Privacy Policy





Epic.One Loyalty Sciences Private Limited together with its affiliates (collectively, “Company”, “we”, “our”, “us”) operates a proprietary multi-brand consumer loyalty reward program (“Reward Program”) through an end to end online technology platform offered through the website(s) and mobile application(s) owned and / or controlled by the Company including www.epic.oneinsert URL] (together “Platform”). The Platform makes the loyalty rewards accessible and provides various reward choices available, to the customers enrolled on the Platform, including the customers of the various clients whose reward programs are managed by the Company via the Platform (collectively “Customers”, “you”, “your”). Hereinafter collectively referred to as “Services”.


The Company recognizes that privacy is important to you and is thus committed to operating the Platform with the highest ethical standards, be open and transparent with our processing of your information and adopt appropriate internal controls to prevent any misuse of your information.


This Privacy Policy (“Policy”) explains how we collect, use, and disclose information in relation to operating the Platform and providing the Services.


By using our Platform and providing the information as explained in this Privacy Policy, you expressly consent to the terms of this Privacy Policy. We encourage you to read this Privacy Policy regarding the collection, use, and disclosure of your information. If you are not comfortable with any of the terms or policies described in this Privacy Policy, you may choose to discontinue usage of the Platform.




This Privacy Policy describes our practices regarding the information collected through our Platform from the Customers, users and other individuals who access or use our Platform. This Privacy Policy is part of the terms and conditions of the Reward Program in addition to the terms and conditions of the loyalty programs operated by our clients (as detailed on the Platform) that you enrol for, along with the respective privacy policies of clients or any marketing and sales promotion to acquire new members run by the Company and / or clients.


By accessing and / or using our Platform, you understand that we will collect and use your information as described in this Privacy Policy.


If you or your organization is our client and have an individual agreement with us, that agreement may have privacy terms that also apply to the information you provide to us under that agreement. You are requested to review the terms in that agreement.


Our clients or any other third party may either collect your information and transfer the same to us or require us or any third party, to collect such information on behalf of them. Accordingly, in such case, the Company will only process the information provided by or collected on behalf of such third party and will only act for and on behalf of that third party. To such an extent, the Company will qualify as a processor.


It may also happen that we act as the controllers, or joint controllers with a third party, of certain information and decide the purposes and means of the processing of such information. The use of such information shall be as per the terms of this Privacy Policy.


This Privacy Policy does not apply to any third-party websites, mobile applications, blogs, etc. that you may use, including any that are linked to our Platform. You should review the terms and policies for third-party websites and applications before clicking on any links.


In this Privacy Policy, information refers to such information that relates to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to his / her physical, physiological, genetic, mental, economic, cultural or social identity.




We collect the information through:


  • the Platform;

  • the social media pages that we control from which you are accessing this Privacy Policy as well as the public information available on such platforms about you (collectively, our “Social Media Pages”);

  • the e-mail messages, online directories, public databases and digital campaigns including on third party sites through google, affiliate marketing, blogs, influencers, forums, internet search etc. that we use and through your communications with us (collectively, our Digital campaigns);

  • our various offline interactions including voice, print, direct at client sites - hotels, corporate presentations, events, retail malls, airport, public directories and others;

  • your enrolment, use and access of the services linked to the loyalty programs we manage for our clients;

  • voice calls and customer services, emails, messages and all other forms of communication received from you including details of references for memberships and your family details;

  • through our clients, business partners and third parties;

  • any data received from network connection devices.




To the extent permitted by applicable law and, as permitted by our agreements with our client, we may receive, collect, process and / or store some or all of the following type of information, including information in the course of our business:


Enrolment on and use of the Platform: Information such as:


  • Name;

  • email address;

  • telephone / mobile number;

  • age;

  • date of birth;

  • location;

  • credit / debit card details; and

  • other information,


may be collected in connection with the use of the Platform. The Customers may update their information by logging into their account, as applicable. When you register using your other accounts like on Facebook, Twitter, Gmail etc. we shall retrieve information from such account to continue interacting with you and to continue providing the Services.


Payment Information:


We also collect and process payment information when you use the Platform and our Services, including credit cards numbers, billing information, information provided while using payment wallets, android pay etc., using third-party intermediary PCI-DSS compliant service providers. Typically, the payment information is provided directly by you, via the Platform, into the PCI / DSS-compliant payment processing service to which the Company subscribes, and the Company does not, itself, process or store the payment information, except as stated herein. Further, these intermediaries are not permitted to store, retain, or use your billing information for any purpose except for payment processing on our behalf.


Profiling Information:


We shall also solicit and collect from the Customers, time to time details on their preferences, subscription to particular news segments or offers and other promotional activities we do.


Transaction history within the Reward Program and loyalty reward programs of our clients:


We will collect information on transactions linked to your account on the Platform and with the relevant client and required for processing of the reward points, credits and debits to your account on the Platform and with the relevant client. This shall include all transactions on the Platform, on the Platform and with the relevant client, all promotional campaigns through emails, SMS or any other communication channel, at any other participating affiliates, subsidiary, program partners, surveys and more.



Information may be collected in connection with customer support and for quality and assurance purposes, whether via email, social media, telephone or any files uploaded, emailed or otherwise provided by the Customers for support and quality and assurance.


Information automatically tracked while navigation:


  • hardware settings;

  • operating system type and version, web server type and version, database type and version;

  • unique IDs such as a cookie placed on a computer or mobile device, or device IDs;

  • Internet Protocol (IP) address and information derived from an IP address, such as geographic location;

  • referring domain, destination domain and destination path; 

  • geo-locational data, including latitudinal and longitudinal data; 

  • user IDs and passwords of the Customers with accounts on the Platform, or on other websites, apps, etc. that use the Services; 

  • information about the performance, security, software configuration and availability of our Services on your servers and network; 

  • information from or about the computers, phones, or other devices where the Platform has been installed or Services been accessed;

  • other similar information.


Surveys and Research:


We may collect information from anyone participating in research and surveys conducted by the Company or its client.


Customer Comments and Content: 


If you post any comments or content on our Platform, you should be aware that any information you choose to provide there may be read, collected, or used by third parties. We are not responsible for the information you choose to submit and we cannot guarantee that third parties have not made copies of or will not use such information in any way. 


Cookies information:


We may send one or more cookies or other anonymous identifiers to the Customers’ device through the Platform to collect and store information when any Customer visits the Platform.


We may use both session cookies, which expire once you close your web browser, and persistent cookies, which stay on your computer until you delete them and other technologies to help us collect data and to enhance your experience with the Platform. Cookies are small text files a website can use to recognize a repeat visitor to the website. We may use cookies for various purposes, including to:

  • authenticate users;

  • personalize your experience;

  • analyse which portions of the Platform are visited or used most frequently; and

  • measure and optimize advertising and promotional effectiveness.


If you do not want us to deploy cookies in your browser, you can opt out by setting your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. If you choose to disable cookies in your browser, you can still use the Platform, although your ability to use some of the features may be affected.


Third Party Analytics:


We use third-party analytics services to evaluate your use of the Platform, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information relating to the Platform and mobile and internet usage. These third parties use cookies and other technologies to help analyze and provide us the information and, in some cases, connect such information with other data held by our, or third party, environments. You consent to the processing of information about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.


For more information on these third parties, including how to opt out from certain data collection, please visit the sites below. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Platform.



Advertisement Information:


The Company or third-party advertisers or their advertising servers may also place or recognize unique cookies on the mobile phone or use other electronic tools in order to help display advertisements that the Customers see on the Platform. Information about visits to, and activity on, the Platform, an IP address, the number of times an advertisement has been viewed and other such usage information is used, alone or in combination with other information, to display on the device screen advertisements that may be of particular interest to you. We may use web beacons, provided by third-party advertising companies, to help manage and optimize our online advertising and product performance. Web beacons enable us to recognize a browser’s cookie when a browser visits the website, and to learn which banner ads bring users to the website. The use and collection of the information by these third-party service providers, and third-party advertisers and their advertising servers is not covered by this Privacy Policy.


Employment Opportunities:


We provide you with a means for submitting your resume or other information through our Platform for consideration for employment opportunities at the Company. Information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your information within the Company, or keep it on file for future use, as we make our hiring decisions.


Information from Other Sources:


We may receive information about you from other sources, add it to the information available with us and treat it in accordance with this Privacy Policy.




The legal basis for collecting and using the information described in this Privacy Policy depends on the information we collect and the specific context in which we collect it. The Company may process your information because:


  • there is an express or implied contract with you when you agree to access our Platform or use our Services;

  • you have given consent by accessing our Platform or using our Services for the processing of your information for one or more specific purposes as discussed in this Privacy Policy;

  • processing is necessary for the performance of the contract to which you are a party and is in our legitimate interests; and

  • processing of your information is necessary for the compliance of a legal obligation to which we are subject and to protect your interests.




We may use the information, collected in connection with the Services - for the purpose of providing the Services to the clients and the Customers, to enable the Customers to use the Platform, for supporting our business functions and other legitimate purposes and our legitimate business interests including the following:


  • to provide, operate, maintain, improve and promote the Platform and the Services;

  • to provide customized Services to the clients in accordance with our agreement with the clients;

  • to meet our contractual requirements, to comply with applicable legal or regulatory requirements and our policies, and to protect against criminal activity, claims and other liabilities;

  • to enable you to access and use the Services and / or the Platform;

  • to identify whether the Customer is a verified user;

  • to fulfil the Customer requests, such as to create an account on the Platform;

  • to provide customer service and support in connection with the Services;

  • to communicate with our Customers; to inform the Customers of products, programs, services, product and technical updates, marketing mailers, security alerts, newsletters, promotions, offers, contests, and events; and provide other news or information about us and our partners;

  • to send the Customers’ information regarding and issues specifically affecting the Services and the Platform;

  • to respond to reviews, comments, or other feedback provided to us;

  • to support and personalize our Services, Platform and advertising;

  • to protect the security and integrity of our Services, Platform, content, and our business;

  • for benchmarking, data analysis, audits, developing new products, enhancing the Platform and the Services, facilitating product, software and applications development, conducting research, analysis, studies or surveys, identifying usage trends, as well as for other analytics purposes;

  • to conduct internal reviews and data analysis and to monitor and prevent any problems with our Services or Platform;

  • to monitor and analyse trends and better understand how Customers interact with the Platform and the Services; which helps us improve our Platform and the Services and make them easier to use;

  • better servicing of the Customers and preparing quarterly statements for account maintenance.

  • to make the offerings more relevant to the Customers and as desired by them ensuring no spam mails go through.

  • to keep track of point transactions, for help in case of any disputes; processing your rewards orders; dealing with requests, enquiries or complaints and other customer care related activities; and all other general administrative and business purposes; marketing our and our partners products and services; carrying out any activity in connection with a legal, governmental or regulatory requirement or in connection with legal proceedings, crime or fraud prevention, detection or prosecution;

  • to seek your feedback or to contact you in relation to the services offered on our Platform; registering your details and allocating or offering you rewards, discounts or other benefits as part of the Reward Program

  • for any other lawful purpose for which the information is provided.




We may disclose information that we collect or that is provided to us, as described below:


  • Information may be shared with Reward Partners  


The Company may share information with the reward partners to enable such reward partners to provide the rewards to the Customers.


  • Information Shared with Group Companies and Affiliates


The Company may share information with its employees, agents, officers, group companies, the employees, agents and officers of such group companies, and affiliates, bound by contractual obligations to keep information confidential, to help us provide our Services.


  • Information shared with Third Parties and Sponsors


The Company may share information with contractors, service providers and other third parties we use, to support our business and who are bound by contractual obligations to keep information confidential and use it only for the purposes for which we disclose it to them. We may use third parties that we refer to as internal service providers to facilitate or outsource one or more aspects of the business and service operations that we provide to the our clients and the Customers including all kinds of back-end operations, search technology, payments, affiliate and rewards programs, maintenance services, database management etc. and therefore we may provide some of theinformation directly to these internal service providers. We expect that these internal service providers would use the information we provide them only to facilitate the specific outsourced operation. In some instances, the internal service provider may collect information directly from the Customer (for conducting surveys etc.) on our behalf. If the Customer provides additional information to an internal service provider directly, then their use of information is governed by their applicable privacy policy.


  • Information shared via third party social buttons and other embedded content


Some of our Services carry embedded content controlled by third parties. When Customers interact with those services, the third parties may collect information from and about the Customer interaction with their content. This activity will be subject to their respective privacy policies. Please be aware that they may track user activity, through the use of cookies or similar technology, without needing any user interaction with them.


  • Information shared with Other Parties


The Company may also disclose the information to unaffiliated third parties if we believe in good faith that such disclosure is necessary:


  • to comply with the law or in response to a subpoena, court order, search warrants, judicial proceedings, other legal process, or other law enforcement measures, to establish or exercise our legal rights, or to defend against legal claims;

  • to protect the interests, rights, safety, or property of the Company or others; 

  • to enforce any terms of Service;

  • to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential, or as otherwise required by law; 

  • to provide users of the Platform with the Services requested by users; or

  • to operate the Company’s systems properly.

  • Sale or Transfer of all or part of Business of Company


If the Company sells all or part of its business or makes a sale or transfer of its assets or is otherwise involved in a merger or transfer of all or a material part of its business, the Company may transfer the information to the party or parties involved in the transaction as part of that transaction.


  • Some General Exceptions to Disclosures

  • The Platform may include links to other websites, applications or resources. Such links do not constitute an endorsement by the Company of those external websites, applications or resources. You further acknowledge that the Company is providing these links to you only as a convenience, and further agree that the Company is not responsible for the content of such external websites, applications or resources. Such external websites, applications or resources are governed by their respective privacy policies, which are beyond our control. That policy may differ from ours. We encourage you to be aware when you access their websites, applications or resources and read their privacy policies.  If you can't find the privacy policy of any of these via a link, you should contact the application owners directly for more information.

  • Any information provided to us will not be subject to the protection available under this Privacy Policy, if it is freely available and / or accessible in the public domain like any comments, messages, blogs, scribbles available on social platforms like Facebook, Twitter, etc.

  • Anything posted / uploaded / conveyed / communicated by the Customers in the Platform becomes published content and is not considered information subject to protection available under this Policy.

The above exceptions are not exhaustive and will include exceptions available in law as well as otherwise.




Some of the uses and disclosures mentioned in this Privacy Policy may involve the transfer and processing of the information to and in various countries around the world that may have different levels of privacy protection than your country. By submitting information through the use of the Services or the Platform, you consent to such transfers and processing. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries will be entitled to access such information.




Except where otherwise indicated, we do not knowingly collect or store any information from children under the age of 13. If you are aged 13 or under, we request that you do not provide us with any information. In such case, the guidance of the parent or guardian is necessary before using our Platform and the Services or the websites, apps, blogs, etc. that use our Services.


If any the parent or guardian of a child who is aged under 16 becomes aware that any child has provided us with information without the parent’s consent, please contact us as given below. We will handle such information as per applicable law.


Older children


Depending on the Service, we may also seek to obtain the consent of the parent or guardian if any user is under the age of 18.




We will retain information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:


  • the length of time we have an ongoing relationship with the Customer;

  • whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them);

  • whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations);

  • when we have no ongoing legitimate business need to process your information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible; and / or

  • for information that we process on behalf of our client, we will retain such information in accordance with the terms of our agreement with them, subject to applicable law.




Unless specifically requested, we do not need disclosure, on or through the Platform or the Services or otherwise of any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, national identification numbers, social security numbers, trade union membership, or administrative or criminal proceedings and sanctions) regarding the Customers.




Any information provided to the Company is kept on secure servers with limited access. The Company uses reasonable administrative, technical, personnel, and physical measures (a) to safeguard information against loss, theft, unauthorized use or access, disclosure, or modification; and (b) to ensure the integrity of the information.


We limit access to any information with others if there is a genuine business need to do so. We also endeavour that the any recipients of such information agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.


We also have procedures in place to deal with any suspected data security breach. We will notify the Customer, the relevant client and any applicable regulator of a suspected data security breach where we are legally and contractually required to do so.


However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information that we possess will not be intercepted while being transmitted to us over the internet. And, of course, any information the Customers include in a posting to the discussion areas is available to anyone with internet access.


If you use the Platform and /or the Services, you are responsible for maintaining the confidentiality of your access information and password. You are responsible for restricting access to your computer, mobile, device, etc., and you agree to accept responsibility for all activities that occur under your password. We cannot secure any information that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access. 




As regards your information, you have some important rights available free of charge. In summary, those include:


  • right to access and update, as and when required, your information held by us;

  • requiring us to correct any mistakes in Customers’ information – in such case we shall ensure that any information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such personal information to be retained by law or for legitimate business purposes;

  • requiring the erasure of information in certain situations;

  • requiring us to restrict processing or object at any time to processing of personal information in certain situations;

  • receiving the information provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third party in certain situations;

  • right to object to decisions being taken by automated means which produce legal effects concerning you;

  • right to object in certain other situations to our continued processing of personal information; and / or

  • right to otherwise restrict our processing of your personal information in certain circumstances.

Upon request, we will provide you with details about whether we hold, or process on behalf of a third party, any of your information. Further, if there is any change in the information, the same may be updated. You may update or change your information by going to account settings or by contacting for more detailed instructions. We will endeavour to update your information within a reasonable time of being provided with the new or updated information. To make a request to have information maintained by us returned to you or removed, please email Requests to access, change, or remove your information will be handled within reasonable time.


An individual who seeks access to, or who seeks to correct or, amend inaccuracies in, or delete information stored or processed by us on behalf of a client or any third party, he / she should direct his / her query to that client or such third party. Upon receipt of a request from one of our Customers for us to remove the data, we will respond to their request as per the terms of the Agreement with such Customers. We will retain personal information that we store and process on behalf of our client for as long as needed to provide the Services to our client. We will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


If you are a Customer or otherwise provide us with information in connection with your use of our Platform or Services, we will delete this information upon your request, provided that, notwithstanding such request, this information may be retained for as long as you maintain an account on our Platform, or as needed to provide you with our Services, comply with our legal obligations, resolve disputes and enforce our agreements.


We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests or inform other limitations they would like to put on our use of information. If you would like to exercise any of those rights, please email, call or write to us and provide us enough information to identify yourself e.g., name, registration details, etc. and let us know the information to which the request relates.


We may need to verify your identity before fulfilling the request, to protect your privacy and security. We will try to comply with your request as soon as reasonably practicable.


Please note that we often need to retain certain data for recordkeeping purposes and / or to complete any transactions that you began prior to requesting a change or deletion. Further, because of the way we maintain certain Services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems. In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.




We are not liable for any offensive or defamatory comments made by the Customers through our Platform. The Company is not liable for any offences committed by the Customer.




  • You guarantee that you are of legal age and are persons who can form a legally binding contract under the applicable laws of applicable countries. 

  • That the information furnished to us is true, accurate, complete and up-to-date. If you are a minor i.e. under the age of 18 (eighteen) years, you may use our Platform and our Services only with the involvement of a parent or guardian.

  • For the purposes stated in this Privacy Policy, you are responsible for the truthfulness of all the data communicated and will keep the information updated, so that said information reflects their actual situation.

  • You guarantee that you have informed third parties on whose behalf you may have provided information, where applicable, of the aspects contained in this Privacy Policy. You also guarantee that you have obtained the third party’s authorization to provide their information to us for the purposes indicated herein.

  • You will be responsible for false or inaccurate information provided through the Platform and for damages, whether direct or indirect, that this may cause to us, to our clients or any of our agents or other partners.

  • You accept and agree that there may be certain information that we may not allow you to review for legal, security or other reasons.




The Company may alter this Policy to incorporate necessary changes in technology, applicable law or any other variant from time to time by posting revisions on this web page. Such changes will be effective upon posting.


For revisions to this Privacy Policy that may be materially less restrictive on our use or disclosure of information that you have provided to us, we will make reasonable efforts to notify you and obtain your consent before implementing revisions with respect to such information.




All questions, comments and requests regarding this Privacy Policy should be addressed to Shalini Prakash, Founder or write to us at

Redressal Mechanism: Any complaints or concerns with regards to the processing of information provided or breach of these terms shall be immediately informed to the designated Grievance Officer as mentioned below via in writing by email / post / courier to or Office: 2, Lavelle Road, Shanthala Nagar, Ashok Nagar, Bengaluru, Karnataka 560001

We request you to please provide the following information in your complaint:


  1. Address, telephone number and e-mail address;


  1. A statement, under penalty of perjury, that the information in the notice is accurate;

The Company shall not be responsible for any communication, if addressed, to any non-designated person in this regard.

If you believe our processing of your personal information is inconsistent with the applicable data protection laws, you can lodge a complaint with your local supervisory data protection authority (“DPA”).