Privacy Policy
Last updated: December 19, 2024
Your privacy and data security are our top priorities.
Our Privacy Commitment
At SuperApp, we believe that privacy is a fundamental right. We are committed to being transparent about how we collect, use, and protect your information while providing you with the tools and controls you need to manage your privacy across all business verticals.
1. Information We Collect
We collect information to provide, improve, and protect our multi-vertical marketplace services. The information we collect falls into several categories:
Business Account Information
- Business name, address, and contact details
- Owner/manager information and credentials
- Business registration and licensing data
- Tax identification numbers
- Banking and payment information
- Product/service catalogs and pricing
- Operating hours and service areas
- Staff accounts and permissions
- Business vertical preferences and settings
Customer Data (On Your Behalf)
- Customer names and contact information
- Delivery addresses and preferences
- Order history across all business verticals
- Loyalty program participation and points
- Customer reviews and feedback
- Communication preferences
- Device and browser information
- App usage and interaction data
- Cross-vertical shopping patterns
Technical and Usage Information
Platform Usage:
- Dashboard interactions and feature usage
- Order processing and management activities
- Report generation and data exports
- Integration configurations and API usage
- Multi-vertical module utilization
Technical Data:
- IP addresses and geolocation data
- Device identifiers and browser information
- Performance metrics and error logs
- Security event logs and access patterns
- API usage statistics and patterns
Important Note About Customer Data
When you use SuperApp, you remain the data controller for your customer information across all business verticals. We process this data on your behalf as a data processor. You are responsible for obtaining proper consent from your customers and complying with applicable privacy laws.
2. How We Use Your Information
We use the information we collect for specific, legitimate business purposes that benefit you and improve our multi-vertical marketplace services:
Service Delivery & Operations
- Process and manage orders across all business verticals
- Provide customer support and technical assistance
- Generate analytics and business insights
- Facilitate payment processing and billing
- Coordinate multi-vertical customer experiences
- Maintain and improve platform performance
- Customize your dashboard and user experience
- Send important service notifications
- Manage integrations with third-party services
- Enable cross-vertical customer loyalty programs
Security & Compliance
- Detect and prevent fraud and security threats
- Monitor for unauthorized access or misuse
- Comply with legal and regulatory requirements
- Conduct security audits and investigations
- Protect against cross-vertical fraud patterns
- Verify identity and business legitimacy
- Maintain audit trails and compliance records
- Respond to legal requests and court orders
- Protect intellectual property rights
- Ensure platform integrity across all modules
Product Development & Improvement
- Analyze usage patterns to improve features
- Develop new products and business modules
- Conduct research and testing
- Optimize platform performance and reliability
- Enhance multi-vertical integration capabilities
- Create aggregated, anonymized insights
- Benchmark industry trends and metrics
- Test new features and improvements
- Enhance user interface and experience
- Develop cross-vertical business intelligence
3. Information Sharing & Disclosure
We do not sell your personal information. We only share information in specific circumstances and with appropriate safeguards:
Authorized Service Providers
We work with trusted third-party service providers who help us deliver our services. These providers are contractually bound to protect your information and use it only for specified purposes:
- Payment processors (Stripe, Finix, etc.)
- Cloud infrastructure providers (AWS, Google Cloud)
- Customer support platforms
- Analytics and monitoring services
- Multi-vertical integration partners
- Email and communication services
- Security and fraud prevention tools
- Backup and disaster recovery services
- Legal and compliance consultants
- Business intelligence and reporting tools
Legal Requirements & Protection
We may disclose information when required by law or to protect our rights and the safety of our users:
- In response to valid legal requests (subpoenas, court orders)
- To comply with applicable laws and regulations
- To protect against fraud, security threats, or illegal activities
- To enforce our Terms of Service and protect our rights
- In connection with business transfers or acquisitions
- To protect the integrity of our multi-vertical platform
With Your Consent
We may share information in other circumstances with your explicit consent:
- Integration with third-party services you choose
- Participation in marketing or promotional activities
- Business partnerships you specifically authorize
- Research studies you opt into
- Cross-vertical data sharing for enhanced services
4. Data Security & Protection
We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction across all business verticals:
Technical Safeguards
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- Multi-factor authentication (MFA)
- Regular security audits and penetration testing
- Intrusion detection and prevention systems
- Automated security monitoring and alerts
- Secure coding practices and code reviews
- Regular security updates and patches
- Cross-vertical security monitoring
Operational Security
- Role-based access controls and permissions
- Employee background checks and training
- Secure development lifecycle (SDLC)
- Incident response and breach notification procedures
- Regular backup and disaster recovery testing
- Physical security at data centers
- Vendor security assessments
- Compliance monitoring and reporting
- Multi-vertical data segregation controls
Compliance Framework
- PCI DSS — Payment security via our PCI-compliant payment processors
- GDPR — EU Privacy
- CCPA — California Privacy
5. Your Privacy Rights
You have important rights regarding your personal information. We provide tools and processes to help you exercise these rights across all business verticals:
Access & Portability Rights
- Right to Access: Request copies of your personal data
- Data Portability: Export your data in machine-readable formats
- Transparency: Understand how your data is processed
- Processing Records: Access logs of data processing activities
- Cross-Vertical Data: View data across all business modules
Control & Correction Rights
- Right to Rectification: Correct inaccurate information
- Right to Erasure: Request deletion of your data
- Right to Restrict: Limit how we process your data
- Right to Object: Opt out of certain processing activities
- Module-Specific Controls: Manage data by business vertical
How to Exercise Your Rights
Self-Service Options:
- Account dashboard settings
- Data export tools
- Privacy preference center
- Communication preferences
- Module-specific controls
Contact Methods:
- Email: [email protected]
- Support ticket system
- Phone: +1 (331) 234-5453
- Written request by mail
- Live chat support
Response Timeline:
- Acknowledgment: 48 hours
- Simple requests: 5-10 days
- Complex requests: 30 days
- Extensions communicated
- Priority for urgent matters
Important Considerations
Some rights may be limited by legal requirements or legitimate business interests. For example, we may need to retain certain information for tax, legal, or security purposes. We'll explain any limitations when responding to your requests.
6. Data Retention
We retain your information only as long as necessary for the purposes outlined in this policy:
- Active Accounts: Data retained while your account is active and for legitimate business purposes across all verticals
- Closed Accounts: Most data deleted within 90 days, some retained for legal/tax requirements
- Legal Requirements: Financial records retained for 7 years, security logs for 2 years
7. International Data Transfers
As a global service supporting 100+ countries, we may transfer your information internationally. We ensure appropriate safeguards are in place:
Transfer Mechanisms:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by data protection authorities
- Binding Corporate Rules (BCRs)
- Explicit consent where required
- Multi-vertical data protection frameworks
Data Locations:
- Primary servers: United States (AWS)
- Backup facilities: European Union
- Support operations: India
- Regional processing as needed
- Compliance with local data residency requirements
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:
- Provide at least 30 days' notice of material changes
- Email notifications to account holders
- Post updates prominently on our website
- Maintain an archive of previous versions
- Highlight changes affecting specific business verticals
8. Contact Our Privacy Team
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:
Privacy Officer
Email: [email protected]
Phone: +1 (331) 234-5453
Response time: 48 hours
Mailing Address
Devkart Technologies LLP
Attn: Privacy Officer
106, Min Nagar
Gobichettipalayam, Tamil Nadu 638452
India
EU Representative: For GDPR-related inquiries from EU residents, you may also contact our EU representative at [email protected]