Last updated on November 16, 2025.
Good To Grab (the “Company”, “we” or “us”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Good To Grab platform (the “Services”). We operate in India and comply with India’s data protection laws (such as the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023). We collect and process personal data only as necessary for specified purposes. By using our Services, you agree to the data practices described here. For clarity, our Services are intended for users in India only and governed by Indian law.
We collect the following categories of personal information:
Personal and Contact Information: Your name, email address, phone number, delivery address or general location (if you enable location services), and other profile information you provide.
Payment Information: Credit/debit card details or other payment data needed to process your orders. We use secure, PCI-DSS compliant third-party payment gateways so that your payment information is sent directly to the processor and not retained on our servers.
Order History and Reviews: Details of your orders (order IDs, items ordered, billing information) and any ratings or reviews you submit. We maintain this history to process your orders and improve our service.
Social Login Data: If you sign up via Google or Apple login, we obtain whatever information (name, email, profile picture, etc.) those providers share with us.
Usage and Device Data: Information about how you use our app and website, collected automatically. This includes device identifiers (model, OS, browser type), IP address, and timestamps/pages viewed. If you enable location services on your device, we collect your GPS or approximate location to provide location-based features (such as showing nearby restaurants).
Support Communications: We do not provide in-app chat, but if you contact customer support by phone, those calls may be recorded for training and quality purposes.
We use your personal information only to provide, maintain and improve the Services, and to comply with legal obligations. For example, we use your data to:
We do not use your personal data for purposes other than those stated above. In line with India’s data protection principles, we limit processing to the purposes for which the data was collected.
We use cookies, web beacons, and similar tracking technologies to collect information about your interaction with our Services. As required by law, we obtain your explicit consent before using cookies or tracking tools. You can control or block cookies through your browser or device settings (please note that blocking cookies may affect the functionality of the Services). We use this data to personalize and improve our Services; none of these analytics cookies identifies you personally.
We do not sell your personal information. We share information only as necessary and in accordance with this policy. Examples of disclosures include:
In each case, we share only the minimum information needed for the recipient’s purpose. For example, we do not give restaurants access to your full profile – only the details relevant to fulfilling your order. We encourage you to review the privacy policies of any third parties (restaurants, payment gateways, etc.) to understand how they handle your information.
We retain personal information only for as long as needed to provide the Services or as required by law. We may retain your data for legitimate business purposes (such as keeping records of transactions) and to comply with legal obligations. Inactive Accounts: In accordance with DPDP rules, if you do not use your account or Services for three years, we will notify you and may delete your personal data. You have the right to request deletion of your data at any time (subject to any mandatory retention period). Indian law grants you the right to access, correct or erase your personal data. We will honor such requests except to the extent we must retain data for legal compliance (for example, tax or audit requirements). Once data is no longer needed, it is securely deleted or anonymized.
We implement reasonable security measures to protect your data. This includes using encryption (HTTPS/TLS), firewalls, and access controls to prevent unauthorized access. Our payment processors are PCI-DSS certified to handle payment information securely. As mandated by law, we follow “reasonable security practices” commensurate with the sensitivity of the information. Only authorized personnel and service providers can access your data, and only as needed to perform their duties. However, no security system is foolproof – while we strive to protect your information, we cannot guarantee that unauthorized third parties will never overcome our safeguards.
You have choices regarding your personal information:
Our Services are intended for users 18 years or older. We do not knowingly collect personal information from children under 18. If we learn that we have collected data from someone under 18, we will delete that information immediately.
We may update this Privacy Policy from time to time (for example, to reflect changes in the law or our practices). The “Last Updated” date at the top will indicate when it was last revised. When changes are material, we will notify you via the app or email. We encourage you to review this policy periodically to stay informed.
If you have any questions or concerns about this Privacy Policy or our data practices, please contact our privacy team at privacy@goodtograb.com.