Privacy Policy

1. Introduction

BizzPocket Technologies Private Limited ("BizzPocket", "we", "us", or "our") operates as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act). We respect your privacy and are committed to protecting the personal data of our users ("Merchants") and their customers ("Buyers"). This Privacy Policy explains how we collect, use, store, and share information when you use the BizzPocket SaaS platform, websites, and related services.

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

2. BizzPocket as Data Fiduciary

Under the DPDP Act, BizzPocket acts as a Data Fiduciary for personal data we collect and process directly from Merchants. For Buyer data processed through merchant storefronts, Merchants act as Data Fiduciaries, and BizzPocket acts as a Data Processor on their behalf.

As a Data Fiduciary, we determine the purpose and means of processing personal data and are responsible for ensuring compliance with applicable data protection laws.

3. Information We Collect

We collect information in the following ways:

• Information from Merchants: When you register for a BizzPocket account, we collect your name, email address, phone number (e.g., via MSG91 OTP), business details, GSTIN (if applicable), and payment information.
• Information from Buyers: When buyers interact with a BizzPocket-powered storefront, we process information on behalf of the Merchant, including the buyer's name, shipping address, email, phone number, and order details.
• Automatically Collected Information: We log device information, IP addresses, cookies, and browsing behavior to ensure security and improve our platform metrics.
• Payment Information: Payment card details are processed directly by our PCI-DSS compliant payment gateway partners (Razorpay, Paytm) and are not stored on our servers.

4. How We Use Your Information

We use the collected data to:

• Provide, operate, and maintain the BizzPocket SaaS platform.
• Process transactions securely through integrated gateways (e.g., Razorpay, Paytm).
• Facilitate shipping logistics through third-party partners (e.g., Shiprocket) on behalf of merchants.
• Send transactional emails, OTPs, and system notifications.
• Prevent fraud, ensure security, and enforce our Terms of Service.
• Improve our services through analytics and performance monitoring.
• Comply with legal obligations and respond to lawful requests from authorities.

5. Data Sharing with Third Parties

We do not sell your personal information. We only share data with trusted third parties necessary for the operation of the platform:

• Payment Processors: Razorpay, Paytm, and other integrated gateways. Card details are processed directly by PCI-DSS compliant partners and are not stored on our servers.
• Logistics Partners: Shiprocket or other shipping aggregators to fulfill orders on behalf of merchants.
• Communication Providers: MSG91 (for SMS), SMTP providers (for email receipts and notifications).
• Analytics and Monitoring: Service providers for platform performance monitoring and security.
• Legal Compliance: When required by Indian law and requested by authorized government authorities.

All third-party service providers are contractually obligated to protect your data and use it only for the specified purposes.

6. Merchant Responsibilities

Merchants using BizzPocket are considered the "Data Controllers" or "Data Fiduciaries" of their Buyers' data. BizzPocket acts strictly as a "Data Processor" for Buyer data. Merchants are independently responsible for:

• Maintaining their own privacy policies governing their respective storefronts
• Obtaining necessary consents from Buyers for data collection and processing
• Complying with the Digital Personal Data Protection Act (DPDP Act) and other applicable laws
• Responding to data subject requests from their Buyers
• Ensuring lawful use of Buyer data collected through their storefronts

7. Data Security & Retention

We implement industry-standard security measures to protect your personal information, including:

• Encryption: SSL/TLS encryption for data in transit
• Access Controls: Role-based access controls and authentication mechanisms
• Security Monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular Audits: Periodic security audits and assessments
• Data Backup: Regular backups to prevent data loss

Data Retention: We retain Merchant data for as long as their account is active or as needed to provide services. Buyer data is retained according to the respective Merchant's subscription lifecycle and legal requirements. Upon account deletion, personal data is securely erased within 90 days, except where retention is required by law.

8. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act (DPDP Act), you have the following rights regarding your personal data:

• Right to Access: You have the right to request access to your personal data that we hold and obtain information about how it is processed.
• Right to Correction: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to legal retention requirements.
• Right to Data Portability: You have the right to request transfer of your personal data to another service provider in a structured, commonly used format.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.
• Right to Grievance Redressal: You have the right to file a complaint with our Grievance Officer regarding data protection concerns.

How to Exercise Your Rights: Merchants can manage their data via the Seller Dashboard or by contacting our Grievance Officer. Buyers wishing to exercise these rights must contact the specific Merchant they transacted with, as Merchants are the Data Fiduciaries for Buyer data.

9. Consent Management

By creating an account and using our services, you provide your free, specific, informed, and unambiguous consent to the collection and processing of your personal data as described in this Privacy Policy.

You may withdraw your consent at any time by:

• Deleting your account through the Seller Dashboard
• Contacting our Grievance Officer at the details provided below
• Opting out of non-essential communications through the unsubscribe links in emails

Please note that withdrawal of consent may affect your ability to use certain features of the platform.

10. Data Breach Notification

In the event of a data breach that is likely to cause harm to Data Principals, we will:

• Notify the Data Protection Board of India as required by law
• Notify affected users within 72 hours of becoming aware of the breach
• Provide information about the nature of the breach, data affected, and remedial measures taken
• Take immediate steps to contain and remediate the breach

11. Cross-Border Data Transfer

Your personal data may be transferred to and processed in countries outside India for the following purposes:

• Cloud hosting services (e.g., AWS, Google Cloud) with data centers in India and other regions
• Third-party service providers for analytics, monitoring, and support

We ensure that all cross-border data transfers comply with applicable laws and that adequate safeguards are in place, including:

• Standard contractual clauses with service providers
• Ensuring service providers maintain adequate data protection standards
• Limiting data transfers to what is necessary for service provision

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notifications to registered Merchants
• Displaying prominent notices on the platform

Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us for Data Protection Queries

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your personal data is processed, please contact our Grievance Officer: