subject to safeguards.

Primary storage is in India (Mumbai data centres). Where cross-border processing is necessary (e.g., global cloud/CDN or support tooling), we use contractual and technical safeguards consistent with applicable Indian law.

We apply layered controls (encryption in transit/at rest where applicable, access controls, segregation of environments, audit logs, backups, vulnerability management). No system is 100% secure; we maintain and test incident response procedures and will notify as required by law.

We retain data only as long as needed for the purposes above, or as required by law (e.g., tax records). Thereafter, we delete or irreversibly anonymise.

Subject to law, you may request: access, correction, portability (where feasible), deletion, and consent withdrawal. Submit requests to support@vireclub.com or the Grievance Officer. We may verify your identity and decline manifestly unfounded or excessive requests as permitted.

Merchants must display accurate legal details, honor rewards, and use any data received from VIRE solely to fulfill the user's reward/visit. Independent merchant marketing to VIRE users requires separate consent.

We may update this Policy. Material changes will be notified in-app or on the website, with the "Last updated" date revised.