Privacy Policy

Privacy Policy

Last updated: March 24, 2026

Zylist ("we", "our", "us") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use www.zylist.com.

This policy is published in compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India.

1. Information We Collect

We collect the following information only to the extent necessary to provide the Zylist service:

Personal Information (provided by you)

  • Full name
  • Email address
  • Instagram username or store handle (if submitted)
  • Profile photo (if uploaded)

Usage Information (collected automatically)

  • Pages visited and time spent
  • Search queries made within Zylist
  • Stores viewed, liked, rated, or saved
  • Reviews and ratings you submit
  • Device type, browser, and approximate location (city-level)
  • IP address (used for rate limiting and abuse prevention only)

⚠️ We do NOT collect

  • Payment information, bank details, or card numbers
  • Aadhaar number, PAN, or any government ID
  • Passwords (stored as secure hashes only)
  • Precise GPS location (only city-level if you enable "Near Me" search)

2. How We Use Your Information

We use your information only to:

  • Create and manage your account
  • Provide search, discovery, and review features
  • Allow business owners to manage their store listings
  • Improve product experience using anonymised analytics
  • Communicate with you via email (account-related, support, or product updates)
  • Detect and prevent fraud, abuse, or misuse of the platform
  • Comply with applicable laws and legal obligations

We do not use your personal information for targeted advertising or sell it to any third party.

3. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of a verified account deletion request.
  • Activity logs (searches, views, likes) — retained for up to 12 months for analytics, then aggregated/anonymised.
  • Reviews and ratings — retained as long as the associated store listing exists. You may request deletion of your own reviews by contacting us.
  • Support communications — retained for up to 2 years to resolve disputes.

4. Data Sharing & Third-Party Processors

We do not sell, rent, or trade your personal data. We share limited data only with the following trusted service providers, strictly to operate Zylist:

ProviderPurposeData shared
SupabaseDatabase & authenticationAccount data, activity
VercelWebsite hostingIP address, page requests
PostHogProduct analyticsAnonymised usage events
SentryError monitoringError logs, anonymised user ID
Google (Gemini API)AI-powered searchSearch query text only
Zoho MailTransactional emailYour email address

We may also disclose data if required by law, court order, or to prevent fraud or harm.

5. Payments Disclaimer

Zylist does not process any payments. We do not collect or store any financial information. Any transactions happen directly between users and sellers outside of Zylist. Any future paid features will be covered by a separate, updated policy communicated in advance.

6. Cookies & Analytics

We use the following types of cookies:

  • Essential cookies — required for login sessions and platform security. Cannot be disabled.
  • Analytics cookies — used by PostHog to understand how users interact with Zylist. These are only set after you accept via the cookie consent banner.
  • Error monitoring — Sentry may store a session identifier to link errors to a session. No personal data is stored in these cookies.

You will be shown a cookie consent banner on your first visit. You can change your preference anytime by clearing your browser's localStorage.

7. Data Storage & Security

  • Data is stored on Supabase servers (hosted on AWS infrastructure)
  • All data is encrypted in transit (HTTPS/TLS) and at rest
  • Access to user data is restricted to authorised personnel only
  • We implement Row Level Security (RLS) so users can only access their own data
  • No system is 100% secure — in the event of a data breach, we will notify affected users as required by law

8. Your Rights

Under the IT Rules, 2011 and applicable privacy law, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your account and associated personal data
  • Withdraw consent — opt out of analytics tracking via the cookie consent banner or by emailing us
  • Grievance — raise a complaint with our Grievance Officer (see Section 12)

To exercise any of these rights, email us at support@zylist.com. We will respond within 30 days.

9. Third-Party Links

Zylist displays links to Instagram profiles, WhatsApp, and external store websites. We are not responsible for the privacy practices of those third-party platforms. Please review their privacy policies before engaging with them.

10. Children's Privacy

Zylist is intended for users aged 18 and above (or the age of majority in your jurisdiction). We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us immediately and we will delete the account.

11. Policy Updates

We may update this policy as Zylist evolves or as legal requirements change. When we make material changes, we will notify you by email or via a banner on the site. Continued use of Zylist after changes constitutes acceptance of the updated policy.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011, we have appointed a Grievance Officer to address complaints regarding your data:

Grievance Officer: Balaji A (Founder, Zylist)

📧 founder@zylist.com

Complaints will be acknowledged within 48 hours and resolved within 30 days.

13. Contact Us

For general privacy questions:

📧 support@zylist.com

📧 founder@zylist.com