Security Related

We take security seriously and continuously work to protect your information. To help keep your account secure, please use a strong password and keep your login credentials confidential.

Effective Date: 27 July 2026 | Last Updated: 1 August 2026

1. SECURITY COMMITMENT

Frebulous recognizes that trust is fundamental to the operation of a nationwide technology-enabled platform. The Company is committed to implementing commercially reasonable, industry-standard, and risk-based security measures designed to protect:

  • (a) Personal Data;
  • (b) Customer information;
  • (c) Payment information;
  • (d) Account credentials;
  • (e) Order information;
  • (f) Business Partner information;
  • (g) Delivery Partner information;
  • (h) Operational data;
  • (i) Platform infrastructure;
  • (j) Intellectual property.

Frebulous continuously evaluates security risks and endeavors to maintain appropriate administrative, physical, technical, and organizational safeguards.

2. INFORMATION SECURITY GOVERNANCE

Frebulous maintains information security practices designed to support confidentiality, integrity, availability, accountability, compliance, and risk management. Security responsibilities may be assigned to authorized personnel, technology teams, operations teams, compliance teams, management personnel, contractors, consultants, and service providers as appropriate.

Security practices may evolve over time in response to:

  • (a) Technological developments;
  • (b) Regulatory developments;
  • (c) Security threats;
  • (d) Business requirements;
  • (e) Operational needs;
  • (f) Industry best practices.

3. SECURITY OBJECTIVES

The primary objectives of the Company's security program include:

  • (a) Protecting customer information;
  • (b) Preventing unauthorized access;
  • (c) Preventing unauthorized disclosure;
  • (d) Protecting platform infrastructure;
  • (e) Maintaining service continuity;
  • (f) Detecting security threats;
  • (g) Supporting regulatory compliance;
  • (h) Reducing operational risks;
  • (i) Strengthening system resilience;
  • (j) Supporting customer trust.

4. SECURITY BY DESIGN

Frebulous endeavors to incorporate security considerations throughout the lifecycle of products, services, systems, applications, infrastructure, integrations, and operational processes. Security considerations may include secure architecture principles, risk assessments, access control requirements, data minimization practices, encryption requirements, monitoring requirements, secure deployment practices, and incident response planning.

Security requirements may be reviewed during design, development, testing, deployment, and maintenance activities.

5. INFRASTRUCTURE SECURITY

Frebulous utilizes cloud infrastructure, hosted environments, networking systems, and related technologies to operate the Platform. Infrastructure may be hosted through Google Cloud Platform, authorized private data center providers, managed infrastructure providers, backup infrastructure providers, or disaster recovery environments.

Infrastructure security measures may include:

  • (a) Network segmentation;
  • (b) Access restrictions;
  • (c) Security monitoring;
  • (d) Encryption controls;
  • (e) Audit logging;
  • (f) Security reviews;
  • (g) System hardening;
  • (h) Infrastructure redundancy.

The Company reserves the right to change infrastructure providers and hosting arrangements as business requirements evolve.

6. DATA STORAGE SECURITY

Information processed through the Platform may be stored within secure cloud environments, managed hosting facilities, private data centers, backup environments, and related infrastructure. Frebulous endeavors to implement measures designed to protect stored information from unauthorized access, unauthorized disclosure, data corruption, data loss, theft, misuse, alteration, or destruction.

Security controls may be periodically reviewed and enhanced based on evolving risks.

7. ENCRYPTION

Frebulous endeavors to utilize encryption technologies designed to protect information during transmission and storage. Security technologies may include:

  • (a) HTTPS;
  • (b) TLS protocols;
  • (c) RSA-based encryption mechanisms;
  • (d) Encrypted communications;
  • (e) Secure key management practices;
  • (f) Encrypted storage technologies.

Encryption practices may be updated from time to time in response to technological developments, operational requirements, legal obligations, and security considerations. The Company does not publicly disclose all security configurations, cryptographic implementations, or technical security controls.

8. DATA TRANSMISSION SECURITY

Information exchanged between users and the Platform may be protected using secure communication technologies, such as HTTPS connections, TLS encryption, secure APIs, authenticated communications, and encrypted network traffic.

Users are responsible for ensuring that their own devices, internet connections, and networks are reasonably secure. Frebulous shall not be responsible for vulnerabilities arising from insecure user devices, compromised networks, or third-party systems outside its reasonable control.

9. ACCESS CONTROL PROGRAM

Frebulous follows the principle of limited and authorized access. Access to systems, applications, databases, infrastructure, operational tools, and customer information may be restricted based upon job responsibilities, operational requirements, security requirements, business needs, and compliance obligations.

Not all employees have access to customer information. Access is generally restricted to authorized personnel who require such access for legitimate business purposes.

10. ROLE-BASED ACCESS CONTROLS

Frebulous may implement role-based access management systems. Different access levels may be assigned to customer support personnel, operations personnel, technology personnel, management personnel, compliance personnel, contractors, or authorized service providers. Access permissions may be granted, modified, reviewed, suspended, or revoked as necessary.

11. MULTI-FACTOR AUTHENTICATION

Frebulous may require multi-factor authentication mechanisms for administrative systems, infrastructure systems, operational tools, development environments, security systems, and other sensitive resources. Authentication measures may include passwords, one-time passwords, authentication applications, security tokens, or device verification mechanisms. The Company may modify authentication requirements at any time.

12. ACCOUNT SECURITY

Users are responsible for maintaining the confidentiality of their own credentials. Users shall protect login credentials, protect authentication devices, avoid sharing credentials, maintain updated account information, and promptly report any suspected compromise. Frebulous may suspend, restrict, investigate, or terminate accounts where security concerns arise.

13. EMPLOYEE SECURITY OBLIGATIONS

Employees, contractors, consultants, temporary workers, and authorized representatives may be subject to confidentiality obligations arising through employment agreements, confidentiality agreements, internal policies, operational procedures, or compliance requirements.

Unauthorized access, disclosure, copying, transmission, misuse, sale, retention, or exploitation of information may result in disciplinary action, contractual remedies, civil liability, criminal liability, or other legal consequences.

14. SECURITY LOGGING AND MONITORING

Frebulous may maintain logs relating to user activity, authentication events, administrative actions, system events, security events, operational activities, platform performance, and infrastructure activity. Monitoring activities may be conducted for security purposes, fraud prevention, operational analysis, incident investigation, and compliance requirements.

15. AUDIT TRAILS

The Company may maintain audit records designed to support accountability, security investigations, compliance reviews, operational monitoring, fraud detection, and dispute resolution. Audit records may be retained for periods determined by business, operational, legal, regulatory, and security requirements.

16. SECURITY AWARENESS

Frebulous endeavors to promote security awareness among personnel through policies, guidance, operational procedures, and other measures considered appropriate by the Company. Security awareness initiatives may address data protection, credential security, fraud prevention, social engineering threats, phishing risks, and information handling practices. Personnel are expected to comply with applicable security requirements as a condition of authorized access.

17. PAYMENT SECURITY

Frebulous recognizes the importance of protecting payment-related information and financial transaction data. The Company endeavors to implement commercially reasonable security measures designed to safeguard payment transactions conducted through the Platform.

Payment security controls may include:

  • (a) Encrypted communications;
  • (b) Secure payment processing channels;
  • (c) Access restrictions;
  • (d) Transaction monitoring;
  • (e) Fraud prevention measures;
  • (f) Security logging;
  • (g) Authentication controls;
  • (h) Compliance-driven safeguards.

Frebulous continuously evaluates payment security risks and may enhance payment security controls from time to time.

18. PAYMENT GATEWAY PARTNERS

Frebulous may facilitate digital payments through authorized payment service providers and payment gateways. Such providers may include:

  • (a) Razorpay;
  • (b) Cashfree Payments;
  • (c) Banking partners;
  • (d) UPI service providers;
  • (e) Card networks;
  • (f) Additional payment processors approved by Frebulous.

Payment processing activities may be performed by such third parties in accordance with their applicable policies, legal obligations, contractual requirements, and security standards. Frebulous may modify, replace, add, or remove payment service providers at any time.

19. PAYMENT DATA HANDLING

Frebulous endeavors to collect, process, retain, store, and protect payment-related information in accordance with applicable legal requirements, contractual obligations, business requirements, and security considerations. Payment-related information may include transaction identifiers, payment references, billing info, transaction status, and regulatory records.

Payment information may be retained where necessary for:

  • (a) Legal compliance;
  • (b) Accounting requirements;
  • (c) Audit obligations;
  • (d) Tax obligations;
  • (e) Fraud prevention;
  • (f) Dispute resolution;
  • (g) Regulatory reporting.

20. PAYMENT CARD SECURITY

Frebulous does not intentionally expose payment card information to unauthorized personnel. Where payment card information is processed, stored, transmitted, or retained, the Company endeavors to implement commercially reasonable security measures designed to reduce risks associated with unauthorized access, misuse, alteration, disclosure, or theft.

Security practices may evolve based upon industry standards, regulatory requirements, technological developments, risk assessments, and vendor requirements.

21. FRAUD DETECTION AND PREVENTION

Frebulous may implement fraud prevention controls designed to protect users, Business Partners, Delivery Partners, financial institutions, and the Company. Fraud prevention measures may include identity verification procedures, transaction monitoring, risk analysis, device analysis, behavioral analysis, account reviews, manual investigations, and automated detection systems.

Transactions determined to present elevated risks may be delayed, restricted, reviewed, rejected, canceled, or escalated for further investigation.

22. SECURE SOFTWARE DEVELOPMENT

Frebulous endeavors to integrate security considerations throughout software development activities. Development practices may include secure coding practices, security reviews, risk assessments, architecture reviews, code validation procedures, security testing, deployment reviews, and post-deployment monitoring.

Security considerations may be incorporated during planning, development, testing, deployment, maintenance, and enhancement activities.

23. APPLICATION SECURITY

The Company endeavors to implement reasonable safeguards designed to protect applications from unauthorized access, misuse, abuse, manipulation, disruption, and compromise. Application security measures may include authentication controls, authorization controls, session management, access restrictions, security monitoring, input validation, security testing, and logging mechanisms. Security measures may be updated periodically as threats evolve.

24. VULNERABILITY MANAGEMENT

Frebulous endeavors to identify, assess, prioritize, and address security vulnerabilities affecting systems, applications, networks, infrastructure, and operational environments. Vulnerability management activities may include security reviews, vulnerability assessments, automated scanning, manual testing, risk assessments, remediation planning, and security monitoring.

The timing and method of remediation may depend upon risk severity, operational requirements, technical complexity, and business impact.

25. PENETRATION TESTING

Frebulous may conduct or engage qualified third parties to conduct security testing activities, including penetration testing and related assessments. Testing activities may be designed to identify vulnerabilities, assess resilience, evaluate controls, improve security posture, and validate remediation efforts. The Company reserves the right not to publicly disclose testing methodologies, findings, frequencies, or remediation strategies.

26. SECURITY PATCH MANAGEMENT

Frebulous endeavors to maintain appropriate processes for addressing security updates, software updates, infrastructure updates, and related remediation activities. Security patches may be applied based upon risk assessments, vendor advisories, threat intelligence, security findings, and operational priorities. Patch deployment timelines may vary depending upon the nature and severity of identified risks.

27. BACKUP AND RECOVERY SECURITY

Frebulous may maintain backup systems designed to support business continuity, operational resilience, disaster recovery, compliance obligations, and data recovery requirements. Backup measures may include automated backups, encrypted backups, redundant storage, recovery procedures, and backup validation activities. Backup environments may be maintained through cloud providers, authorized hosting providers, private data centers, or other approved facilities.

28. DISASTER RECOVERY

The Company endeavors to maintain procedures designed to support recovery from disruptive events. Disaster recovery planning may address infrastructure failures, data loss incidents, service disruptions, network failures, cybersecurity incidents, and operational emergencies. Recovery priorities may be determined based upon business requirements, operational needs, customer impact, and available resources.

29. BUSINESS CONTINUITY

Frebulous endeavors to maintain business continuity practices designed to support ongoing operations during disruptions. Business continuity activities may include operational planning, infrastructure redundancy, backup systems, recovery procedures, incident response coordination, and vendor coordination. The Company does not guarantee uninterrupted service availability under all circumstances.

30. THIRD-PARTY SECURITY MANAGEMENT

Frebulous may engage third-party vendors, service providers, infrastructure providers, payment processors, technology partners, contractors, consultants, and related service providers. The Company may evaluate such providers based upon factors including security capabilities, operational reliability, regulatory considerations, contractual obligations, and technical requirements. Frebulous endeavors to work with service providers considered appropriate for its operational requirements.

31. VENDOR ACCESS CONTROLS

Third-party access to Company systems, infrastructure, information, or operational environments may be restricted, monitored, reviewed, approved, or revoked as appropriate. Access may be limited based upon business necessity, contractual obligations, security requirements, and operational needs. Third-party personnel may be required to comply with applicable confidentiality, privacy, security, contractual, and compliance obligations.

32. DATA CENTER SECURITY

Frebulous may utilize cloud facilities, managed infrastructure environments, hosting providers, private data centers, and related facilities. Such facilities may employ security measures including physical security controls, access restrictions, surveillance systems, environmental controls, redundancy mechanisms, and security monitoring. The Company does not publicly disclose sensitive information regarding infrastructure locations, facility layouts, security architecture, or operational security procedures.

33. NETWORK SECURITY

Frebulous endeavors to implement security controls designed to protect networks and communications infrastructure. Network security measures may include firewalls, access controls, network segmentation, traffic monitoring, security logging, and threat detection technologies. Security controls may be modified periodically based upon risk assessments and evolving threats.

34. THREAT MONITORING

Frebulous may monitor systems, networks, applications, infrastructure, transactions, and operational environments for indicators of suspicious activity. Threat monitoring activities may be conducted for purposes including security detection, fraud prevention, incident response, compliance obligations, and operational protection. The Company reserves the right to investigate activities that appear suspicious, unusual, unauthorized, unlawful, harmful, or inconsistent with Company policies.

35. INCIDENT RESPONSE PROGRAM

Frebulous endeavors to maintain procedures designed to identify, assess, investigate, contain, manage, remediate, and recover from security incidents. Incident response activities may include incident identification, risk assessment, containment measures, investigation procedures, remediation efforts, recovery activities, documentation requirements, and post-incident reviews. Response measures may vary depending upon the nature, scope, severity, impact, and complexity of the incident.

36. SECURITY INVESTIGATIONS

Where security concerns arise, Frebulous may conduct investigations involving account activity, system activity, infrastructure activity, transaction activity, operational activity, security logs, and audit records. The Company may cooperate with authorized governmental authorities, law enforcement agencies, regulators, financial institutions, courts, or other competent entities where required by Applicable Law.

37. SECURITY INCIDENT NOTIFICATION

Frebulous recognizes the importance of transparency and responsible incident management. In the event of a confirmed security incident affecting Personal Data or protected information, Frebulous may undertake measures including investigation, containment, remediation, and notifications where required by Applicable Law.

The timing, content, and method of notification shall be determined based upon legal obligations, regulatory requirements, and the nature of the incident.

38. BREACH RESPONSE PROCEDURES

Where a security breach is identified, Frebulous may take actions including isolation of affected systems, temporary service restrictions, access revocation, credential resets, and forensic investigations. Frebulous reserves the right to implement emergency measures to protect its ecosystem.

39. RESPONSIBLE VULNERABILITY DISCLOSURE

Frebulous supports responsible reporting of legitimate security vulnerabilities. The Company encourages disclosure practices that avoid data destruction, theft, service disruption, or privacy violations. Frebulous reserves the right to determine the validity and treatment of reported issues.

40. SECURITY REPORTING CONTACT

Security vulnerabilities or suspected breaches may be submitted to:

  • Email: privacy@frebulous.com
  • Help Desk: help@frebulous.com
  • Customer Support: +91 1800 125 5555

41. USER SECURITY RESPONSIBILITIES

Users are responsible for protecting account credentials, maintaining device security, using secure passwords, and monitoring account activity. Users shall immediately notify Frebulous of any suspected unauthorized access or credential compromise.

42. DEVICE SECURITY

Frebulous cannot control the security of user-owned devices. Users are encouraged to install software updates, use security software, and protect devices with passwords or biometrics. The Company is not responsible for losses resulting from insecure user devices.

43. ACCOUNT COMPROMISE

If Frebulous reasonably believes an account is compromised, it may restrict access, suspend functionality, or require password resets. These actions may be taken without prior notice to ensure system protection.

44. DATA RETENTION SECURITY

Frebulous maintains security controls throughout retention periods required for legal compliance, fraud prevention, and operational needs. When no longer required, data may be deleted, anonymized, or archived per applicable policies.

45. PRIVACY AND SECURITY RELATIONSHIP

Security and privacy serve complementary functions. While privacy governs data processing, security governs data protection. This policy does not supersede the Privacy Policy or Terms of Use.

46. REGULATORY COMPLIANCE

Frebulous endeavors to operate in accordance with applicable legal requirements relating to cybersecurity and data protection. Compliance efforts evolve in response to legislative changes and industry requirements.

47. SECURITY REVIEWS

The Company periodically assesses and updates security controls based on threat intelligence and operational risks. Security enhancements may be implemented without prior notice.

48. SECURITY LIMITATIONS

No system can guarantee absolute security. Users acknowledge inherent risks associated with digital services, including the possibility of unauthorized access or service interruptions despite industry-standard safeguards.

49. DISCLAIMER OF WARRANTIES

Frebulous disclaims all warranties relating to security, including continuous availability or complete immunity from threats. The Platform is provided on an "as available" and "as is" basis.

50. LIMITATION OF LIABILITY

To the fullest extent permitted by law, Frebulous and its affiliates shall not be liable for indirect, consequential, or incidental damages, including loss of profits or data loss resulting from factors beyond its reasonable control.

51. THIRD-PARTY SERVICES

The Platform relies on third-party providers (Cloud, Payments, etc.). While Frebulous engages reputable partners, it cannot guarantee the security practices or performance of independent third parties.

52. POLICY CHANGES

Frebulous reserves the right to modify this Security Policy at any time. Updated versions are effective upon publication. Continued use of the Platform constitutes acceptance of the revised terms.

53. CONTACT INFORMATION

Frebulous Private Limited
Email: privacy@frebulous.com
SF59, Sidhheshwar HallMark, Ajwa Road
Vadodara - 390019, Gujarat, India

54. ACKNOWLEDGEMENT

By using the Platform, users acknowledge they have read this policy and understand that security practices evolve and cannot guarantee 100% protection.

END OF SECURITY POLICY

Made in Gujarat