Effective Date: 01 September 2025
Fyilist (“we,” “us,” or “our”) is a product aggregation and redirection platform based in India. This Privacy Policy explains how we collect, use, and share your personal data, and your rights regarding that data. It covers visitors to our website (fyilist.in) and users of our services. We comply with Indian law (including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023), the EU’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). In line with these laws and the principle of transparency, we provide this clear, accessible notice of our practices.
We respect your privacy and are committed to protecting your personal data. Scope: This policy applies to all personal data collected by Fyilist in connection with our website and services, including data about visitors to our site and any users who register or interact with us. By using Fyilist.in, you consent to the collection, use, and sharing of your information as described here. If you reside in the EU or California, additional rights described below apply to you.
We collect the following categories of personal data, which identify you or relate to you as a person (personal data is “any information … related to an identified or identifiable natural person”):
2.1.Contact and Account Information: Name, email address, and any other contact details you provide when you sign up for newsletters, create an account, or contact us (e.g. via a contact form). The information can be collected from the Google sign in options.
2.2.Online Identifiers: Device information, IP address, browser type, and cookie identifiers.
2.3.Usage Data: Information about how you use our site, such as pages visited, links clicked (including external links you click through from our site), search queries, preferences, and browser usage statistics. If you use features like bookmarking posts or adding products to a wishlist, we collect information about those saved items as part of your usage data. We automatically collect usage data through server logs and analytics tools.
2.4.Other Data: Any other information you choose to submit (e.g. feedback or survey responses, product reviews, etc.).
We do not collect sensitive personal data (such as health or financial information) unless you explicitly provide it. We use reasonable measures to keep your data accurate and current.
3.1.We use cookies and similar tracking technologies (e.g. web beacons, pixels, and device identifiers) to improve your experience and analyze site usage. For example, we have a custom-coded plugin to track when you click on external product links on our site, and we may use third-party analytics tools like Google Analytics to understand user behaviour on Fyilist.in. Cookies are small text files placed on your device that can identify your browser or remember your preferences. Note that cookies and other online identifiers (such as cookie IDs and IP addresses) can, in combination, reveal your identity.
3.2.We use various types of cookies for different purposes:
You can control cookies through your browser settings or via our cookie consent banner. Please note that disabling certain non-essential cookies may affect site functionality. Where required by law (for example, in the EU), we will obtain your consent before using any non-essential cookies, in accordance with GDPR and the EU ePrivacy Directive.
We use your personal data only for the purposes specified at the time of collection, and in ways that are consistent with legal requirements. Our purposes include:
4.1.Personalization: To customize the site experience and product recommendations based on your interests and past usage.
4.2.Site Operation and Improvement: To operate, analyze, and improve our website and services. For instance, we use data (including data from analytics cookies) to understand usage patterns and to diagnose or fix technical issues.
4.3.Communications: To send you service-related communications, updates, or support responses. For example, we may confirm your newsletter signup, respond to inquiries you send, or notify you of important account or service information.
4.4.Marketing and Advertising: To send promotional emails or display targeted ads, with your consent where required. If you opt in to receive marketing communications, we may send you newsletters or deals from our partner retailers. You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting us as described below.
4.5.Legal and Compliance: To comply with applicable laws and regulations, to enforce our Terms of Service or other agreements, and to protect against fraud, abuse, or unauthorized activities.
We rely on lawful bases under GDPR for processing your data. For example, our “legitimate interests” cover improvements to our services and personalization features, while “consent” is relied upon for activities like sending marketing emails or setting non-essential cookies. We will not use your data for purposes that are materially different from those outlined here without informing you (and obtaining additional consent if required).
We share your personal data only as described below and in compliance with applicable laws. In particular, we may share data in the following scenarios and with these categories of recipients:
5.1.Affiliates and Service Providers: We may share your data with our affiliated companies and with third-party service providers who perform functions on our behalf. This includes services such as website hosting, data analysis, customer support, email delivery, or marketing assistance. These parties are contractually required to keep your data secure and to use it only for the purposes of providing services to us (in line with this policy).
5.2.Partner Retailers: If you use our platform to connect to product retailers or make use of offers from third-party retailers, we may share certain information with those retailers to fulfill your requests. For example, if clicking a “buy” button on Fyilist.in redirects you to a retailer’s site to place an order or create an account, we might provide that retailer with necessary details (such as your name or email) to facilitate the transaction or signup, as directed by you.
5.3.Other Business or Content Partners: We may also share information about your interactions on Fyilist with the third parties who provide content or products on our platform (such as the retailers or designers of products featured on our site). For example, if you click an external product link or add a product to your Fyilist wishlist, we might inform the relevant third party that their product was clicked on or wishlisted. This data sharing helps us and our partners understand engagement with their content (for instance, to track referrals or gauge interest in their products) and maintain our partnerships. We limit the personal data shared in these cases to what is necessary for the purpose, and we ensure such sharing complies with applicable privacy laws. (If any of this sharing is considered a “sale” or “sharing” of personal information under U.S. law, we will provide you with the opportunity to opt out, as described below.)
5.4.Analytics and Advertising Partners: We work with third-party analytics providers and advertising networks. These partners may collect usage information on our site via cookies or similar technologies. For example, we use Google Analytics to gather aggregate information about how users navigate our site, which Google may use to generate analytical reports for us. We do not sell your personal data to third parties. However, we may share certain identifiers and usage data with advertising partners to enable targeted ads (for instance, using cookies or device identifiers to show you ads relevant to your interests). Such sharing of data for cross-site personalized advertising might be considered a “sharing” of data under the CCPA. If you are a California resident, you have the right to opt out of this kind of data sharing (see Your Rights below).
5.5.Legal Requirements: We may disclose personal data if we are required to do so by law or legal process, or if we have a good-faith belief that such disclosure is necessary to protect our rights, property, or safety (or those of our users or others). For example, we might need to respond to a lawful subpoena or court order, or to report certain illegal activities.
We take steps to ensure that whenever we share data with third parties, those parties are obligated to handle the data in accordance with this Privacy Policy and applicable law. Under laws like GDPR and CCPA, we are required to disclose the categories of third-party recipients of personal data (as we have done above) to maintain transparency. We do not grant third parties any independent right to use your personal information for their own purposes, beyond what is necessary to assist us, unless you separately consent to such use.
If you create an account on Fyilist.in, you register directly with us using your email address (or other credentials we may support). We offer social media logins only for Google sign in. The information provided by you as per the Google Sign-in options shall be governed under the terms and conditions as well as the Privacy Policies of the Google. In addition to that we do not pull in personal data from your social media profiles, nor do we share your site activity with those platforms through login integrations. Any account data you provide to us (for example, your profile name, avatar, saved preferences and bookmarks) is handled according to this Privacy Policy. You are responsible for maintaining the confidentiality of your account password and for restricting access to your account. If you believe your account has been compromised, please contact us immediately.
We want you to have control over your personal data. All users have the following rights regarding their personal data:
7.1.Right to Access: You can request confirmation of whether we are processing personal data about you, and you can request a copy of that data. This allows you to know and verify what information we have about you.
7.2.Right to Correction (Rectification): You can ask us to correct any inaccurate or incomplete personal data we hold about you. This helps ensure your information remains up-to-date and accurate.
7.3.Right to Deletion (Erasure): You can request that we delete your personal data, for example if you no longer want us to retain it or if you feel it’s no longer necessary for the purpose collected. We will honor deletion requests to the extent permitted by law. (In some cases, we may need to retain certain information for specific reasons – for instance, for legal compliance or security – but we will let you know if such an exception applies.)
7.4.Right to Withdraw Consent: If we are processing your data based on your consent, you have the right to withdraw that consent at any time. For example, if you previously consented to receive marketing emails, you can unsubscribe using the link in those emails or contact us to be removed from the mailing list. Withdrawing consent will not affect the lawfulness of any processing we already carried out, but it will stop future processing of the specific data or for the specific purpose you initially consented to.
7.5.Right to Object or Restrict Processing: You have the right to object to certain processing activities or to ask that we limit the processing of your data. For instance, you can request to opt out of your data being used for direct marketing purposes (we will always honor that request). In some cases, you could also object to processing based on our legitimate interests, if you feel it impacts your rights. You may also request that we restrict processing of your data (for example, while we verify or investigate your concerns about accuracy or purpose of processing).
7.6.Right to Data Portability: You can request a copy of your personal data in a common, machine-readable format, and you have the right to have that data transmitted to another service (where technically feasible). This right facilitates moving your data to other providers. For example, you could ask us to export the information you provided to us so that you can import it into a different service.
7.7.Additional Rights for Certain Jurisdictions: If you are a California resident, you also have the right to opt out of the sale or sharing of your personal information and the right to non-discrimination for exercising any of your privacy rights. If you are located in the European Union, you have the right to lodge a complaint with a Data Protection Authority (supervisory authority) in your EU member state if you believe our processing of your personal data violates the GDPR.
To exercise any of your rights, please contact us using the information in the Contact Information section below. We will respond to your request in accordance with applicable laws. Please note that for security, we may need to verify your identity before fulfilling certain requests (for example, by asking you to confirm information associated with your account). Exercising any of these rights is free of charge and will not affect the quality of service you receive from us.
8.1.We store your data on secure servers. These may include cloud-based servers provided by reputable companies (for example, Amazon Web Services or Google Cloud). Our servers may be located in India or in other countries such as the United States or members of the European Economic Area (EEA). This means your personal data might be transferred and stored outside of your home country or region.
8.2.When we transfer personal data internationally, we comply with applicable data transfer laws and ensure that appropriate safeguards are in place. For personal data originating from the EU (or EEA), we rely on legal mechanisms such as the European Commission’s adequacy decisions (if the destination country’s laws are deemed adequate in protecting personal data) or we implement Standard Contractual Clauses (SCCs) in our agreements with the data importer. These SCCs are standardized terms approved by the EU to protect personal data leaving the EU, and they contractually bind the recipient to protect the data according to EU privacy standards.
8.3.For data of Indian residents, we comply with the requirements of the DPDP Act, 2023 regarding cross-border data transfer. Currently, the DPDP Act permits transfer of personal data outside India except to certain restricted jurisdictions that the Indian government may notify in the future. In other words, unless a country is specifically blacklisted by the authorities, data can flow to that country under appropriate safeguards. We will only transfer personal data from India to other countries in compliance with any conditions or whitelisted/blacklisted country lists that the Indian government establishes.
8.4.In all cases, no matter where your data is stored or transferred, we take steps to ensure it remains protected. We work only with trusted third-party processors and partners who are bound by confidentiality and security obligations. These processors handle data on our behalf for specific purposes like sending emails, analyzing site traffic, or providing customer support. We require such partners to implement measures that protect your data to the same standard that applies to us. We also remain responsible for the protection of your personal data, and we will take appropriate steps if we transfer data to a country that may not have the same level of privacy laws – for example, by ensuring contractual protections or obtaining your consent when required.
We implement reasonable and industry-standard security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes a combination of technical, administrative, and physical safeguards. Examples of our security measures include:
9.1.Encryption: We use encryption protocols like SSL/TLS when your data is transmitted to us over the internet (for instance, when you enter personal information on our website, that transmission is encrypted in transit). For sensitive data stored in our databases, we use encryption or hashing techniques so that the information is not easily readable if accessed without authorization.
9.2.Firewalls and Network Security: We protect our systems with firewalls and monitoring systems that guard against outside intrusions. Our servers and network are configured to enforce access controls and to isolate and limit any potential security incidents.
9.3.Access Controls: We restrict access to personal data strictly to employees, contractors, and service providers who need that information to process it for us, based on their roles. Those who are authorized to access personal data are subject to confidentiality obligations and undergo training on data protection. We follow the principle of least privilege, meaning individuals only access the minimum data necessary for their tasks.
9.4.Administrative Measures: We maintain internal policies and conduct regular training for our staff on best practices in data security and privacy. We also perform periodic security audits and risk assessments to evaluate the effectiveness of our safeguards and update them as needed. Our security practices are updated in light of new threats and advancements in security technology.
While we strive to protect your information and have measures in place as described, no security system is absolutely impenetrable. Therefore, we cannot guarantee absolute security of data in every scenario. However, we continuously monitor our systems for vulnerabilities and attacks, and we update our defenses to adapt to new security threats or findings. In the unlikely event of a data breach or security incident, we will act promptly in accordance with applicable breach notification laws and will inform affected users as required.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. This means that we will keep different types of data for different lengths of time, depending on the reason we collected it and the legal requirements. For example:
10.1.Account Information: If you have an account with us, we will keep your account information for the life of your account. If you choose to delete your account (or if your account becomes inactive), we may retain certain data for a further period (e.g. up to two (2) years after account deletion or last activity) in order to comply with legal obligations or for recordkeeping purposes. For instance, we might need to keep a record of transactions you made or communications you had with us for a certain time period as required by business or tax laws.
10.2.Analytics Data: Usage data that we collect for analytics purposes may be retained in an aggregated or anonymized form indefinitely (since it no longer can identify a user). However, raw logs that contain personal identifiers (like IP addresses in log files) and cookies are set to expire or be deleted after a certain period. Typically, our server logs and cookie data do not persist longer than approximately 2 years, and often much shorter, unless we need to retain them for security analysis. For example, a cookie stored in your browser may automatically expire after a set timeframe (e.g. 6, 12, or 24 months) unless you visit the site again, and analytic platforms often automatically delete old data after a set period.
10.3.If you request that we delete your personal data, we will do so to the fullest extent possible, and in any event we will not keep your data longer than permitted by law. However, even after a deletion request or after our standard retention period elapses, there might be residual data that cannot be completely removed from backups or systems immediately. We may also retain certain information if necessary to comply with legal obligations, resolve disputes, or enforce our agreements. In all cases, when we have no ongoing legitimate need or legal requirement to keep your personal data, we will securely dispose of it or anonymize it so it can no longer be associated with you.
(For transparency, this policy discloses our general retention practices as required by law. Specific retention periods may be subject to change if laws change or if our internal policies are updated, but any significant changes will be reflected in an updated version of this policy.)
11.1.Our services are not intended for children, and we do not knowingly collect personal data from individuals under the age of 18 without appropriate consent. In particular, we do not target or market our platform to minors. If you are under 18, please do not use Fyilist.in or provide any personal information to us.
11.2.Under India’s DPDP Act, a “child” is defined as anyone below 18 years of age, and processing a child’s personal data generally requires verifiable parental consent. Similarly, in the United States, the Children’s Online Privacy Protection Act (COPPA) requires parental consent for online collection of data from children under 13 years old. In the European Union, the GDPR provides that children are minors in the range of about 13 to 16 years old (the exact age cut-off varies by member state, with 16 as the maximum default) – and parental consent is required if personal data of such children is processed on the basis of consent.
11.3.In light of these regulations, we do not knowingly collect data from anyone under 13 worldwide, and we treat all users under 18 as requiring parental consent for any data collection, as a precaution. We do not intentionally gather information such as names or contact details from children. If we discover that we have accidentally collected personal data from a child without proper consent, we will delete that information promptly from our records.
11.4.If you are a parent or guardian and you become aware that your child (under 18) has provided personal information to Fyilist without your consent, please contact us immediately. We will take steps to remove the data and terminate the child’s account (if applicable). We encourage parents to supervise their children’s online activities and to teach their children about safe practices online.
12.1.We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the “Effective Date” at the top of this policy to indicate when the revisions came into effect. We will also post the revised policy on this page. If any changes are material (for example, if we start collecting additional categories of personal data or use existing data for new purposes that significantly affect your privacy rights), we will provide a prominent notice or alert to users before those changes take effect. This could be through an email notification to registered users or a notice on our website’s homepage. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
12.2.Your continued use of Fyilist.in after any updated Privacy Policy has become effective will constitute your acceptance of the changes. However, if changes require new consent from you (due to legal requirements), we will obtain that consent as necessary. We will also keep previous versions of this Privacy Policy (with their effective dates) available upon request for your review.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please reach out to us. We are here to help and will address your inquiries as promptly as possible.
Data Protection Officer (DPO): Email: grievance@fyilist.in.
For any privacy-related questions or requests, you may contact us via:
Email: grievance@fyilist.in
We will respond to your questions or requests within a reasonable timeframe. If you are contacting us to exercise one of Your Rights as described above, we may guide you through a verification process to ensure the security of your data. We are committed to resolving any concerns you have about your privacy and to working with you to achieve a fair resolution.