Privacy Policy

Effective Date: January 1, 2026

This Privacy Policy describes how Neha Agrawal ("we," "us," "our," or the "Operator") collects, uses, stores, shares, and protects your personal information when you use the Grahbook platform, website (grahbook.in), mobile application, and related services (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: When you register for a Grahbook account, we collect your full name, email address, phone number, store name, business type, and password.
• Payment Information: When you process transactions through the Service, we collect payment details including UPI ID, transaction amounts (in INR), and payment confirmation data. We do not store credit/debit card numbers on our servers.
• Business Information: Store details, product catalogs, pricing (in INR), inventory data, and GST information that you upload to the Service.
• Customer Data: Information about your customers that you input into the Service, including names, phone numbers, order history, and transaction records.
• Communications: Messages you send through the Service, including WhatsApp messages processed through our platform, support inquiries, and feedback.
• KYC Information: If you opt for verified seller status, we may collect PAN card details, Aadhaar information, and business registration documents as required by law.

1.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, and mobile network information.
• Log Data: IP address, browser type, access times, pages viewed, and referring URLs.
• Usage Data: Features used, actions taken, time spent on the Service, and interaction patterns.
• Location Data: Approximate location based on IP address and, with your consent, precise GPS location for delivery and business purposes.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance your experience and collect usage data.

1.3 Information from Third Parties

• WhatsApp Business API: Message metadata, delivery status, and interaction data from the WhatsApp platform.
• Payment Processors: Transaction confirmation and settlement data from PayU and other payment partners.
• Analytics Providers: Aggregated usage statistics and performance data.

2. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide, operate, and maintain the Grahbook platform, including processing orders, generating GST-compliant invoices (in INR), and facilitating UPI payments.
• Account Management: To create and manage your account, verify your identity, and provide customer support.
• Transaction Processing: To process payments, generate invoices, manage refunds, and handle financial records in INR.
• Communication: To send you service-related notifications, security alerts, support messages, and (with your consent) marketing communications.
• AI and Personalization: To power our AI features, including catalog recommendations, customer interaction automation, and business insights.
• Analytics and Improvement: To analyze usage patterns, improve the Service, develop new features, and optimize performance.
• Security and Fraud Prevention: To detect, prevent, and address fraud, unauthorized access, and other harmful activities.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including GST requirements, IT Act compliance, and RBI guidelines.
• Business Transfers: In connection with any merger, acquisition, or sale of assets (though we will notify you before your information becomes subject to a different privacy policy).

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Payment Processors: We share transaction data with PayU and other payment processors to facilitate UPI payments and settlements.
• Service Providers: We share data with trusted third-party vendors who provide hosting, analytics, customer support, and other operational services, under strict contractual obligations.
• WhatsApp/Meta: Message content and metadata are processed through the WhatsApp Business API, subject to Meta's privacy policies.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority, including compliance with IT Act, 2000 requirements.
• Business Partners: With your explicit consent, we may share data with integration partners (e.g., Tally, CRM systems).
• Aggregated Data: We may share anonymized, aggregated data that cannot be used to identify you (e.g., industry trends, regional statistics).

4. Data Security

We implement industry-standard security measures to protect your personal information:

• All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
• Access to personal data is restricted to authorized personnel on a need-to-know basis.
• We conduct regular security audits and penetration testing.
• Payment data is processed through PCI DSS-compliant payment processors (PayU).
• We maintain encrypted backups and disaster recovery procedures.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained for the duration of your account plus 3 years after account closure, as required by Indian tax and business laws.
• Transaction Data: Retained for 7 years from the date of transaction, as required by GST and income tax regulations.
• Message Data: WhatsApp messages processed through the Service are retained for 90 days for dispute resolution, then deleted.
• Log Data: Server logs are retained for 90 days for security purposes.
• Marketing Data: Retained until you withdraw consent for marketing communications.

6. Your Rights

Under applicable Indian data protection laws, you have the following rights:

• Right to Access: You can request a copy of all personal data we hold about you.
• Right to Correction: You can request that we correct inaccurate or incomplete data.
• Right to Deletion: You can request deletion of your personal data, subject to legal retention requirements.
• Right to Portability: You can request your data in a structured, machine-readable format.
• Right to Withdraw Consent: You can withdraw consent for data processing at any time.
• Right to Object: You can object to certain types of data processing, including direct marketing.

To exercise these rights, please contact our Grievance Officer at agrawalmanas150@gmail.com.

7. Cookies Policy

We use the following types of cookies:

• Essential Cookies: Required for the Service to function properly (e.g., authentication, session management).
• Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics).
• Preference Cookies: Remember your settings and preferences (e.g., theme selection, language).
• Marketing Cookies: Used for targeted advertising (only with your consent).

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Children's Privacy

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

9. International Data Transfers

Your data is primarily stored on servers located in India. If we transfer data outside India, we ensure adequate protection through contractual safeguards and compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email. The "Effective Date" at the top of this page indicates when the policy was last revised.

11. Grievance Officer

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

Neha Agrawal
Grievance Officer, Grahbook
Address: Pandey Bazar, Dumeriyaganj Road, Jaggi Colony, Purani Basti, Basti, Uttar Pradesh - 272002 (Landmark: Last left house building)
Phone: 805-2402-633
Email: agrawalmanas150@gmail.com

We will endeavor to resolve your grievance within 30 days from the date of receipt.