EVRYDAY (“EVRYDAY”, “we”, “us”, “our”) is a brand owned and operated by Witness The Fitness Private Limited (CIN: U74999UP2021PTC150280), registered office Flat No. S-1502, Amrapali Silicon City, Sector 76, Noida West, Gautam Buddha Nagar, Uttar Pradesh – 201306, India. This Privacy Policy explains how we collect, use, store, share and protect personal data when you visit or buy from www.wtfevryday.com, our mobile application, our WTF gym points of sale, or otherwise interact with us (together, the “Platform”). It is published in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and the Consumer Protection Act, 2019. For the purposes of the DPDP Act, the Company is the “Data Fiduciary” and you are the “Data Principal”. By using the Platform or providing your personal data, you consent to the practices described here. This Policy forms part of our Terms and Conditions and should be read with the Terms and our Refunds & Cancellation Policy.

1What Personal Data We Collect

• Identity and contact data: name, email address, phone number, billing and shipping address.
• Order data: products purchased, order value, transaction history and invoices.
• Payment data: UPI ID, card or netbanking details — processed by PCI-DSS-compliant partners. We do not store full card numbers (see Section 6).
• Account and subscription data: login credentials, saved preferences, subscription plan and renewal status.
• Membership linkage (optional): if you connect your WTF gym membership, basic membership identifiers used to unify benefits.
• Technical and usage data: IP address, device and browser information, pages viewed, and cookies or similar identifiers.
• Communications and content: messages to our support team, product reviews and ratings, and survey responses.

We do not seek health diagnoses. Any fitness goal or dietary preference you choose to share is provided voluntarily to help us recommend suitable products.

2How We Collect It

• Directly from you — when you register, place an order, subscribe, contact support, write a review or sign up for updates.
• Automatically — through cookies and similar technologies when you browse the Platform (see Section 7).
• In person — when you buy EVRYDAY products at a WTF point of sale.
• From partners — logistics, payment, analytics and marketplace partners who help us fulfil orders and improve your experience.

3How We Use Your Data

• To process, fulfil, ship and invoice your orders and subscriptions.
• To provide customer support and to handle returns, refunds and cancellations.
• To manage your account, save your preferences, and operate loyalty, referral and membership benefits.
• To send transactional updates (order, dispatch, delivery and subscription notifications) by email, SMS and WhatsApp.
• With your consent, to send marketing about products, offers and content, which you may opt out of at any time.
• To improve our products, website, security and operations through analytics.
• To detect and prevent fraud and to comply with our legal, tax and regulatory obligations.

4Legal Basis (DPDP Act)

We process personal data on the basis of your consent and, where applicable, for the “certain legitimate uses” permitted under the DPDP Act — including providing a product, service or benefit you have requested, complying with legal obligations, and responding to emergencies. Where required, your consent is sought through a clear notice and is free, specific, informed, unconditional and unambiguous, given by a clear affirmative action; and you may give, manage, review or withdraw your consent, including through a registered Consent Manager where available. Withdrawal does not affect the lawfulness of processing carried out before withdrawal, and may mean we are unable to continue providing the relevant product, service or benefit.

5Your Consent & How to Withdraw It

You may withdraw consent, update your preferences or unsubscribe by: clicking “unsubscribe” in any marketing email; replying STOP to a marketing SMS or WhatsApp message; adjusting your account settings; or writing to support@wtfgyms.com. We will action your request within the timelines required by law. Some processing necessary to complete an existing order or to meet a legal obligation may continue despite withdrawal of consent.

6Payments

Online payments are processed through third-party, PCI-DSS-compliant providers (including our checkout and payment partners, such as GoKwik and the payment gateways they support). Card and banking credentials are entered directly into the provider's secure environment. EVRYDAY does not store your full card number, CVV or banking password, and these partners may use payment data only to process your transaction on our behalf.

7Cookies & Tracking

We use cookies and similar technologies to keep you signed in, remember your cart and preferences, measure traffic, and (with your consent) personalise offers and advertising. You can control or disable cookies in your browser settings, although some features may not function properly without them. We may use trusted analytics and advertising services (such as Google) that set their own cookies subject to their own policies.

8How We Share Your Data

We do not sell your personal data. We share it only as needed with:

• Service providers and processors — our e-commerce platform (Shopify), checkout (GoKwik), subscriptions (Appstle), messaging (Interakt), reviews (Judge.me), logistics and courier partners, payment gateways, cloud hosting and analytics — each bound to use it only for services performed for us.
• Marketplaces — where you buy via Amazon, Flipkart or similar, your data is also governed by that marketplace's policies.
• Group and affiliates — including Witness The Fitness, to operate unified benefits, strictly in line with this Policy.
• Legal and safety — authorities, courts or others where required by law, to enforce our terms, or to protect rights, property or safety.
• Business transfer — to a successor entity in the event of a merger, acquisition, reorganisation, financing, insolvency or sale of our business or assets, subject to this Policy.

We require our processors to handle personal data only on our instructions and to maintain appropriate safeguards. Third-party services (including payment gateways, marketplaces and analytics providers) operate under their own privacy policies, and to the maximum extent permitted by law we are not responsible for their acts, omissions or security practices.

9Data Retention

We keep personal data only as long as necessary for the purposes set out above or as required to comply with any legal, tax, accounting, regulatory or contractual obligation, to establish, exercise or defend legal claims, to resolve disputes, or to enforce our agreements (for example, tax and accounting records are retained for the period prescribed by law). When personal data is no longer required, we will delete, destroy or irreversibly anonymise it in a secure manner, except where retention is required or permitted by law. Anonymised and aggregated data, which can no longer identify you, may be retained and used indefinitely.

10Data Security

We implement and maintain reasonable security practices and technical and organisational safeguards — including SSL/TLS encryption, access controls, need-to-know access limits, secure data storage and periodic review — to protect personal data against loss, misuse, unauthorised access, disclosure, alteration and destruction, consistent with the DPDP Act and the Information Technology Act, 2000. However, no method of transmission over the internet or electronic storage is completely secure, and while we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for all activity under your account.

In the event of a personal data breach, we will follow our incident-response procedures and notify the Data Protection Board of India and affected Data Principals to the extent required under the DPDP Act.

Cross-border transfers. We may store and process personal data on servers located in India or other countries, and may transfer personal data outside India to our service providers, processors and affiliates for the purposes described in this Policy, in compliance with the DPDP Act and any restrictions notified by the Central Government.

11Your Rights as a Data Principal

Subject to the DPDP Act, you have the right to: obtain a summary of your personal data and how it is processed, and the identities of those with whom it has been shared; seek its correction, completion, updating or erasure; nominate another individual to exercise your rights in the event of death or incapacity; and grieve to us and, if unresolved, to the Data Protection Board of India. To exercise any right, contact our Grievance Officer (Section 16) using your registered contact details. We may verify your identity before acting, and may decline or charge a reasonable fee for requests that are manifestly unfounded, excessive or repetitive. Where erasing or restricting data would prevent us from completing a transaction or complying with a legal obligation, we may retain the minimum data necessary.

12Marketing Communications (TRAI / TCCCPR)

By providing your number, you agree to receive service communications and, where you have opted in, promotional communications — including on numbers registered under DND/NCPR — in line with the Telecom Commercial Communications Customer Preference Regulations, 2018. You may opt out of promotional messages at any time as described in Section 5.

13Children

The Platform is intended for users aged 18 and above. Consistent with the DPDP Act, we do not knowingly process the personal data of children without the verifiable consent of a parent or lawful guardian, and we do not undertake tracking, behavioural monitoring or targeted advertising directed at children. If we learn that we have collected such data without the required consent, we will delete it.

14Third-Party Links

The Platform may link to third-party websites or applications that we do not control. We are not responsible for their content or privacy practices; please review their policies before sharing any information.

15Changes to This Policy

We may update this Policy from time to time. Changes take effect when posted on this page with a revised “last updated” date. Your continued use of the Platform after changes signifies acceptance of the updated Policy.

16Grievance Officer & Data Contact

In accordance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 and the Consumer Protection Act, 2019, you may contact our Grievance Officer for any privacy concern, request or complaint:

• Name: Amit Singh
• Email: grievance@wtfevryday.com
• Address: Witness The Fitness Private Limited, AMCO Tower, 3rd Floor, Sector 9, Noida, Uttar Pradesh – 201301, India

We aim to acknowledge grievances within 48 hours and to resolve them within the timelines prescribed under applicable law.

17Your Duties as a Data Principal

Under the DPDP Act, you agree to: (a) comply with all applicable laws while exercising your rights under this Policy; (b) not impersonate another person while providing your personal data; (c) not suppress any material information while providing personal data for any document, unique identifier, proof of identity or proof of address issued by the State; (d) not register a false or frivolous grievance or complaint; and (e) furnish only verifiably authentic information when exercising your right to correction or erasure. You acknowledge that the DPDP Act provides for penalties (which may extend up to ten thousand rupees) for breach of these duties, and that you are responsible for the accuracy of the personal data you provide.

18“As Is” Basis & No Warranty

The Platform and all related services are provided on an “as is” and “as available” basis. To the maximum extent permitted by law, we make no representation or warranty of any kind, whether express or implied, regarding the Platform, its availability, accuracy, reliability or uninterrupted operation, or that it will be free of errors, viruses or other harmful components, beyond those warranties that cannot be excluded under applicable law. Your use of the Platform is at your own risk. Nothing in this Policy excludes any right or remedy that cannot be excluded under the Consumer Protection Act, 2019, the DPDP Act, or other applicable law.

19Limitation of Liability & Indemnity

To the maximum extent permitted by law, the Company, its affiliates and their respective directors, officers, employees and agents shall not be liable for any indirect, incidental, special, punitive or consequential loss, or for any loss of profits, revenue, data, goodwill or business, arising out of or in connection with this Policy, the processing of your personal data, or your use of the Platform, even if advised of the possibility of such loss. Our total aggregate liability shall not exceed the amount paid by you for the order or transaction giving rise to the claim, or, where no amount has been paid, one thousand rupees (₹1,000). Nothing limits any liability that cannot be excluded under applicable law.

You agree to indemnify, defend and hold harmless the Company, its affiliates and their respective directors, officers, employees and agents from any claims, losses, liabilities, costs and expenses (including reasonable legal fees) arising out of: (a) your breach of this Policy or applicable law; (b) any personal data you provide that is false, inaccurate, misleading or infringing; (c) your misuse of the Platform; or (d) any false or frivolous complaint made by you. This indemnity survives the termination of your relationship with us.

20General

Severability — if any provision is held invalid or unenforceable, it shall be severed and the remaining provisions continue in full force. Waiver — our failure or delay in exercising any right shall not operate as a waiver. Assignment — you may not assign your rights without our prior written consent; we may assign to any affiliate or successor. Survival — provisions relating to retention, security, liability, indemnity, governing law and dispute resolution survive termination. Entire understanding — this Policy together with the Terms constitutes the entire understanding on the processing of your personal data. Force majeure — we shall not be liable for failure or delay caused by events beyond our reasonable control.

21Governing Law, Jurisdiction & Dispute Resolution

This Policy, and any dispute or claim arising out of or in connection with it, are governed by and construed in accordance with the laws of India, without regard to its conflict-of-laws principles. Subject to the dispute-resolution process below, the courts at Gautam Buddha Nagar (Noida), Uttar Pradesh shall have exclusive jurisdiction.

The parties shall first attempt in good faith to resolve any dispute amicably within thirty (30) days of written notice. Failing that, the dispute shall be finally resolved by arbitration by a sole arbitrator appointed by the Company under the Arbitration and Conciliation Act, 1996, seated at Gautam Buddha Nagar (Noida), Uttar Pradesh, conducted in English, with the award final and binding. Any dispute shall be resolved on an individual basis and not as part of any class or representative proceeding. Nothing prevents the Company from seeking urgent interim relief, and nothing excludes any remedy available to you before a consumer forum under the Consumer Protection Act, 2019, or your right to grieve to the Data Protection Board of India under the DPDP Act.