SaaStify Systems Private Limited (“SaaStify”, “we”, “us”, “our”) is committed to protecting your privacy and ensuring transparency in how we handle your personal and business data. This Privacy Policy explains what information we collect, how we use it, and your rights under applicable laws, including the General Data Protection Regulation (GDPR).

1. Information We Collect

We collect the following types of information:
1.1 Identity Information – First name, last name, and job title.
1.2 Contact Information – Telephone number, email address, business address, and billing address.
1.3 Profile Data – Username, password, account preferences, feedback, and survey responses.
1.4 Billing Details – Credit card type, last 4 digits of your card number, expiry date, and billing address.
1.5 Transactional Data – Payment details, records of products and services you have procured.
1.6 Technical Data – IP address, browser type and version, time zone setting, operating system, and platform.
1.7 Business Records – Data related to products, inventory, orders, shipment information, and client details (including names, addresses, and contact details).

2. How We Collect Information

2.1 Automatic Collection – We collect usage details such as dates/times of access, pages viewed, time spent, and technical information (IP, browser, operating system).
2.2 Cookies & Tracking – We use cookies and similar technologies for functionality, analytics, and marketing. Non-essential cookies (e.g., analytics/advertising) are only used with your consent, which you can manage via our cookie banner or preferences center.

3. How We Use Information

We use the information we collect to:

• Provide and maintain our services.

• Process transactions, send confirmations, and issue invoices.

• Communicate with you about products, services, and promotional offers.

• Provide customer support.

• Monitor usage, detect and prevent fraud or technical issues.

Legal Basis for Processing:

• Contract – Delivering services you requested.

• Legal Obligation – Complying with accounting, tax, and regulatory requirements.

• Consent – Marketing communications and non-essential cookies.

• Legitimate Interests – Improving services, analytics, security, and fraud prevention.
   

4. Data Retention

We retain your data only as long as necessary for service delivery, legal compliance, or legitimate business purposes.

• Inactive Accounts – Deleted after 60 days without subscription.

• Billing & Transactional Data – May be retained for up to 7 years to comply with tax and accounting laws.

• Other Personal Data – Retained only as long as needed for the purposes stated in this policy.

When data is no longer required, it is securely deleted or anonymized.

5. Information Sharing

We do not sell or rent your personal information. We may share data with:

• Service Providers – Payment processors, cloud hosting, analytics, email, and data storage providers.

• Affiliates & Partners – Carefully selected partners to provide complementary services (e.g., logistics, payments, marketplace integration).

• Authorities – When required by law, or to protect rights, safety, and security.

International Transfers
If we transfer your personal data outside the European Economic Area (EEA) or UK, we implement approved safeguards such as Standard Contractual Clauses (SCCs).

6. Data Security

We employ physical, electronic, and organizational safeguards, including:

• Encryption, access controls, monitoring, and backups.

• Restricted access only to authorized employees, contractors, or third parties with a legitimate need.

• Confidentiality obligations and regular staff training.

• Periodic security audits.

7. Children’s Data
Our services are not directed to children under 16 (or the minimum age of consent in your jurisdiction). We do not knowingly collect children’s personal data. If we become aware of such collection, we will delete it immediately.

8. External Links
Our website may contain links to third-party sites. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any external sites you visit.

9. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be published on this page, and material changes will be communicated where appropriate.

10. GDPR Compliance
User Rights

• Right of access to your data.

• Right to rectification of inaccuracies.

• Right to erasure (“right to be forgotten”).

• Right to restrict processing.

• Right to data portability.

• Right to object to processing (including marketing).

• Rights related to automated decision-making/profiling (if applicable).

Consent Management

• No pre-ticked boxes; consent must be explicit.

• Consent can be withdrawn at any time.

• Cookies and trackers are only used with consent.

Third-Party Processors

• We only use GDPR-compliant vendors.

• Data Processing Agreements (DPAs) are in place.

Data Breach Policy

• Authorities notified within 72 hours if required.

• Users notified without undue delay if high risk exists.

Accountability

• We maintain logs of processing activities, consent, and breaches.

• Regular audits ensure compliance.

Supervisory Authority & Complaints
You can contact us at support@saastify.ai (or our Data Protection Officer at dpo@saastify.ai if appointed).
You also have the right to lodge a complaint with your local data protection authority.