Privacy Policy
Cakesify Privacy Policy
Cakesify Systems Private Limited · Effective 24 June 2026
1. Introduction
Cakesify Systems Private Limited ("Cakesify", "we", "our", or "us") provides technology infrastructure that enables independent food sellers to create and operate their own online storefronts, manage product listings, receive enquiries and orders, process payments, and use business-support tools.
Cakesify does not own, prepare, package, sell, or deliver the food products listed by sellers. Sellers are independent businesses responsible for their own products, pricing, food safety, fulfilment, customer communication, refunds, and legal compliance. This Privacy Policy explains how we collect, use, process, and protect personal data when you use the platform.
2. Scope
This policy applies to all users of Cakesify, including sellers, buyers, and visitors to the platform.
3. Cakesify's Role
Cakesify is a technology infrastructure provider. Sellers use Cakesify to create and operate their own storefronts. Unless expressly stated otherwise, Cakesify is not the seller, manufacturer, food business operator, delivery provider, or agent of the seller.
Products, ingredients, allergen information, pricing, availability, delivery timelines, cancellation terms, refund handling, and food safety compliance are the responsibility of the seller. Cakesify may provide software tools, AI assistance, payment integrations, communication tools, and support workflows. This does not make Cakesify the seller of any food product.
4. Data We Collect
We collect information that you provide directly, information generated through your use of the platform, and content uploaded by users.
For Sellers
Personal and business information including name, phone number, email address, store details, product information, bank or payout details, and regulatory information such as FSSAI or equivalent licences.
For Buyers
Name, contact details, delivery address, and order-related data.
Technical & Content Data
IP address, device and browser details, usage activity, and approximate location data. We also process content data including images, product descriptions, and AI-enhanced outputs generated through the platform.
5. Purpose of Processing
We use this data to operate and improve the platform. This includes enabling store creation, managing orders, providing customer support, improving product listings through AI tools, enabling seller growth features and integrations, and ensuring platform security and fraud prevention.
6. Notice and Consent
Where we rely on consent, we will provide a clear notice describing the personal data being collected, the purpose of processing, and how users may exercise their rights. Consent-based features, including optional AI features and certain marketing or integration features, may be withdrawn in accordance with applicable law.
7. Our Role Under the DPDP Act (Data Fiduciary and Data Processor)
Under the Digital Personal Data Protection Act, 2023, Cakesify's role depends on the context of processing.
Cakesify as Data Fiduciary
Cakesify acts as a Data Fiduciary where it determines the purpose and means of processing personal data, including account creation, platform security, payments, support, aggregated analytics, and legal compliance.
Cakesify as Data Processor
Where Cakesify processes buyer or customer data only on behalf of a seller for the seller's storefront operations, such as store management, AI features, and distribution tools, Cakesify acts as a Data Processor for that seller.
Sellers as Independent Data Fiduciaries
Sellers remain independent Data Fiduciaries for their own customer relationships, product fulfilment, communications, retention of customer information, and legal compliance.
8. Data Sharing
We share data only as required to operate the platform.
Buyer information is shared with sellers for order fulfilment, delivery coordination, and order-related communication.
We may share data with service providers such as payment gateways, hosting providers, analytics tools, and communication platforms that process data on our behalf under appropriate safeguards.
If sellers enable integrations, data may be shared with third-party platforms such as WhatsApp (Meta Platforms), Instagram, Facebook, and Google Shopping. These platforms operate as independent Data Fiduciaries under their own privacy policies.
When WhatsApp Business APIs are used, buyer contact details and order-related information may be transmitted through Meta's systems. Cakesify does not control how Meta processes such data.
9. Security Measures
We implement reasonable technical, organisational, and administrative safeguards to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These safeguards may include access controls, secure hosting, encryption where appropriate, internal access restrictions, monitoring, and periodic review of our systems and service providers.
In the event of a personal data breach, Cakesify will take reasonable steps to contain and assess the incident and will notify affected users and regulatory authorities where required by applicable law.
10. AI Processing and Consent
Sellers may use optional AI-powered features to enhance product images, generate product descriptions, structure product information, improve catalogue quality, and support storefront operations. These features are optional and are not required to use the core platform.
Sellers provide explicit and informed consent before using AI-powered features. Where AI features process seller-uploaded content or personal data, Cakesify will process such data only for the disclosed purpose and in accordance with applicable law.
Cakesify will not use buyer or customer personal data from seller storefronts to train AI models, except in aggregated, de-identified, or legally permitted forms that do not identify any individual.
11. Data Ownership and AI-Generated Content
Sellers retain ownership of all original content they upload, including product images, descriptions, and business data, as well as their customer relationships.
Sellers retain full usage rights over AI-enhanced outputs generated through the platform.
With separate and explicit seller consent, Cakesify may use AI-enhanced content in an aggregated or de-identified manner to improve platform functionality and AI systems. This consent is obtained during onboarding, is distinct from the feature-level AI consent described in Section 10, and the purpose is disclosed clearly at the point of consent. Sellers may withdraw this consent at any time, and withdrawal will not affect processing carried out before withdrawal.
12. Seller Responsibilities
Sellers are responsible for using customer data only for legitimate business purposes such as order fulfilment and communication. Sellers must protect customer data and must not misuse, resell, or retain it beyond legitimate needs.
Sellers are solely responsible for obtaining and maintaining all registrations, licences, approvals, and compliances required for preparing, listing, selling, packaging, and delivering food products, including FSSAI registration or licence where applicable. Cakesify may request compliance documents but does not independently certify the safety, quality, ingredients, or legality of seller products.
As independent Data Fiduciaries, sellers may be required to comply with applicable data protection laws and may need to maintain their own privacy policies.
If a seller deactivates or deletes their store, Cakesify will retain order-related data for legal and compliance purposes. Sellers must not retain or continue using customer data beyond legitimate purposes. Buyers may contact Cakesify for order history and support.
13. Data Retention
We retain data based on purpose and applicable legal requirements. Where data is no longer required, it will be deleted, anonymized, or restricted in accordance with applicable law.
Orders & Transactions
Up to 7 years
Tax and regulatory compliance
Seller Accounts
Active + 2 years after inactivity
Account lifecycle
Buyer Contact & Order Data
As long as necessary for the purpose
Order completion, support, order history, fraud prevention, dispute resolution, and legal, tax, and accounting obligations
Analytics Data
Aggregated, de-identified, or anonymized where applicable
Retained for platform improvement
14. Cookies and Tracking
We use cookies and similar technologies for essential platform functions, security, analytics, performance measurement, and, where applicable, marketing or advertising. Some cookies are necessary for the platform to work. Others help us understand usage, improve seller storefronts, measure campaigns, or support integrations. Users can manage cookies through browser settings and, where available, through platform cookie preferences.
15. Cross-Border Data Transfers
Cakesify may use service providers located outside India, including cloud infrastructure, analytics tools, and AI services.
Under the Digital Personal Data Protection Act, 2023, personal data may be transferred outside India, subject to any restrictions notified by the Central Government in respect of specific countries or territories. Where we transfer data abroad, we implement contractual and technical safeguards and comply with any such restrictions.
16. Children's Data
Cakesify is not intended for use by individuals under eighteen years of age. We do not knowingly allow children to create accounts or use seller tools.
Buyers and sellers should avoid uploading unnecessary personal data of children. Where limited child-related information is provided for order fulfilment, such as a name to be written on a cake, the person placing the order confirms that they are legally authorised to provide such information. Such data should be used only for fulfilling that order and not for profiling, behavioural tracking, or targeted advertising. If we identify that we have collected personal data from a child without verifiable parental consent, we will take appropriate steps to delete it.
17. Payments
Cakesify does not store credit or debit card information. Payments are processed through secure third-party payment gateways. Payment gateways may collect and process payment information under their own terms and privacy policies.
18. Legal Compliance
We comply with applicable Indian laws, including the Information Technology Act, 2000, rules framed thereunder, the Digital Personal Data Protection Act, 2023, and the Digital Personal Data Protection Rules, 2025, as applicable. This policy may be updated as regulatory requirements evolve.
19. Your Rights
Under applicable law, including the Digital Personal Data Protection Act, 2023, you have the right to:
- Access information about your personal data and how it is processed
- Request correction or updating of inaccurate data
- Request erasure of personal data, subject to legal obligations
- Withdraw consent at any time, with the same ease with which it was given
- Seek grievance redressal
- Nominate another individual to exercise your rights in case of incapacity or death
We will respond to requests to exercise these rights within 90 days, or such shorter period as required by applicable law. To exercise any of these rights, contact our Grievance Officer using the details below.
20. Grievance Officer
C/O Ouseph M.M, Maravattickal House
Meenangadi, Wayanad, Sulthan Bathery
Kerala, India – 673591
General support grievances: within 30 days where reasonably possible.
21. General Contact
For general queries, contact us at: support@cakesify.com
22. Updates to This Policy
We may update this policy from time to time. Changes will be reflected on this page along with an updated effective date.