Privacy Policy

Collection

We collect your personal data when you use our Platform, services or otherwise interact with us during the course of our relationship and related information provided from time to time. Some of the information that we may collect includes but is not limited to personal data / information provided to us during sign-up/registering or using our Platform such as name, date of birth, address, telephone/mobile number, email ID and/or any such information shared as proof of identity or address.

Some of the sensitive personal data may be collected with your consent, such as your bank account or credit or debit card or other payment instrument information or biometric information such as your facial features or physiological information (in order to enable use of certain features when opted for, available on the Platform) etc all of the above being in accordance with applicable law(s). You always have the option to not provide information, by choosing not to use a particular service or feature on the Platform.

We may track your behaviour, preferences, and other information that you choose to provide on our Platform. This information is compiled and analysed on an aggregated basis. We will also collect your information related to your transactions on Platform and such third-party business partner platforms. When such a third-party business partner collects your personal data directly from you, you will be governed by their privacy policies. We shall not be responsible for the third-party business partner's privacy practices or the content of their privacy policies, and we request you to read their privacy policies prior to disclosing any information.

Usage

We use personal data to provide the services you request. To the extent we use your personal data to market to you, we will provide you the ability to opt-out of such uses. We use your personal data to assist sellers and business partners in handling and fulfilling orders; enhancing customer experience; to resolve disputes; troubleshoot problems; inform you about online and offline offers, products, services, and updates; customise your experience; detect and protect us against error, fraud and other criminal activity; enforce our terms and conditions; conduct marketing research, analysis and surveys; and as otherwise described to you at the time of collection of information.

You understand that your access to these products/services may be affected in the event permission is not provided to us.

Sharing

We may share your personal data internally within our group entities, our other corporate entities, and affiliates to provide you access to the services and products offered by them. These entities and affiliates may market to you as a result of such sharing unless you explicitly opt-out. We may disclose personal data to third parties such as sellers, business partners, third party service providers including logistics partners, prepaid payment instrument issuers, third-party reward programs and other payment opted by you.

These disclosure may be required for us to provide you access to our services and products offered to you, to comply with our legal obligations, to enforce our user agreement, to facilitate our marketing and advertising activities, to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our services. We may disclose personal and sensitive personal data to government agencies or other authorised law enforcement agencies if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process.

We may disclose personal data to law enforcement offices, third party rights owners, or others in the good faith belief that such disclosure is reasonably necessary to: enforce our Terms of Use or Privacy Policy; respond to claims that an advertisement, posting or other content violates the rights of a third party; or protect the rights, property or personal safety of our users or the general public.

Security Precautions

To protect your personal data from unauthorised access or disclosure, loss or misuse we adopt reasonable security practices and procedures. Once your information is in our possession or whenever you access your account information, we adhere to our security guidelines to protect it against unauthorised access and offer the use of a secure server.

However, the transmission of information is not completely secure for reasons beyond our control. By using the Platform, the users accept the security implications of data transmission over the internet and the World Wide Web which cannot always be guaranteed as completely secure, and therefore, there would always remain certain inherent risks regarding use of the Platform. Users are responsible for ensuring the protection of login and password records for their account.

Data Deletion and Retention

You have an option to delete your account by visiting your profile and settings on our Platform, this action would result in you losing all information related to your account. You may also write to us at the contact information provided below to assist you with these requests.

We may in event of any pending grievance, claims, pending shipments or any other services we may refuse or delay deletion of the account. Once the account is deleted, you will lose access to the account. We retain your personal data information for a period no longer than is required for the purpose for which it was collected or as required under any applicable law.

However, we may retain data related to you if we believe it may be necessary to prevent fraud or future abuse or for other legitimate purposes. We may continue to retain your data in anonymised form for analytical and research purposes.

Your Rights

You may access, rectify, and update your personal data directly through the functionalities provided on the Platform.

Consent

By visiting our Platform or by providing your information, you consent to the collection, use, storage, disclosure and otherwise processing of your information on the Platform in accordance with this Privacy Policy. If you disclose to us any personal data relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy.

You, while providing your personal data over the Platform or any partner platforms or establishments, consent to us (including our other corporate entities, affiliates, lending partners, technology partners, marketing channels, business partners and other third parties) to contact you through SMS, instant messaging apps, call and/or e-mail for the purposes specified in this Privacy Policy.

You have an option to withdraw your consent that you have already provided by writing to the Grievance Officer at the contact information provided below. Please mention "Withdrawal of consent for processing personal data" in your subject line of your communication. We may verify such requests before acting on our request. However, please note that your withdrawal of consent will not be retrospective and will be in accordance with the Terms of Use, this Privacy Policy, and applicable laws. In the event you withdraw consent given to us under this Privacy Policy, we reserve the right to restrict or deny the provision of our services for which we consider such information to be necessary.

Changes to this Privacy Policy

Please check our Privacy Policy periodically for changes. We may update this Privacy Policy to reflect changes to our information practices. We may alert / notify you about the significant changes to the Privacy Policy, in the manner as may be required under applicable laws.

1. Information We Collect

We collect the following categories of information:

a. Business & Account Data

• Contact and account information: name, business email, phone number, company name, billing information and identifiers.
• Login credentials, authentication data and role information.

b. Customer Data (via CRM & WhatsApp APIs)

• End-user phone numbers and contact records.
• Messages and media shared through the WhatsApp Business Platform (message text, images, attachments), and message metadata (timestamps, delivery/read receipts).
• Conversation context and CRM notes created by your users.

c. Technical Data

• Device and browser information, IP addresses, cookies, session logs and API usage logs.
• Error and diagnostic logs used for support and platform reliability.

d. Optional Data

• Support requests, survey responses and optional profile fields provided by account administrators.

e. Facebook Lead Ads Lead Data

When you submit a lead through a Facebook Lead Ad form, we collect and process the information you provide (such as name, email address, phone number, and any other form responses). This data is used to:

• Deliver and manage our CRM services
• Contact you regarding your inquiry
• Store the lead information securely in our system

We will not share Facebook lead data with third parties except as necessary to provide our services or comply with legal obligations. You may request access, correction, or deletion of your lead data by contacting us at [email protected].

2. How We Use Information

We use collected data to:

• Provide and operate the Buyer Nexus platform and related features.
• Send and receive messages via the WhatsApp Business Platform on behalf of our customers.
• Manage subscriptions, billing, and customer support.
• Improve product performance, security and user experience.
• Comply with legal obligations and enforce our Terms of Service.

3. WhatsApp Business Platform Data Handling

Our Platform supports WhatsApp Business API integration through two models:

When you connect a WhatsApp Business number to Buyer Nexus (whether your own account or through our managed services), the following applies:

• Role: You, the customer, are the Data Controller for end-user communications; Buyer Nexus acts as the Data Processor for Platform Data processed to provide the service. When using your own WhatsApp Business API account, you maintain full data controller responsibility and direct accountability to Meta for all WhatsApp-related data processing.
• Scope: Platform Data may include phone numbers, message content, media and message metadata. We process Platform Data only to deliver the CRM and messaging functionalities you have requested.
• Data minimization: We collect and retain only the minimum Platform Data necessary to provide the services and to comply with legal obligations.
• No sale of data: We do not sell WhatsApp Platform Data or use it for third-party advertising.
• Sub-processors: We may engage subprocessors (hosting, analytics, backups) limited to performing services on our behalf — see our Sub-Processor list (Annex A).
• Retention: Messages and related metadata are retained only as required for CRM functionality, troubleshooting, dispute resolution, billing or as required by law. (See section "Data Retention" below.)
• Opt-outs & preferences: End users may opt out of marketing or non-essential messages per the account administrator's configured messaging rules. Compliance with WhatsApp opt-in rules is the responsibility of the account administrator (Controller). When using your own WhatsApp Business API account, you are directly responsible to Meta for all policy compliance, opt-in/opt-out management, and terms of service adherence.

4. Third-Party Data Sharing & Disclosure

We disclose personal information only in the following circumstances:

5. Data Security, Protection & Storage

6. Data Retention

We retain personal data only as long as necessary to provide the service, fulfill contractual obligations, or comply with legal requirements.

• Active account data: retained while the customer's account is active.
• WhatsApp messages & CRM records: retained according to customer settings, and deleted or anonymized after account termination or within 90 days unless legal requirements demand longer retention.

7. Your Rights

Depending on applicable law (for example GDPR, India's DPDP, CCPA) you may have the right to:

• Access your personal data and obtain a copy.
• Correct inaccurate or incomplete data.
• Request deletion of personal data ("right to be forgotten").
• Restrict or object to certain processing activities.
• Request portability of data in a structured, commonly used format.

To exercise these rights, please contact your Buyer Nexus account administrator or email us at [email protected].

8. Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our Platform. This section explains what cookies are, how we use them, and how you can control them.

9. Children

Buyer Nexus is a platform for businesses. We do not knowingly collect personal information from children under the applicable minimum age (typically 16). If you believe we have collected data about a child, contact us to request deletion.

10. Changes to This Policy

We may update this Privacy Policy occasionally. When we do, we will post the revised policy on this page and update the "Effective Date" at the top. For material changes, we will notify account administrators by email or via in-app notice.

11. Contact Us & Grievance Officer

If you have questions about this Privacy Policy or privacy practices, please contact: