Have you know what Data shared and collected from Meesho: Online Shopping App

  • Location (Approximate and precise location data for logistics and delivery)
  • Personal Information (Name, email address, phone number, and physical addresses for shipping and billing)
  • Financial Information (Payment details, credit card numbers, and transaction history shared with payment gateways)
  • App Activity (Browsing behavior, search terms, and product interactions shared with analytics partners)
  • Device and Other Identifiers (IP address, device ID, advertising IDs shared with marketing affiliates and third parties)
  • Order Information (Order details shared with independent sellers, logistics partners like Valmo, and delivery agents)
  • Technical Data (Browser type, operating system, and network provider data)
  • First and Last Name
  • Mobile Phone Number
  • Email Address
  • Shipping and Delivery Address
  • Billing Address
  • Payment Information (Credit/Debit card details, UPI IDs, bank account details for refunds)
  • Device Information (Hardware model, operating system, time zone)
  • Network Information (IP address, Internet Service Provider)
  • Browsing Information (Web pages viewed, search terms, referring/exit pages)
  • Interaction Data (Clicks, time spent on pages, and engagement with the app or website)
  • Purchase History (Orders placed, cancelled, and returned)
  • Location Data (Pin codes and GPS coordinates for delivery routing)
  • Cookies, Web Beacons, Tags, and Pixels (For tracking and analytics)
  • Customer Support Interactions (Chat logs, voice recordings via AI bots, and email correspondence)
  • Seller Data (For business accounts: Inventory, sales metrics, and business registration details)
  • Secure Payment Gateways (Integration with standard, secure online payment processors for encrypted transactions)
  • Active Bug Bounty Program (Hosted on HackerOne to reward security researchers for finding vulnerabilities)
  • Project Suraksha (An initiative that utilizes AI and manual reviews to detect and delist counterfeit or restricted products)
  • Fraud Prevention Systems (Blocking suspicious user accounts and preventing millions of potentially fraudulent transactions)
  • Legal Enforcement (Filing legal cases and seeking injunctions against deceptive websites and fraudsters misappropriating the brand)
  • Mechanism for Data Deletion (Users can request the deletion of their personal data)
  • Secure SSL/TLS Protocols (For encrypting data in transit between the app/website and servers)
  • Processing and fulfilling e-commerce orders (arranging shipping and generating invoices)
  • Communicating with customers regarding order statuses, refunds, and support queries
  • Screening orders for potential risk, fraud, and policy violations
  • Delivering targeted advertisements and marketing communications based on user preferences
  • Generating analytics to understand how customers browse and interact with the platform
  • Improving and optimizing the website, mobile app, and overall user experience
  • Providing seller tools for inventory management, pricing optimization, and visibility
  • Complying with applicable laws, regulations, and lawful requests from authorities
  • Fraudulent Cash on Delivery (COD) Orders (Historically, miscreants have extracted user data from alternate sources to place fake, high-margin COD orders without the user's consent)
  • Third-Party Tracking (Extensive use of cookies and tracking pixels for behavioral advertising on platforms like Facebook and Google)
  • Counterfeit Products (Despite mitigation efforts, the marketplace model inherently carries risks of independent sellers listing counterfeit or low-quality goods)
  • Data Sharing with Affiliates (Data is shared broadly within the corporate family and with numerous third-party service providers and logistics partners)
  • Deceptive Imitation Websites (Scammers often create fake websites mimicking Meesho to phish for customer data and payment details)
  • May 2024 (Alleged Breach): A threat actor claimed responsibility for a data breach affecting Meesho on a hacker forum, posting names, emails, and phone numbers. However, cybersecurity experts scrutinized the claim and discovered the data was likely recycled from a 2020 IndiaMART database leak, casting significant doubt on the authenticity of a new, direct breach of Meesho's systems.
  • August 2021 (Data Leak Scams): Users reported receiving bogus Cash on Delivery (COD) orders they never placed, raising fears of a data leak. The company clarified that miscreants were likely extracting user data (names, phones, addresses) from external sources outside the Meesho platform to place unconsented orders and defraud customers.
🛡

All comments are automatically scanned for viruses and malware before being published to ensure community safety.