Privacy Policy

1. Introduction

Welcome to Vyapar360 ("we", "our", or "us"). We operate https://vyapar360.com and provide a business management platform designed for small and medium businesses in India, including GST billing, CRM, WhatsApp messaging, inventory management, staff management, and marketing tools.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read it carefully. By using Vyapar360, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Mobile phone number (used for OTP login), business name, owner name.
• Business Profile: Business address, city, state, GSTIN, UPI ID, logo, email address.
• CRM Data: Customer names, phone numbers, and contact details you add to your account.
• Billing Data: Invoice details, product/service names, pricing, and payment records.
• Staff Data: Staff names, phone numbers, attendance, salary, and leave records.
• WhatsApp Integration: Your WhatsApp Business Phone Number ID, WABA ID, and access token to connect your WhatsApp Business account.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, timestamps, and interactions within the platform.
• Device Information: Browser type, device type, and operating system.
• Log Data: IP address, access times, and error logs.
• Cookies: Session tokens (HTTP-only, secure cookies) used for authentication.

2.3 Information from Third Parties

• Meta (Facebook/WhatsApp): When you connect your WhatsApp Business account using Facebook Login or manual setup, we receive your WhatsApp Business Account ID and phone number information from Meta's Graph API.
• WhatsApp Messages: Inbound and outbound WhatsApp messages processed through the Meta Cloud API are stored to provide the inbox and conversation features.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Vyapar360 platform and its features.
• Authenticate your identity via OTP and manage your session securely.
• Send WhatsApp messages on your behalf to your customers using the Meta Cloud API.
• Generate GST invoices, manage inventory, and track business data for your business.
• Process payments and manage billing subscriptions via Razorpay.
• Provide AI-generated marketing copy and customer insights.
• Send transactional OTP messages via SMS (MSG91) for login verification.
• Monitor platform performance, debug errors, and improve our service.
• Enforce our Terms of Service and plan limits.
• Comply with applicable laws and regulations in India.

We do not sell your data to third parties. We do not use your customers' contact data for any purpose other than providing the services you request.

4. WhatsApp and Meta Platform Data

Vyapar360 integrates with the Meta WhatsApp Business Cloud API to enable WhatsApp messaging features. By connecting your WhatsApp Business account to Vyapar360:

• You authorize Vyapar360 to send WhatsApp messages to contacts on your behalf.
• Incoming WhatsApp messages from your customers are received via Meta webhooks and stored in our database to display in the inbox.
• Your WhatsApp access token is encrypted and stored securely. It is never shared with any third party.
• We use Meta Graph API only to verify credentials and send/receive messages. We do not access your personal Facebook profile or any data beyond what is necessary for WhatsApp Business functionality.
• You can revoke access at any time by disconnecting WhatsApp from Settings → WhatsApp, which deletes your stored credentials from our system.

Data received from Meta APIs is governed by both this Privacy Policy and Meta's Privacy Policy. We comply with Meta's Platform Terms and Developer Policies.

5. Data Storage and Security

• All data is stored in secure, encrypted databases hosted in India or within trusted cloud infrastructure.
• Authentication tokens are HTTP-only, secure cookies with short expiry windows.
• Sensitive credentials (WhatsApp tokens, API keys) are stored encrypted at rest.
• All API communication occurs over HTTPS/TLS.
• Access to production databases is restricted to authorized personnel only.
• We perform regular security audits and apply security patches promptly.

While we implement industry-standard security measures, no system is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

6. Data Sharing and Disclosure

We share your data only in the following circumstances:

• Service Providers: We use third-party services to operate the platform:
  • Meta (WhatsApp Cloud API): To send/receive WhatsApp messages.
  • MSG91: To send OTP SMS messages for login verification.
  • Razorpay: To process subscription payments. We never store card details.
  • Supabase/PostgreSQL: For database storage.
  • Redis: For caching and session management.
• Legal Requirements: If required by law, court order, or government authority in India.
• Business Transfers: In the event of a merger or acquisition, your data may be transferred with notice provided to you.
• With Your Consent: For any other purpose with your explicit consent.

7. Data Retention

• Account data is retained for the duration of your subscription and for 90 days after account closure.
• Invoice and billing records are retained for 7 years to comply with Indian tax laws (GST compliance).
• WhatsApp message history is retained for 12 months, after which it is automatically deleted.
• OTP records are deleted within 10 minutes of generation.
• You may request deletion of your account and data at any time by contacting us at privacy@vyapar360.com.

8. Your Rights

As a user of Vyapar360, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate information via Settings → Business Info or by contacting us.
• Deletion: Request deletion of your account and associated personal data.
• Portability: Request an export of your business data (invoices, contacts) in a machine-readable format.
• Objection: Object to processing of your data for specific purposes.
• Withdraw Consent: Disconnect third-party integrations (like WhatsApp) at any time.

To exercise any of these rights, contact us at privacy@vyapar360.com. We will respond within 30 days.

9. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: HTTP-only session cookies for authentication (accessToken, refreshToken). These are required for the platform to function and cannot be disabled.
• Analytics: We may use anonymized analytics to understand platform usage. No personally identifiable information is included.

We do not use advertising cookies or track you across other websites.

10. Children's Privacy

Vyapar360 is a business platform intended for use by adults (18+) operating businesses. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the platform or by email. Continued use of the platform after changes take effect constitutes your acceptance of the updated policy. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: