JiffyBook India Terms and Policies

This policy framework governs the access and use of the JiffyBook software application within the Republic of India. These terms incorporate mandatory compliance requirements under the Consumer Protection (E-commerce) Rules, 2020, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023.

Date: This terms and policies document was last updated on Dec 25, 2025 and is effective immediately.

A. Introduction

A-01. General

  1. JiffyBook (hereafter also referred to as the Platform) is an internet-based software application for e-commerce, provided through:
  1. Domains including jiffybook.eu, jiffybook.app, jiffynexus.com, and their subdomains.
  2. Google Play Store and Apple App Store.
  1. Platform Functionality:
  1. The Platform enables a Business (hereafter also referred to as the user or you based on the context) to receive, process and manage orders, publish promotions and drive a rewards program for its Members.
  2. The mobile app enables an end-consumer (hereafter also referred to as the Member, user, or you based on the context) to order products or services from a Business as a Member of the Business’s rewards program.
  1. Corporate Structure:
  1. The Platform is developed by inDreamer OÜ (hereafter also referred to as inDreamer, we, our, or us based on the context), a company incorporated in Estonia.
  2. The representative of inDreamer OÜ in India is inDreamer Techsol Private Limited, a company incorporated in India, which acts as the statutory Nodal Person of Contact and the Authorized Representative responsible for compliance with the Consumer Protection (E-commerce) Rules, 2020, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. inDreamer Techsol Private Limited is contractually and legally bound to execute all statutory compliance functions, including the duties of the Nodal Person of Contact and the Grievance Officer, on behalf of inDreamer OÜ.

B. Terms of Use

B-01. General Provisions

  1. Acceptance: When installing, accessing, or using the Platform, you shall be prompted to provide a clear affirmative action to agree with the terms and policies. Acceptance establishes the necessary contractual basis for the Platform use.
  2. Amendment of terms: The Platform shall provide a 30-day notice period for any material changes. Material changes require a new "clear affirmative action" of acceptance from the user.
  3. Lawful Basis and Consent: Under the DPDP Act, the Platform requires the Data Principal's express Consent as the lawful basis for processing personal data, even for data strictly necessary for providing the core service. This Consent must be obtained independently of the Terms of Use contractual acceptance, requiring a separate clear affirmative action as detailed in the Privacy Policy (Section C).1,2
  4. Age Restriction: You must be at least 18 years old to use the Platform. If not, you must get consent from your parents or guardian to use the Platform. Note that under the DPDP Act, an individual under 18 years of age is defined as a 'child', and use of the Platform by such individuals requires the consent of their parent or guardian.
  5. Governing Law: Terms described on this page shall be governed with the laws of India without reference to conflict of laws, principles and disputes arising in relation hereto shall be subject to the exclusive jurisdiction of the courts of India.

B-02. User Registration

  1. Registration Requirements: To use the Platform, you must register by providing a valid email address and your profile details (location, name, and phone number).
  2. Data Accuracy: You must provide true, accurate, and complete information. Registration data is verified via email; however, the Platform relies on the User's duty of authenticity for other personal details.
  3. Email Change: If you want to change your email address, you must register as a new user. Data from your previous account will not be transferred.

B-03. Business Registration

  1. Mandatory Registration: Businesses must possess all valid legal registrations required to conduct business in India.
  2. Tax Compliance: Businesses must also provide their GST Registration Number (if applicable).
  3. Mandatory Business Undertaking and Disclosures:
  1. Product Accuracy: Businesses must digitally accept an undertaking confirming that all descriptions and AI-prompted categories accurately reflect the physical products.
  2. Statutory Seller Details Display: The Business provides consent and grants the Platform the right to prominently display the following verifiable seller details at the pre-purchase stage for all consumers, in compliance with Rule 5(3)(a) of the CP Rules:2
  1. The Business's legal name;
  2. Its principal geographic address;
  3. Customer care contact number.
  1. Pre-Purchase Disclosures (Rule 5(3)): For every product or service listed, the following information is displayed prominently to the Member prior to purchase:3
  1. Total Price Breakdown: The total price in a single figure, along with a breakup showing all compulsory and voluntary charges, including delivery fees, taxes, conveyance charges, and applicable statutory levies.3
  2. Country of Origin (CoO): The Country of Origin for the products (preceded by the phrase 'Made in') shall be displayed prominently to enable informed decision-making.3
  3. Importer and Warranty: The name and details of the importer (if applicable), and any relevant guarantees or warranties applicable to the products or services, including the procedure for consumer recourse.3

B-04. Bookings and Orders

  1. Announced Specifications: The AI-generated digital preview presented to the Member at checkout is a binding part of the digital contract. Businesses are legally obligated to deliver products matching these announced specifications.
  2. Cancellation: Cancellation is free until the booking or order is confirmed by the Business.
  3. Quality Standards: The Platform reserves the right to disable Businesses that consistently violate these terms or fail to meet the quality standards.1

B-05. Content Standards and Prohibitions

  1. You must not use the Platform to generate content that is:2
  1. grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, or libellous;
  2. invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging;
  3. relating or encouraging money laundering or gambling;
  4. otherwise unlawful in any manner whatever, or infringes any patent, trademark, copyright or other proprietary right;
  5. violating public morals or prejudices children, the disabled, or the elderly.
  1. Takedown Obligation (IT Rules, 2021): To maintain safe harbor protection under Section 79 of the IT Act, the Platform explicitly commits to removing or disabling access to any prohibited content within 36 hours of receiving a valid legal request or order from a court of competent jurisdiction or an appropriate government authority.2

B-06. Disclaimer of Warranties / Limitation of Liability

  1. Intermediary Status:
  1. The Platform is an intermediary as defined under Section 2(1)(w) of the Information Technology Act, 2000, operating in compliance with Section 79 to avail safe harbor protection.2 However, as the Platform engineers the prompts used for AI-generated designs, it accepts responsibility for the accuracy of the digital preview as a binding part of the digital contract.
  1. Verification and Data Accuracy:
  1. Users in the Platform are verified only with their email addresses. For other personal details like name or phone number, the Platform relies on the Data Principal Duties (C-05) for the authenticity and accuracy of this information.
  1. Contractual and Fulfillment Status:
  1. Regarding the sale, booking, service fulfillment, delivery, or return happening via the Platform between the Business and the Member, the Business is the primary fulfiller, the Platform acknowledges its statutory 'Fallback Liability' under the Consumer Protection (E-commerce) Rules, 2020. If a Business registered on the Platform fails to deliver products or services due to negligence, causing loss to the Member, the Platform shall be vicariously liable for such loss and will facilitate necessary redressal.3
  2. Any disputes arising from the quality, value, or saleability of products is to be primarily sorted between the Business and the Member.
  1. Tax Disclaimer (GST/Taxes):
  1. The Platform is not responsible for verifying the correctness of GSTINs provided by Businesses or Customers.
  2. The Platform shall not be liable in case the Member or Business is denied input tax credit or for any reason associated with details provided by the user or default by the Business.2

B-07. Loyalty Program and Reward Points

  1. Restricted Redemption: Reward points can only be redeemed for purchases from the same Business that issued them.
  2. Non-Monetary Status: Reward points have no cash value, are non-transferable, and do not function as a stored value facility.
  3. Incentivized Reviews: Any rating provided in exchange for reward points shall be marked as an "Incentivized Review" to maintain transparency. The Platform adheres to the IS 19000:2022 standard to ensure that such reviews are genuine and do not unfairly influence the overall ratings or visibility of a Business.5

B-08. Grievance Redressal and Statutory Officers (CP Rules, 2020)

  1. As an e-commerce entity operating in India, the Platform has established the following grievance redressal mechanism:
  1. Appointment of Statutory Officers: We have appointed a resident Grievance Officer (GO) for consumer redressal and a resident Nodal Person of Contact (NPC), operating through inDreamer Techsol Private Limited, which is contractually obligated to perform these statutory duties on behalf of inDreamer OÜ. Their details are prominently displayed in Section F (Contact Us).2
  2. Complaint Tracking: Any complaint lodged through the designated grievance channels will be assigned a unique ticket number.2
  3. Timeline: The Grievance Officer shall acknowledge the receipt of any consumer complaint within forty-eight hours of its receipt. The complaint shall be redressed within one month (30 days) from the date of its receipt.2

B-09. AI-Generated Designs and Intellectual Property

  1. This section governs IP related to designs generated using Artificial Intelligence (AI) tools provided or integrated within the Platform.
  2. IP Rights of the AI-Generated Designs:
  1. The AI-Generated Design is created from the prompts engineered by the Platform, based on labels selected by the User from a pre-defined menu provided by the Platform, thus relieving the User from the necessity of brainstorming to engineer a prompt for the AI model. The Platform does not guarantee copyright protection for AI-generated designs. As these works are algorithmically produced based on functional metadata, they may lack the 'modicum of creativity' required under the Indian Copyright Act, 1957, and may reside in the public domain. The User hereby agrees that the Platform can exercise perpetual, irrevocable, royalty-free, and sub-licensable rights to use the AI-Generated Design immediately upon creation.
  2. Catalog Consent: The User consents to the AI-Generated outputs based on their tag selection being added to the Business's shared catalog.
  1. Synthetic Information Labeling:
  1. In compliance with the 2025 IT Rules, all designs and banners generated via JiffyBook's AI tools will feature a visible 'AI-Generated' label covering at least 10% of the surface area. Every output will also contain a permanent, unique metadata identifier to ensure traceability and prevent the spread of misinformation.2 The Platform utilizes C2PA metadata markers to track content provenance and artificial origin.

B-11. Google Cloud Infrastructure Flow-Down Terms

  1. As the Platform relies on Google Cloud services, you must adhere to the following mandatory flow-down terms and restrictions:
  1. Acceptable Use Policy (AUP) Restrictions:
  1. You agree not to use the Platform or its integrated services to violate the legal rights of others, or to engage in, promote, or encourage illegal or fraudulent activity.
  2. You must not use the Platform for any unlawful, invasive, infringing, defamatory, or fraudulent purpose.
  3. You must not compromise the security of others’ or Google’s services (e.g., generating content that facilitates spam, phishing, or circumvention of abuse protections).
  4. You must not bypass safety features or generate harmful/illegal content.
  1. Generative AI Service-Specific Restrictions: When utilizing the AI Design Feature, you agree not to:
  1. Attempt to bypass protective safety features designed to block harmful content.
  2. Generate or distribute content that facilitates illegal activities, violence, harassment, or violations of privacy and intellectual property rights.
  3. Test or reverse-engineer the AI Design Feature, or extract any components of the Generative AI Features, Software, or its models.2

C. Privacy Policy

C-01. General and Lawful Basis

  1. Data Fiduciary: inDreamer OÜ and inDreamer Techsol Private Limited act as Data Fiduciaries with respect to the personal data of Data Principals (users) in India.1,4 To minimize ambiguity, inDreamer Techsol Private Limited, as the statutory representative and entity housing the Grievance Officer, shall be primarily responsible for operational compliance, data security monitoring, and all required communications with the Data Protection Board and Data Principals in India, while inDreamer OÜ retains ultimate accountability as the primary Data Fiduciary.
  2. Lawful Basis for Processing Personal Data (DPDP Act, 2023): The primary lawful basis for processing personal data is the Consent provided by the Data Principal.4
  3. Consent Mechanism: Consent shall be obtained through a clear affirmative action and must be free, specific, informed, unconditional, and unambiguous.4 This means consent cannot be obtained through pre-checked boxes or implied agreements.
  4. Governing Law: This policy shall be governed with the laws of India, and disputes shall be subject to the exclusive jurisdiction of the courts of India.

C-02. Data Collected and Stored

  1. We adhere to the principle of Data Minimization, collecting only the personal data that is strictly necessary for a specific and defined purpose.2 Data collected is categorized as follows:

Information Type

Description

Verification Status

Information type 1.a

Verified information about you

Verified email address

Information type 1.b

Detected information about you

Detected location (if you do not provide an alternate address)

Information type 1.c

Information provided by you

Name and phone number

Information type 2.a

Verified information about Businesses

Statutory seller details as per Section B-03

Information type 3.a

Verified third-party information

Payment statuses from Razorpay.

Information type 4.a

Information from operations

Your usage of the platform, orders, cancellations, ratings, app crashes etc.

  1. Storage: The Platform stores the information described above in Google servers located in India.2 All processing, access, and security safeguards adhere strictly to the compliance requirements of the DPDP Act, 2023.

C-03. Data Usage

  1. The Platform uses the collected data for the following purposes:
  1. Core service delivery
  2. Business operations
  3. Marketing and promotion (if this involves non-anonymized personal data for promotional activities, it requires separate, specific consent; users have the right to opt-out of marketing at any time)
  4. Platform improvement
  5. Security and compliance
  6. Legal obligations.

C-04. Interests & Rights (Data Retention Protocol)

  1. The retention of personal data is governed by the purpose limitation and storage limitation principles of the DPDP Act:2
  1. Maximum Personal Data Retention: Personal data shall not be retained for more than three (3) years from the later of the date of the Data Principal's last request (for the specified purpose or to exercise their rights) or the commencement date of the Digital Personal Data Protection Rules. The Data Principal will receive a 48-hour pre-erasure alert before their personal data is erased pursuant to this retention schedule.2
  2. Minimum Log Retention: The Platform shall retain operational processing logs, associated traffic data, and security-related logs for a minimum period of one (1) year for audit, legal, investigation, and breach detection purposes, after which it shall be erased unless a longer period is specifically mandated by other applicable laws.2
  3. Data Principal Rights and Child Data: Data Principals have the right to nominate an individual to exercise their data rights in case of death or incapacity. For users under 18, the Platform will implement verifiable parental consent mechanisms using government-approved digital identity verification before processing any personal data.1

C-05. Data Principal Duties (DPDP Act, 2023)

  1. The Data Principal (User) has a duty to abide by all applicable laws and, specifically, to:2
  1. Ensure not to impersonate another person while providing personal data for a specified purpose.
  2. Ensure not to suppress any material information while providing personal data for any document or unique identifier.
  3. Ensure not to register a false or frivolous grievance or complaint with Platform or the Data Protection Board.
  4. Furnish only such information as is verifiably authentic, while exercising the right to correction or erasure.

C-06. Google API Services User Data Policy Compliance

  1. Our application's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
  1. Data Accessed (Scopes Requested): When you authenticate using Google OAuth, our application requests access to specific Google user account data. This includes your Google account email address and primary profile information.
  2. Purpose of Collection (Data Usage): We access and collect this data strictly to provide and improve the core functionality of our application. Specifically, this data is used to authenticate your user account and verify your identity. We do not use this data for any undisclosed purpose.
  3. Data Sharing and Transfer (Limited Use Restrictions): We do not sell, rent, or trade your Google user data to any third parties under any circumstances.
  1. We do not transfer your Google user data to advertisement networks, data brokers, or information resellers.
  2. We do not use your Google user data to train, retrain, or improve generalized Artificial Intelligence (AI) or Machine Learning (ML) models.
  3. We only transfer Google user data to trusted third-party subprocessors (such as our secure cloud hosting provider) as strictly necessary to operate the application’s core features, to comply with applicable law, or as part of a corporate merger or acquisition, and only with your explicit consent.
  1. Data Retention and Deletion: Your Google data is stored securely within our infrastructure using industry-standard technical safeguards. You may revoke our application's access to your Google account data at any time via your Google Account Security Settings page. Upon account deletion, all associated Google user data is permanently erased from our active databases.

D. Return Policy

D-01. General

  1. This return policy governs cancellation, return, and refund after a booking or order is placed with a Business in the Platform.
  2. Governing Law: This policy shall be governed with the laws of India, and disputes shall be subject to the exclusive jurisdiction of the courts of India.

D-02. Agreement

  1. Non-Conformity: Members have a statutory right to return, repair, or replace any item that deviates significantly from the AI-generated preview or announced specifications.
  2. Cancellation Charge Parity: Businesses cannot impose cancellation charges on Members unless they bear similar charges for unilateral cancellations.2
  3. Refund Processing: If the Business approves refund, the time to process such a request will take a maximum of 15 days from the day of approval, and all approved refunds will be processed quickly and in accordance with the rules set by the Reserve Bank of India (RBI) for electronic payments.2

E. Delivery Policy

E-01. General

  1. This delivery policy governs shipping and delivery of items ordered from a Business in the Platform.
  2. Governing Law: This policy shall be governed with the laws of India, and disputes shall be subject to the exclusive jurisdiction of the courts of India.

E-02. Agreement

  1. Fulfillment Responsibility: Preparation, production, packaging, shipping, and delivery of products and services are managed exclusively by the Business, and not by the Platform.
  2. Intermediary Liability: The primary liability for delays, damages, or non-performance related to the logistical aspects of the booking or order fulfillment resides with the Business.2 However, notwithstanding the Platform’s status as a technology facilitator that does not participate in logistics, the Platform acknowledges its statutory 'Fallback Liability'.
  3. Delivery Tracking: If your order is not delivered after the forecasted delivery time, you must check the status with the Business directly.

F. Contact Us (Statutory and General Contacts)

  1. The following contact details are provided in compliance with the Consumer Protection (E-commerce) Rules, 2020.2

Function

Designation

Contact Details

Statutory Grievance Officer (GO)

Designated Grievance Officer, inDreamer Techsol Private Limited (Resident in India)

Email: xxx; Phone: +91 xxx

Statutory Nodal Person of Contact (NPC)

Nodal Officer (Compliance), inDreamer Techsol Private Limited (Resident in India)

Email: xxx; Phone: +91 xxx

General Customer Support

Platform Customer Care

Email: support@jiffybook.eu

Principal Geographic Address (India)

inDreamer Techsol Private Limited, Bevvi Road, PO Payangadi RS, Kannur 670358, India (Headquarters and Principal Geographic Address)

N/A

Principal Geographic Address (Headquarters)

inDreamer OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Majaka 28, 11412, Estonia

N/A

Works cited

  1. Digital Personal Data Protection Act, 2023, Ministry of Law and Justice, Gazette of India, August 11, 2023
  2. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 [Updated as of October 22, 2025], Ministry of Electronics and Information Technology
  3. Consumer Protection (E-Commerce) Rules, 2020, Department of Consumer Affairs, Ministry of Consumer Affairs, Food and Public Distribution
  4. Digital Personal Data Protection Rules, 2025, Notification G.S.R. 705(E), Ministry of Electronics and Information Technology, November 14, 2025
  5. IS 19000 : 2022: Online Consumer Reviews — Principles and Requirements for their Collection, Moderation and Publication, Bureau of Indian Standards