Privacy Policy

1. Information We Collect

1. From Merchants
We collect your registration name, business name, physical corporate address, official email handles, operational phone contacts, bank account configurations for subscription billing, and verified business identifier codes such as PAN/GSTIN.

2. From End Customers (On Behalf of the Merchant)
To execute order processing, our software infrastructure temporarily collects and processes the end customer’s checkout data, including full name, delivery address, contact number, and ordered items list.

2. How We Use and Share Data

To operate our "business-in-a-box" automation infrastructure, MyStartup Online acts as a secure data processor that transmits required operational parameters to designated service partners.

By using this platform, you explicitly authorize the following data flows:

1. Fulfillment Data
Order details and delivery information are shared automatically with integrated supply partners such as CJ Dropshipping, AliDropship, or IndiaMART to execute fulfillment and product shipment operations.

2. Financial Processing
Selected checkout values are securely transmitted to payment systems such as Razorpay, PayPal, PhonePe, and Stripe to process financial transactions.

Note: MyStartup Online does not collect or store raw credit card numbers or banking passwords within local databases.

3. Logistics Automation
Buyer addresses and shipment parameters are routed through logistics APIs such as Shiprocket to evaluate serviceability, assign courier partners, and generate shipping labels.

4. Invoicing Flows
Completed order totals may be transmitted through secure webhook integrations to accounting systems such as Vyapar for automated tax invoice generation.

3. Data Security Safeguards

1. Encryption Standard
All operational data transmitted between merchant dashboards, backend infrastructure, and third-party partner systems is protected using Transport Layer Security (TLS/HTTPS).

2. Isolation Protocols
Our multi-tenant database architecture follows strict logical separation policies. Merchant data remains isolated, and one merchant cannot access, alter, or view another merchant’s information.

4. Data Rights and Retention

1. Data Control
In compliance with the DPDP Act, merchants may request an exported copy of their profile data or invoke the “Right to Erasure” to permanently close their store and delete associated records.

2. Retention Boundaries
Transaction records are retained only for the duration required to complete accounting audits, resolve disputes, and satisfy statutory tax obligations under Indian law.