storefrontDigiDukan Hub
Homechevron_rightPrivacy Policy
shield_lock

Privacy Policy

Last updated: June 10, 2026

verifiedDPDP Act, 2023 Compliant

At DigiDukan Hub, your data belongs to you. We collect only what is necessary to run your digital storefront, never sell it to advertisers, and give you full control over your information in line with India's Digital Personal Data Protection Act, 2023.

1. Overview

DigiDukan Hub ("we", "us", "our") is committed to protecting the privacy of merchants and their customers who use our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), India. By using our Service, you consent to the practices described in this Policy.

2. Data We Collect

We collect the following categories of data: • Identity Data: Business name, owner's name, 10-digit mobile number used for OTP authentication. • Business Data: Catalog items, prices, categories, images, operating hours, and store configurations you upload. • Transaction Data: Order details forwarded via WhatsApp, subscription payment records processed by Razorpay. • Technical Data: IP addresses, device type, browser identifiers, and usage analytics collected automatically when you access our platform. • Customer Data: End-customer names, contact numbers, and booking details submitted through your hosted storefront or embedded widget (processed on your behalf as a data processor). We do not collect aadhaar numbers, PAN details, or any government-issued identity documents.

3. How We Use Your Data

We use your data to: • Provide and operate the DigiDukan Hub platform and related features. • Process subscription payments and send billing reminders via WhatsApp. • Authenticate your account and maintain session security. • Send transactional notifications (booking confirmations, OTPs, renewal alerts) via WhatsApp. • Improve platform performance through aggregated, anonymised analytics. • Respond to support requests and resolve disputes. • Comply with applicable Indian laws and regulatory requirements. We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Data Sharing & Third Parties

We share data only with trusted service providers necessary to operate the platform: • Razorpay: Payment processing and subscription management. Governed by Razorpay's Privacy Policy. • WhatsApp Business API (Meta): Delivery of OTPs, order notifications, and renewal reminders. • AWS / Cloud Infrastructure: Encrypted hosting and database storage. • Vercel / CDN Providers: Edge delivery of your hosted storefront. All third-party providers are bound by data processing agreements. We do not disclose your data to government authorities except when legally compelled, and we will notify you of such requests where legally permissible.

5. Data Security

We implement technical and organisational safeguards to protect your data: • Multi-tenant isolation via PostgreSQL row-level security and tenant_id partitioning. • All data in transit is encrypted using TLS 1.3. • Data at rest is encrypted using AES-256. • Access to production databases is restricted to authorised personnel via VPN with MFA. • Regular security audits and penetration testing. No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination: • You may request a full data export within 30 days. • Business catalog data is permanently deleted after 60 days of account closure. • Financial transaction records are retained for 7 years as required by Indian tax law. • Anonymised, aggregated analytics may be retained indefinitely. Backup copies of data may persist in encrypted archives for up to 90 days before final deletion.

7. Your Rights Under DPDP Act, 2023

As a data principal under India's DPDP Act, 2023, you have the right to: • Access: Request a summary of personal data we hold about you. • Correction: Request correction of inaccurate or incomplete data. • Erasure: Request deletion of your personal data (subject to legal retention obligations). • Grievance Redressal: File a complaint with our Data Protection Officer. • Nominee: Designate a nominee to exercise your rights in the event of death or incapacity. To exercise any of these rights, contact our Data Protection Officer at privacy@digidukan.hub. We will respond within 30 days.

8. Cookies & Tracking

We use the following types of cookies on the platform dashboard: • Essential Cookies: Required for authentication sessions and security (cannot be disabled). • Analytics Cookies: Anonymised usage data to improve the platform (can be opted out via dashboard settings). Our public storefronts (merchant-facing pages for end-customers) use minimal cookies limited to cart session persistence only. We do not place third-party advertising cookies on any page.

9. WhatsApp Data Usage

Our platform uses the WhatsApp Business API to send OTPs, order confirmations, and subscription renewal reminders. By registering your mobile number, you consent to receive these transactional messages from DigiDukan Hub. We do not use WhatsApp to send promotional marketing messages without explicit opt-in. Message frequency varies based on your business activity. Standard carrier rates may apply for data usage.

10. Children's Privacy

The DigiDukan Hub platform is intended for use by businesses and individuals aged 18 years or older. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal information, please contact us immediately at privacy@digidukan.hub and we will delete such data promptly.

11. Cross-Border Data Transfers

Your data is primarily stored and processed within India. Where data is transferred outside India (e.g., to cloud infrastructure providers), we ensure such transfers comply with the DPDP Act, 2023 and applicable data localisation requirements. We use standard contractual clauses and data processing agreements to ensure equivalent protection.

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and applicable data protection laws. You may contact our DPO at: Email: privacy@digidukan.hub Response time: Within 30 days for access/correction/erasure requests; within 72 hours for security incidents. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India once established under the DPDP Act, 2023.

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. Material changes will be communicated via WhatsApp notification at least 14 days before they take effect. The "Last Updated" date at the top of this page indicates the most recent revision. Your continued use of the Service after the effective date signifies acceptance of the revised Policy.

mail

Privacy concerns? We're here to help.

Contact our Data Protection Officer at privacy@digidukan.hub

Read Terms of Servicearrow_forward