1. Introduction
Start Dost, operated by webcotec ("we", "us", "our"), is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act (DPDP), 2023 of India.
2. Data We Collect
Account Data: Name, email, phone number, company name, business type, and password (hashed) when you register.
Business Data: Leads, conversations, expenses, employee records, orders, and other data you create within the Platform. This data belongs to you.
Usage Data: Pages visited, features used, IP address, browser type, and device info for analytics and security.
Payment Data: Processed by Razorpay. We store transaction IDs and amounts but never store card numbers or UPI details.
3. How We Use Your Data
We use your data to: provide and maintain the Platform; process payments and generate invoices; send important notifications (account, billing, security); improve our services through aggregated analytics; provide AI-powered features using anonymized prompts. We do NOT use your data for: selling to third parties, unsolicited marketing without consent, or training AI models.
4. Third-Party Services
We share limited data with: Razorpay — payment processing (governed by Razorpay's privacy policy); Anthropic (Claude AI) — AI responses (conversation text sent to generate replies); Meta (Facebook/Instagram/WhatsApp) — only when you connect your social accounts; Brevo — email delivery (email addresses for sending). All third parties are bound by their own privacy policies and data processing agreements.
5. Data Storage & Security
Your data is stored on servers in India (Hostinger data centers). We implement: encrypted passwords (bcrypt), CSRF protection on all forms, rate-limited login attempts, SQL injection prevention (prepared statements), XSS protection, HTTPS encryption. Despite our efforts, no system is 100% secure. Please use a strong password and keep your credentials private.
6. Your Rights (Under DPDP Act)
You have the right to: access your personal data; correct inaccurate data via Settings; delete your account and all associated data; data portability — export your leads, expenses, and other data as CSV; withdraw consent at any time. To exercise these rights, email us at info@startdost.space.
7. Data Retention
Active accounts: data is retained as long as your account is active. Cancelled accounts: data is retained for 30 days, then permanently deleted. Payment records: retained for 7 years as required by Indian tax law. Backup data: purged within 90 days of deletion.
8. Cookies
We use essential cookies for: session management (login), dark mode preference, and CSRF security tokens. We do not use tracking cookies or third-party advertising cookies. If Google Analytics is enabled by the admin, it uses its own cookies as per Google's privacy policy.
9. Children's Privacy
Our Platform is not intended for users under 18. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this policy with 15 days notice. Material changes will be communicated via email or dashboard notification.
11. Grievance Officer
In accordance with the IT Act, our Grievance Officer can be reached at info@startdost.space. Response time: within 48 hours. Resolution: within 30 days.
12. Contact
For privacy-related queries: info@startdost.space