Privacy Policy

Information you provide directly:

• Contact details: Full name, email address, mobile phone number.
• Business details: Business type (café, restaurant, QSR, etc.), business name (if provided).
• Location data: Locality name, city, pincode, and optionally GPS coordinates for the location you want analysed.
• Payment information: Payment is processed entirely by Razorpay. We do not store card numbers, UPI IDs, or bank account details. We receive a payment confirmation token and order ID only.

Information collected automatically:

• Usage data: Pages visited, button clicks, and general browsing patterns via PostHog analytics (anonymised where possible).
• Device data: Browser type, operating system, IP address, and approximate location (country/city level) for security and fraud prevention.
• Cookies: Minimal session cookies required for the checkout flow, and analytics cookies described in Section 7.

• Report generation: Your location, business type, and order details are used as inputs to our AI pipeline to generate your Viabe Report.
• Delivery: Your email address is used to send the completed Report PDF. Your phone number is used to send a WhatsApp delivery notification via Twilio.
• Customer support: Contact details are used to respond to support queries, order issues, and refund requests.
• Service improvement: Aggregated, anonymised usage data helps us improve report quality, website performance, and product features.
• Legal compliance: We may retain and disclose data if required by Indian law or court order.
• Marketing: We will not send marketing emails without your explicit consent. Order confirmation and report delivery emails are transactional, not marketing.

• Orders and customer data: Retained for 3 years from the date of purchase for compliance, dispute resolution, and accounting purposes.
• Generated Reports (PDFs): Retained for 1 year from delivery date, after which they may be deleted from our storage.
• Analytics data: Aggregated and anonymised after 90 days.
• Deletion requests: Processed within 30 days of receipt. See Section 5 for how to request deletion.

We use the following trusted third-party processors. Each is bound by their own privacy and security obligations:

• Razorpay (payments) — processes all card, UPI, and net banking transactions. Razorpay is PCI-DSS compliant. Privacy policy: razorpay.com/privacy.
• Resend (transactional email) — used to deliver report PDFs and order confirmations to your email address.
• Twilio (WhatsApp and SMS notifications) — used to send report delivery notifications to your phone number.
• Supabase (database infrastructure) — securely stores order data, report metadata, and your account information. Data is hosted in AWS data centres.
• Google Maps Platform — used to gather competitor data and foot traffic signals for the location you submit. Your location input is sent to Google's API as part of report generation.
• PostHog (product analytics) — collects anonymised usage data to help us improve the product.

We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes.

Under applicable Indian data protection law, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Ask us to delete your data, subject to legal retention obligations.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your data for analytics purposes.

To exercise any of these rights, email support@viabe.ai with your name, registered email address, and the specific request. We will respond within 30 days.

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit.
• Row-level security on our database (Supabase RLS policies).
• API key authentication for all internal service communication.
• No storage of raw payment credentials — all payment data remains with Razorpay.

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the incident.

We use cookies for the following limited purposes:

• Session cookies: Required for the checkout flow and order status tracking. These expire when you close your browser.
• Analytics cookies (PostHog): Used to understand how visitors use the site. You can opt out by enabling "Do Not Track" in your browser or by emailing us.
• Theme preference: A local storage entry stores your preferred colour scheme (light/dark). This is not transmitted to our servers.

We do not use advertising or tracking cookies.

Viabe.ai is not directed at children under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has submitted data through our platform, please contact us immediately at support@viabe.ai.

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page and, where appropriate, by email notification to registered users.

For privacy-related queries or to exercise your rights:

• Email: support@viabe.ai
• Company: RKeCom Services Pvt Ltd
• Registered address: Mumbai, Maharashtra, India