AuralisAuralisTerms of Service →

Privacy Policy

गोपनीयता नीति

Company: Archis Prodyogiki LLPEffective: 11 February 2026Version: 1.0

Table of Contents

  1. 1. Introduction
  2. 2. Data We Collect
  3. 3. Purpose of Data Processing
  4. 4. Legal Basis for Processing
  5. 5. Data Retention
  6. 6. Your Rights (Data Subject Rights)
  7. 7. Third-Party Sharing
  8. 8. Cookies & Local Storage
  9. 9. Data Security
  10. 10. Cross-Border Data Transfers
  11. 11. Children's Data
  12. 12. Grievance Officer (DPDP Act Sec. 8(10))
  13. 13. Changes to This Privacy Policy
  14. 14. Contact Us

1. Introduction

1. परिचय

Archis Prodyogiki LLP ("Company", "We", "Us", "Our") operates the Auralis platform ("Platform"), a multi-vendor Progressive Web Application for QR-code–based ordering and hospitality services. This Privacy Policy explains how we collect, use, store, protect, and share your personal data when you use our Platform—whether as a Vendor (business partner), Vendor Staff, or End Customer (person placing orders). We are committed to protecting your privacy and complying with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and, where applicable, the General Data Protection Regulation (GDPR) of the European Union. By using the Platform, you consent to the practices described in this Policy. If you do not agree, please do not use the Platform.

2. Data We Collect

2. हम कौन सा डेटा एकत्र करते हैं

We collect different types of data depending on your role: Vendor (Business Owner) Data:
• Full name, email address, mobile number
• Business name, GST number, business type
• Business address and contact details
• Logo and branding assets
• Bank account / UPI details for payment settlement
• Login credentials (password stored as one-way hash)
Vendor Staff Data:
• Full name, email, phone number
• Role and access permissions
• Login activity logs
End Customer Data (collected at time of ordering):
• Name (optional)
• Mobile number (optional, for order updates/receipts)
• Email (optional, for receipts)
• Order details (items, quantities, preferences)
Automatically Collected Data:
• IP address (anonymized after 90 days)
• Browser type and user agent
• Device type and screen resolution
• Pages visited and actions taken
• Timestamps of interactions
• Language preference

3. Purpose of Data Processing

3. डेटा प्रसंस्करण का उद्देश्य

We process your personal data for the following purposes:
Service Delivery: To operate the Platform, process orders, manage menus, and facilitate payments
Account Management: To create, maintain, and authenticate your account
Communication: To send order confirmations, receipts, status updates, and support responses
Billing & Payments: To process subscription payments, generate invoices, and settle vendor payments
Analytics: To provide vendors with sales reports, performance analytics, and business insights
Security: To detect fraud, prevent abuse, and protect the Platform and its users
Legal Compliance: To comply with tax (GST), food safety, and data protection laws
Improvement: To improve Platform features, performance, and user experience
Support: To respond to queries, complaints, and provide technical assistance

5. Data Retention

5. डेटा प्रतिधारण

We retain personal data only as long as necessary for the purposes stated above, or as required by law:
Data TypeRetention PeriodReason
Vendor account dataDuration of subscription + 30 days graceService delivery
Order records (financial)8 years minimumGST / tax compliance (Income Tax Act)
Customer PII in orders2 years, then anonymizedBusiness analytics; PII scrubbed after retention
Activity / access logs1 yearSecurity auditing
OTP verification records90 daysFraud prevention
SMS gateway logs90 daysDelivery verification
Payment transaction records8 yearsFinancial compliance
IP addresses in logs90 days, then anonymizedSecurity; anonymized after retention
After the retention period, personal data is either securely deleted or anonymized so that it can no longer identify you. Financial amounts and aggregated statistics may be retained indefinitely for business analytics.

6. Your Rights (Data Subject Rights)

6. आपके अधिकार (डेटा विषय अधिकार)

Under the DPDP Act 2023 and GDPR (where applicable), you have the following rights:
Right to Access (DPDP Sec. 11): You can request a copy of all personal data we hold about you. Vendors can export their data directly from their dashboard (Settings → Data & Privacy → Export My Data).
Right to Correction (DPDP Sec. 11): You can request correction of inaccurate or incomplete personal data. Vendors can update their profile directly; customers can contact us.
Right to Erasure / Deletion (DPDP Sec. 12): You can request deletion of your personal data. Upon request, we will delete or anonymize your data, subject to legal retention obligations (e.g., tax records). Vendors can initiate account deletion from their dashboard.
Right to Data Portability (GDPR Art. 20): You can request your data in a structured, commonly used, machine-readable format (JSON).
Right to Withdraw Consent (DPDP Sec. 6(6)): You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
Right to Nominate (DPDP Sec. 14): You may nominate another person to exercise your rights in case of your death or incapacity.
Right to Grievance Redressal (DPDP Sec. 13): You can raise a complaint with our Grievance Officer (see Section 12 below). We will acknowledge within 48 hours and resolve within 30 days.
To exercise any of these rights, email us at pwa@archisp.com or use the self-service options in your vendor dashboard.

7. Third-Party Sharing

7. तृतीय-पक्ष साझाकरण

We share personal data only in the following limited circumstances:
Payment Processors: To process UPI, card, and gateway payments. We share only the minimum data required for transaction processing.
Email Service Providers (Resend): To send transactional emails (order confirmations, receipts). Email addresses are shared solely for delivery.
SMS Gateway: To send OTP verification codes and order notifications. Phone numbers are shared solely for message delivery.
Cloud Infrastructure (AWS): Data is stored on Amazon Web Services servers in India (ap-south-1 region). AWS acts as a data processor under contractual obligations.
Legal Authorities: When required by law, court order, or government directive.
We do NOT:
• Sell personal data to any third party
• Share data for advertising or marketing purposes with third parties
• Transfer data outside India without adequate safeguards

8. Cookies & Local Storage

8. कुकीज़ और स्थानीय संग्रहण

The Platform uses the following browser storage mechanisms:
Authentication Cookies (Essential): HTTP-only, secure cookies for login sessions. These are strictly necessary and cannot be disabled.
Property Selection Cookie: Remembers your selected property/location within the vendor dashboard.
Theme Preference (Local Storage): Stores your dark/light mode preference locally on your device.
Language Preference (Local Storage): Stores your language selection (English/Hindi).
PWA Service Worker Cache: Caches static assets for offline access and faster loading.
We do NOT use:
• Third-party tracking cookies
• Advertising cookies
• Social media tracking pixels
• Google Analytics or similar third-party analytics

9. Data Security

9. डेटा सुरक्षा

We implement robust security measures to protect your data:
Encryption: All data transmitted via HTTPS/TLS. Passwords are stored using bcrypt one-way hashing.
Access Control: Role-based access control (RBAC) ensures users see only data they are authorized to access.
Multi-Tenant Isolation: Each vendor's data is strictly isolated; no vendor can access another vendor's data.
CSRF Protection: Cross-Site Request Forgery tokens protect against unauthorized form submissions.
Rate Limiting: API endpoints are rate-limited to prevent brute-force attacks and abuse.
Security Headers: HSTS, X-Content-Type-Options, X-Frame-Options, and Content-Security-Policy headers are enforced.
Secure Cookies: Authentication cookies are HTTP-only, secure, and SameSite-protected.
Input Validation: All user inputs are validated and sanitized to prevent injection attacks.
Parameterized Queries: All database queries use parameterized statements to prevent SQL injection.
While we take data security seriously, no method of electronic storage or transmission is 100% secure. In the event of a data breach, we will notify affected individuals and relevant authorities as required by law within 72 hours.

10. Cross-Border Data Transfers

10. सीमा-पार डेटा स्थानांतरण

Your data is primarily stored and processed in India (AWS ap-south-1 region, Mumbai). We do not transfer personal data outside India except:
• When using email delivery services (Resend) which may process data in the US under Standard Contractual Clauses.
• When required by law or international legal assistance treaties.
Any cross-border transfer is subject to adequate safeguards as required by the DPDP Act 2023 and relevant notifications by the Indian government.

11. Children's Data

11. बच्चों का डेटा

The Platform is designed for use by businesses and their adult customers. We do not knowingly collect personal data from anyone under the age of 18. Vendor accounts require the registrant to be at least 18 years old and legally authorized to represent a business. If you believe we have inadvertently collected data from a minor, please contact us immediately at pwa@archisp.com and we will promptly delete such data.

12. Grievance Officer (DPDP Act Sec. 8(10))

12. शिकायत अधिकारी (DPDP अधिनियम धारा 8(10))

In compliance with the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer: Grievance Officer / Data Protection Officer Company: Archis Prodyogiki LLP Email: pwa@archisp.com Phone: +91-9990331965 The Grievance Officer will:
• Acknowledge your complaint within 48 hours
• Investigate and provide a response within 30 days
• Escalate unresolved complaints to the Data Protection Board of India if necessary
If you are not satisfied with the resolution, you may file a complaint with the Data Protection Board of India as established under the DPDP Act 2023.

13. Changes to This Privacy Policy

13. इस गोपनीयता नीति में परिवर्तन

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material changes will be:
• Notified via email to registered vendors at least 30 days before taking effect
• Posted on this page with an updated "Effective Date"
• Announced via the vendor dashboard notification system
Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy. We encourage you to review this page periodically.

14. Contact Us

14. हमसे संपर्क करें

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Archis Prodyogiki LLP Email: pwa@archisp.com Phone: +91-9990331965 Address: New Delhi, India For data subject requests (access, correction, deletion, portability), please email pwa@archisp.com with the subject line "Data Subject Request" and include your registered email address for verification.

© 2026 Archis Prodyogiki LLP. All rights reserved.

Terms of ServiceBack to Home