Skip to main content
+91-9311847248| sales@prozo.com

Privacy Policy

1. Introduction & Scope

Prozo Integrated Logistics Private Limited (CIN: U72200HR2014PTC052701), hereinafter referred to as "Prozo," "we," "us," or "our," is a technology-driven third-party logistics (3PL) company providing end-to-end supply-chain solutions including warehousing, freight, last-mile delivery, and order management services across India.

This Privacy Policy ("Policy") describes how we collect, use, store, share, and protect Personal Data when you interact with any of our digital properties, including but not limited to:

  • Our corporate website - www.prozo.com
  • ProShip - our multi-carrier shipping aggregation platform
  • Warehouse Management System (WMS) and Order Management System (OMS)
  • Control Tower - our supply-chain visibility dashboard
  • All client portals, seller panels, and API integrations

This Policy is published in compliance with the Digital Personal Data Protection (DPDP) Act, 2023 (India), the Information Technology Act, 2000, and all applicable rules thereunder. By accessing or using any of our platforms, you acknowledge that you have read, understood, and agree to be bound by this Policy.

2. Definitions

The following terms, when used in this Policy, shall have the meanings assigned to them under the DPDP Act, 2023:

  • Personal Data - Any data about an individual who is identifiable by or in relation to such data.
  • Data Principal - The individual to whom the Personal Data relates. Where the individual is a child (below 18 years), the Data Principal includes the lawful guardian.
  • Data Fiduciary - The entity that alone or in conjunction with others determines the purpose and means of processing Personal Data. In this context, Prozo acts as a Data Fiduciary.
  • Data Processor - Any person who processes Personal Data on behalf of a Data Fiduciary.
  • Significant Data Fiduciary - A Data Fiduciary or class of Data Fiduciaries notified by the Central Government based on volume and sensitivity of data processed, risk to Data Principal rights, potential impact on sovereignty, and other prescribed factors.
  • Consent Manager - A person registered with the Data Protection Board who acts as an accessible, transparent, and interoperable platform enabling Data Principals to give, manage, review, and withdraw consent.
  • Data Protection Board - The Data Protection Board of India established under Section 18 of the DPDP Act, 2023, responsible for adjudicating non-compliance and grievances.

3. Data We Collect

We collect and process various categories of data depending on how you interact with our platforms and services:

a) Business Contact Data

  • Full name, email address, phone number
  • Designation and department
  • Company or trade name, GSTIN, PAN
  • Business address and communication preferences

b) Shipment & Logistics Data

  • Airway Bill (AWB) numbers, tracking IDs, shipment reference numbers
  • Consignee details - name, phone, delivery address, PIN code
  • Shipment contents description, declared value, weight and dimensions
  • Pickup and delivery timestamps, proof-of-delivery records

c) Warehousing Data

  • Inventory SKUs, product descriptions, batch and expiry
  • Stock levels, bin locations, and zone allocations
  • Inbound (GRN) and outbound records, cycle-count data

d) Financial Data

  • Billing details, invoices, credit notes
  • Wallet balances and recharge history
  • Payment transaction IDs, UPI references, bank account details (for settlements)

e) Platform Usage Data

  • Login timestamps, session duration, user-agent strings
  • IP addresses, geolocation (city/state level)
  • API call logs - endpoint, request/response metadata, timestamps
  • Feature usage patterns and navigation paths

f) Device & Technical Data

  • Cookies, local storage tokens, and session identifiers
  • Browser type and version, operating system
  • Analytics identifiers (e.g., Google Analytics client ID)
  • Screen resolution and device type

4. Legal Basis for Processing

Under the DPDP Act, 2023 and other applicable laws, we process your Personal Data on one or more of the following legal bases:

  • Consent (Section 6, DPDP Act) - Where you have provided free, specific, informed, unconditional, and unambiguous consent for one or more specified purposes. Consent may be withdrawn at any time.
  • Contractual Necessity - Processing is necessary to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract (e.g., providing warehousing, shipping, or fulfilment services).
  • Legitimate Interest - Processing is necessary for legitimate purposes pursued by Prozo, such as fraud prevention, platform security, service improvement, and business analytics, provided such interests are not overridden by your rights and freedoms.
  • Legal Obligation - Processing is necessary for compliance with applicable laws, regulations, tax obligations, court orders, or government directives.
  • Vital Interest - Processing is necessary to protect the vital interests of the Data Principal or another person, including in situations of medical emergency or threat to life.

5. How We Use Your Data

We use the data we collect for the following specific purposes:

  • Fulfilling Logistics Services - Processing shipments, managing pickups and deliveries, generating AWBs, tracking consignments, and facilitating returns/reverse logistics.
  • Operating Warehouses - Managing inventory receipt, storage, pick-pack-ship operations, stock reconciliation, and quality checks across our fulfilment centres.
  • Freight Allocation via PACE AI - Using our proprietary AI engine to select the optimal courier partner based on serviceability, cost, speed, and historical performance data.
  • Generating Invoices & Billing - Calculating charges, generating invoices and credit notes, processing wallet transactions, and reconciling payments.
  • Customer Support - Responding to queries, resolving complaints, processing claims (lost/damaged shipments), and providing technical assistance.
  • Platform Improvement - Analyzing usage patterns to enhance user experience, optimize performance, fix bugs, and develop new features.
  • Regulatory Compliance - Meeting obligations under GST, Companies Act, Income Tax Act, and other applicable statutes.
  • Fraud Prevention & Security - Detecting suspicious activity, preventing unauthorized access, mitigating cyber threats, and safeguarding platform integrity.
  • Communications & Marketing - Sending service-related notifications, operational updates, and (with your consent) promotional communications about our products and services.

6. Consent Management

In accordance with Section 6 of the DPDP Act, 2023, we obtain your consent as follows:

  • Explicit Opt-In - For marketing communications, newsletters, promotional offers, and any processing beyond what is strictly necessary for service delivery, we require your clear and affirmative consent.
  • Implied for Service Delivery - When you sign a service agreement or use our platforms, consent for processing data essential to fulfil the contracted services is deemed to be given under the "certain legitimate uses" provisions of the DPDP Act.

Withdrawing Consent: You may withdraw your consent at any time by writing to privacy@prozo.com or through the consent management controls available in your platform dashboard. Please note that withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Additionally, withdrawing consent for processing essential to service delivery may result in our inability to provide certain services to you.

Consent Manager: As required under the DPDP Act, 2023, should the Central Government notify Consent Managers, we will integrate with registered Consent Managers to provide you with a transparent and interoperable mechanism for managing your consent preferences.

7. Data Sharing & Third Parties

We may share your Personal Data with the following categories of recipients, strictly on a need-to-know basis and in compliance with applicable data protection obligations:

  • Courier Partners - We work with 30+ carrier partners (e.g., Delhivery, BlueDart, DTDC, Ecom Express, Shadowfax, and others) to fulfil shipment pickup, transit, and last-mile delivery. Consignee details and shipment information are shared as necessary for delivery operations.
  • Warehouse Operators - Third-party warehouse partners who operate fulfilment centres on our behalf receive inventory, order, and shipment data necessary for pick-pack-ship operations.
  • Payment Processors - Authorized payment gateways and banking partners who process wallet recharges, settlements, and billing transactions.
  • Cloud Infrastructure Providers - Our platforms are hosted on enterprise-grade cloud infrastructure (AWS/Azure) with data centres in India. These providers act as Data Processors under contractual safeguards.
  • Analytics Providers - We use analytics tools to understand platform usage. Only anonymized and aggregated data is shared with these providers; no directly identifiable Personal Data is disclosed.
  • Government & Regulatory Bodies - Where required by law, court order, or regulatory directive, we may disclose Personal Data to law enforcement, tax authorities, or other government agencies.
  • Professional Advisors - Auditors, legal counsel, and consultants who are bound by professional confidentiality obligations.

We do NOT sell, rent, or trade your Personal Data to any third party for their independent marketing or commercial purposes.

8. Cross-Border Data Transfers

Your Personal Data is primarily stored and processed on servers located within the territory of India. In the event that any transfer of Personal Data outside India is required (for instance, to global cloud sub-processors or international courier partners), such transfer shall only be made to jurisdictions that are not restricted by the Central Government under Section 16 of the DPDP Act, 2023.

We ensure that adequate safeguards are in place for all cross-border transfers, including contractual clauses with Data Processors, data protection impact assessments where applicable, and adherence to any conditions notified by the Central Government.

9. Data Retention

We retain your Personal Data only for as long as it is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following table summarises our retention periods:

Data CategoryRetention PeriodRationale
Shipment Records8 yearsGST and tax compliance requirements
Financial Records8 yearsCompanies Act, 2013 and Income Tax Act
Platform Usage Logs2 yearsSecurity analysis and troubleshooting
Marketing Consent RecordsUntil withdrawal + 1 yearAudit trail for consent compliance
CCTV Footage (Warehouse)90 daysSecurity and incident investigation
Support Tickets3 yearsService quality and dispute resolution

Upon expiry of the retention period, Personal Data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual, in accordance with Section 8(7) of the DPDP Act, 2023.

10. Data Security

We implement robust technical and organisational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption at Rest - All Personal Data stored in our databases is encrypted using AES-256 encryption.
  • Encryption in Transit - All data transmitted between your device and our servers is protected via TLS 1.2 or higher.
  • SOC 2 Type II Controls - Our security practices are aligned with SOC 2 Type II standards covering security, availability, processing integrity, and confidentiality.
  • Role-Based Access Control (RBAC) - Access to Personal Data is restricted based on job function and the principle of least privilege.
  • Multi-Factor Authentication (MFA) - MFA is enforced for all platform access, including admin consoles, client dashboards, and internal tools.
  • Penetration Testing - We conduct regular penetration testing and vulnerability assessments through independent security firms.
  • Incident Response Plan - We maintain a documented incident response plan with defined escalation procedures, roles, and communication protocols to address security incidents promptly.

While we strive to protect your Personal Data using industry-leading standards, no method of electronic transmission or storage is 100% secure. We continuously review and improve our security measures.

11. Your Rights Under the DPDP Act, 2023

As a Data Principal, you have the following rights under the DPDP Act, 2023:

  • Right to Access (Section 11) - You have the right to obtain a summary of your Personal Data being processed by us and the processing activities undertaken with respect to such data.
  • Right to Correction (Section 11) - You have the right to request correction of inaccurate or misleading Personal Data, and completion of incomplete Personal Data.
  • Right to Erasure (Section 12) - You have the right to request erasure of your Personal Data that is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.
  • Right to Grievance Redressal (Section 13) - You have the right to register a grievance with us regarding the processing of your Personal Data and receive a response within the prescribed time.
  • Right to Nominate (Section 14) - You have the right to nominate any individual who shall, in the event of your death or incapacity, exercise your rights as a Data Principal.

To exercise any of these rights, please write to us at privacy@prozo.com with the subject line "Data Principal Rights Request." We will verify your identity and respond to your request in accordance with applicable law, within a reasonable period not exceeding 30 days.

12. Grievance Redressal

We have established the following internal grievance redressal mechanism in compliance with Section 13 of the DPDP Act, 2023:

  • Acknowledgement: All grievances submitted to our Grievance Officer will be acknowledged within 48 hours of receipt.
  • Resolution: We aim to resolve all grievances within 30 days from the date of receipt.
  • Communication: You will receive updates on the status of your grievance via the email address provided in your request.

Grievance / Compliance Officer:

  • Name: Vaibhav Dhawan
  • Email: compliance.officer@prozo.com
  • Phone: +91 9311847248
  • Address: Unit No. 1220, 12th Floor, Enkay Tower, Vanijya Nikunj, Udyog Vihar Phase V, Gurugram, Haryana - 122016, India

Escalation: If you are not satisfied with our response, or if your grievance is not resolved within the stipulated period, you may escalate the matter by filing a complaint with the Data Protection Board of India established under the DPDP Act, 2023.

13. Children's Data

Our platforms and services are designed for business-to-business (B2B) and business-to-consumer (B2C) logistics operations and are not directed at children under the age of 18. We do not knowingly collect, process, or store Personal Data from children.

In compliance with Section 9 of the DPDP Act, 2023, if we become aware that we have inadvertently collected Personal Data from a child without verifiable parental or guardian consent, we will take immediate steps to delete such data from our records. If you believe we may have collected data from a minor, please contact us immediately at privacy@prozo.com.

14. Cookies & Tracking

Our platforms use cookies and similar tracking technologies to enhance your experience. We categorise cookies as follows:

  • Strictly Necessary Cookies - Essential for platform functionality, authentication, and security. These cannot be disabled without affecting core features (e.g., session management, CSRF protection).
  • Performance Cookies - Collect anonymized data about how users interact with our platforms (e.g., page load times, error rates) to help us optimise performance.
  • Functional Cookies - Remember your preferences and settings (e.g., language, region, dashboard layout) to personalise your experience.
  • Marketing Cookies - Used to deliver relevant advertisements and measure campaign effectiveness. These are only activated with your explicit consent.

Managing Your Preferences: You can manage your cookie preferences through our cookie consent banner displayed on your first visit, or at any time through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may limit the functionality of our platforms.

15. Breach Notification

In the event of a personal data breach, Prozo will comply with the notification obligations under the DPDP Act, 2023:

  • Notification to Data Protection Board: We will notify the Data Protection Board of India within 72 hours of becoming aware of a personal data breach, as required under Section 8(6) of the DPDP Act, 2023. The notification will include the nature of the breach, categories and approximate number of affected Data Principals, likely consequences, and measures taken or proposed to address the breach.
  • Notification to Affected Data Principals: We will notify affected Data Principals without unreasonable delay, providing details of the breach, potential impact, and recommended protective measures you should take.
  • Documentation: All breaches, regardless of severity, are documented in our internal incident register with facts, effects, and remedial actions taken.

16. Third-Party Links

Our platforms may contain links to external websites, services, or applications operated by third parties. These links are provided for your convenience and informational purposes only. We do not control, endorse, or assume responsibility for the content, privacy policies, or practices of any third-party websites.

We strongly encourage you to review the privacy policy of every external website you visit. Prozo shall not be liable for any loss or damage arising from your interaction with third-party websites or their handling of your Personal Data.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes:

  • A prominent notice will be displayed as a banner on our website and platforms.
  • Registered users will receive an email notification at their registered email address.
  • The "Last Updated" date at the top of this Policy will be revised accordingly.

We encourage you to periodically review this Policy to stay informed about how we protect your data. Your continued use of our platforms after the posting of changes constitutes your acceptance of such changes, subject to your right to withdraw consent as outlined in Section 6 above.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Company: Prozo Integrated Logistics Private Limited
  • CIN: U72200HR2014PTC052701
  • Corporate Office: Unit No. 1220, 12th Floor, Enkay Tower, Vanijya Nikunj, Udyog Vihar Phase V, Gurugram, Haryana - 122016, India
  • Privacy Email: privacy@prozo.com
  • Compliance Officer: Vaibhav Dhawan - compliance.officer@prozo.com
  • Phone: +91 9311847248

Last Updated: March 2026

Data Processing Addendum
We use cookies on our website to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy