Privacy Policy

Welcome to TTPL POS (hereinafter referred to as the "POS Platform"), an enterprise software solution owned and operated by Tantrash Technologies Pvt. Ltd. (TTPL) ("Company", "We", "Our", or "Us").

We are fully committed to protecting the privacy, confidentiality, and security of the digital data handled through our system. This Privacy Policy outlines how we collect, store, process, and protect information when Indian business clients ("Merchants," "You") deploy the TTPL POS software, mobile applications, cloud dashboards, and any associated hardware peripherals.

This policy is structured in strict compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India.

1. Legal Capacity: Data Fiduciary vs. Data Processor

Under the Indian DPDPA framework, data handling roles within the TTPL POS ecosystem are split into two categories:

• TTPL as a Data Fiduciary: We act as a Data Fiduciary for the administrative, business profile, and billing data provided directly by the Merchant to set up and maintain the corporate relationship with TTPL.
• TTPL as a Data Processor: When your retail outlets use TTPL POS to log sales, generate digital tax invoices, or register retail end customers, TTPL processes that end-customer data purely on behalf of the merchant as a data processor. The Merchant remains the primary Data Fiduciary for its consumers and is legally responsible for securing valid end-customer consent.

2. Categories of Data Processed by TTPL POS

A. Merchant Administrative & On boarding Data

To activate, license, and maintain your TTPL POS deployment, we collect:

• Corporate Identity: Legal business name, trade name, registered corporate address, and shop/establishment license details.
• Contact Information: Name, email ID, and mobile number of the authorized account administrators and store managers.
• Statutory & Tax Data: Goods and Services Tax Identification Number (GSTIN) and Permanent Account Number (PAN) for legal billing and compliance verification.

B. Transactional & Store Operations Data (Processed for Merchants)

To ensure the execution of core point-of-sale workflows, the software handles:

• Sales Metadata: Itemized inventory logs, transaction totals, date/time stamps, store location tags, and chosen payment modes (cash, UPI, credit/debit card tokens, or brand wallets).
• Terminal & System Logs: IP address, unique terminal hardware identifiers (MAC address/IMEI), OS version, and performance diagnostics of attached peripherals like barcode scanners and thermal printers.

C. Sensitive Personal Data or Information (SPDI)

Crucial Security Note: TTPL POS does not capture or store raw debit/credit card numbers, expiry dates, or internet banking passwords. All digital payments are processed via integration with Reserve Bank of India (RBI)-authorized payment gateways. Any settlement bank details retained for business verification are strictly classified as SPDI and subjected to restricted, encrypted access controls.

3. Lawful Basis and Purpose of Processing

TTPL processes personal data only where there is a lawful baseline—primarily for the performance of a contract or via explicit consent. We use this data to:

• Initialize, validate, and secure your specific TTPL POS software licenses.
• Compute automated sales analytics, update real-time cloud inventory, and generate compliant GST bills.
• Deliver remote technical support, troubleshoot database queries, and push over-the-air (OTA) security updates.
• Fulfill mandatory audit and tax reporting obligations under Indian corporate laws.

4. Data Localization and Sharing Restrictions

• Sovereign Data Storage (Localization): In absolute compliance with Indian regulatory demands and data sovereignty principles, all merchant database storage, cloud backups, and transaction logs managed by TTPL POS are hosted on secure cloud infrastructure physically located within the territorial boundaries of India.
• No Third-Party Commercialization: TTPL does not trade, rent, or monetize your operational store data to external advertising networks or data brokers.
• Permitted Disclosures: Data sharing is confined to authorized banking/payment aggregators processing your store transactions or to Indian law enforcement and statutory tax authorities when backed by a valid legal warrant or order.

5. Data Retention Limits

We retain merchant account details as long as the commercial subscription for TTPL POS remains active. Statutory Preservation: Please note that transaction histories, invoice details, and GST-linked records cannot be immediately erased upon account closure. Under Indian financial laws (including the Income Tax Act and GST Rules), these records must be securely archived by our systems for a mandatory period of 8 financial years.

6. Limitation of Liability for Data Loss

Furthermore, Tantrash Technologies shall not be held liable for any loss of data resulting from natural disasters, ransomware attacks, or any other unforeseen threats and circumstances beyond its reasonable control.

7. Industrial Security Framework

TTPL implements robust technical architecture to protect your business intelligence from data breaches, hacking, or unauthorized alterations:

• Advanced Encryption: Data transmitted between your physical POS terminal and the TTPL cloud dashboard is encrypted using Transport Layer Security (TLS 1.3). Static databases are protected by AES-256 bit encryption.
• Multi-Tenant Isolation: Our database architecture ensures that your business and transaction records are structurally sandboxed and completely isolated from any other merchant operating on the TTPL network.
• Strict Access Control: Internal access to platform backends by TTPL engineers is strictly regulated through Role-Based Access Controls (RBAC) and Multi-Factor Authentication (MFA), limited entirely to system maintenance routines.

8. Your Rights under the DPDPA

As an Indian business entity/Data Principal, you possess statutory rights regarding your business records held by TTPL. You can directly manage these via your TTPL Cloud Master Console or by contacting our data desk to:

• Review and extract a summary of your registration data.
• Correct inaccurate or outdated business profile details.
• Request erasure of non-statutory account data once your contract with TTPL finishes.

9. Designated Grievance Redressal

To meet the statutory mandates of the Information Technology Rules, 2011, and the DPDPA, 2023, TTPL has appointed a dedicated Grievance Redressal Officer. Any operational compliance issues, data access requests, or security vulnerabilities should be directly escalated to:

• Attn: Ms. Shivani Srivastava
• Designation: Grievance & Data Protection Officer, TTPL
• Postal Address: 722, 7th Floor, Cyber Heights, Vibhuti Khand, Gomti Nagar Lucknow, 226010
• Dedicated Email: info@tantrash.com

We will formally acknowledge any data grievance within 48 hours and provide a complete resolution or formal status update within 30 days from the date of receipt.

10. Revisions to this Policy

TTPL reserves the right to update this Privacy Policy to reflect software upgrades, new feature integrations, or modifications in Indian legislative frameworks. Any critical adjustments will be flagged via a banner notice on your main TTPL POS terminal interface or sent via email to your registered account administrator.