Vemgram
Log InSign Up

Last updated: March 2026

Privacy Policy

1. Information We Collect

We collect information you provide directly when using the Platform, in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act). The categories of personal data we process include:

  • Identity data: name, email address, and password when you register an account.
  • Business data: business name, address, contact information, product details, certifications, GST number (if provided), and other profile information for manufacturers.
  • Usage data: pages visited, features used, IP address, and browser type.
  • Content data: images, descriptions, and other content you upload to the Platform.

2. Legal Basis for Processing and Consent

In accordance with the Digital Personal Data Protection Act, 2023, we process your personal data based on your consent, which you provide when you: create an account on the Platform; submit a manufacturer listing; or upload images or business information. You may withdraw your consent at any time by contacting us at [email protected] or by deleting your account. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.

3. How We Use Your Information

We use your information to: operate and improve the Platform; display manufacturer profiles to authenticated users; facilitate B2B connections between manufacturers and retailers; send service-related communications; and comply with legal obligations.

4. Contact Information Visibility

Manufacturer contact details (phone, email, website, WhatsApp, social links) are only visible to authenticated users. This gating protects manufacturers from unsolicited contact while ensuring genuine business inquiries can reach them.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information. Business images and documents are stored securely using encrypted cloud storage. Your data may be stored on servers located in India and internationally via cloud service providers. We ensure that any cross-border transfer of data complies with applicable provisions of the DPDP Act, 2023. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Sharing

We do not sell your personal information. We may share your data with: service providers who assist in operating the Platform; legal authorities when required by law; and other users as part of the Platform’s directory functionality (subject to the contact visibility rules described above).

7. Cookies and Tracking

We use cookies and similar technologies to operate and improve the Platform. Specifically, we use:

  • Session cookies: essential for authentication and maintaining your login state. These are strictly necessary for the Platform to function.
  • Analytics cookies: to understand how the Platform is used and to improve our services. We will seek your consent before placing non-essential analytics cookies.
  • Preference cookies: to remember your settings and preferences.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the Platform’s functionality.

8. Data Principal Rights

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

  • Right to access: obtain confirmation of whether your personal data is being processed and a summary of such data.
  • Right to correction: request correction of inaccurate or misleading personal data, and completion of incomplete data.
  • Right to erasure: request erasure of personal data that is no longer necessary for the purpose for which it was collected.
  • Right to grievance redressal: lodge a complaint with our Grievance Officer and receive a response within 90 days.
  • Right to nominate: nominate another person to exercise your rights in the event of your death or incapacity.

To exercise these rights, contact us at [email protected]. We will respond to your request within 90 days.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

10. Data Breach Notification

In the event of a personal data breach that is likely to cause harm to Data Principals, Vemgram shall: notify the Data Protection Board of India within 72 hours of becoming aware of the breach; and notify affected Data Principals without undue delay, providing details of the breach and remedial measures taken. We maintain internal procedures for detecting, reporting, and investigating personal data breaches.

11. Children’s Data

Vemgram is a B2B platform not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a person under 18, we will take steps to delete such data promptly.

12. Grievance Officer

In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, Vemgram has appointed the following Grievance Officer:

Name: Bikash Kampo
Designation: Grievance Officer
Address: Vemgram, Koraput, Odisha, India
Email: [email protected]

The Grievance Officer shall acknowledge your complaint within 24 hours and endeavour to resolve it within 15 days (for IT Act matters) or 90 days (for DPDP Act matters) from receipt.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date.

14. Contact

For questions about this Privacy Policy, please contact us at [email protected].