Privacy Policy

Last updated: 26 April 2026

Dukaan360 ("we", "us", "our") is a business management application developed and operated by Inferova (inferova.com). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

This document is an electronic record under the Information Technology Act, 2000 and the rules made thereunder. It does not require any physical or digital signature.

1. Information We Collect

1.1 Information You Provide

• Account information: Business name, owner name, phone number, and email address.
• Authentication: A 6-digit PIN stored as a bcrypt salted hash. We never store your PIN in plaintext.
• Business data: Products (name, price, stock, barcode), sales and invoices, expenses, customers (name, phone, balances), vendors, purchase orders, employee records, and returns.

1.2 Information Collected Automatically

• Device information: Operating system, device model, and app version — used solely for compatibility and bug fixes.
• Network status: Online/offline connectivity state — used for sync functionality.
• Error logs: Crash reports and error traces to diagnose and fix issues.

We do not collect device advertising identifiers, IMEI numbers, installed app lists, SMS content, call logs, or GPS location.

1.3 Information from Third-Party Services

• Google Contacts (optional): If you choose to sync contacts, we access the Google People API in read-only mode to fetch names and phone numbers. Only the contacts you explicitly select are saved to your Dukaan360 account. We do not store your Google access token beyond the active session.

1.4 Biometric Data

Biometric authentication (fingerprint, Face ID) is processed entirely on your device by the operating system. Dukaan360 never receives, transmits, or stores biometric data.

2. How We Use Your Information

• To provide the core Dukaan360 service — inventory, sales, expenses, customer, and employee management.
• To authenticate your identity via PIN or biometric unlock.
• To send OTP verification emails when you register or reset your PIN.
• To send WhatsApp daily summaries and payment reminders (only if you enable notifications).
• To sync your data across devices when you are online.
• To improve app performance and fix bugs using aggregated, anonymised error data.
• To comply with applicable legal obligations.

3. Legal Basis for Processing

We process your personal data on the following grounds under the Digital Personal Data Protection Act, 2023 (Section 4):

• Consent: You give explicit consent when you create an account and when you use optional features such as Google Contacts sync or WhatsApp notifications.
• Contract performance: Processing necessary to provide the service you signed up for.
• Legitimate interests: Security, fraud prevention, and service improvement.
• Legal obligation: Compliance with Indian tax, accounting, and IT laws.

4. Google API Services — Limited Use Disclosure

Dukaan360's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We access Google Contacts (contacts.readonly scope) solely to let you import customer contacts without manual entry.
• Contact data is displayed during the import flow; only contacts you explicitly select are saved.
• We do not store your Google authentication token beyond the active browser session.
• We do not transfer Google user data to third parties, advertising services, or data brokers.
• We do not use Google user data for advertising, credit assessment, surveillance, or any purpose other than the contact import feature described above.

5. Information Sharing and Disclosure

5.1 Service Providers

We use the following third-party services to operate Dukaan360:

5.2 We Do NOT Share Data With

• Advertisers or ad networks
• Data brokers or resellers
• Credit assessment or lending agencies
• Any third party for marketing purposes

5.3 Legal Disclosures

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of our users or the public.

6. Data Storage and Security

• Location: All data is stored on Azure-hosted PostgreSQL databases in India.
• Encryption in transit: All communication uses HTTPS with TLS 1.2 or higher.
• Encryption at rest: Azure-managed encryption (AES-256) for database storage.
• Authentication: PINs are hashed with bcrypt (salted). JWT session tokens expire after 8 hours.
• Access control: Multi-tenant architecture ensures each shop's data is isolated.

We implement reasonable security practices and procedures as required under Section 43A of the IT Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 and the SPDI Rules, 2011, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your account and personal data (subject to legal retention requirements).
• Data portability: Export your data in CSV or PDF format via the app's export features.
• Withdraw consent: Disable optional features (Google Contacts sync, WhatsApp notifications) at any time via app settings. You may also withdraw consent for all processing by deleting your account.
• Nominate: Under Section 14 of the DPDP Act, you may nominate another person to exercise your rights in case of death or incapacity.
• Grievance redressal: File complaints with our Grievance Officer (see Section 12) or the Data Protection Board of India.

To exercise any right, email support@inferova.com. We will respond within 30 days.

9. Cookies and Local Storage

The Dukaan360 web app uses:

• Essential cookies only: Session management and authentication.
• LocalStorage: Offline data caching for the Progressive Web App.
• Service Worker: Background sync and offline functionality.

We do not use third-party advertising or tracking cookies.

10. Children's Privacy

Dukaan360 is a business management tool intended for adults (18 years and above). We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that a child has provided personal data, we will delete it promptly. This is in compliance with Section 9 of the DPDP Act, 2023.

11. Changes to This Policy

• Material changes: We will notify you at least 30 days in advance via email and/or in-app notification.
• Minor changes: Updated on this page with a new "Last updated" date.

Continued use of Dukaan360 after the notice period constitutes acceptance of the updated policy.

12. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act, 2023, the Grievance Officer for Dukaan360 is:

• Name: Varsha
• Email: support@inferova.com

Grievances will be acknowledged within 24 hours and resolved within 15 days of receipt, in accordance with applicable regulations.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of India, including:

• Information Technology Act, 2000 and rules thereunder
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
• Digital Personal Data Protection Act, 2023

14. Contact Us

For questions, data requests, or concerns about this policy:

• Email: support@inferova.com
• Website: inferova.com

© 2026 Inferova · Dukaan360