Mystore is a full-stack, AI-powered open network marketplace for sellers and brands of every size, and for buyers shopping across categories from trusted Indian sellers. To provide these services, we collect and use information about:
"Personal information" (or "personal data") means information that identifies, relates to, or could reasonably be linked to you. Capitalized terms not defined here have the meaning given in the applicable Mystore Terms of Service or Merchant Agreement.
By using Mystore's services - or by dealing with a merchant who uses Mystore - you agree to this Privacy Policy and, where applicable, the Mystore Terms of Service.
Trust is the foundation of Mystore. Three principles guide how we handle your information.
Your information belongs to you. We try to collect only what we need to provide our services, and we delete or anonymize information when we no longer need it.
We protect your information from others. If a third party asks for your personal information, we refuse unless you give us permission or we are legally required to share it. Where we are legally compelled to share it, we will tell you in advance unless the law forbids us from doing so.
We help merchants and partners meet their privacy obligations. Many of the businesses on Mystore do not have a dedicated privacy team. We try to build our products so they can be used in a privacy-friendly way, and we provide documentation to help.
The information we collect depends on how you use Mystore.
From merchants and sellers: name, company name, address, email, phone number(s), and payment details (such as payment status, billing information, settlement details, and transaction identifiers processed through authorized payment service providers); business information collected during onboarding (business type, business ID, date of birth for sole proprietors, bank account details, and government-issued identification where required for KYC, risk, or fraud screening); and technical data about how you access the platform (device, browser, network connection, IP address, and usage activity).
From buyers and customers: name, email, shipping and billing address, payment details, phone number, IP address, information about orders you place, the Mystore-powered stores you visit, and technical data about the device and browser you use. Where you shop at a merchant's store, we generally process this information as a processor on behalf of that merchant.
From partners: name, company name, website, phone number(s), address, business type, email, payment account details, and GST or tax identifiers, along with technical data about your use of the platform.
From website visitors and support users: device, browser, network, and IP information, cookie data, and any information you provide via web forms, chat, email, telephone support (including call audio), or community forums.
We collect this information when you sign up, access or use our services, place or process orders, contact support, or otherwise provide it to us. We may also receive information from third parties - for example, identity verification providers, payment gateways, logistics providers, ONDC Network Participants, fraud prevention providers, analytics providers, and partners who help us screen for fraud or risk.
We use your information to provide and improve our services, and where we (or someone we work with) have a legitimate business need. Depending on who you are, this includes to: set up and operate your account; confirm your identity; process orders, payments, and invoices; provide risk and fraud screening; deliver support; personalize your experience; provide reporting and analytics; communicate with you about features, services, and offers; and comply with legal and regulatory obligations.
Where the law (including certain EEA and UK laws) requires a legal basis, we rely on one or more of: performance of a contract (e.g., to set up your account and provide services); legitimate interests (e.g., fraud prevention, analytics, and service improvement); compliance with a legal obligation (e.g., KYC, anti-money-laundering, and tax requirements); and consent (e.g., certain marketing messages, or processing of sensitive personal information).
Mystore offers official connectors that let you securely access your own Mystore data from third-party AI assistants and applications - for example, AI assistants that support the Model Context Protocol (MCP), such as Anthropic's Claude. This section explains how data is handled when you choose to use one.
You control the connection. A connector only works after you explicitly authorize it. Authorization uses the OAuth 2.1 standard with PKCE (S256): you sign in to Mystore and approve access in Mystore's own interface, and the AI assistant receives a scoped access token. The AI assistant never receives your Mystore password.
Scope of access. Through our connector, an authorized AI assistant can call a defined set of read-only tools to retrieve information from the Mystore account you connected - for example, to search and view products and collections, view orders and order details, view customers, run analytics queries, and search help documentation. Each tool is scoped to the authenticated account, and access is limited to what that account is already permitted to see.
How your data flows. When you ask a connected AI assistant to perform a task (for example, "show my recent orders"), the assistant calls the relevant Mystore tool, and Mystore returns the requested data to that assistant solely to fulfill your request. We log connector activity for security, debugging, and abuse-prevention purposes.
Third-party AI providers. Once data is returned to a third-party AI assistant that you have connected, it is handled by that provider under their own terms and privacy policy, which Mystore does not control. We encourage you to review the privacy policy of any AI assistant you connect before authorizing access. Mystore does not use your connector interactions to train AI models without your consent.
Revoking access. You can disconnect a connector or revoke its access at any time from your Mystore account settings (or from within the connected AI assistant). Revoking access invalidates the associated token, after which the assistant can no longer retrieve data from your account.
To help operate the platform and serve merchants and buyers, Mystore uses machine-learning techniques and some forms of automated decision-making - for example, to screen accounts and transactions for fraud or risk, and to personalize and improve the shopping experience. When we use these techniques, we either keep a human involved in the process (so it is not fully automated), or we use them in ways that do not have legal or similarly significant effects on you (for example, ranking how products or apps appear).
Mystore works with service providers and third parties to deliver our services, and we may share personal information with them for that purpose. We may also share information:
What we do not do: We do not sell, rent, or otherwise provide your personal information to other companies for the marketing of their own products or services. If you are a merchant, we do not use the personal information we collect from you or your customers to independently market to your customers. Outside the purposes described above, Mystore will ask for your consent before sharing your personal information with third parties.
A cookie is a small piece of data stored on your device by your browser. We use cookies and similar technologies (web beacons, SDKs, pixels, and tags) to recognize your device, operate core features like the shopping cart, personalize your experience, measure performance and engagement, and - together with advertising partners - serve and measure ads.
You can opt out of certain targeted advertising through industry tools such as the available browser settings, consent management tools, or industry opt-out mechanisms where applicable. Because there is no consistent industry standard for "Do Not Track" signals, we do not currently respond to them.
We keep your personal information for as long as necessary to provide our services and to fulfill the purposes described in this policy. For merchants, that generally means for as long as you maintain a store; for partners, until you end the partner relationship. For a merchant's customers, we act as a processor on the merchant's behalf, and the merchant decides how long their data is retained in our systems.
After your relationship with us ends, we may retain archived copies for legitimate business and legal purposes, or until we receive a valid erasure request, after which information is deleted or anonymized. We continue to keep anonymized information (such as aggregated website-visit data) to improve our services.
Retention periods may vary depending upon applicable legal, taxation, accounting, contractual, fraud prevention, and regulatory requirements.
We follow industry standards for information security to safeguard the personal, financial, and other sensitive information entrusted to us, applying controls across people, processes, and technology on a risk-management basis. We perform regular reviews of how we handle payment-card information. However, no method of transmission over the Internet or electronic storage is 100% secure, so we cannot guarantee absolute security.
Your Mystore account is password-protected. You are responsible for keeping your password and account credentials confidential and for the activity of any additional users you create.
Mystore is a product of Hippo Innovations Pvt. Ltd., based in India, and we serve users around the world. To operate our business, we may transfer your personal information outside the country, state, or province where you are located, including to service providers in other regions. This information may be subject to the laws of the countries where it is processed, and we take steps to protect it when it crosses borders.
If you are located in the EEA, the UK, or Switzerland and believe your personal information has been handled inconsistently with this policy, please contact us using the details below.
Depending on where you live and how you use Mystore, you may have the right to request access to, correct, amend, delete, port, restrict, or object to certain uses of your personal information. We will not penalize you for exercising these rights, though some rights apply only in certain circumstances and may be limited by law.
If you are located in India, you may also have rights under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), including the right to seek correction, updating, erasure (where applicable), withdraw consent where processing is based on consent, nominate another person to exercise your rights where permitted by law, and seek grievance redressal.
If you are a merchant or partner, you can update much of your information directly in your account settings. If you cannot make a change there, or have concerns about data collected through our websites or support, contact us.
If you are a customer of a merchant who uses Mystore, please contact that merchant directly to exercise your rights - we act as a processor on their behalf and can only forward your request to them.
In accordance with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023, you may also contact our Grievance Officer regarding concerns about the processing of your Personal Data.
Grievance Officer
Email: [email protected]
Address: Same as above
If you have questions about how a particular merchant or store processes your information, please contact that merchant or review their privacy policy.
We may update this Privacy Policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. If we make material changes, we will notify you by posting the revised policy here and, where appropriate, by other means. Your continued use of Mystore after changes are posted means you accept the revised policy.
Last updated: June 26, 2026