Important Notice: This Privacy Policy is provided for informational purposes. It describes how GNJ App collects, uses, and protects your data. Consent to data processing is obtained separately through in-app permissions, opt-in mechanisms, and account registration - not through mere acceptance of this Policy.
1. Interpretation and Definitions
1.1 Interpretation
Words with capitalised initial letters have meanings defined below. These definitions apply equally in singular and plural form.
1.2 Definitions
For the purposes of this Privacy Policy:
- Account means a unique account created for You to access the Service or parts of the Service.
- Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other voting securities.
- Application refers to GNJ App, the software program provided by the Company.
- Company (referred to as "the Company", "We", "Us", or "Our") refers to GNJ App, operating in Rajasthan, India.
- Consumer (for CCPA purposes) means a natural person who is a California resident.
- Cookies are small data files placed on Your device by a website or application that record browsing activity and preferences.
- Country refers to: Rajasthan, India.
- Data Controller means the Company, as the entity determining the purposes and means of processing Personal Data.
- Data Processor means any natural or legal person who processes data on behalf of the Data Controller.
- Device means any device that can access the Service, such as a computer, mobile phone, or digital tablet.
- Do Not Sell or Share means the right, under applicable law, to opt out of the sale or sharing of Personal Data for cross-context behavioural advertising purposes.
- Personal Data means any information that relates to an identified or identifiable natural person.
- Service refers to the Application.
- Service Provider means any natural or legal person engaged by the Company to process data on its behalf in connection with the Service.
- Third-Party Social Media Service refers to any website or social network through which a User can log in or create an account to use the Service.
- Usage Data refers to data collected automatically from the Service infrastructure or through use of the Service.
- You means the individual accessing or using the Service, or the legal entity on whose behalf such individual is acting.
2. Data We Collect
2.1 Categories of Personal Data Collected
We collect the following categories of Personal Data. This disclosure also serves as our CCPA-CPRA 12-month collection disclosure:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, phone number, IP address, device ID | Yes |
| Personal Records | Address, postal code, city, state | Yes |
| Commercial Information | Purchase history, transaction records | Yes |
| Internet / Network Activity | Pages visited, time on page, browser type, diagnostic data | Yes |
| Geolocation Data | Approximate or precise location (with permission) | Yes |
| Sensory / Visual Data | Photos and images from camera/photo library uploaded while using app features (with permission) | Yes |
| Inferences | Aggregated, non-identifiable service usage patterns (internal only) | Yes |
| Special Category Data | Health, biometric, racial, religious data | No |
Special Category Data: We do not knowingly collect special category data. If such data is inadvertently received, it will be deleted promptly and not used for any purpose.
2.2 How We Collect Data
Directly From You: We collect data You provide when registering an account, completing a profile, making a purchase, submitting a request, or communicating with Us.
Automatically: We automatically collect Usage Data and technical information when You use the Service. This includes data collected through cookies, pixels, SDKs, and similar tracking technologies. See Section 4 for full details.
From Third Parties: We may receive data about You from social media platforms, advertising networks, and analytics providers, subject to their own privacy policies.
3. Legal Basis for Processing and Purposes
3.1 Legal Basis Mapping (GDPR)
| Purpose | Legal Basis | Retention |
|---|---|---|
| Account creation and management | Performance of a Contract (Art. 6(1)(b)) | Duration of account + 2 years |
| Service provision and maintenance | Performance of a Contract (Art. 6(1)(b)) | Duration of account + 2 years |
| Processing transactions | Performance of a Contract (Art. 6(1)(b)) | 7 years (legal/tax obligation) |
| Security and fraud prevention | Legitimate Interests (Art. 6(1)(f)) | Duration of account + 2 years |
| Service communications (non-marketing) | Performance of a Contract (Art. 6(1)(b)) | Duration of account |
| Internal analytics and service improvement | Legitimate Interests (Art. 6(1)(f)) | 12 months (aggregated only) |
| Marketing communications | Consent (Art. 6(1)(a)) | Until opt-out or consent withdrawal |
| Legal compliance and dispute resolution | Legal Obligation (Art. 6(1)(c)) | As required by applicable law |
| Business transfers | Legitimate Interests (Art. 6(1)(f)) | Duration of transaction process |
Legitimate Interests Safeguard: Where We rely on legitimate interests, We have assessed that Our interests do not override Your fundamental rights and freedoms.
Purpose Limitation: We only use Personal Data for identified purposes. For materially new purposes, We notify You and obtain fresh consent where required by law.
Data Minimisation: We only collect Personal Data that is adequate, relevant, and limited to what is necessary under GDPR Article 5(1)(c).
Automated Decision-Making: We do not make solely automated decisions producing legal or similarly significant effects.
Internal Analytics: We analyse aggregated, non-identifiable usage data for internal service improvement only.
3.2 Consent
This Privacy Policy is informational and does not itself constitute consent. Consent is obtained through in-app permissions, opt-ins, cookie consent mechanisms, and separate marketing opt-ins. Consent can be withdrawn at any time.
4. Cookies and Tracking Technologies
4.1 What Are Cookies
Cookies are small text files placed on Your device. We also use pixels, web beacons, SDKs, and local storage.
4.2 Types of Cookies We Use
| Type | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Authentication, security, and core functionality; not for advertising. | No - essential |
| Functional | Stores preferences and settings. | Yes |
| Analytics and Performance | Aggregated interaction metrics for improvement. | Yes |
| Advertising and Targeting | Ad relevance and effectiveness measurement; may constitute sharing under CCPA-CPRA. | Yes |
4.3 Third-Party Tracking
Third-party providers may collect cross-context behavioural data under their own privacy policies.
4.4 Your Cookie Choices
- In-app consent settings from the Settings menu
- Device/browser controls for blocking or deleting cookies
- Industry opt-out tools such as NAI opt-out and Google Ad Settings
5. Sale and Sharing of Personal Data (CCPA-CPRA)
5.1 Do We Sell Personal Data?
We do not sell Personal Data for monetary consideration.
5.2 Do We Share Personal Data?
Sharing with third-party advertising/analytics providers for cross-context behavioural advertising may be considered sharing under CCPA-CPRA.
5.3 Your Right to Opt Out
California residents may opt out through App settings ("Do Not Sell or Share My Personal Information") or by emailing gemsnjeweller@gmail.com with the subject "Do Not Sell or Share - Opt Out Request".
We process opt-out requests within 15 business days and honor technically feasible Global Privacy Control signals.
6. Sharing of Your Personal Data
We may share data with Service Providers, advertising and analytics providers, affiliates, business partners, government authorities, and in business transfer contexts, in accordance with law and this Policy.
Cross-border transfers may occur. Where required, We apply reasonable safeguards such as SCCs or similar approved mechanisms.
7. Data Retention
| Data Type | Retention Period | Basis |
|---|---|---|
| Account and profile data | Active account + 2 years | Contract + legal obligation |
| Transaction and payment data | 7 years | Legal / tax obligation |
| Service communications | Duration of account | Contract |
| Marketing preferences and history | Until opt-out or consent withdrawal | Consent |
| Analytics data (aggregated) | 12 months | Legitimate interests |
| Usage and diagnostic data | 12 months | Legitimate interests |
| Legal / compliance records | Typically 7 years | Legal obligation |
| Support and dispute records | 1 year after resolution | Legitimate interests |
When no longer needed, Personal Data is securely deleted or anonymised. Anonymised data may be retained indefinitely.
8. Your Data Protection Rights
Depending on location, rights include access, correction, deletion, restriction, portability, objection, opt-out, grievance redressal, and non-discrimination. We aim to respond within 30 days (with extension where legally permitted).
8.1 GDPR (EU-EEA)
Includes rights under Articles 15-22 and the right to lodge a complaint with a supervisory authority.
8.2 CCPA-CPRA (California)
Includes rights to know, delete, correct, opt out of sale/sharing, and non-discrimination.
8.3 DPDP Act 2023 (India)
Includes rights to access, correction/erasure, grievance redressal, and nomination.
8.4 Children's Data
Service is not directed at children. We do not knowingly collect data from individuals under 18. If discovered, such data will be deleted promptly.
9. Deleting Your Personal Data
You may request deletion from account settings or by contacting gemsnjeweller@gmail.com. Some data may be retained where legally required or for legitimate purposes.
10. Security of Your Personal Data
We use reasonable technical and organisational safeguards including encryption in transit, access controls, authentication, and periodic security reviews.
10.1 Data Breach Notification
Where required by law, We notify authorities without undue delay and, where feasible, within 72 hours. High-risk breaches may also trigger direct user notification.
11. User-Generated Content and Marketplace Interactions
11.1 User-Generated Content
You are solely responsible for Personal Data included in User Content. Avoid posting sensitive data publicly.
11.2 Marketplace and Transactions
GNJ App acts as a platform facilitator and is not a party to user-to-user transactions. We are not responsible for user disputes, fraud, content legality/quality, or related losses.
11.3 No Responsibility for Third-Party Actions
Once You voluntarily share data with other users or third parties, We are not responsible for subsequent use or disclosure by those parties.
12. Links to Other Websites
We are not responsible for third-party websites or their privacy practices. Review each external privacy policy.
13. Changes to This Privacy Policy
We may update this policy from time to time and notify material changes via email, in-app notice, or this page. Continued use after updates indicates acknowledgement.
14. Contact Us
For questions, requests, or complaints:
- By email: gemsnjeweller@gmail.com
- By phone: +91 8005833045
- Operating location: Rajasthan, India
If unresolved, You may escalate to relevant authorities such as DPBI (India), EU/EEA national authorities, or CPPA (California).
Appendix A: Compliance Summary
Informational Only: This summary is for reference and does not constitute legal advice. If conflict exists, the body of this Policy prevails.
| Requirement | Framework | Where Addressed |
|---|---|---|
| Lawful basis for processing | GDPR Art. 6 | Section 3.1 |
| Transparency and notice | GDPR Arts. 13-14 | Sections 2, 3, 4, 6 |
| Data subject rights | GDPR Arts. 15-22 | Section 8.1 |
| Consent (separate from policy) | GDPR Art. 7 | Section 3.2 |
| Cookie and tracking disclosure | GDPR / ePrivacy Directive | Section 4 |
| Data minimisation | GDPR Art. 5(1)(c) | Section 3.1 |
| Retention periods | GDPR Art. 5(1)(e) | Sections 3.1 and 7 |
| Breach notification (72 hours) | GDPR Art. 33 | Section 10.1 |
| International transfer safeguards | GDPR Arts. 44-46 | Section 6 |
| Special category data | GDPR Art. 9 | Section 2.1 |
| Automated decision-making | GDPR Art. 22 | Section 3.1 |
| Children's data | GDPR Art. 8 / COPPA | Section 8.4 |
| Do Not Sell / Share disclosure | CCPA-CPRA | Section 5 |
| 12-month data category disclosure | CCPA-CPRA | Section 2.1 |
| Right to opt out of sharing | CCPA-CPRA | Section 5.3 |
| Right to non-discrimination | CCPA-CPRA | Section 8.2 |
| Data principal rights | DPDP Act 2023 | Section 8.3 |
| Government disclosure obligations | DPDP Act / IT Act 2000 | Section 6 |
| UGC and marketplace disclaimer | Business protection | Section 11 |
| User-to-user transaction disclaimer | Business protection | Section 11.2 |
GNJ App | Privacy Policy | Version 3.0 | April 2026 | Global (GDPR / CCPA / DPDP)