We collect information that you provide directly to us and information generated through your use of the platform.

Account & Profile Data

• Name, business name, and contact details (email, phone, WhatsApp number)
• Business address, GST number, and registration information
• Login credentials (passwords are stored as irreversible hashes)
• Profile photographs or company logos you upload

Business Transaction Data

• Orders placed, quotations generated, and pricing records
• Product catalog entries and inventory records
• Wallet and credit balance information
• Payment histories and commission records

Automatically Collected Data

• IP address, browser type, and operating system
• Login timestamps and session activity logs
• Device identifiers used for 2FA and security purposes
• Audit logs of actions performed within the platform

We use the information we collect to:

• Operate the platform — manage distributor-dealer relationships, process orders, and generate price lists
• Authentication & Security — verify your identity, support two-factor authentication (2FA), and detect fraudulent activity
• Communications — send transactional messages such as price list broadcasts, order confirmations, and account alerts via email, WhatsApp, SMS, or Telegram (based on your settings)
• Analytics & Reporting — generate internal dashboards and performance reports visible only to authorized users within your company
• Compliance — maintain audit trails as required for regulatory and business compliance purposes
• Customer Support — respond to your enquiries and resolve platform issues

We do not sell, rent, or trade your personal information to any third parties.

We may share your data in the following limited circumstances:

• Within your business network: Dealers can view product and pricing data shared by their distributor. Distributors can view dealer profiles they have added to their network.
• Messaging service providers: When you enable WhatsApp, Telegram, or SMS broadcasts, message content is transmitted through those respective third-party APIs (Meta, Telegram, SMS gateway) solely to deliver the message.
• Email providers: Your configured SMTP server is used to deliver email notifications.
• Legal obligations: We may disclose data if required by applicable law, court order, or governmental authority.
• Business continuity: In the event of a merger or acquisition, data may transfer to a successor entity under equivalent privacy protections.

We implement industry-standard security measures to protect your data:

• Password hashing using bcrypt with cost factor 12 — your actual password is never stored
• Two-Factor Authentication (2FA) via email OTP, available for all user roles
• Session encryption and CSRF protection on all form submissions
• Login rate limiting — accounts are temporarily locked after repeated failed login attempts
• Audit logging — all significant actions (logins, price changes, data exports) are recorded with timestamps and IP addresses
• HTTPS enforcement in production environments

While we take strong precautions, no method of transmission over the Internet is 100% secure. We encourage users to use strong passwords and enable 2FA.

We use cookies and session storage for the following purposes:

• Session cookies — to keep you logged in during your browser session (expires when you close the browser or after the configured session timeout)
• Remember me cookies — if you choose "Remember me" at login, a secure token is stored for up to 30 days
• Theme preferences — your chosen UI theme is stored in localStorage on your device only

We do not use advertising cookies or third-party tracking cookies. No analytics tools like Google Analytics are embedded by default.

Depending on applicable law, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — update or correct inaccurate information via your profile settings
• Deletion — request deletion of your account and associated personal data (subject to regulatory retention requirements)
• Portability — request an export of your business data in a portable format
• Objection — object to certain processing activities where permitted by law

To exercise any of these rights, please contact your platform administrator or reach out to us using the contact details below.

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Active accounts — data is retained for the duration of the business relationship
• Inactive accounts — accounts inactive for more than 24 months may be flagged for review
• Audit logs — login and action logs are retained for a minimum of 12 months for security purposes
• Order & financial records — retained for a minimum of 7 years to comply with standard accounting and tax regulations

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make changes:

• The "Last Updated" date at the top of this page will be revised
• For significant changes, we will notify platform administrators via in-app notification or email
• Continued use of the platform after changes are posted constitutes acceptance of the updated policy