Privacy Policy — Footfall Business Suite

Last updated: 8 June 2026

This Privacy Policy explains how Footfall & Co ("Footfall", "we", "us") collects, uses, shares, and protects information in connection with the Footfall Business Suite service (the "Service"). It is intended to comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 and rules thereunder.

By using the Service, you agree to this Policy.

1. Who we are (Data Fiduciary)

For data you provide as our subscriber, Footfall & Co is the Data Fiduciary. Contact: support@footfall.co, Kukatpally, Hyderabad, Telangana 500072, India.

Note: When you (a business) enter data about *your own customers* into the Service, you are the Data Fiduciary for that data and we act as a Data Processor on your behalf, processing it only to provide the Service to you.

2. Information we collect

a) Account & billing information: name, business name, email, phone, and payment-related identifiers. Card/bank details are collected and processed directly by our payment provider (Razorpay); we do not store full card numbers.

b) Customer Data you enter: products, inventory, batches, sales, invoices, your customers' names/contact details, suppliers, and related business records.

c) Usage & technical data: log data, device/browser information, IP address, and actions within the app, used for security and to improve the Service.

d) Cookies & similar technologies: used for authentication (keeping you logged in) and essential functionality. We do not use non-essential advertising cookies.

3. How we use information

We use information to:

• Provide, operate, and maintain the Service;
• Authenticate users and secure accounts;
• Process subscriptions and payments (via Razorpay);
• Provide support and respond to your requests;
• Generate AI insights (only for eligible plans, and only when you submit a query);
• Detect, prevent, and address fraud, abuse, and security issues;
• Comply with legal obligations;
• Improve and develop features (using aggregated or de-identified data where possible).

4. Legal basis

We process personal data based on: your consent; performance of our contract with you (these Terms); compliance with legal obligations; and our legitimate interests in operating and securing the Service, consistent with the DPDP Act.

5. AI processing

When you use AI features, your query is sent to a third-party AI provider (e.g., Google Gemini) through our secure server to generate a response. We do not send your query unless you actively submit it. Do not include sensitive personal data in AI queries that you do not wish to be processed by the AI provider.

6. How we share information

We do not sell your personal data. We share it only with:

• Service providers / sub-processors who help us run the Service (e.g., Supabase for database/hosting, Razorpay for payments, Google for AI, email providers), under appropriate confidentiality and data-protection obligations;
• Legal/regulatory authorities when required by law or to protect rights, safety, and security;
• A successor entity in the event of a merger, acquisition, or asset sale, subject to this Policy.

7. Data storage & location

Customer Data is stored using our cloud infrastructure provider (Supabase) in the Asia/Mumbai (ap-south-1) region. We apply technical and organizational measures to protect data, including access controls and tenant-level data isolation (Row-Level Security).

8. Data retention

• We retain Customer Data while your account is active.
• After account closure/cancellation, we retain data for up to 90 days to allow reactivation and export, after which it is deleted or irreversibly anonymized, unless longer retention is required by law (e.g., tax/accounting records).

9. Security

We implement reasonable security safeguards including encryption in transit, access controls, server-side enforcement of permissions, and isolation between tenants. However, no system is completely secure; we cannot guarantee absolute security.

10. Your rights (DPDP Act)

Subject to applicable law, you have the right to:

• Access and obtain a copy of your personal data;
• Request correction or updating of inaccurate data;
• Request erasure of your personal data;
• Withdraw consent (which may limit your ability to use the Service);
• Nominate another person to exercise your rights in case of death or incapacity;
• Grievance redressal (see Section 12).

To exercise these rights, contact support@footfall.co. We may need to verify your identity before acting.

11. Children

The Service is intended for businesses and is not directed at individuals under 18. We do not knowingly collect data from children.

12. Grievance Officer

In accordance with Indian law, our Grievance Officer is:

Name: Mokshit (Founder)

Email: support@footfall.co

Address: Kukatpally, Hyderabad, Telangana 500072

We will acknowledge and address grievances within the timelines prescribed by law.

13. Changes to this Policy

We may update this Policy. Material changes will be notified by email or in-app. The "Last updated" date reflects the latest version.

14. Contact

Footfall & Co | support@footfall.co | Kukatpally, Hyderabad, Telangana 500072, India.