Grahak App - Privacy Policy

Grahak ("we", "our", "us") is committed to protecting the privacy of users of the Grahak mobile app ("App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data.

1. Information We Collect

We collect the following types of information:

1.1 Store Information

Store name, address, location, business type, images
Operating hours, services offered
Government ID (Business PAN, GST required for verification)

1.2 Owner Information

Full name, phone number, email address
Government ID (if required for verification)
Profile picture

1.3 Customer Information

Contact details (phone, email, whatsapp, telegram, Facebook, Instagram handle, etc.)
Message history and communication preferences

1.4 Usage Data

Device information, Device token, IP address, log files
Device model, information, operating system, and app usage analytics for performance and debugging.

1.5 Communication Data

Messages sent and received via WhatsApp, SMS, email, Instagram, Facebook, Telegram, and other platforms from your business handle registered with us
This will be done only after you explicitly consent to manage your business communication with your customers

2. How We Use the Information

We use the collected information to:

Help retailers engage with customers across multiple platforms (e.g. WhatsApp, SMS, email, Instagram, Facebook, Telegram)
Train AI/LLM models to personalize communication
Improve customer engagement via personalized message tone, content, and timing
Provide insights and analytics to retailers
Improve app features and usability, maintain and improve our services
Ensure compliance with legal obligations
Provide customer support.

3. Legal Basis for Processing

We process personal data under:

User consent
Performance of a contract
Legitimate interests to improve and provide services

4. Data Sharing

We do not sell your personal data.

We only share it:

With third-party services to send messages (e.g., WhatsApp Business API, Email providers, SMS gateways).
When required by law or government request.
With AI/LLM providers only using anonymized and aggregated data.

5. Data Storage and Retention

We store your data securely in certified cloud environments.
Sensitive data like customer contacts and chat logs are handled with utmost secrecy.
Retention duration: Customer data is retained only as long as your account is active. Upon deletion, all data is removed within 7 days, except as mentioned in the data deletion policy.

Inactive accounts and associated customer data will be purged after 90 days of inactivity.

6. Your Rights

You can access, modify, or delete your data at any time through the app.
You can request full deletion via the Data Deletion Policy (see below).
You can withdraw consent at any time

To do so, contact: support@mudrax.co

7. Data Security

We use encryption, access control, and secure storage practices to safeguard your information.

8. Children's Privacy

Our app is not intended for users under the age of 18. We do not knowingly collect personal data from children.

9. Contact Us

For questions or data requests:

📧 support@mudrax.co

Data Deletion Policy - Grahak App

Deletion by User
You can delete your data by clicking on the "Delete Account" button on your profile menu. You will be logged out and your account will be permanently deleted.

If you have logged out, or uninstalled the app, then you can request deletion of all your business and customer data via the app or by emailing support@mudrax.co, with subject "Grahak App account deletion", mentioning your phone number used to login to account. Your account will be marked for deletion, and data will be removed from our active systems within 7 days after successful validation of your account.
Upon Receiving a Valid Deletion Request:
- Account Deletion: Your business and owner data will be permanently deleted within 7 working days.
- Customer Contact Data: All associated customer contact and communication records will be deleted unless required by law.
- LLM Training Data: Any data used for model training will be anonymized and stripped of identifiers. If anonymization isn't possible, it will be deleted.
Minimal Retention Policy
After deletion:
- Transaction logs (for audit/legal compliance) may be retained for up to 90 days in encrypted form.
- If you have pending legal disputes, we may retain relevant data until resolved.
- Only non-identifiable metadata (e.g., message volume, channel usage) may be retained in aggregate for product improvement.
- Logs required by law (e.g., message delivery logs) will be retained for a maximum of 180 days and then deleted.
Third-Party Data Deletion
We will also trigger deletion requests to third-party platforms (e.g., cloud services, WhatsApp providers) where applicable.