Privacy Policy | ShopPlus

Information We Collect

The Platform collects and processes information that is necessary to provide, maintain, and improve its Services, while ensuring a secure and efficient user experience. This includes personal information that Users voluntarily provide during registration, account setup, or while using the Platform’s features. Such information may include name, mobile number, address, and other identifying details required for account creation and verification. In addition to personal data, the Platform may collect business-related information entered by the User, such as transaction records, customer details, inventory data, financial information, and any documents or files uploaded to the system. This data forms the operational backbone of the Platform and is essential for enabling core functionalities such as reporting, analytics, communication, and workflow management. The User acknowledges that the accuracy and completeness of such information is their responsibility and directly impacts the effectiveness of the Services.

In addition to information explicitly provided by the User, the Platform may automatically collect certain technical and usage-related data to support system functionality and security. This may include device information, browser type, operating system, IP address, access times, and interaction patterns within the Platform. Such data is collected through standard technologies and is used to monitor performance, identify potential security risks, detect unauthorized access, and optimize the overall user experience. The Platform may also generate aggregated or anonymized data derived from User activity, which does not identify individual Users and may be used for internal analysis, performance monitoring, and service improvement. This type of data helps the Platform understand usage trends and enhance system efficiency without compromising individual privacy.

By registering for and using the Platform, the User provides informed consent to the collection, storage, and processing of their information as described in this Privacy Policy. The User understands that certain information is mandatory for accessing specific features, and failure to provide such information may limit the ability to use the Platform effectively. The Platform undertakes to collect only such information as is reasonably necessary for the purposes outlined and to handle it in accordance with applicable data protection laws and best practices. The User further confirms that any third-party data shared through the Platform, including customer or employee information, has been collected and processed with appropriate consent and legal authorization, ensuring compliance with applicable privacy requirements.

Use of Information

The Platform uses the information collected from Users for the primary purpose of delivering, maintaining, and enhancing the Services in an efficient and secure manner. Personal and business-related data is processed to enable essential functionalities such as account management, transaction processing, inventory tracking, reporting, communication integrations, and workflow automation. The information provided by the User allows the Platform to customize the user experience, ensure accurate data processing, and support day-to-day operational requirements. Additionally, such data may be used to verify user identity, prevent fraudulent activities, and ensure compliance with applicable legal and regulatory obligations. The User acknowledges that without the use of such information, the Platform would be unable to provide its core functionalities effectively.

Beyond core service delivery, the Platform may use collected information to improve system performance, develop new features, and enhance overall user experience. This includes analyzing usage patterns, identifying trends, and evaluating system behavior to optimize performance and reliability. The Platform may also use information to communicate with Users regarding service updates, technical notices, billing information, and support responses. In certain cases, Users may receive informational or promotional communications related to new features or offerings; however, such communications shall be conducted in a responsible manner and, where applicable, Users may have the option to manage their communication preferences. The Platform ensures that any use of personal information for such purposes is aligned with applicable data protection standards and is limited to what is reasonably necessary.

The Platform may also use information for security and compliance purposes, including monitoring for suspicious activity, enforcing these Terms and Conditions, and responding to legal requests or regulatory requirements. Where necessary, information may be processed to investigate potential violations, protect the rights and safety of Users, and maintain the integrity of the Platform. The User agrees that such use of information is essential for ensuring a safe and lawful service environment. The Platform does not use personal information for purposes that are incompatible with those described in this Privacy Policy and takes reasonable measures to ensure that all data processing activities are conducted in a lawful, fair, and transparent manner. By continuing to use the Platform, the User consents to the use of their information as described herein and acknowledges that such use is integral to the functioning and improvement of the Services.

Data Storage and Security

The Platform implements appropriate technical and organizational measures to ensure that User information is stored securely and protected against unauthorized access, alteration, disclosure, or destruction. Data is maintained on secure servers and infrastructure that follow industry-standard security practices, including encryption, access controls, authentication mechanisms, and regular system monitoring. The Platform continuously evaluates and updates its security framework to address evolving threats and vulnerabilities, ensuring that sensitive information such as personal details, financial records, and uploaded documents are handled with a high degree of care. The User acknowledges that while the Platform takes reasonable steps to safeguard data, the effectiveness of such measures also depends on responsible usage and adherence to security practices by the User.

In addition to infrastructure-level protections, the Platform enforces strict access control mechanisms to ensure that data is accessible only to authorized personnel or systems on a need-to-know basis. Internal processes are designed to limit data exposure and to prevent misuse, including role-based access, logging of system activities, and regular audits of security protocols. The Platform may also engage trusted third-party service providers for hosting, storage, or infrastructure support, who are required to maintain comparable levels of data protection and confidentiality. Despite these safeguards, the User understands that no system can be completely secure, and there is always a residual risk associated with storing and transmitting data over digital networks. Accordingly, the Platform does not guarantee absolute security but commits to taking all reasonable precautions to minimize potential risks.

The User is also responsible for maintaining the security of their own account and environment, including safeguarding login credentials, using secure devices, and preventing unauthorized access. Any data breach or unauthorized access resulting from the User’s negligence, such as sharing credentials or using compromised systems, shall not be the responsibility of the Platform. In the event of a suspected security incident, the Platform may take immediate action, including restricting access, notifying affected Users, and initiating investigation procedures to mitigate potential impact. The User agrees to cooperate with such measures and to promptly report any suspected vulnerabilities or unauthorized access. By continuing to use the Platform, the User acknowledges the shared responsibility model of data security and agrees to follow best practices to ensure the protection of their information within the Platform ecosystem.

Data Sharing and Disclosure

The Platform may share or disclose User information with third parties only to the extent necessary to provide, maintain, and improve the Services, and in accordance with applicable legal and regulatory requirements. Such sharing may include engagement with trusted service providers who support essential functions such as payment processing, messaging services, cloud hosting, analytics, and system maintenance. These third-party providers are granted access only to the information required to perform their designated functions and are contractually obligated to maintain confidentiality, implement appropriate security measures, and use the data solely for the intended purposes. The Platform does not sell, rent, or trade User information to third parties for commercial exploitation, and any sharing of data is conducted with a clear purpose aligned with service delivery and operational efficiency.

In certain circumstances, the Platform may be required to disclose User information to comply with legal obligations, regulatory requirements, or valid requests from governmental or law enforcement authorities. Such disclosures may occur in response to court orders, legal proceedings, or investigations related to unlawful activities, fraud prevention, or enforcement of applicable laws. The Platform may also disclose information where it believes in good faith that such action is necessary to protect its rights, enforce these Terms, safeguard the security of the Platform, or prevent harm to Users or the public. The User acknowledges that such disclosures are an essential aspect of operating within a regulated legal framework and agrees that the Platform shall not be held liable for sharing information in compliance with lawful obligations.

Additionally, in the event of a business restructuring, merger, acquisition, or transfer of assets, User information may be transferred as part of such transaction, subject to appropriate safeguards and confidentiality obligations. The Platform shall ensure that any such transfer is conducted in a manner that maintains the integrity and protection of User data. Where feasible, Users may be notified of such changes, particularly if they result in a material change in how information is handled. The User understands that limited data sharing is necessary to facilitate the functioning of the Platform and agrees that such practices are conducted responsibly and in accordance with this Privacy Policy. By continuing to use the Platform, the User consents to the sharing and disclosure of information as described, recognizing that such actions are integral to the provision and lawful operation of the Services.

Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies to enhance the overall user experience, ensure efficient system functionality, and gather analytical insights regarding usage patterns. Cookies are small data files stored on the User’s device that enable the Platform to recognize returning Users, maintain session continuity, and remember certain preferences or configurations. These technologies play a critical role in ensuring seamless navigation across the Platform, reducing the need for repeated authentication within active sessions, and enabling the delivery of personalized features. In addition to cookies, the Platform may utilize other tracking mechanisms such as web beacons, pixel tags, or local storage technologies to collect information about how Users interact with the Services. This information may include pages visited, time spent on specific features, navigation behavior, and general interaction trends, all of which contribute to improving system performance and usability.

The data collected through these technologies is primarily used for internal purposes such as monitoring system efficiency, diagnosing technical issues, enhancing security measures, and optimizing the design and functionality of the Platform. By analyzing usage patterns, the Platform can identify areas that require improvement, detect unusual or potentially harmful activity, and ensure that the Services remain responsive and reliable. In certain cases, cookies may also support communication features or integration with third-party services, enabling smoother interaction with external tools that form part of the Platform’s extended capabilities. The Platform ensures that any information collected through cookies is handled in accordance with applicable data protection standards and is not used in a manner that compromises the User’s privacy or security.

The User acknowledges and consents to the use of cookies and tracking technologies as described in this Privacy Policy by continuing to access or use the Platform. While most web browsers automatically accept cookies, the User may have the option to modify browser settings to decline or manage cookie preferences. However, the User understands that disabling or restricting cookies may impact the functionality, performance, or accessibility of certain features within the Platform. The Platform shall not be held responsible for any limitations or degraded user experience resulting from such actions. By using the Platform, the User accepts that cookies and similar technologies are an essential component of modern digital services and agrees to their use as part of the Platform’s efforts to deliver a secure, efficient, and user-friendly experience.

User Rights and Control Over Data

The Platform recognizes the importance of User control over personal and business-related information and provides mechanisms that allow Users to access, review, update, and manage their data within the system. Users have the right to request access to the information stored about them and to ensure that such information is accurate, complete, and up to date. Where inaccuracies are identified, Users may correct or update their information through available account settings or by contacting the Platform through designated communication channels. The Platform makes reasonable efforts to ensure that such requests are processed in a timely and efficient manner, subject to verification procedures necessary to maintain security and prevent unauthorized access. The User acknowledges that certain information may be essential for the continued operation of the Services, and therefore, modification or deletion of such data may impact the availability or functionality of specific features.

In addition to access and correction rights, Users may request the deletion or restriction of certain personal data, subject to applicable legal and operational requirements. The Platform shall evaluate such requests in accordance with applicable laws and internal policies, taking into consideration factors such as legal obligations, ongoing transactions, dispute resolution requirements, and data retention mandates. In cases where complete deletion is not feasible, the Platform may retain limited information in an anonymized or restricted format to fulfill compliance or operational needs. The User understands that data associated with active subscriptions, financial records, or legal obligations may not be immediately removable and agrees that such retention is necessary for lawful operation. The Platform shall not be liable for any limitations arising from the User’s request to restrict or delete data that is essential to the functioning of the Services.

The Platform may also provide Users with the ability to control certain aspects of data usage, including communication preferences and access permissions within their account. Users can manage how their data is used for notifications, updates, or other communications, subject to the requirement that essential service-related communications cannot be disabled. The User further agrees to exercise these rights responsibly and not in a manner that disrupts system integrity or violates applicable laws. Requests that are excessive, repetitive, or unfounded may be subject to reasonable limitations or administrative requirements. By continuing to use the Platform, the User acknowledges their rights with respect to personal data and agrees that such rights shall be exercised in accordance with this Privacy Policy and applicable legal frameworks, ensuring a balanced approach between user control and operational necessity.

Data Retention and Storage Practices

The Platform retains personal and operational data only for as long as necessary to fulfill the purposes for which the data was collected, including the provision of services, compliance with contractual obligations, resolution of disputes, and adherence to legal requirements. The duration of retention depends on the type of data, the purpose of processing, and applicable statutory regulations. The Platform adopts a systematic approach to data lifecycle management, ensuring that information is classified, archived, or deleted in accordance with retention schedules. While certain records may be retained for extended periods due to regulatory or statutory obligations, all retention practices are guided by the principles of necessity, proportionality, and accountability.

In addition to active operational use, the Platform maintains backups and disaster recovery environments to ensure business continuity and prevent data loss. These storage environments are protected with encryption, access controls, and monitoring measures, consistent with the security measures applied to primary systems. Data stored in these systems is accessed only when required for restoration, legal compliance, or operational continuity. Upon termination of a User account or cessation of service, the Platform initiates a structured deletion process, ensuring that personal data is either anonymized or permanently deleted, except where retention is required by law or legitimate business interests.

The Platform also recognizes that certain categories of data, including transaction records, financial reports, and compliance-related documents, may need to be retained for longer periods in accordance with legal or regulatory requirements. Access to such data is strictly controlled, and it is available only to authorized personnel for specific purposes. Users have the right to request deletion of their personal information subject to these legal and operational limitations. The Platform is committed to maintaining secure and organized data retention practices to protect Users’ rights, ensure regulatory compliance, and uphold the integrity of the Platform’s operations.

Children’s Privacy

The Platform is not designed or intended for use by individuals below the age of majority as defined under applicable laws, and it does not knowingly collect, solicit, or process personal information from minors. Users are required to confirm that they meet the minimum age requirement before accessing the Platform. Any use of the Platform by minors is considered unauthorized, and the Platform reserves the right to restrict or terminate access where such use is identified. The Platform does not target children in its services, interfaces, marketing, or data collection practices and ensures that all communications are directed toward individuals who meet the legal age requirements.

If the Platform becomes aware that it has inadvertently collected data from a minor without parental consent, it promptly initiates a process to remove or anonymize such information. Parents or legal guardians are encouraged to actively monitor minors’ use of digital platforms and ensure that they do not provide personal information without oversight. The Platform has established internal protocols to detect and prevent underage usage, including verification mechanisms and usage monitoring, which support compliance with legal obligations and safeguard minors’ privacy.

Although the Platform implements preventive measures, complete prevention of minor access cannot be guaranteed. It relies on Users to provide accurate age information and comply with eligibility requirements. Unauthorized use by minors may result in suspension or termination of accounts, and the Platform takes such measures seriously to protect both the minor’s information and the integrity of the Platform. The Platform remains committed to upholding stringent privacy standards for children and fostering responsible use of its services.

Legal Compliance and Regulatory Obligations

The Platform is committed to operating in compliance with all applicable laws and regulations governing data protection, privacy, digital services, and information technology, including provisions under Indian IT laws and associated rules. The Platform processes personal data in a lawful, fair, and transparent manner and ensures that Users are informed of the types of information collected, the purpose of collection, and the safeguards implemented to protect such data. The Platform maintains a compliance framework that is periodically reviewed to align with evolving legal requirements and industry standards.

In certain circumstances, the Platform may be required to collect, retain, or disclose personal data to regulatory authorities, law enforcement agencies, or judicial bodies to meet legal obligations or respond to lawful requests. Any such disclosure is performed strictly in accordance with applicable laws and only to the extent necessary. The Platform evaluates and validates each request to ensure that it is lawful and justified, balancing regulatory requirements with Users’ privacy rights and operational considerations.

The Platform also implements internal monitoring, auditing, and training programs to ensure ongoing compliance with regulatory obligations. Personnel involved in data handling receive instruction on legal and ethical obligations to protect Users’ personal information. Users are encouraged to familiarize themselves with applicable laws and ensure that their use of the Platform complies with regulatory requirements, thereby maintaining a lawful and secure operational environment.

Data Breach Notification and Response

The Platform has established robust protocols to detect, evaluate, and respond to any potential or actual data breaches. A data breach is defined as any unauthorized access, disclosure, alteration, or destruction of personal information. Upon identification of a potential breach, the Platform initiates an internal investigation to assess the scope, impact, and severity of the incident. Immediate containment measures are taken to prevent further unauthorized access and mitigate potential harm to Users and the Platform.

In cases where a data breach is likely to result in significant harm to Users, the Platform notifies affected individuals and relevant authorities in accordance with applicable legal obligations. Notifications include details regarding the nature of the breach, the types of data involved, potential risks, and recommended steps for Users to protect themselves. The Platform ensures that breach communications are timely, clear, and transparent, providing Users with actionable guidance to mitigate adverse effects.

Beyond reactive measures, the Platform continuously strengthens its security architecture to reduce the risk of future incidents. Lessons learned from each breach are incorporated into security policies, monitoring mechanisms, and incident response strategies. The Platform is committed to ensuring a secure operational environment and safeguarding the integrity and confidentiality of User data, maintaining accountability and trust in its services.

Third-Party Processors and Service Providers

The Platform engages third-party service providers and processors to support various operational, technical, and functional aspects necessary for delivering its services. These third-party entities may include providers of data hosting, cloud storage, analytics, communication services, customer support, and infrastructure maintenance. In every case, third-party processors are granted access to personal or operational data strictly on a need-to-know basis to perform their contracted services, and they are prohibited from using such data for any purposes outside the scope of their engagement with the Platform. All third-party processors are subject to rigorous vetting processes, ensuring that their data protection policies, operational capabilities, and regulatory compliance meet or exceed the Platform’s standards. This ensures that data confidentiality, integrity, and security are maintained throughout all outsourced processes, minimizing the risk of unauthorized access, misuse, or accidental disclosure.

The Platform formalizes its relationship with each third-party processor through legally binding contracts that incorporate explicit data protection obligations. These contracts specify the scope of permissible data processing, responsibilities for safeguarding personal data, confidentiality commitments, and compliance with applicable data protection laws. Third-party agreements also mandate the implementation of technical and organizational measures to prevent data breaches, unauthorized access, or loss. The Platform monitors third-party compliance with these agreements through audits, periodic reviews, and performance assessments. Such oversight ensures that the Platform retains accountability for the processing of User data even when operational activities are outsourced, thereby maintaining trust, transparency, and compliance with legal obligations. Users are assured that their data is handled in accordance with the same standards and principles applied internally by the Platform.

The Platform remains responsible for the protection of personal information even when processed by third-party providers. Data shared with external processors is limited to what is strictly necessary to perform the required services, and such providers are contractually obligated to implement measures such as encryption, access controls, logging, and secure storage to protect User data. Any sub-processing arrangements are also subject to the same contractual obligations to ensure consistent privacy standards. The Platform ensures that personal data is never disclosed to third parties for marketing purposes or any other unauthorized use without obtaining explicit consent from the User. In addition, the Platform requires all third-party processors to immediately report any security incidents or breaches affecting User data, enabling the Platform to respond promptly and effectively. Through these comprehensive measures, the Platform ensures that the involvement of third-party service providers enhances operational efficiency and scalability while upholding stringent standards of privacy, data protection, and legal compliance. Users can trust that their information is processed responsibly, securely, and only in furtherance of the Platform’s legitimate operational and service objectives.

Use of Analytics and Tracking Technologies

The Platform utilizes analytics tools, monitoring systems, and tracking technologies to collect, process, and analyze information regarding User interactions and system usage. These technologies include, but are not limited to, data collection mechanisms that record interaction patterns, device specifications, browser configurations, session durations, and feature utilization metrics. The purpose of these technologies is to optimize the functionality, performance, and overall User experience of the Platform, to identify potential issues, and to support the development of enhanced features that better meet the operational needs of Users. Information collected through analytics is used to evaluate trends, monitor service reliability, and guide improvements in infrastructure and user interface design, all while ensuring compliance with applicable data protection laws.

The data obtained through analytics is generally aggregated and anonymized to prevent the identification of individual Users. However, certain scenarios may require limited processing of personal data to facilitate personalized experiences, troubleshoot issues, or maintain service integrity. The Platform ensures that such processing is strictly controlled, purpose-specific, and proportional to the operational or analytical objectives. Collected data is stored securely and retained only for as long as necessary to achieve these purposes. The Platform also implements measures to prevent unauthorized access or misuse of analytics data, including role-based access controls, encryption protocols, and regular monitoring of system activity to maintain confidentiality and integrity.

Users are provided with transparency regarding the use of analytics and tracking technologies, including information about the nature, purpose, and scope of data collected. Where applicable, Users may exercise certain control over tracking mechanisms through device, browser, or account settings, enabling them to limit or opt out of certain forms of data collection. The Platform strives to balance operational and analytical requirements with User privacy, ensuring that all processing conducted through analytics tools is lawful, fair, and minimally invasive. Through these measures, the Platform leverages analytics to enhance service delivery and operational efficiency while upholding stringent standards of privacy, security, and data protection, thereby ensuring that Users’ information is handled responsibly, securely, and transparently.

Communication Data Usage

The Platform processes communication data generated by interactions between Users and the Platform, including messages, notifications, inquiries, support requests, and any other exchanges facilitated through its services. This communication data is collected and used to enable effective service delivery, provide timely assistance, ensure operational continuity, and maintain records of interactions for reference and accountability purposes. The Platform treats all communication data with strict confidentiality and ensures that it is accessed only by authorized personnel who require the information for legitimate operational or support-related purposes. By processing such data, the Platform can enhance responsiveness, monitor service quality, and identify opportunities for improvement while maintaining compliance with relevant legal and regulatory frameworks.

Communication data may also be analyzed to detect trends, improve user support, and enhance overall operational performance. For example, the Platform may review aggregated or anonymized communication patterns to identify recurring issues, optimize workflows, and develop improved features and functionalities. Any analysis involving personal data is performed in a controlled, purpose-specific manner that aligns with legal requirements and internal privacy policies. The Platform does not share communication data with third parties for purposes unrelated to the provision of services, except when required by law or under contractual obligations with regulated service providers. Users are assured that their interactions remain secure and are used solely for the purpose of maintaining service quality, resolving queries, and improving system functionality.

The Platform retains communication data for as long as necessary to fulfill operational, legal, or contractual obligations. Upon expiration of retention periods, the Platform ensures that data is securely archived, anonymized, or permanently deleted, depending on the applicable retention schedule and legal requirements. Users are informed that stored communication data may be referenced to verify transactions, resolve disputes, maintain records, and comply with legal obligations, including regulatory audits or investigations. The Platform also provides guidance and transparency on how communication data is processed and used, offering Users insight into its purpose and handling. Through these measures, the Platform demonstrates its commitment to responsible, secure, and privacy-conscious management of all communication data generated within its services, ensuring that Users’ rights, confidentiality, and trust are fully respected.

User Consent and Withdrawal

The Platform processes personal data primarily based on the User’s consent, the necessity of providing services, compliance with legal obligations, or legitimate business interests. Consent is obtained through clear, affirmative, and voluntary actions taken by the User during registration, account setup, or through specific prompts within the Platform. The Platform ensures that Users are fully informed about the purpose, scope, and nature of data processing before providing consent, including the type of information collected, how it will be used, who will have access to it, and any third-party involvement. By obtaining informed consent, the Platform upholds principles of transparency, accountability, and compliance with applicable data protection laws, ensuring that Users are aware of their rights and the manner in which their data will be managed.

Users have the right to withdraw their consent at any time without undue difficulty, subject to legal or contractual limitations. The Platform provides accessible and transparent mechanisms for Users to revoke consent, either through account settings, direct communication with support personnel, or designated forms provided on the Platform. Withdrawal of consent may affect certain functionalities or features of the Platform, and the Platform ensures that Users are informed of any consequences resulting from the withdrawal of consent. In such cases, the Platform may limit or suspend specific services that require ongoing consent for the processing of personal data, while continuing to provide other aspects of the Platform that do not depend on such consent. All requests to withdraw consent are handled in a timely manner and are documented to ensure proper accountability and compliance.

The Platform also maintains detailed records of consent to demonstrate accountability and compliance with regulatory obligations. These records include the time, date, and scope of consent provided, as well as any subsequent modifications or withdrawals made by the User. The Platform regularly reviews and updates consent management processes to incorporate best practices and ensure that Users’ rights are fully respected. In addition, the Platform takes proactive steps to ensure that consent-related decisions are implemented across all relevant systems and third-party processors, thereby preventing unauthorized or unintended use of personal data. By providing clear avenues for granting, managing, and withdrawing consent, the Platform reinforces its commitment to empowering Users, protecting privacy, and upholding the highest standards of responsible data governance while delivering services efficiently and transparently.

Policy Updates and Modifications

The Platform may periodically update, revise, or modify this Privacy Policy to reflect changes in legal requirements, operational practices, service offerings, technological advancements, or industry standards. Such updates are implemented to ensure that the Platform maintains compliance with applicable laws, continues to safeguard personal data effectively, and provides transparency regarding its data processing activities. The Platform undertakes a thorough review process before any amendment, evaluating the impact on Users’ privacy, operational requirements, and compliance obligations. All updates are designed to ensure consistency, clarity, and alignment with the Platform’s commitment to responsible data management while remaining fully compliant with regulatory obligations.

Users are informed of significant updates through notifications within the Platform, email communications, or other effective channels to ensure that they are aware of modifications that may affect the processing of their personal information. Users are encouraged to review the Privacy Policy periodically to remain informed of the current terms and practices. The Platform clearly identifies the effective date of each version of the Privacy Policy and maintains records of previous versions to provide transparency and historical reference. Any changes that materially affect Users’ rights, obligations, or the use of personal data are highlighted and explained to ensure Users can make informed decisions regarding continued use of the Platform.

The Platform may also seek additional consent from Users if updated practices or data processing activities introduce new purposes or methods not covered under previously granted consent. Users retain the right to manage or withdraw consent in response to such changes, and the Platform ensures that any such requests are honored promptly. Minor or operational updates that do not materially impact Users’ privacy may be implemented without requiring new consent but remain clearly documented in the Privacy Policy. Through these procedures, the Platform ensures that Users remain informed, empowered, and confident that their personal data is processed in accordance with the most current legal, operational, and ethical standards. Maintaining an up-to-date Privacy Policy reflects the Platform’s ongoing commitment to transparency, accountability, and the protection of Users’ privacy.

Contact and Grievance Officer

The Platform designates a dedicated Contact and Grievance Officer responsible for addressing all queries, complaints, and concerns related to the collection, processing, storage, and use of personal data. This officer serves as the primary point of contact for Users seeking clarification on privacy practices, reporting potential violations, or submitting requests related to their personal information. The role of the officer is to ensure that all grievances are handled promptly, transparently, and in accordance with applicable laws and regulatory requirements. Users can reach the officer through specified communication channels, including email, contact forms, or other designated mechanisms provided on the Platform. The officer is responsible for acknowledging receipt of complaints, assessing their validity, and coordinating the appropriate resolution or remedial action in line with the Platform’s policies.

The Contact and Grievance Officer also monitors compliance with privacy obligations and regulatory requirements, ensuring that the Platform’s operations, policies, and practices adhere to applicable legal frameworks. This includes evaluating internal processes for data protection, reviewing responses to User requests, and maintaining records of all grievances received and actions taken. The officer ensures that complaints are escalated to relevant internal teams where necessary and that corrective measures are implemented to prevent recurrence. Users are assured that their concerns are treated confidentially and impartially, and that their rights under applicable data protection laws are fully respected. The officer also acts as a liaison with regulatory authorities, responding to official inquiries or investigations concerning the Platform’s data processing activities.

Furthermore, the Contact and Grievance Officer maintains a proactive approach to privacy management by identifying patterns or recurring issues in grievances and recommending improvements to policies, processes, and user communication. The officer ensures that Users are informed of the status and outcome of their complaints within reasonable timeframes and provides guidance on how Users may exercise their rights under the Privacy Policy. By establishing this dedicated point of accountability, the Platform demonstrates its commitment to transparency, responsiveness, and the protection of Users’ personal information. Users can rely on the Contact and Grievance Officer to facilitate resolution, provide clarity regarding privacy practices, and safeguard the integrity of their interactions with the Platform. Through these measures, the Platform upholds its legal obligations, fosters trust, and strengthens its accountability framework, ensuring that Users have a clear, reliable, and accessible avenue for addressing any concerns related to privacy, data protection, and compliance.

Data Breach Handling

The Platform maintains a comprehensive and structured approach to detecting, responding to, and mitigating data breaches or unauthorized access to personal information. A data breach is defined as any event in which personal, operational, or sensitive data is accessed, disclosed, altered, or destroyed without authorization. The Platform has implemented preventive measures, including robust security infrastructure, access controls, encryption protocols, monitoring systems, and employee training programs, to minimize the likelihood of such incidents. In the event of a suspected or confirmed breach, the Platform follows a clearly defined incident response plan, which includes immediate containment, assessment of the scope and impact, and initiation of remedial actions to prevent further compromise.

Upon identification of a data breach, the Platform promptly evaluates the type of data affected, the potential risks to Users, and the likely consequences of the incident. Affected Users are notified in accordance with applicable legal and regulatory requirements, providing transparent and timely information regarding the nature of the breach, the data involved, potential implications, and recommended protective measures they may take. Simultaneously, the Platform undertakes internal investigations to determine the root cause, implement corrective actions, and strengthen security measures to prevent recurrence. Communication with relevant regulatory authorities, law enforcement agencies, and third-party service providers is conducted as required to ensure full compliance with legal obligations and to facilitate appropriate mitigation.

The Platform’s data breach handling policy also includes measures for ongoing monitoring, documentation, and continuous improvement. Records of incidents, responses, and corrective actions are maintained to support accountability, regulatory compliance, and future risk assessment. Employees are trained to recognize potential threats and respond effectively to incidents, and third-party processors are required to report any breaches that could affect Platform data. By maintaining a proactive, transparent, and structured approach to data breach handling, the Platform demonstrates its commitment to protecting Users’ personal information, maintaining operational integrity, and upholding the trust and confidence placed in its services. These practices ensure that data security incidents are managed efficiently, responsibly, and in full alignment with applicable laws and industry best practices.

Data Retention and Storage

The Platform adheres to a comprehensive data retention and storage policy designed to balance operational requirements, legal obligations, and the protection of Users’ personal and operational information. All data collected through the Platform, including registration information, transactional records, communication logs, financial data, document uploads, and usage analytics, is retained only for the duration necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law, regulation, or contractual obligation. The Platform evaluates retention needs regularly to ensure that personal data is not stored beyond its intended purpose, minimizing unnecessary exposure while maintaining the ability to deliver its services effectively. This policy ensures that Users’ information is managed responsibly, with a clear focus on data minimization, privacy, and security.

Data retention practices are implemented through a combination of technical, operational, and administrative measures that ensure the secure storage, access, and eventual disposal of information. Sensitive data, including financial and transactional records, personal identifiers, and confidential business information, is stored in secure databases protected by encryption, access controls, and intrusion detection systems. The Platform maintains role-based access protocols to ensure that only authorized personnel can view or process sensitive information, thereby minimizing the risk of unauthorized access or misuse. Regular audits and reviews of storage systems are conducted to verify compliance with retention policies, identify potential vulnerabilities, and update storage protocols in line with evolving best practices and technological standards. Data that is no longer required for operational or legal purposes is securely deleted, anonymized, or archived in accordance with established procedures to prevent unauthorized recovery.

The Platform also implements retention policies to ensure compliance with statutory and regulatory obligations, including requirements under Indian IT laws and other applicable data protection regulations. These policies specify minimum retention periods for certain categories of data, such as financial transactions, tax-related documents, or communications that may be subject to audit, investigation, or dispute resolution. Users are informed that, while certain data may be retained to satisfy legal obligations, the Platform restricts its access, processing, and sharing to authorized purposes and ensures that the data remains protected. In addition, the Platform establishes procedures for responding to Users’ requests regarding data access, correction, or deletion in accordance with applicable laws, ensuring that data retention practices are transparent, accountable, and respectful of Users’ rights. By implementing these structured retention and storage measures, the Platform safeguards Users’ information, ensures operational continuity, complies with legal obligations, and fosters trust in the responsible management of personal and operational data. The commitment to disciplined, secure, and transparent data retention underscores the Platform’s overarching dedication to privacy, security, and regulatory compliance while delivering reliable and effective services to all Users.

Final Provisions and Contact Details

The Platform’s Privacy Policy represents the comprehensive framework governing the collection, processing, storage, protection, and use of personal and operational data by the Platform. This section outlines the final provisions concerning Users’ rights, the Platform’s responsibilities, and the mechanisms available for communication, inquiry, and grievance resolution. The Platform is committed to upholding the highest standards of data privacy, security, and regulatory compliance, ensuring that all Users are informed, empowered, and protected throughout their engagement with the Platform. The Privacy Policy constitutes a binding agreement between the Platform and the User regarding the treatment of personal information, and its provisions apply to all Users, irrespective of jurisdiction, account type, or service usage. By continuing to use the Platform, Users acknowledge their understanding of and agreement to the terms outlined herein.

Users are encouraged to review the Privacy Policy periodically, as the Platform may update or amend its provisions to reflect changes in legal requirements, operational practices, or technological advancements. Any modifications will be communicated to Users through notifications within the Platform, email, or other effective channels, ensuring that Users remain informed of new practices, purposes of data processing, or changes in data handling procedures. The Platform emphasizes that Users have the right to exercise control over their personal data, including accessing, correcting, or requesting the deletion of information, as well as managing consent for specific processing activities. Mechanisms to exercise these rights are clearly provided within the Platform, and the Platform undertakes to process such requests promptly and in accordance with applicable laws and regulations.

For questions, concerns, or grievances regarding the Privacy Policy, data handling practices, or Users’ personal information, the Platform has designated a Contact and Grievance Officer. Users may reach the officer through official email addresses, contact forms, or other communication channels specified within the Platform. The officer is responsible for acknowledging receipt of inquiries, providing guidance on privacy matters, investigating complaints, coordinating remedial actions, and ensuring compliance with applicable legal and regulatory obligations. This dedicated point of accountability ensures transparency, accessibility, and responsiveness in all matters concerning data protection. In addition, Users may escalate unresolved issues to regulatory authorities in accordance with applicable laws. Through these final provisions, the Platform reinforces its commitment to safeguarding Users’ privacy, maintaining operational integrity, fostering trust, and ensuring that all interactions are conducted securely, responsibly, and in full compliance with the highest standards of legal and ethical obligations. The Privacy Policy, together with these final provisions, ensures that Users are fully informed, empowered, and supported in protecting their personal information while engaging with the Platform’s services.