1. Scope and Applicability

This policy applies to:

• Users of our website [www.digitathya.com]
• Users of our mobile and web applications (Android/iOS/Web-based)
• Business clients using our dashboards, APIs, and SDKs
• End-consumers using QR scanning features for product authentication, loyalty, warranty, or rewards
• Any visitor or user interacting with our Services

2. Information We Collect

We collect different types of information depending on how you interact with our Services.

A. Personal Information (B2C App Users)

• Name, mobile number, email address
• Age, gender (if voluntarily provided)
• Location data (GPS or IP-based, for scan validation)
• Device information: model, OS version, unique device ID
• Scan history, QR interactions, product authentication logs
• E-warranty registration details
• Participation in rewards, cashback, and loyalty programs
• Payment metadata (e.g., UPI transaction ID — no bank credentials or PINs are stored)

B. Business and Transactional Information (B2B Clients)

• Organization name, industry, location
• Name and contact information of authorized personnel
• GSTIN, PAN, or KYC documentation (as applicable)
• Product, SKU, batch, and serialization data linked to secure QR codes
• Dashboard usage logs, scan analytics, and reporting preferences
• API and webhook interactions

C. Automatic Data Collection

• IP address and session logs
• App performance data (crash reports, latency, device heat maps)
• Cookies and SDKs to track user behaviour on website and app
• App installation source and referrer details
• Event-based telemetry and real-time analytics

3. How We Use This Information

We process the collected information for the following purposes:

• To verify and authenticate products using our QR-based system
• To detect and prevent counterfeit, duplication, and tampering
• To register warranties and issue digital certificates
• To enable rewards, cashback, and loyalty programs
• To process and log scan history for analytics and feedback
• To improve app performance and user experience
• To provide real-time dashboards, alerts, and reports to business clients
• To ensure compliance with UPI regulations and enable seamless, secure payment processing
• To send alerts, updates, or transactional communications (e.g., warranty expiry, reward earned)
• To respond to customer support queries or technical issues
• To enhance fraud prevention through AI-powered scoring and behavioral analysis

We retain your data only for as long as it is required for the purposes above or as mandated under Indian law.

4. Sharing and Disclosure of Information

DigiTathya does not sell your personal or business data to third parties.

We may share your information under the following circumstances:

• With trusted service providers, including cloud hosting partners, analytics providers, and SMS/email gateways
• With UPI Payment Service Providers (PSPs), banks, and payment aggregators for cashback or invoice-related workflows
• With customer support teams for resolving issues or claims
• With regulatory or law enforcement authorities, when legally required
• With affiliated entities or subsidiaries for internal reporting or platform consistency

All third parties handling your data are bound by strict confidentiality and data processing agreements and must comply with Indian data protection laws.

5. Data Security Measures

We take security seriously and implement robust safeguards to protect your information:

• End-to-end encryption and secure hashing (SHA-256 or higher)
• Secure QR code infrastructure and serialization integrity checks
• Firewalled cloud architecture with restricted access
• Role-based access control (RBAC) on dashboards and APIs
• Rate limiting and token-based API authentication
• Real-time anomaly detection, alerts, and geo-fencing
• Device fingerprinting and behavioral pattern analysis
• Manual and automated penetration testing of our apps and systems

In the event of a data breach, we will take immediate corrective actions and notify affected users in accordance with regulatory requirements.

6. User Rights Under Indian Law

As a data principal under the Digital Personal Data Protection Act, 2023, you are entitled to:

• Right to Access: Know what data we collect and how we use it
• Right to Correction: Request corrections or updates to your data
• Right to Withdraw Consent: Opt out of features that rely on consent (e.g., marketing)
• Right to Grievance Redressal: Contact us if you have privacy-related concerns
• Right to Nominate: Appoint a representative to manage your data rights

To exercise these rights, email us at privacy@digitathya.com with the subject line "Data Rights Request."

7. Cookies, SDKs & Third-Party Technologies

Our website and app may use:

• Cookies to remember preferences and session states
• Web SDKs to measure engagement and usage (e.g., Google Firebase, MoEngage)
• Push notification tokens to send app-specific updates
• Third-party integrations for maps, UPI, or cloud storage

You can disable cookies from your browser or opt out of app tracking from your device settings.

8. Children’s Data

Our services are intended for users 18 years and above. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

9. Cross-Border Data Transfers

Your data is primarily stored on secure servers located in India. If, in specific cases, data is processed outside India (e.g., cloud redundancy), we ensure it is protected through appropriate contracts and data transfer safeguards compliant with Indian law.

10. Updates to This Privacy Policy

We may revise this Privacy Policy periodically to reflect changes in law or platform features. The updated version will be posted with a revised "Last Updated" date. Continued use of our services implies your agreement to the updated policy.

11. Contact & Grievance Redressal

For questions, concerns, or complaints related to this policy, please contact:

Grievance Officer
DigiTathya Technologies Pvt Ltd
Email: info@digitathya.com
Address: DIGITATHYA TECHNOLOGIES PRIVATE LIMITED
10th floor, Satra Plaza, 1005, Palm Beach Rd, nr. Royal Oak, Juhu Nagar, Phase 2, Sector 19, Vashi, Navi Mumbai - 400703
Response Time: Within 7 working days