Gray Bulk

Privacy Policy

Last updated: 9 June 2026

This Privacy Policy describes how Gray Cup Enterprises Private Limited ("Gray Bulk", "we", "us", "our") collects, uses, stores, and protects information about you when you access or use the Gray Bulk marketplace platform, website, and related services (collectively, the "Platform"). By using the Platform, you consent to the practices described in this policy.

1. Information We Collect

We collect the following categories of information depending on how you interact with the Platform:

  • Account & Registration Data: Name, email address, mobile number, business name, GSTIN, PAN, and bank account details provided during sign-up or seller onboarding.
  • Transaction Data: Order details, invoices, payment records, and communication logs associated with buying or selling activity on the Platform.
  • KYC & Business Verification Data: Government-issued identity documents and business registration certificates submitted as part of seller verification.
  • Usage Data: Pages visited, features accessed, session duration, search queries, and interaction patterns on the Platform.
  • Device & Technical Data: IP address, browser type and version, operating system, referring URLs, and device identifiers.
  • Communications: Messages, support tickets, dispute submissions, and any correspondence you send to us through the Platform.

2. How We Use Your Information

We use the information collected for the following purposes:

  • To create and manage your account and verify your identity.
  • To process orders, coordinate fulfilment, and facilitate payments and settlements between buyers and sellers.
  • To comply with Indian tax laws, including GST regulations, by maintaining transaction records and issuing compliant invoices.
  • To detect, prevent, and investigate fraud, abuse, or violations of our Seller Agreement and Terms of Service.
  • To communicate with you about your account, orders, policy updates, and platform announcements.
  • To improve the Platform through analytics, A/B testing, and user behaviour analysis — always in aggregate or anonymised form where possible.
  • To respond to legal requests, court orders, or regulatory inquiries from competent authorities.

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contractual necessity: To fulfil our obligations under the Seller Agreement, Terms of Service, and any transaction you initiate.
  • Legal obligation: To comply with applicable Indian laws, including the Information Technology Act 2000, IT (Amendment) Act 2008, and GST compliance requirements.
  • Legitimate interests: To operate, improve, and secure the Platform, and to prevent fraud.
  • Consent: For optional communications such as newsletters or promotional updates, which you may withdraw at any time.

4. Sharing of Information

We do not sell your personal information. We share your data only in the following circumstances:

  • Between buyers and sellers: Necessary transaction details (e.g., shipping address, business name, GSTIN) are shared with the counterparty to fulfil the order.
  • Payment processors: Payment gateway providers receive the data required to process transactions securely. These providers are bound by their own privacy obligations.
  • Logistics partners: Shipping address and contact details are shared with logistics providers solely to arrange delivery.
  • Service providers: Cloud infrastructure, analytics, and communication service providers acting as data processors under confidentiality agreements.
  • Legal authorities: When required by law, regulation, court order, or to protect the rights and safety of users or Gray Bulk.

5. Data Retention

We retain your personal data for as long as your account is active or as required to fulfil the purposes described in this policy. Transaction records, invoices, and KYC documents are retained for a minimum of seven years in compliance with Indian tax and accounting laws. Upon account closure, non-statutory data is deleted or anonymised within 90 days, subject to any ongoing legal or regulatory obligations.

6. Data Security

Gray Bulk implements industry-standard technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest.
  • Role-based access controls limiting who within Gray Bulk can access personal data.
  • Regular security audits and vulnerability assessments.
  • Secure handling of KYC and financial documents with restricted internal access.

No system is completely secure. In the event of a data breach that materially affects your rights, we will notify affected users in accordance with applicable law.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to maintain sessions, remember preferences, and analyse Platform usage. These include:

  • Essential cookies: Required for the Platform to function correctly (e.g., authentication tokens).
  • Analytics cookies: Help us understand how the Platform is used in aggregate so we can improve it.

You can configure your browser to refuse cookies, though some parts of the Platform may not function correctly as a result.

8. Your Rights

As a user of the Platform, you have the following rights in respect of your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that inaccurate or incomplete data be corrected.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Receive your data in a structured, machine-readable format where technically feasible.
  • Withdrawal of consent: Opt out of any processing based on consent (e.g., marketing communications) at any time.
  • Grievance redressal: Lodge a complaint with our designated Grievance Officer (see below).

9. Third-Party Links

The Platform may contain links to third-party websites or services. Gray Bulk is not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any external sites you visit through links on our Platform.

10. Children's Privacy

The Platform is intended solely for business use by adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us personal data, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or applicable law. Material changes will be communicated via email or a prominent notice on the Platform at least 15 days before the updated policy takes effect. Your continued use of the Platform after the effective date constitutes acceptance of the revised policy.

12. Grievance Officer & Contact

In accordance with the Information Technology Act 2000 and applicable rules, Gray Cup Enterprises Private Limited has designated a Grievance Officer to address privacy-related concerns. You may reach us at:

Gray Cup Enterprises Private Limited

FF122, Rodeo Drive Mall, GT Road, TDI City, Kundli, Sonipat, Haryana – 131030

CIN: U47211DL2025PTC457808  |  GSTIN: 06AAMCG4985H1Z4

Email: arjun@graycup.in

Email: office@graycup.org

Phone: +91 85279 14317

We aim to acknowledge grievances within 48 hours and resolve them within 30 days of receipt.

This is Demo