Privacy Policy

2. Information We Collect

Account Information: When you register for PeakCart, we collect your full name, email address, mobile phone number, business name, GSTIN (if applicable), business category, and billing address. This information is necessary to create and manage your account.

Store Data: We collect and process all data related to your e-commerce store operations, including but not limited to: product catalog data (titles, descriptions, images, prices, variants, SKUs, inventory levels), customer data (names, emails, phone numbers, addresses, order history), order data (items, quantities, payment status, shipping status, fulfillment details), and store configuration (theme settings, navigation, pages, collections).

Payment Information: We do NOT directly collect or store credit card numbers, debit card numbers, UPI IDs, or bank account details. All payment processing is handled exclusively by Razorpay, our PCI-DSS Level 1 compliant payment gateway partner. We only receive transaction confirmations, payment IDs, and settlement information from Razorpay.

Shipping Data: When you use our integrated Shiprocket shipping service, we process shipping addresses, package dimensions, weight, courier preferences, tracking numbers, and delivery status updates.

Communication Data: When you use our built-in WhatsApp Business API integration, we process message templates, campaign data, delivery reports, and customer conversation logs. WhatsApp message content is processed through Meta's WhatsApp Business API infrastructure.

Usage & Analytics Data: We automatically collect information about how you interact with our platform, including: pages visited, features used, time spent on pages, click patterns, search queries within the dashboard, browser type and version, operating system, device type, IP address, and referring URLs.

AI & Machine Learning Data: Our AI-powered insight engine processes aggregated store data to generate business intelligence briefings, churn risk predictions, fraud scores, product recommendations, and growth suggestions. This processing occurs on our secure servers in India.

Cookies & Local Storage: We use essential cookies for session management, authentication tokens, and user preferences. We use localStorage for theme settings and dashboard customization. We do NOT use third-party tracking cookies, advertising cookies, or cross-site tracking technologies.

3. How We Use Your Information

Service Delivery: To provide, operate, and maintain the PeakCart platform; to create and manage your account; to process and fulfill your store's orders; to provide customer support; and to send transactional communications (order confirmations, shipping updates, account alerts).

Platform Improvement: To analyze usage patterns and improve our Services; to develop new features and functionalities; to fix bugs and improve performance; to conduct A/B testing for user experience optimization; and to generate anonymized, aggregated analytics.

AI-Powered Features: To generate daily AI business briefings; to calculate fraud risk scores using our 6-factor risk engine; to predict churn risk and customer lifetime value; to provide product performance recommendations; and to deliver growth insights and actionable suggestions.

Security & Fraud Prevention: To detect, prevent, and address fraud, security vulnerabilities, and technical issues; to verify account ownership and identity; to monitor for suspicious activities; and to protect the rights, property, and safety of PeakCart and its users.

Communications: To send essential service updates and security alerts; to notify you about platform changes, new features, and maintenance windows; to respond to your support requests; and to send marketing communications (only with your explicit opt-in consent, which you can withdraw at any time).

Legal Compliance: To comply with applicable laws, regulations, and legal processes; to respond to lawful requests from government authorities; to enforce our Terms of Service; and to protect against legal liability.

4. Data Storage & Security

Infrastructure: All data is stored on secure servers located in India. We use PostgreSQL databases with encryption at rest (AES-256) and in transit (TLS 1.3). Our infrastructure is containerized using Docker with automated backups every 6 hours.

Access Controls: We implement role-based access control (RBAC) for all internal systems. Employee access to production data requires multi-factor authentication, VPN connectivity, and explicit authorization. Access logs are maintained and audited regularly.

Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3. Database connections use SSL. Sensitive configuration data is encrypted using industry-standard encryption algorithms. API keys and secrets are stored in encrypted vaults.

Redis Caching: We use Redis for session management and performance caching. Cached data is stored in-memory with configurable TTL (time-to-live) values and is automatically purged upon session termination.

Backup & Recovery: Automated database backups are performed every 6 hours and retained for 30 days. Point-in-time recovery is available for the last 7 days. Backup data is encrypted and stored in geographically separate locations within India.

Incident Response: We maintain a documented incident response plan. In the event of a data breach, affected users will be notified within 72 hours as required by DPDPA. Our security team investigates and remediates all security incidents.

5. Third-Party Services & Data Sharing

Razorpay (Payment Processing): We share customer name, email, phone number, order amount, and billing address with Razorpay to process payments. Razorpay is PCI-DSS Level 1 compliant. Razorpay's privacy policy: https://razorpay.com/privacy/

Shiprocket (Shipping & Logistics): We share customer name, shipping address, phone number, package details, and order value with Shiprocket to create shipments and track deliveries. Shiprocket's privacy policy: https://www.shiprocket.in/privacy-policy/

WhatsApp Business API (Messaging): We share customer phone numbers and message content with Meta's WhatsApp Business API to deliver transactional and marketing messages. Meta's privacy policy: https://www.whatsapp.com/legal/privacy-policy

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes. We do NOT share your data with advertisers. We do NOT use your store data to compete with you or to benefit other merchants on our platform.

We may share anonymized, aggregated data that cannot identify individual users or stores for research, analytics, and platform improvement purposes.

We may disclose your information if required by law, court order, subpoena, or government regulation, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

6. Your Rights Under DPDPA

Right to Access: You have the right to obtain confirmation of whether we process your personal data and to access a summary of such data. You can export all your store data (products, customers, orders) at any time from your dashboard.

Right to Correction: You have the right to correct inaccurate or incomplete personal data. You can update your account information and store data directly through the PeakCart dashboard at any time.

Right to Erasure: You have the right to request deletion of your personal data. Upon receiving a valid erasure request, we will delete your data within 30 days, except where retention is required by law (such as tax records and transaction logs, which we retain for 8 years as required by Indian tax law).

Right to Grievance Redressal: You have the right to lodge a complaint with our Grievance Officer or with the Data Protection Board of India.

Right to Nominate: You have the right to nominate another individual who can exercise your data rights on your behalf in the event of your death or incapacity.

Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

7. Data Retention

Active Accounts: We retain your data for as long as your account is active and as needed to provide you with our Services.

Cancelled Accounts: Upon account cancellation, we retain your data for 30 days to allow for account reactivation. After 30 days, your store data (products, customers, orders, settings) is permanently deleted from our production systems.

Legal Requirements: Transaction records, invoices, and tax-related data are retained for 8 years as required by the Indian Income Tax Act and GST regulations. Security logs and access logs are retained for 1 year.

Backup Retention: Your data may persist in encrypted backup systems for up to 90 days after deletion from production systems, after which it is automatically purged.

8. Children's Privacy

PeakCart is a business-to-business platform designed for adult merchants and business owners. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information.

9. International Data Transfers

PeakCart primarily stores and processes data within India. However, some of our third-party service providers (such as Meta for WhatsApp Business API) may process data in jurisdictions outside India. In such cases, we ensure appropriate safeguards are in place, including contractual protections and compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you via email to the address associated with your account and/or through a prominent notice on our platform at least 30 days before the changes take effect.

Your continued use of our Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA, the name and contact details of our Grievance Officer are:

Name: Amit Rai | Email: support@reachpeak.in | Phone: +91 62906 78045 | Response Time: Within 24 hours of receiving the grievance.

If you are not satisfied with the resolution provided by our Grievance Officer, you may file a complaint with the Data Protection Board of India.

12. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

PeakCart (ReachPeak Technologies Pvt. Ltd.) | Email: support@reachpeak.in | WhatsApp: +91 62906 78045 | Website: https://reachpeak.in