Privacy Policy
🔒 Our Commitment to Your Privacy
- TechKosha is built for small business owners. We collect only what is necessary to provide our services.
- We never sell your data or your customers' data to advertisers or third parties.
- Your customer records belong to you — we are just the platform that stores them securely.
- You can export or delete your data at any time.
1. Introduction and Scope
TechKosha ("we", "us", "our", "Company") is committed to protecting the privacy of everyone who uses our services. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use:
- The TechKosha website at techkosha.com (the "Website")
- The TechKosha web application at platform.techkosha.com (the "App" or "Platform")
- Any related features, tools, or services provided by TechKosha
This Privacy Policy applies to two distinct categories of people:
Who This Policy Covers
- Business Users — Gym owners, salon owners, coaching center owners, and other small business owners who register and use TechKosha to manage their business.
- End Customers — The individual customers of Business Users whose personal information (such as name and phone number) is entered into TechKosha by the Business User.
This Policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).
By using our Services, you consent to the data practices described in this Privacy Policy.
2. What Personal Data We Collect
A. Data You Provide Directly (Business Users)
| Data Category | What We Collect | Why We Collect It |
|---|---|---|
| Account Data | Name, business name, business type, WhatsApp mobile number | To create and manage your Account and deliver the Services |
| Business Profile | Type of business (gym/salon/coaching), city, business description | To personalise your experience and improve the platform |
| Customer Records | Your customers' names, phone numbers, join dates, payment status, notes you enter | To power the Customer Khata feature you use to manage your customers |
| Uploaded Files | Excel files or contact lists you upload to import customers | To migrate your existing customer data into the platform |
| Promotional Content | Messages, offers, and announcements you type into the Promotions feature | To send WhatsApp messages to your customers on your behalf |
| Referral Settings | Reward type, reward amount, referral programme configuration | To power the Referral System feature |
| Support Queries | Messages you send to our support team | To respond to your questions and improve our services |
B. Data Collected Automatically (Website and App)
| Data Category | What We Collect | Why We Collect It |
|---|---|---|
| Usage Data | Pages visited, features used, actions taken, time spent, click patterns | To understand how users interact with the platform and improve it |
| Device Data | Device type, operating system, browser type and version, screen resolution | To ensure the platform works correctly on your device |
| Log Data | IP address, access timestamps, error logs, referral URLs | For security monitoring, debugging, and fraud prevention |
| Location Data | Approximate location derived from IP address (city/state level only) | To comply with legal requirements and detect suspicious activity |
| Cookies | Session tokens, preference cookies, analytics identifiers | To keep you logged in and measure platform performance |
C. Data About End Customers (Entered by Business Users)
When a Business User enters their customers' information into TechKosha, we process that data on behalf of the Business User. As the platform provider, we act as a Data Processor under the DPDP Act, 2023. The Business User acts as the Data Fiduciary. This means:
- The Business User is responsible for obtaining their customers' consent to collect and store their personal data.
- TechKosha processes End Customer data only to provide the features requested by the Business User (Customer Khata, Promotions, Referrals).
- We do not contact End Customers directly, sell their data, or use it for any other purpose.
- End Customers who wish to access or delete their data should contact the Business User whose platform they appear on.
3. Legal Basis for Processing Personal Data
Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we process your personal data on the following grounds:
- Consent — When you register an Account, you consent to our collection and use of your data as described in this Policy. For certain data types, we obtain explicit consent at the point of collection.
- Contractual Necessity — Processing is necessary to provide the Services you have requested, including storing customer records, sending promotions, and operating the referral system.
- Legal Obligation — Processing may be required to comply with applicable Indian law, court orders, or government directives.
- Legitimate Interests — We process certain data (such as security logs and usage analytics) to detect fraud, maintain platform security, and improve our Services, where this does not override your fundamental rights.
4. How We Use Your Personal Data
To Provide and Improve the Services
- Create and maintain your Account
- Operate the Customer Khata, Promotions, and Referral features
- Process and store customer records you enter
- Deliver WhatsApp messages to your customers via the Promotions feature
- Track and manage referrals on your behalf
- Provide customer support
- Send platform updates, new feature announcements, and service notifications
For Platform Security and Compliance
- Monitor for suspicious activity, fraud, or abuse
- Investigate and resolve security incidents
- Comply with legal obligations, court orders, and requests from competent authorities
- Enforce our Terms and Conditions
For Analytics and Product Improvement
- Understand how features are used to improve them
- Measure platform performance and reliability
- Conduct internal research to develop new features
What We Will NEVER Do With Your Data
- We will NEVER sell your personal data or your customers' personal data to any third party.
- We will NEVER allow advertisers to target you based on your personal data or your customers' data.
- We will NEVER use your customer records for any purpose other than providing the features you have requested.
- We will NEVER share your business data with your competitors.
- We will NEVER send marketing messages to your customers on our own behalf.
5. How We Share Personal Data
TechKosha does not sell personal data. We share personal data only in the following limited circumstances:
Service Providers (Data Processors)
We work with trusted third-party service providers who help us operate the platform. These providers are contractually bound to use your data only for the specific services they perform for us and must maintain adequate security standards. Current categories of service providers include:
- Cloud Hosting: Secure servers where the platform and your data are stored (within India or with adequate cross-border protections under DPDP Act)
- WhatsApp Business API Provider: To route messages sent via the Promotions feature (processes phone numbers of message recipients only)
- Payment Processors: To process Paid Plan subscription fees (no customer data is shared)
- Analytics Providers: To measure platform usage (data is anonymised before sharing)
- Customer Support Tools: To manage support queries (limited to query content)
Legal Disclosure
We may disclose personal data if required to do so by:
- A court order or judicial process
- A competent government authority or law enforcement agency
- Applicable Indian law, including the IT Act, 2000 or DPDP Act, 2023
- To protect TechKosha's rights, property, or safety or that of our users or the public
Business Transfers
In the event of a merger, acquisition, or sale of all or a substantial portion of TechKosha's assets, your personal data may be transferred to the acquiring entity. We will notify you via the Platform or your registered WhatsApp number before your data is transferred and before it becomes subject to a materially different privacy policy.
6. Data Retention
We retain your personal data only for as long as is necessary to provide the Services and fulfil the purposes described in this Policy.
| Data Type | Retention Period | Notes |
|---|---|---|
| Account Data | Duration of Account + 30 days after deletion | Deleted from active systems within 30 days of Account closure |
| Customer Records | Duration of Account + 30 days after deletion | Business User can export data before closure; delete individual records at any time |
| Promotional Messages | Message content: 90 days after sending | Recipient numbers retained as long as they remain in Customer Khata |
| Referral Records | Duration of Account + 30 days after deletion | Required for Business User's reward tracking |
| Usage Logs | 12 months | Anonymised after 90 days; used for security and analytics |
| Support Conversations | 3 years from last interaction | Required for dispute resolution and service quality |
| Payment Records | 7 years | As required under Indian accounting and tax laws |
When data is deleted, it is removed from our active database and queued for permanent erasure from backup systems within 90 days.
7. Cookies and Tracking Technologies
The TechKosha Website and App use cookies and similar technologies. We use:
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential Cookies | Maintain your login session, keep you authenticated | No — these are required for the platform to work |
| Preference Cookies | Remember your language, display settings, and platform preferences | Yes — clearing browser cookies will reset preferences |
| Analytics Cookies | Measure feature usage, page visits, and platform performance (anonymised) | Yes — you can opt out via your browser's cookie settings |
| Security Cookies | Detect and prevent fraudulent login attempts and suspicious activity | No — these are required for account security |
TechKosha does not use cookies to track you across other websites or to show you targeted advertisements on other platforms.
8. Data Security
TechKosha implements technical and organisational measures to protect your personal data and your Customer Data against unauthorised access, loss, alteration, disclosure, or destruction. These measures include:
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
- Encryption at rest: Customer Data stored on our servers is encrypted at rest.
- Access controls: Only authorised TechKosha personnel with a legitimate business need can access user data, and only in anonymised or aggregate form unless responding to a support request.
- Regular security audits: Our infrastructure is subject to periodic security assessments.
- Two-factor authentication: Available for Business User accounts to add a second layer of protection.
- Secure data centres: Data is hosted on certified, reputable cloud infrastructure within India or with adequate cross-border protections.
While we take all reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. In the unlikely event of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant authorities as required by the DPDP Act, 2023, within 72 hours of becoming aware of the breach.
In Case of a Data Breach
- We will notify you via your registered WhatsApp number and email within 72 hours of becoming aware.
- We will notify the Data Protection Board of India as required under the DPDP Act, 2023.
- We will provide clear information about what data was affected and what steps you should take.
- We will take immediate steps to contain, investigate, and remediate the breach.
9. Your Privacy Rights
Under the Digital Personal Data Protection Act, 2023 and other applicable Indian laws, you have the following rights regarding your personal data:
| Your Right | What It Means |
|---|---|
| Right to Access | You have the right to request a copy of the personal data we hold about you. We will provide this within 30 days of a verified request. |
| Right to Correction | You have the right to request correction of inaccurate or incomplete personal data we hold about you. |
| Right to Erasure | You have the right to request deletion of your personal data. Upon Account closure, your data is deleted from active systems within 30 days. Some data may be retained where required by law. |
| Right to Data Portability | You have the right to receive your Customer Data in a structured, machine-readable format (CSV / Excel export). This can be done at any time from within the platform. |
| Right to Withdraw Consent | Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. |
| Right to Grievance Redressal | You have the right to raise a grievance with our Grievance Officer (see Section 13). If not resolved, you may escalate to the Data Protection Board of India. |
To exercise any of these rights, contact us at privacy@techkosha.com. We will verify your identity before processing your request. We will respond within 30 days, or sooner where required by law.
10. Children's Privacy
TechKosha is designed for use by business owners who are adults (18 years or older). We do not knowingly collect personal data from persons under the age of 18.
If you believe that a child under 18 has provided personal data to TechKosha without appropriate parental or guardian consent, please contact us immediately at privacy@techkosha.com. We will take prompt steps to delete that information.
If a Business User's end-customer is a minor, the Business User is responsible for ensuring appropriate consents are in place before entering that customer's data into the Platform.
11. Cross-Border Data Transfers
TechKosha primarily stores and processes data on servers located in India. Where we use third-party service providers who may process data outside India (for example, analytics or support tools), we ensure that:
- Such transfers comply with the cross-border data transfer provisions of the DPDP Act, 2023.
- The recipient country or organisation provides adequate data protection safeguards.
- Contractual protections are in place to ensure your data is treated consistently with this Policy.
We do not transfer Customer Data (your customers' records) outside India without your knowledge and consent.
12. Third-Party Links and Services
The TechKosha Website and App may contain links to third-party websites or integrate with third-party services (for example, WhatsApp). These third-party services have their own privacy policies, which we encourage you to read.
TechKosha is not responsible for the privacy practices of third parties. Clicking a third-party link or using a third-party integration is subject to that third party's terms and privacy policy, not ours.
13. Grievance Officer and Contact
In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, TechKosha has appointed a Grievance Officer to address privacy and data-related complaints from users and End Customers:
Grievance Officer — TechKosha
- Email: support@techkosha.com
- Address: Flora Complex, Udaipur, Rajasthan, India
- Response Time: Within 30 days of receipt of complaint (faster for urgent issues)
If you are not satisfied with our response, you may escalate your grievance to the Data Protection Board of India once it is established under the DPDP Act, 2023.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other legitimate business reasons. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document.
- Display a prominent notice on the Platform before the changes take effect.
- Notify you via your registered WhatsApp number or email if the changes materially affect how we process your personal data.
We encourage you to review this Policy periodically. Your continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the changes. If you do not agree to the revised Policy, you must stop using the Services.
The current version of this Privacy Policy is always available at: techkosha.com/privacy-policy