We collect personal and business data necessary to provide our services. This includes:

A. Identity & Business Data

• Full name, trade name, or entity name
• PAN Card number, Aadhaar number, or CIN (for KYC verification)
• GSTIN (where applicable)
• Business registration documents
• Agreement numbers and signed agreement copies

B. Contact & Communication Data

• Mobile number and email address
• Business address, city, state, and PIN code
• WhatsApp communication records (for support)

C. Shipping & Transaction Data

• Consignee name, address, mobile number, and PIN code (entered at booking)
• AWB numbers, shipment weights, dimensions, and declared values
• Wallet transaction history — recharges, deductions, refunds, COD credits
• Booking history, shipment status, NDR logs, and RTO records
• Bank transaction references (for payment reconciliation)

D. Technical & Platform Data

• IP addresses and device information
• Browser type, operating system, and referring URL
• API access logs and usage data
• Login timestamps and session activity
• Cookies and similar tracking technologies (see Section 6)

E. Franchise Application Data

• Space/premises details, territory preference
• Prior business or logistics experience
• Investment plan selected and deposit payment references

We collect data through the following means:

• Direct Submission: When you fill out registration forms on our website, submit a franchise application, complete KYC documentation, or contact us via email or WhatsApp.
• RR Platform Activity: Through your use of the Route Revolution Booking Software — when you create accounts, book shipments, enter consignee details, manage your wallet, or access API services.
• Carrier Partners: Shipment status updates, delivery confirmations, COD remittances, NDR reports, and weight dispute notifications received from Delhivery and Blue Dart.
• Automated Technical Collection: Server logs, cookies, and similar technologies that automatically record technical data when you access our website or platform.
• Third-Party Sources: Business verification data from GSTN, MSME registry, or other public government databases used for KYC compliance purposes.

We process your data only for the following specific, legitimate purposes:

We do not use your personal data for advertising, marketing profiling, or selling to third parties.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we process your personal data on the following lawful bases:

• Consent: You provide explicit consent when registering, submitting KYC documents, and accepting our Terms & Conditions and this Privacy Policy.
• Contractual Necessity: Processing required to fulfil our obligations under the Client Service Agreement or Franchise Agreement — including shipment booking, wallet management, COD settlement, and KYC verification.
• Legal Obligation: Processing required to comply with Indian laws — including GST, PMLA (Prevention of Money Laundering), IT Act, and DPDP Act obligations.
• Legitimate Interests: Platform security, fraud detection, abuse prevention, and system performance monitoring — balanced against your privacy interests.

We share your data only as necessary to deliver our services. We do not sell your personal data. The categories of recipients are:

A. Carrier Partners
Consignee name, address, mobile number, PIN code, shipment details, and AWB data are shared with Delhivery and Blue Dart exclusively to execute shipment dispatch, delivery, and COD collection. Each carrier operates under its own Privacy Policy and data protection terms.

B. Payment Partners
Bank account references and payment confirmation data are shared with Axis Bank and payment gateway partners as necessary for wallet recharge reconciliation and COD settlement processing.

C. Insurance Partners
Where cargo insurance is opted for by the client, relevant shipment and declared value data is shared with ICICI Lombard as required to issue and process the policy.

D. Legal & Regulatory Authorities
We will disclose personal data to government authorities, courts, law enforcement agencies, or regulators when required by law, court order, or in the course of any legal proceeding — including investigation of fraud, prohibited goods violations, or money laundering under PMLA.

E. Service Providers
Technology and hosting providers who operate RR infrastructure may process data on our behalf under data processing agreements. They are prohibited from using data for their own purposes.

F. Franchise Partners (Branch Access)
Pro and Enterprise franchise partners may access transactional data of sub-clients registered under their branch through the RR Branch Panel. Each franchisee is independently responsible for handling that data in compliance with applicable privacy laws.

We do not share your data with advertisers, data brokers, or any third party for commercial profiling or marketing purposes.

Our website (www.routerevolution.in) uses cookies and similar technologies to enhance your browsing experience, analyse traffic, and improve platform functionality.

Types of Cookies We Use:

• Essential / Functional Cookies: Required for the website and RR to operate — including session management, login state, and form submissions. These cannot be disabled without impacting platform functionality.
• Analytics Cookies: Used via Google Analytics (if enabled) to collect anonymised data about how visitors interact with our website — pages visited, time spent, traffic source. This helps us improve our content and user experience.
• Preference Cookies: Remember your settings and preferences to provide a consistent experience across visits.

Managing Cookies: You can control and delete cookies through your browser settings. Disabling essential cookies will affect platform functionality. Disabling analytics cookies does not affect your ability to use the Platform.

If we implement a third-party chat widget or support tool that uses cookies, this will be disclosed separately with an updated consent mechanism.

We retain your personal and business data only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal and regulatory obligations.

After the applicable retention period, data is securely deleted or anonymised such that it can no longer be linked to any individual or entity.

Route Revolution implements technical, administrative, and physical security measures to protect your personal and business data against unauthorised access, disclosure, alteration, or destruction.

Technical Measures include:

• HTTPS encryption for all data transmitted to and from the RR platform and website
• Password hashing using BCrypt for all RR admin and user credentials
• Session management with timeout controls
• API authentication and rate limiting
• Regular server-side security patches and updates

Administrative Measures include:

• Access to personal data is limited to authorised Route Revolution personnel on a need-to-know basis
• Carrier partners are required to handle consignee data only for the purpose of shipment execution
• Periodic review of data access privileges

Data Breach Notification: In the event of a personal data breach that is likely to result in harm to data principals, we will notify the affected parties and the Data Protection Board of India in accordance with the DPDP Act, 2023, within the prescribed timeframes. You must notify Route Revolution at info@routerevolution.in within 24 hours of becoming aware of any suspected unauthorised access to your RR account.

While we take all reasonable precautions, no data transmission over the internet is 100% secure. We cannot guarantee the absolute security of any data you transmit to us.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian law, you have the following rights with respect to your personal data processed by Route Revolution:

To exercise any of these rights, email us at info@routerevolution.in with the subject line "Data Rights Request". We will respond within 30 days. Note: Some requests may be subject to identity verification before processing.

Route Revolution's Platform is designed for and directed exclusively at registered businesses and adult individuals engaging in commercial shipping or logistics operations. We do not knowingly collect personal data from anyone under the age of 18.

If we become aware that personal data of a minor has been collected without verifiable parental consent, we will delete such data immediately. If you believe a minor's data has been submitted to our Platform, please contact us at info@routerevolution.in.

Our website and Platform may contain links to third-party websites, carrier portals (Delhivery, Blue Dart), payment gateways, and partner service providers. These third-party platforms operate under their own privacy policies, and Route Revolution is not responsible for their data practices.

We recommend reviewing the privacy policy of any third-party website or service before providing your personal information. The inclusion of a link to a third-party website does not constitute an endorsement of that site or its privacy practices.

Value-Added Services (VAS) offered through Route Revolution — including cargo insurance (ICICI Lombard), website development, and business registration services — are provided by third-party partners. Any personal data you share with those partners in connection with their services is governed by their respective privacy policies.

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, Route Revolution has designated a Grievance Officer for all privacy and data-related complaints:

If your complaint is not resolved satisfactorily within 30 days, you may escalate your grievance to the Data Protection Board of India once it is constituted under the DPDP Act, 2023.

We may update this Privacy Policy periodically to reflect changes in our data practices, applicable laws, or platform features. The updated Policy will be published at www.routerevolution.in/privacy-policy.php with a revised effective date at the top of the page.

For material changes that significantly affect how we process your personal data, we will notify registered users via email to their registered address at least 15 days before the changes take effect. For minor updates (such as clarifications or formatting), we may update the Policy without advance notice.

Your continued use of the Platform after the revised Policy's effective date constitutes your acceptance of the updated Privacy Policy.

For any questions, data rights requests, complaints, or clarifications regarding this Privacy Policy or your personal data, please contact us: