Privacy Policy - FrameKaro

Last updated: 12 March 2026

FrameKaro ("we", "us", or "our") operates the FrameKaro mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

    Summary: We use your camera for virtual try-on and face analysis only. We do not store raw face data. We do not sell your personal information. You can delete your account and all data at any time.
  

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, phone number when you register.
Profile Information: Gender, address, and optionally the last four digits of your Aadhaar number (encrypted at rest, never stored in full).
Reservation Data: Frame selections, preferred pickup times, and shop preferences.
Shop Owner Data: Shop name, address, GST number, PAN, operating hours, and brand customization preferences.

1.2 Information Collected Automatically

Device Information: Device model, operating system version, unique device identifiers.
Usage Data: Pages viewed, features used, interaction patterns (via Firebase Analytics).
Crash Reports: Technical crash data to improve app stability (via Firebase Crashlytics).

1.3 Camera and Face Data

The App uses your device camera for the following purposes:

Virtual Try-On: To overlay eyeglass frames on your face in real-time using augmented reality.
Face Shape Analysis: To determine your face shape and recommend suitable frame styles.
Pupillary Distance (PD) Measurement: To measure the distance between your pupils for lens fitting.
Eye Health Screening: To conduct basic vision screening tests.

Important: We do NOT store raw face mesh landmark data. Face analysis results (e.g., "oval face shape") are stored as qualitative labels only. Camera data is processed on-device and is not transmitted to our servers.

1.4 Health-Related Data

Eye health screening results (visual acuity, color vision, contrast sensitivity, astigmatism, near vision, and blink rate assessments) are classified as health-related data. This data:

Is collected only with your explicit consent before each screening session.
Is stored in your consumer profile as qualitative labels and scores (e.g., "Mild difficulty" rather than clinical values).
Is NOT a medical diagnosis. Screening results are indicative only and do not replace a professional eye examination.
Is retained for up to 3 years from the screening date, or until you request deletion.
Is never shared with third parties, including optical shops, without your explicit consent.

2. How We Use Your Information

To provide and maintain the App's features and services.
To process frame reservations between consumers and optical shops.
To provide personalized frame recommendations based on face shape analysis.
To send push notifications about reservations, promotions, and app updates (with your consent).
To generate aggregated, anonymized analytics for shop owners (e.g., visitor counts, popular frames).
To improve app performance and fix bugs.
To comply with legal obligations.

3. Data Storage and Security

Cloud Infrastructure: Data is stored on Google Cloud (Firebase, Mumbai region asia-south1) and Microsoft Azure (Central India, Pune).
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest. Aadhaar data uses AES-256-GCM encryption with per-user keys.
Tenant Isolation: Each shop's data is isolated using tenant-scoped security rules. Shop A cannot access Shop B's data.
Offline Data: The App caches data locally on your device for offline functionality. This data is cleared when you sign out.

4. Data Sharing

We do not sell your personal information. We share data only in these limited circumstances:

With Optical Shops: When you make a reservation, the shop receives your name, phone number, selected frames, and preferred pickup time.
Service Providers: Google (Firebase Auth, Analytics, Crashlytics, Cloud Messaging), Microsoft (Azure Functions, Blob Storage, CDN).
Legal Requirements: When required by law, court order, or governmental authority.

5. Your Rights (DPDPA Compliance)

Under the Digital Personal Data Protection Act, 2023 (India), you have the right to:

Access: View all personal data we hold about you (available in your Profile screen).
Correction: Update or correct your personal information at any time.
Erasure: Request deletion of your account and all associated data. Use the "Delete Account" option in your Profile settings. A 72-hour grace period allows you to cancel the request; after this period, data is permanently and irrecoverably deleted.
Withdraw Consent: Withdraw consent for Aadhaar data processing at any time. Previously collected data is permanently erased upon withdrawal.
Data Portability: Request a copy of your data in a machine-readable format.
Grievance Redressal: Contact our Data Protection Officer for any privacy concerns.

6. Children's Privacy

The App is not intended for children under 18 without parental or guardian consent. Family profiles may be created by a parent or guardian for minor family members. We do not knowingly collect data from children without verifiable parental consent.

7. Third-Party Services

The App integrates with the following third-party services, each governed by their own privacy policies:

Google (Firebase) — Authentication, database, analytics, crash reporting, push notifications.
Microsoft (Azure) — Server functions, file storage, content delivery.

8. Data Retention

Active Accounts: Data is retained as long as your account is active.
Deleted Accounts: A 72-hour grace period applies after deletion request, during which you may cancel. After the grace period, data is permanently deleted.
Eye Health Screening Data: Retained for up to 3 years from the screening date for your health tracking purposes. You may request earlier deletion at any time.
Anonymized Analytics: Aggregated, non-identifiable data may be retained indefinitely for business insights.
Audit Logs: Consent and data access logs are retained for 3 years for legal compliance.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. Your continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

Data Protection Officer: dpo@framekaro.com
Email: privacy@framekaro.com
Support: support@framekaro.com

If you are not satisfied with our response, you may escalate your grievance to the Data Protection Board of India established under the Digital Personal Data Protection Act, 2023.