Welcome to Tress Roots India Private Limited (“Tress Roots”, “Company”, “we”, “our” or “us”). This Privacy Policy sets out the manner in which we collect, receive, use, process, store, share, transfer, and safeguard your information when you visit or use our website located at www.tressroots.com (the “Website”) and access any of our products, hair care programs, medical consultations, diagnostic evaluations, online assessments, questionnaires, features, educational content, subscriptions, and related services (collectively, the “Services”).
At Tress Roots, we are committed to protecting your privacy and ensuring transparency in how your information is handled. In order to provide personalized hair and wellness solutions, we may collect certain personal and health-related details that are sensitive in nature. We recognize the importance of such information and treat it with strict confidentiality. We implement reasonable and appropriate technical, administrative, and physical security measures to protect your data against unauthorized access, misuse, loss, alteration, or disclosure, in accordance with applicable law.
This Privacy Policy is published in compliance with, inter alia:
By accessing or using the Website, registering an account, completing questionnaires or assessments, submitting your information, placing an order, or otherwise interacting with our Services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. You further provide your explicit consent to the collection, processing, storage, and use of your Personal Information and Sensitive Personal Data or Information (SPDI) in the manner described herein.
If you do not agree with the terms of this Privacy Policy, you should refrain from accessing or using the Website or Services.
The Website and Services are intended only for individuals who are legally competent to enter into binding contracts under the Indian Contract Act, 1872. If you choose to access the Website from a location outside India, you do so at your own discretion and risk, and you are solely responsible for complying with the laws applicable in your jurisdiction.
a. This Privacy Policy applies exclusively to information that we collect directly from you through our Website and Services, including information provided via online forms, diagnostic assessments, consultations, questionnaires, orders, email communications, text messages, customer support interactions, and other electronic communications made through or in connection with our Services.
b. This Privacy Policy does not extend to information that you share with, or that is collected by, any third party, including but not limited to payment gateways, logistics partners, social media platforms, advertising networks, or other external websites and service providers that may be linked to or integrated with our Services. We do not control and are not responsible for the privacy practices of such third parties. We strongly encourage you to review the privacy policies of those third parties before providing them with any personal information.
We may collect various categories of information from and about users of our Services in order to provide, improve, and personalize our offerings. Such information may include: (i) Personal Information — meaning any information that relates to an identified or identifiable individual and can be used, either alone or in combination with other information reasonably available to us, to identify a specific person; and/or (ii) technical and usage-related information concerning your internet connection, the devices and equipment you use to access our Services, and details regarding how you interact with the Platform.
For clarity, Personal Information does not include information that has been anonymized or aggregated in such a manner that it can no longer reasonably be used to identify an individual. Personal Information may include, without limitation, your name, email address, phone number (mobile or landline), date of birth, gender, educational qualifications, occupation, employment details, work experience, marital status, number of children, monthly income, city and state of residence, government-issued identification details (such as Aadhaar, PAN, tax identification numbers), and health-related information, among other data necessary for providing our Services.
The types of information we may collect include the following:
a. Information You Provide Directly to Us: We collect and store information that you voluntarily submit through the Platform or share with us through other means of communication. This includes information provided during registration such as your name, phone number, age, gender, email address, and geographical address. We may verify your contact details using mechanisms such as one-time passwords (OTP) sent to your registered mobile number or email address.
In order to deliver personalized hair care and wellness solutions, we may collect additional information including, but not limited to, items added to your cart, products ordered, height, weight, lifestyle habits, dietary patterns, medical history, delivery address, exercise habits, consultation preferences, and related information necessary to facilitate consultations with healthcare professionals. While you may choose not to provide certain details, doing so may limit your ability to fully access or benefit from our Services.
We may also collect Sensitive Personal Data or Information (“SPDI”), particularly health-related data, when you use our Services. This may include information about your medical history, current health status, laboratory reports, diagnostic results, treatment plans, consultation notes, dosage instructions, nutritional deficiencies, practitioner recommendations, products purchased, and any other health-related information shared by you or on your behalf. We may also collect payment-related details such as payment card number, expiration date, billing address, and shipping address. Payment processing may be handled through authorized third-party payment gateways in accordance with applicable laws.
By using our Services, you consent to the recording, storage, and processing of communications between you and healthcare professionals conducted through the Platform for quality control, record-keeping, and legal compliance purposes. We may also retain consultation notes, practitioner recommendations, diagnostic information, and related data for as long as required to provide Services to you or as mandated by applicable law.
Additionally, information you provide through reviews, ratings, photographs, comments, feedback, testimonials, ordering history, favourite categories, special requests, contact information of recipients, account preferences, and other profile details may be collected and stored. If you choose to publish content such as reviews, photos, comments, likes, bookmarks, lists, or other contributions (“User Contributions”) in publicly accessible areas of the Platform, such information may be visible to other users and third parties. You acknowledge that any content you voluntarily post is done at your own risk. While we implement reasonable safeguards, we cannot guarantee that unauthorized persons will not access such information once publicly shared.
b. Information from Other Sources: We may receive information about you from third-party sources such as payment partners, logistics providers, advertising partners, analytics providers, healthcare professionals, diagnostic laboratories, or other entities associated with the delivery of our Services. Such information may include order details, transaction confirmations, consultation data, or other relevant account-related information, which may be combined with the information already maintained in your account.
c. Cookies and Other Tracking Technologies: We use cookies and similar tracking technologies to enhance your experience on the Platform. A cookie is a small text file placed on your device to collect information about your activity and preferences. These technologies may collect data such as IP address, domain name, browser type, operating system, device identifiers, access times, and browsing behavior. Cookies help us remember your preferences, analyze traffic patterns, improve functionality, and deliver a more personalized user experience.
Most web browsers and mobile devices allow you to control cookie settings, including the ability to accept, reject, or delete cookies. If you disable cookies, certain features of the Platform may not function properly or may be unavailable. Instructions for managing cookies are typically available in your browser or device help settings.
d. Third-Party Tools and Software: We may integrate third-party software development kits (SDKs), analytics tools, and payment processing systems within the Platform to facilitate secure transactions, improve functionality, and enhance user experience. This Privacy Policy governs our use of cookies and tracking technologies but does not apply to cookies or tracking mechanisms implemented directly by third parties. We do not control how third parties collect or use your information, and we encourage you to review their respective privacy policies.
e. Automatically Collected Information: When you interact with our Platform, we may automatically collect certain technical information such as your device type, device brand, operating system and version, application version, browser type and version, user agent, IP address, and usage patterns. We may also collect approximate location data and unique device identifiers (such as IDFA, GAID, or other device IDs) when you access our Services through a mobile device. This information may be used for internal analytics, security monitoring, fraud prevention, performance optimization, and to provide location-based or personalized content and advertisements.
Unlike browser cookies, certain mobile device identifiers cannot be deleted. Advertising and analytics partners may use such identifiers to measure advertisement performance, track usage trends, and display relevant advertisements.
You acknowledge and agree that all information, including Personal Information and SPDI, is provided by you voluntarily. The collection, use, storage, and disclosure of such information are based on your explicit consent. You may withdraw your consent or request deletion of your information in accordance with applicable law; however, in such cases, we may be unable to provide you with access to certain features of the Platform or continue offering our Services.
a. We use the information collected from and about you for various legitimate business and service-related purposes, including to provide, maintain, and improve our Services. Such uses may include, without limitation:
(i) To fulfill our obligations arising from your requests for products, consultations, diagnostic assessments, and other Services offered through the Platform;
(ii) To facilitate hair health assessments, screenings, evaluations, and related diagnostic processes;
(iii) To operate, manage, and enhance the functionality of the Platform and improve overall user experience and business operations;
(iv) To process, confirm, and deliver your orders, including coordinating with payment processors and logistics partners;
(v) To enable your access to the Platform and allow you to purchase products and avail Services seamlessly;
(vi) To schedule, manage, and facilitate consultations with hair experts, healthcare practitioners, and other professionals, including sending updates, reminders, and relevant consultation-related information;
(vii) To analyze data, monitor trends, develop algorithms, create internal databases, build recommendation engines, rating systems, and improve personalization mechanisms;
(viii) To support research, analytics, innovation, and business development initiatives of Tress Roots and its affiliates, including expanding our network of healthcare professionals and partners;
(ix) To respond to your inquiries, customize your experience, improve the Platform"s performance, and communicate with you regarding your account or orders;
(x) For operational and compliance purposes such as frequency capping, billing, ad reporting, regulatory compliance, internal audits, market research, and product development;
(xi) To comply with applicable laws, regulations, legal processes, or governmental requests;
(xii) To conduct internal audits, quality checks, training, and service improvement initiatives;
(xiii) To analyze device and usage information for troubleshooting, system administration, performance optimization, and enhancement of our products and Services;
(xiv) To contact you during and after your order for updates, delivery coordination, consultation scheduling, follow-ups, issue resolution, or to inform you about new or related products and Services;
(xv) To investigate, prevent, or take appropriate action in relation to suspected illegal activities, fraud, violations of our Terms, security breaches, or threats to the safety and rights of users or the Platform;
(xvi) To respond to your queries and provide you with notifications, service updates, promotional communications, alerts, policy changes, or information regarding any applicable fees or charges; and
(xvii) To contact you via SMS, email, phone calls, or other communication channels to obtain feedback, conduct surveys, record testimonials, and inform you about existing or upcoming products and Services.
By accessing or using the Platform and Services, you acknowledge and consent to the storage, processing, and transfer of your Personal Information and Sensitive Personal Data or Information (“SPDI”) in accordance with this Privacy Policy. We may share or disclose information collected from you in the following circumstances:
a. General Information Disclosures:
(i) To our holding companies, subsidiaries, affiliates, and group entities that are under common ownership or control, for purposes consistent with this Privacy Policy;
(ii) To contractors, service providers, payment processors, logistics partners, analytics providers, research partners, credit agencies, insurers, financial institutions, advertising partners, and other third parties engaged to support our business operations or enhance your experience on the Platform. Such entities are contractually obligated to maintain confidentiality and use the information only for the purposes for which it is disclosed;
(iii) To a prospective or actual buyer, investor, successor, or other relevant third party in connection with any merger, acquisition, restructuring, reorganization, sale of assets, divestiture, dissolution, bankruptcy, or similar transaction, where user information may form part of the transferred assets;
(iv) To third parties for marketing their products or services that may be relevant or beneficial to you, subject to appropriate contractual safeguards and applicable legal requirements;
(v) To fulfill the specific purpose for which you provided the information;
(vi) For any additional purpose disclosed to you at the time of collection or with your consent;
(vii) To hair experts, wellness advisors, and support teams to enable them to provide consultations, recommendations, and related services;
(viii) To healthcare practitioners, diagnostic laboratories, medical experts, and other professionals for consultation, evaluation, diagnostic, or therapeutic purposes.
We implement reasonable and appropriate electronic, technical, physical, and administrative safeguards to protect the Personal Information and Sensitive Personal Data or Information (“SPDI”) that we collect, store, process, and disclose. These measures are designed to safeguard your information against unauthorized access, alteration, disclosure, or destruction, and are aligned with applicable legal and industry standards.
We endeavor to protect the security of your information during transmission by using Secure Sockets Layer (SSL) encryption technology and other security protocols to encrypt sensitive data entered on the Platform. In addition, we maintain internal security controls and follow industry-recognized standards to ensure that your information is handled securely.
Access to Personal Information and SPDI is restricted to authorized employees, agents, healthcare practitioners, and service providers who require such information to perform their duties in connection with the Services. These individuals are bound by strict contractual confidentiality obligations and may face disciplinary action, including termination of employment or contractual relationship, if they fail to adhere to such obligations.
For security reasons, no employee, administrator, or representative of Tress Roots has access to or knowledge of your account password. You are responsible for maintaining the confidentiality of your account credentials and for restricting access to your device and mobile phone. You should log out of your account after each session to prevent unauthorized access. We shall not be liable for any unauthorized use of your account resulting from your failure to safeguard your login credentials. If you suspect any unauthorized access or misuse of your account, you must immediately notify us using the contact details provided in the relevant section of this Privacy Policy. You agree to indemnify and hold us harmless for any loss or damage arising from unauthorized use of your account due to your failure to secure your credentials.
While we adopt reasonable security practices and procedures as required under applicable law, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your information. Unauthorized access, hardware or software failures, cyber-attacks, computer hacking, data breaches, acts of government, internet service disruptions, or other events beyond our reasonable control may compromise the security of your information.
We store information, including IP addresses and system logs, using safeguards consistent with applicable legal requirements. However, we do not warrant or represent that our security measures will prevent every instance of unauthorized access to your Personal Information or SPDI.
Access to the Services is facilitated through secure server infrastructure and in accordance with our internal security guidelines. Nevertheless, by using the Platform and Services, you acknowledge and accept the inherent risks associated with the transmission of data over the internet and the World Wide Web. While we strive to protect your information, complete security of data transmission cannot be guaranteed, and you use the Services at your own risk.
a. The Platform provides you with access to certain information associated with your account and your interactions with the Services for the purpose of reviewing such information. Where technically feasible, you may request correction of any inaccurate or incomplete Personal Information or Sensitive Personal Data or Information (SPDI), or request deletion of your account, by contacting us through the email address specified in the “Contact Us” section.
You may also choose to opt out of optional features, such as receiving promotional or marketing communications. If you wish to receive such communications at the time of registration, you may affirmatively opt in. You may subsequently modify your communication preferences in accordance with the options made available on the Platform.
b. Your ability to access, review, update, correct, or delete your Personal Information may be subject to certain limitations as permitted under applicable law, including the following circumstances:
All such rights are further subject to our internal record retention policies and any mandatory data retention obligations prescribed under applicable law.
a. We maintain appropriate procedures to ensure that Personal Information and Sensitive Personal Data or Information (SPDI) in our possession or control is retained only for as long as necessary to fulfill the purposes for which it was collected. Such information will be deleted, destroyed, or anonymized once it is reasonable to conclude that (i) the purpose of collection has been satisfied; and (ii) continued retention is no longer required for legal, regulatory, or legitimate business purposes under applicable law.
b. Notwithstanding the foregoing, we may retain certain Personal Information for legitimate business, legal, compliance, audit, dispute resolution, or enforcement purposes, even if your account has been deleted. In certain cases, information may be anonymized and aggregated so that it no longer identifies you personally, and such anonymized data may be retained for analytics, research, operational improvement, or service facilitation purposes for as long as necessary.
c. If you wish to withdraw your consent to the processing of your Personal Information and SPDI, request deletion of your account, or ask that we discontinue the use of your data, you may contact us using the details provided in the "Contact" section. Please note that withdrawal of consent or account cancellation may limit or prevent your continued access to the Platform or Services and may result in the termination of any existing relationship between you and us, subject to applicable legal requirements.
d. For clarity, logging out of the account does not automatically result in the deletion of your Personal Information or SPDI from our systems.
a. The Platform may contain links to external websites, applications, advertisements, or other third-party content and resources ("Third-Party Links"). These Third-Party Links are operated and maintained by entities or individuals independent of us, and we do not exercise control over their content, policies, or practices. You acknowledge and agree that we are not responsible for the manner in which such third parties collect, use, disclose, or otherwise process your information. The inclusion of any Third-Party Links on the Platform does not constitute or imply any endorsement, recommendation, approval, or sponsorship of such third-party websites, applications, products, or services.
b. You further acknowledge that we shall not be liable for any loss, damage, claim, or liability arising out of or in connection with your access to, use of, or reliance upon any Third-Party Links, including the accuracy, completeness, or availability of any advertisements, products, services, or other materials made available through such links. Any transactions, communications, or exchanges of information between you and a third party are solely between you and that third party. We shall not be responsible for any disputes or issues that may arise from such interactions.
Third-party websites or applications accessible through the Platform may be governed by their own privacy policies and terms of use, which may differ from ours. We encourage you to review the applicable privacy policies and terms of such third parties and to exercise appropriate caution, judgment, and due diligence before engaging in any transaction or sharing any personal information.
Access to and use of the Platform and Services is permitted only to individuals who are competent to enter into a legally binding contract in accordance with the Indian Contract Act, 1872. The Services are not intended for individuals under the age of 18 years.
If you are below 18 years of age, you must not access, register on, or use the Platform or Services in any manner. In the event we become aware that an individual under the age of 18 has created an account, accessed the Platform, or provided any personally identifiable information, we will take appropriate steps to delete such information from our records.
If you are a parent or legal guardian and believe that a minor under the age of 18 has registered on or accessed the Platform or has provided personal information to us, you may contact us at the email address provided in the "Contact" section to request deletion of such information from our systems.
We reserve the right to modify, update, or revise this Privacy Policy from time to time to reflect changes in applicable laws, regulatory requirements, our information handling practices, enhancements to the Services, or technological developments. We encourage you to review this page periodically to remain informed about how we protect your information.
The use of information we collect is governed by the Privacy Policy in effect at the time such information is processed or used. In the event we make material changes to the manner in which we collect, use, or disclose your Personal Information, we will provide appropriate notice, which may include posting a prominent notice on the Platform or notifying you via email.
Your continued access to or use of the Platform or Services after any updates to this Privacy Policy have been posted shall constitute your acknowledgment and acceptance of the revised terms.
Pursuant to the provisions of the Information Technology Act, 2000 and the applicable Sensitive Personal Data or Information (SPDI) Rules, the details of the designated Grievance Officer are set out below:
Name: Raghav Aggarwal
Email: customercare.tressroots@gmail.com
Any grievances or concerns relating to the processing of Personal Information or SPDI may be addressed to the Grievance Officer at the contact details provided above. We will make reasonable efforts to acknowledge and resolve such complaints within one (1) month from the date of receipt, in accordance with applicable law.
If you have any questions, concerns, or requests regarding the collection, processing, or use of your information, or if you require any clarification in relation to this Privacy Policy, you may contact us using the details provided in Section (Grievance Officer) above. We will make reasonable efforts to respond to your inquiries in a timely manner.
a. Indemnity: You agree to indemnify, defend, and hold us harmless from and against any claims, actions, proceedings, losses, liabilities, damages, costs, or expenses arising out of or relating to (i) your disclosure of information to any third party through the Platform or otherwise, and/or (ii) your access to or use of any third-party websites, applications, or resources. We shall not be responsible or liable for the acts, omissions, or practices of any third parties with respect to Personal Information or Sensitive Personal Data or Information (SPDI) that you choose to share with them.
b. Severability: Each provision of this Privacy Policy shall be considered separate and independent from the others. If any provision is determined by a competent authority to be invalid, unlawful, or unenforceable, such determination shall not affect the validity or enforceability of the remaining provisions, which shall continue in full force and effect, unless the context expressly requires otherwise.