Privacy Policy
How collects, uses, and protects your information
Quick Navigation
Introduction & Scope
Welcome to , operated by VistarKriya Marketings Private Limited. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform, including our website, mobile applications, and related services.
Who This Policy Covers
This policy applies to three distinct user groups:
- Tenants: Businesses that subscribe to our platform to create their digital office
- B2B Customers: Your business clients who use your customer portal
- Visitors: Anyone browsing our public website
By accessing or using , you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use our services.
Information We Collect
For Tenants (Business Subscribers)
Registration & Account Information
- Business name, owner name, and contact details
- Email address and phone number
- Business registration documents (GST, PAN, etc.)
- Domain name preferences (subdomain or custom domain)
- Bank account details for payment processing
- UPI IDs and payment gateway credentials
Platform Usage Data
- Pages created, services listed, and content uploaded
- Chapter subscriptions and feature usage
- Customer enquiries and service requests
- Payment transactions and wallet balance
- Analytics data (page views, visitor counts)
- Login history and IP addresses
Chapter-Specific Data
- Click Credit: Loan applications, income details, employment history, credit scores
- MSME Digital: Business documents, scheme applications, government filings
- Associate: Service requests, professional documents, client agreements
- Sales CRM: Lead data, customer information, sales pipeline
- PNM: PAN applications, utility bill payments, transaction history
For B2B Customers (Your Clients)
Important: Data Controller Relationship
When your B2B customers use the customer portal, you (the tenant) are the data controller and acts as the data processor. You are responsible for obtaining proper consent from your customers and complying with applicable data protection laws.
B2B Customer Portal Data
- Name, email, phone number, and business details
- Service requests and application forms
- Uploaded documents (KYC, business proofs, etc.)
- Digital signatures on agreements
- Wallet transactions and payment history
- Communication logs and support tickets
For Website Visitors
Browsing Information
- IP address, browser type, and device information
- Pages visited and time spent on site
- Referral sources and search queries
- Cookies and similar tracking technologies
- Geographic location (country/city level)
Automatically Collected Information
We automatically collect certain information when you access our platform:
Server Logs
IP addresses, request timestamps, response codes, bandwidth usage
Device Data
Device type, operating system, browser version, screen resolution
Analytics
Page views, session duration, bounce rates, conversion metrics
Error Logs
Technical errors, crash reports, performance issues
How We Use Your Information
We use the collected information for the following purposes:
Service Delivery
- Provide and maintain platform functionality
- Process subscriptions and manage accounts
- Enable chapter features and modules
- Generate custom domains and SSL certificates
Backend Team Operations
- Assign Business Managers and Relationship Managers
- Process loan applications through backend teams
- Handle MSME scheme filings by specialists
- Coordinate professional service delivery
Payment Processing
- Process subscription payments and renewals
- Manage wallet topups and withdrawals
- Handle invoicing and billing
- Detect and prevent fraud
Communication
- Send transactional emails and notifications
- Provide customer support via Telegram/Email
- Share platform updates and announcements
- Conduct webinars and training sessions
Security & Compliance
- Monitor for suspicious activity and fraud
- Enforce terms of service and policies
- Comply with legal obligations
- Maintain audit logs and backups
Analytics & Improvement
- Analyze platform usage patterns
- Improve features and user experience
- Develop new chapters and services
- Conduct market research
Legal Basis for Processing (GDPR)
We process your data based on:
- Contract: To provide the services you've subscribed to
- Consent: For marketing communications (you can opt-out anytime)
- Legitimate Interest: For fraud prevention, security, and analytics
- Legal Obligation: To comply with applicable laws and regulations
When We Share Your Information
does not sell, rent, or trade your personal information. We only share data in the following limited circumstances:
Backend Processing Teams
Your data is accessed by our internal backend teams (Business Managers, Relationship Managers, Loan Processors, MSME Specialists) ONLY to deliver the services you've subscribed to. All team members are bound by strict confidentiality agreements.
Service Providers & Partners
We work with trusted third-party service providers who help us operate the platform:
- Payment Gateways: Razorpay, PayU, PhonePe (for processing payments)
- CDN & Hosting: BunnyCDN, cPanel (for file storage and delivery)
- Email Services: SMTP providers (for sending transactional emails)
- SMS Providers: For OTP and notification delivery
- Loan Partners: Bank Sathi, Inspay (only when you apply for specific products)
- Analytics: Internal tracking tools (no Google Analytics)
Tenant-Customer Data Sharing
When B2B customers use your customer portal, their data is shared with:
- You (The Tenant): You have full access to your customers' data as the data controller
- Your Assigned RM/BM: To provide support and resolve issues
- Chapter Backend Teams: Only if processing specific service requests
Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website of any such change.
What We Never Do
- ❌ Sell Your Data: We never sell personal information to third parties
- ❌ Share Without Consent: We don't share data for marketing purposes without your explicit consent
- ❌ Cross-Tenant Access: Tenants cannot access other tenants' data (strict isolation)
- ❌ Public Disclosure: Your sensitive business data is never made publicly available
How We Protect Your Data
We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:
SSL/TLS Encryption
All data transmitted between your browser and our servers is encrypted using 256-bit SSL certificates
Database Encryption
Sensitive data (passwords, payment info) is encrypted at rest using AES-256 encryption
Multi-Tenant Isolation
Strict database-level isolation ensures tenants can only access their own data (tenant_id filtering)
Access Controls
Role-based permissions, IP whitelisting, MPIN authentication, and 2FA for super admin access
Password Security
Passwords are hashed using bcrypt with strong salts (never stored in plain text)
Regular Backups
Daily automated backups with 30-day retention, stored in geographically separate locations
Security Monitoring
24/7 intrusion detection, activity logging, and automated threat response systems
CDN Protection
BunnyCDN for DDoS protection, geo-blocking, and secure file delivery with signed URLs
Your Responsibility
While we implement strong security measures, you are responsible for:
- Keeping your login credentials confidential
- Using strong, unique passwords
- Enabling two-factor authentication where available
- Not sharing your account with unauthorized persons
- Reporting any security incidents immediately to hello@vistarkriya.com
Data Breach Notification: In the unlikely event of a data breach that compromises your personal information, we will notify you within 72 hours via email and provide details about the incident, affected data, and remedial actions.
Your Privacy Rights
Under applicable data protection laws (including GDPR, DPDP Act 2023), you have the following rights:
Right to Access
Request a copy of all personal data we hold about you. You can export your data from the admin dashboard or contact us at hello@vistarkriya.com.
Right to Rectification
Correct any inaccurate or incomplete personal data. Most data can be updated directly through your account settings.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data, subject to legal retention requirements. Note: Some data may need to be retained for financial/tax compliance.
Right to Restrict Processing
Request that we limit how we use your data while disputes are resolved or pending deletion requests.
Right to Data Portability
Receive your data in a structured, machine-readable format (JSON/CSV) for transfer to another service.
Right to Object
Object to processing of your data for direct marketing purposes (opt-out of promotional emails).
Right to Withdraw Consent
Withdraw previously given consent for data processing at any time (e.g., unsubscribe from marketing emails).
Right to Lodge a Complaint
File a complaint with your local data protection authority if you believe your rights have been violated.
How to Exercise Your Rights
We will respond to your request within 30 days of receipt. Some requests may require identity verification to protect your privacy.
Cookies & Tracking Technologies
uses cookies and similar technologies to enhance your experience and analyze platform usage. Here's what you need to know:
Do Not Track (DNT)
We honor Do Not Track browser signals. When DNT is enabled, we do not collect analytics data or use tracking cookies.
Data Retention & Additional Information
Data Retention Periods
International Data Transfers
Your data is primarily stored on servers located in India. If we transfer data internationally, we ensure appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions).
Children's Privacy
is not intended for children under 18. We do not knowingly collect personal information from minors. If we discover such data has been collected, we will delete it immediately.
Policy Updates
We may update this Privacy Policy periodically. Significant changes will be communicated via email and/or a prominent notice on the platform. Continued use after changes constitutes acceptance of the updated policy.
Third-Party Links
Our platform may contain links to third-party websites (payment gateways, partner sites). We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any information.
Questions? Contact Our Data Protection Team
Company Name
VistarKriya Marketings Private Limited
Registered Office
Delhi, India
We aim to respond to all privacy-related inquiries within 48 hours. For urgent matters, please call us directly.
By using , you acknowledge that:
- You have read and understood this Privacy Policy
- You consent to the collection, use, and sharing of your information as described
- You understand your rights and how to exercise them
- You agree to our Terms of Service and other applicable policies