Privacy Policy

1 Information We Collect

We collect information you provide directly and data generated through your use of our platforms:

Personal Information

• Full name, mobile number, and email address
• Business name, type, and description
• GST number, PAN, and other business registration details
• Billing address and contact information

Business & Platform Data

• Store/business profile information, products, pricing, and inventory
• Customer and order information uploaded by users to our SaaS platforms
• Payment gateway configuration details (API keys stored encrypted)
• WhatsApp Business Account integration details

Technical Data

• Device type, operating system, browser, and app version
• IP address and approximate location (city/state level)
• Pages visited, features used, and session duration (via analytics)
• Crash reports and error logs for debugging

Media & Files

• Uploaded images, logos, product photos, and documents
• Profile photos and business cover images

2 How We Use Your Information

We use collected information strictly for the following purposes:

• Creating and managing your business profile, store, or account
• Enabling payment gateway integrations and processing transactions
• Connecting buyers and sellers on VyaparSamiti
• Providing SaaS platform functionality (ecommerce, CRM, order management)
• Sending service notifications, OTP verification, and order alerts
• Improving platform performance, features, and security
• Preventing fraud, spam, and unauthorised access
• Providing customer support and resolving disputes
• Complying with legal obligations and regulatory requirements

We do not sell your personal data to third parties. We do not use your data for unrelated marketing without your explicit consent.

3 Payment Information

Meshit Solutions does not store your full payment card details on our servers. Payments are processed through trusted third-party payment gateways (such as Razorpay). These providers are PCI-DSS compliant and handle all card data directly.

We store only the transaction reference ID, payment status, and amount for record-keeping and reconciliation purposes.

If you provide payment gateway credentials (e.g., Razorpay API keys) to set up payment collection on Meshify or WhatsBiz, those credentials are encrypted at rest and are never shared with any third party.

4 Third-Party Services We Use

Our platforms integrate with the following third-party services that may process your data:

• Google Analytics — website usage analytics (anonymised). See Cookie Policy.
• Razorpay — payment processing for subscription plans and seller storefronts
• AWS S3 / Cloudflare R2 — secure file and media storage
• WhatsApp Business API — for WhatsBiz messaging features
• Firebase / APNs — push notifications for mobile applications

Each of these providers has their own privacy policy. We encourage you to review them. We ensure all integrations are governed by data processing agreements where applicable.

5 Data Sharing

We share your data only in the following limited circumstances:

• With your explicit consent — for example, displaying your business profile publicly on VyaparSamiti
• Service providers — third parties who process data on our behalf (payment, storage, analytics) under strict data processing agreements
• Legal compliance — when required by Indian law, court order, or regulatory authority
• Business transfer — in the event of a merger or acquisition, your data would be transferred with prior notice to you

We never sell, rent, or trade your personal information to advertisers or data brokers.

6 Data Storage & Security

All data is stored on secure servers within India or on cloud infrastructure with data residency in India (AWS Mumbai / Cloudflare). We implement the following security measures:

• HTTPS/TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest (API keys, credentials)
• Role-based access control — employees access only the data necessary for their role
• Regular security audits and vulnerability assessments
• Automated backups with point-in-time recovery

Despite our best efforts, no internet-based system is 100% secure. Please notify us immediately if you suspect unauthorised access to your account.

7 Your Rights (DPDP Act 2023)

Under India's Digital Personal Data Protection Act 2023, you have the following rights regarding your personal data:

• Right of Access — Request a summary of personal data we hold about you
• Right to Correction — Request correction of inaccurate or outdated data
• Right to Erasure — Request deletion of your data (see Data Deletion)
• Right to Grievance Redressal — Raise a complaint with us or with the Data Protection Board of India
• Right to Nominate — Nominate another person to exercise your rights in case of death or incapacity

To exercise any of these rights, contact us at meshitsolutions@gmail.com. We will respond within 30 days.

8 Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Specific retention periods:

• Account data — retained while your account is active; deleted within 30 days of a verified deletion request
• Transaction records — retained for 7 years as required by the GST Act and Income Tax Act
• Analytics data — anonymised after 26 months (Google Analytics default)
• Support tickets — retained for 2 years after resolution

9 Children's Privacy

Our platforms are designed for business use and are not directed at children under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.

10 Changes to This Policy

We may update this Privacy Policy periodically. When we make significant changes, we will notify you via email or a prominent notice on our platforms at least 7 days before the change takes effect. The updated policy will always show the "Last updated" date at the top of this page.