Privacy Policy

1. Introduction

Twobits Technologies Pvt Ltd ("we," "our," or "us") operates the DeltaOrders mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting your privacy and ensuring the security of your personal information. By using DeltaOrders, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Create an Account: Name, email address, phone number, business name, and password
• Use the Service: Order information, customer details, product information, inventory data, pricing, and transaction records
• Contact Us: Name, email address, and message content when you reach out for support
• Make Payments: Payment information processed through our payment processor (currently Razorpay) when you or your customers make payments. Sensitive payment data such as full card numbers and CVV codes are collected and stored directly by the payment processor; we do not store this information on our servers.

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information:

• Device Information: Device type, operating system, unique device identifiers, and mobile network information
• Usage Data: App features used, time spent on different screens, and interaction with notifications
• Log Data: IP address, access times, app crashes, and performance data
• Location Data: Approximate location based on IP address (we do not collect precise GPS location)

2.3 Information from Third Parties

We may receive information from third-party services you connect to DeltaOrders, such as:

• Firebase Authentication services
• Payment processors
• Analytics providers

2.4 Mobile App Permissions

When you use the DeltaOrders mobile app, we may request access to certain device features. You can grant or revoke these permissions at any time in your device settings. We only access these features when you choose to use related functionality in the app.

• Camera and Photos: To allow you to capture or upload product images, store logos or banners, or scan QR codes, we may request access to your device camera and photo library. Images are uploaded only when you initiate these actions.
• Storage / Files: To enable you to download, export, or locally store invoices, reports, or other order-related documents, we may request access to your device storage. Such files are saved on your device only when you choose to generate or download them.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve the DeltaOrders platform
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Order Processing: To help you manage orders, track inventory, and process customer transactions
• Smart Scheduling: To help you configure and optimize order windows, holidays, and off days so that you can manage when you accept orders.
• Subscriptions & Billing: To manage your subscription plan, billing history, grace periods, and access to paid features
• Communication: To send you service updates, notifications, and respond to your inquiries
• Analytics: To understand how users interact with our Service and improve functionality
• Security: To detect, prevent, and address technical issues, fraud, and unauthorized access
• Compliance: To comply with legal obligations and enforce our Terms and Conditions
• Marketing: To send promotional communications (you can opt-out at any time)

When your customers place orders or make payments through your DeltaOrders storefront, we process their personal and payment-related information on your behalf as a service provider. You are responsible for your own relationship and legal obligations with your customers, including providing any privacy notices that apply to them, while we facilitate the underlying order management and payment processing via our third-party providers (such as Razorpay).

4. Push Notifications

DeltaOrders uses Firebase Cloud Messaging to send push notifications. These notifications may include:

• New order notifications
• Order status updates
• Low inventory alerts
• Service updates and announcements

You can disable push notifications at any time through your device settings or within the app. Note that disabling notifications may affect your ability to receive timely order updates.

5. Data Storage and Security

We implement industry-standard security measures to protect your personal information:

• Encryption: Data is encrypted in transit using SSL/TLS and at rest using industry-standard encryption
• Firebase: We use Google Firebase services for authentication, database, and storage, which comply with industry security standards
• Access Controls: We limit access to personal information to authorized personnel only
• Regular Security Audits: We regularly review and update our security practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

If we become aware of a data breach that is likely to result in a high risk to your rights or personal information, we will notify you and, where required, the appropriate authorities in accordance with applicable law.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide you with the Service
• Comply with legal obligations
• Resolve disputes and enforce our agreements

When you request deletion of your account from within the app, your account will first be scheduled for deletion and placed into a grace period (currently 30 days) during which your data is retained in a deactivated state so you can contact us to cancel the deletion if needed. After the grace period ends, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or regulatory purposes.

Notwithstanding account deletion, we may retain certain transaction records, invoices, tax-related information, and payment data for a period of up to 8 years (or a longer period if required by applicable law) to comply with statutory tax, accounting, anti-money laundering, and other legal obligations in India.

7. Sharing Your Information

We do not sell your personal information. We may share your information in the following circumstances:

7.1 Service Providers

We share information with third-party service providers who help us operate the Service:

• Google Firebase: For authentication, database, storage, and push notifications
• Payment Processors (such as Razorpay): To process storefront order payments made by your customers and subscription or top-up fees you pay to us. Payment card details are handled directly by such processors; we do not store full card numbers, CVV codes, or other sensitive payment authentication data on our servers.
• Analytics Providers: To understand app usage and improve the Service
• Cloud Hosting: To store and process data

7.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public

7.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: You can access and review your personal information through your account settings
• Correction: You can update or correct your information at any time
• Deletion: You can request deletion of your account and associated data
• Data Portability: You can request a copy of your data in a machine-readable format
• Opt-Out: You can opt-out of marketing communications and push notifications
• Withdraw Consent: You can withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us at privacy@twobits.in or through the app settings.

For users in India, we process personal data in line with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and rules made thereunder. You may exercise your rights as a data principal, including the right to access, correction, and grievance redressal, by contacting our Grievance Officer & Data Protection Officer as described in Section 17.

9. Children's Privacy

DeltaOrders is not intended for use by children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we discover that we have collected information from a child under 13, we will promptly delete it.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

We use Google Firebase services, which may store data in Google-operated data centers in India and in other countries (such as the United States or member states of the European Union), depending on how our infrastructure is configured. By using the Service, you consent to the transfer, storage, and processing of your information in these locations, subject to appropriate safeguards as required by applicable law.

11. Third-Party Services

DeltaOrders integrates with third-party services that have their own privacy policies:

• Google Firebase: Firebase Privacy Policy
• Google Analytics: Google Privacy Policy
• Razorpay: Razorpay Privacy Policy

We encourage you to review the privacy policies of these third-party services. We are not responsible for their privacy practices.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Types of cookies we use:

• Essential Cookies: Necessary for the Service to function properly
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification for material changes
• Displaying an in-app notification

You are advised to review this Privacy Policy periodically. Changes are effective when posted on this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Your California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information below.

15. European Union (GDPR) Rights

If you are in the European Economic Area (EEA), you have certain data protection rights under GDPR:

• Right to access, update, or delete your information
• Right to rectification if your information is inaccurate or incomplete
• Right to object to processing of your personal information
• Right to data portability
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your information includes consent, contract performance, and legitimate interests.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Company: Twobits Technologies Pvt Ltd
• Email: privacy@twobits.in
• Support: support@deltaorders.com
• Address: Gayatri Nagar 1st Ln, Hinjilicut, Ganjam, Odisha, India

We will respond to your inquiry within 30 days of receipt.

17. Grievance Officer & Data Protection Officer

For privacy-related matters, or to raise any concerns or grievances regarding the processing of your personal information, you can contact our designated Grievance Officer & Data Protection Officer at:

• Email: dpo@twobits.in

For users in India, our Grievance Officer will acknowledge and endeavour to resolve your grievances within one month (30 days) from the date of receipt, in accordance with applicable Indian information technology and data protection laws.