Scope
This Policy covers the Service and the account, billing, and support activities around it. It does not cover Vektrascale's consulting engagements or the marketing website, which are addressed in their own policies. By using the Service, you and your users acknowledge this Policy.
Our Roles - Controller and Processor
Our role depends on the data in question:
- Account and business data. For the data we collect to create and run your account - your business details, your users, billing, and usage - we act as the data controller (data fiduciary).
- Your customers' data. For the personal data of your customers that you collect through the Service (for example, a mobile number or email captured at checkout, or on an invoice), you are the data controller and we act only as your processor. We process that data on your behalf, under your instructions, solely to provide and support the Service. You are responsible for the notices, consents, or other legal basis required to collect it.
Data We Collect
Account and business information
Business name, contact details, addresses, tax identifiers you enter (such as GSTIN), outlet and branding information, and the details of the users you create.
User and device information
User names, business emails, roles, login and authentication data, and information about the devices paired to your account (such as device labels, app version, and last-seen time), used to secure and operate the Service.
Operational data you enter
Any information, content, records, files, documents, configurations, transactions, communications, reports, or other data that you create, upload, import, transmit, or otherwise process through the Service. Where the Service permits you to collect or process personal information relating to your customers, users, employees, or other third parties, you determine what information is collected and are responsible for complying with all applicable privacy and data protection laws.
Usage and technical data
Log data, IP address, browser or device type, and usage events, collected automatically to keep the Service secure, reliable, and improving. Payment card details, where a payment provider is used, are handled by that provider - we do not store full card numbers.
How We Use Data
- to provide, secure, maintain, and support the Service;
- to authenticate users and devices and prevent fraud and abuse;
- to process subscriptions, billing, and account communications;
- to provide reporting and features you use within the Service; and
- to improve the Service, using aggregated or de-identified information where possible.
We do not sell personal data, and we do not use your customers' data for our own purposes - we process it only to provide the Service to you.
Sharing and Sub-Processors
We share data only as needed to run the Service, with trusted providers acting under our instructions - for example, cloud hosting and database infrastructure, transactional email or messaging delivery, and payment facilitation. These providers are engaged as sub-processors and are permitted to use the data only to provide their service to us. We may also disclose information where required by law or valid legal process, or to protect rights, safety, and security. A current list of sub-processor categories is available on request.
International Transfers
The Service and its providers may process data in India or other countries. Where data is transferred across borders, we take reasonable steps so that it remains protected consistent with this Policy and applicable law.
Retention
We retain account and operational data for as long as your subscription is active and as needed to provide the Service. Certain records, such as audit logs, are retained for a configurable period. After termination, we make your data available for export for a reasonable period and then delete or anonymise it, unless a longer period is required by law. You control the retention of some data, such as audit-log retention, within the Service.
Security
We apply reasonable technical and organisational measures to protect data, including access controls, role-based permissions, encryption in transit, tenant isolation so one business's data is not accessible to another, and audit logging of sensitive actions. No system is perfectly secure, but we work to protect the Service and to respond promptly to incidents.
Your Rights and Your Customers' Rights
Subject to applicable law, including India's Digital Personal Data Protection Act, 2023, individuals have rights over their personal data, such as access, correction, and erasure, and the withdrawal of consent.
- For data where we are the controller (account, billing), you or your users may contact us to exercise these rights.
- For your customers' data, you are the controller: your customers should contact you, and we will assist you, as your processor, to respond - for example, by helping you locate, correct, or delete a record within the Service.
Cookies and Similar Technologies
The web application uses cookies and similar technologies that are necessary to sign you in, keep your session secure, and remember essential preferences. We keep these to what is needed to operate the Service reliably.
Changes to This Policy
We may update this Policy from time to time. Each version carries a version number and effective date shown above. Where a change is material, we will bring it to your attention - for example, by asking you to review and accept the updated terms the next time you sign in. The latest version is always published on this page.
Privacy Questions and Requests
To ask a question about this Policy, or to make a data-protection request, please contact us using the details below.