Privacy Policy

Last Updated: May 12, 2026

Effective Date: May 12, 2026

Introduction

SR Trading ("we," "our," or "us") operates the Rento mobile application (the "App"), available on Android and iOS platforms. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Rento App and our related services (collectively, the "Services").

By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you register for and use the App:

Phone Number: Required for account creation and authentication via OTP (One-Time Password) verification.
Full Name: Collected during profile setup to identify you within the App.
Date of Birth: Optionally collected for bonus point eligibility on special occasions such as birthdays.
UPI ID: Collected when you initiate a point redemption to process your reward payment. Note: Rento is NOT a payment or financial app. We do not have any integrated payment gateways. The UPI ID is collected solely for the admin to manually process your reward payout outside of the App.
Referral Code: Collected during registration to link plumber accounts with their respective salespersons.
Service Request Details: Address, pincode, and description of plumbing service requests you submit through the App.
Images: Photos you optionally upload when submitting service requests for plumbing services.

1.2 Information Collected Automatically

When you use the App, certain information is collected automatically:

Device Information: Device model, operating system version, unique device identifiers, and mobile network information.
Firebase Authentication Data: Firebase User ID (UID) generated upon authentication for secure session management.
FCM Token (Firebase Cloud Messaging): A device-specific push notification token used to deliver notifications to your device.
Usage Data: Features accessed, QR codes scanned, points earned, and transactions performed within the App.
Log Data: Error logs and performance data to diagnose technical issues and improve the App.

1.3 Information from Third-Party Services

We use the following third-party services that may collect information:

Firebase Authentication (Google): For secure phone-based OTP authentication and user identity management.
Firebase Cloud Messaging (Google): For delivering push notifications to your device.
MSG91: For sending OTP codes via WhatsApp for phone number verification.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Account Management & Authentication

Verify your identity through phone-based OTP authentication via WhatsApp.
Create, maintain, and secure your user account.
Link your account to a salesperson via referral code during onboarding.

2.2 Core App Functionality

Enable QR code scanning on products to earn reward points.
Calculate and award points to plumbers and their linked salespersons based on product MRP and configured percentages.
Process point redemption requests via manual admin payouts.
Manage and track your service requests for plumbing services, including associated images.
Display your points balance, transaction history, scanned QR codes, and service request status.

2.3 Company & Team Management

Enable company owners to manage their salesperson teams.
Allow salespersons to view plumbers linked via their referral codes.
Facilitate the reassignment of plumbers between salespersons.

2.4 Communication

Send push notifications about points earned, transaction updates, service request status changes, and promotional campaigns.
Deliver OTP codes via WhatsApp for account verification.
Send in-app notifications regarding account activity.

2.5 Service Improvement

Analyze usage patterns to improve the App experience.
Diagnose and fix technical issues.
Monitor app performance and stability.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

3.1 With Service Providers

We share data with trusted third-party service providers who assist us in operating the App:

Service Provider	Purpose	Data Shared
Google Firebase	Authentication, push notifications	Phone number, Firebase UID, FCM token
MSG91	WhatsApp OTP delivery	Phone number, OTP code

3.2 Within Your Organization

Plumbers: Your name, phone number, and points data may be visible to your linked salesperson and company owner for team management purposes.
Salespersons: Your name, phone number, referral code, and plumber count may be visible to your company owner.

3.3 Legal Obligations

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction.

4. Data Storage and Security

4.1 Data Storage

Your personal data is stored securely in our PostgreSQL database hosted on secure servers.
Authentication tokens are managed by Google Firebase and are stored securely on your device using Expo Secure Store (encrypted device storage).
Uploaded images for service requests are stored on our servers and compressed for efficient storage.

4.2 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information, including:

Encrypted Authentication: Firebase ID tokens are used for secure API authentication. All API requests are authenticated and authorized.
Secure Token Storage: Authentication credentials are stored using encrypted device storage (Expo Secure Store).
Password Hashing: Administrative passwords are hashed using bcrypt.
Rate Limiting: OTP requests are rate-limited to prevent abuse (maximum 3 requests per 10-minute window per phone number).
Role-Based Access Control: Data access is restricted based on user roles (Plumber, Salesperson, Owner).
Input Validation: All user inputs are validated using schema validation to prevent injection attacks.
HTTPS Encryption: All data transmitted between the App and our servers is encrypted using HTTPS/TLS.

4.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our Services.
Transaction history and scanned QR code records are retained for auditing and business purposes.
OTP verification records are automatically deleted upon successful verification or expiration.
If you delete your account, your personal data, transaction history, and service requests are permanently removed from our systems.

5. Your Rights and Choices

5.1 Access and Update Your Information

You can access and update your profile information (name, phone number, date of birth, UPI ID) at any time through the App's profile section.

5.2 Account Deletion

You have the right to delete your account at any time through the App. Upon account deletion:

Your personal profile data is permanently deleted.
Your transaction history and service requests are permanently removed.
QR codes previously scanned by you are reset and made available for reuse.
Note: Salespersons with linked plumbers must have their plumbers reassigned by their company owner before account deletion. Company owners must remove all salespersons before deleting their account.

5.3 Push Notifications

You can opt out of push notifications at any time by:

Disabling notifications in your device settings for the Rento App.
Your FCM token is automatically removed when you log out of the App.

5.4 Camera Access

Camera permission is used solely for scanning QR codes on products. You can revoke camera access at any time through your device settings. The App does not record audio or video.

5.5 Photo Library Access

Photo library access is used solely for uploading images when submitting service requests. You can revoke this access at any time through your device settings.

6. Children's Privacy

The Rento App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to promptly delete that information. If you believe we may have collected information from a child under 18, please contact us immediately.

7. Third-Party Services and Links

The App may contain links to third-party websites or services, including:

Product Catalog: The App may link to an external product catalog URL configured by the administrator.
Manual Payouts: Point redemptions are processed manually by our admin outside the App using your provided UPI ID. Rento is not a payment or financial application and does not integrate with any payment gateways.

We are not responsible for the privacy practices of any third-party services. We encourage you to review the privacy policies of any third-party services you access through our App.

8. Permissions We Request

The Rento App requests the following device permissions:

Permission	Purpose	Required
Camera	To scan QR codes on products for earning reward points	Yes (for QR scanning)
Photo Library	To upload images when submitting service requests	Optional
Push Notifications	To receive updates about points, transactions, and service requests	Optional
Internet Access	To communicate with our servers for core App functionality	Yes

We only request permissions that are necessary for the App's functionality. We do not request or use:

Microphone / audio recording
Location / GPS data
Contacts or address book
Calendar
Bluetooth
Background location tracking

9. International Data Transfers

The Rento App primarily operates in India. If you are accessing the App from outside India, please be aware that your information may be transferred to, stored, and processed in India where our servers are located and our central database is operated. By using the App, you consent to the transfer of your information to India.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated Privacy Policy within the App.
Updating the "Last Updated" date at the top of this Privacy Policy.
Sending a push notification for significant changes, where applicable.

Your continued use of the App after any modifications to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

11. Grievance Officer

In accordance with applicable laws, including the Information Technology Act, 2000 and rules made thereunder, the name and contact details of the Grievance Officer are provided below:

Grievance Officer: SR Trading

Email: [email protected]

Website: https://rentobath.com

If you have any concerns or complaints regarding the processing of your personal data, you may contact our Grievance Officer. We will address your concerns within a reasonable timeframe in accordance with applicable law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

SR Trading

Email: [email protected]

Website: https://rentobath.com

This Privacy Policy is effective as of the date stated above and applies to the Rento mobile application for Android and iOS platforms, published by SR Trading.