Privacy Policy

Tanvrit Pvt. Ltd. ("Tanvrit", "we", "us", or "our") is a company incorporated under the Companies Act, 2013, with its registered office at 168, Plot No - 945, Gayatri Mandir se Purab, New Ariya, Sasaram, Bihar 821115, India. We operate the Tanvrit platform — including Friendly, Mandee, Swyft, and School — accessible at tanvrit.com and via our mobile and desktop applications.

We collect information you provide directly: • Account information: name, email address, phone number, business name, and address when you register. • Business data: products, inventory, orders, invoices, employee records, and customer contacts that you enter into our apps. • Payment information: billing details and transaction records. Card numbers are processed by our payment partners and are never stored on our servers. • Communications: messages you send us via the contact form, email, or in-app support. We also collect information automatically: • Usage data: features accessed, screens visited, actions taken, and session duration. • Device data: device model, operating system version, app version, and unique device identifiers. • Log data: IP address, browser type, and request timestamps.

We use your information to: • Provide, operate, and improve the Tanvrit platform and its apps. • Process transactions and send related receipts or invoices. • Send you product updates, security notices, and support responses. • Analyse usage patterns to improve product quality and performance. • Comply with legal obligations, including GST filing requirements (data retained for 7 years as mandated by the GST Act). • Prevent fraud, abuse, and security incidents. We do not use your data to serve third-party advertising.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we process your personal data on the following bases: • Contractual necessity: to deliver the services you have subscribed to. • Legitimate interests: to improve our platform and maintain security. • Legal obligation: to comply with applicable Indian laws including the GST Act, IT Act 2000, and the DPDP Act 2023. • Consent: where you have explicitly opted in (e.g., marketing emails).

We share your data only in the following circumstances: • Service providers: cloud infrastructure (Google Cloud Platform, region: asia-south1, Mumbai), payment processors, and email delivery providers — all bound by data processing agreements. • Legal requirements: if required by Indian courts, regulators, or law enforcement agencies. • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We never sell your personal data to third parties.

We retain your personal data for as long as your account is active or as needed to provide services. Financial and transaction records are retained for 7 years in compliance with Indian tax law. Upon account deletion, personal data is purged within 90 days, except where retention is legally required.

We implement industry-standard safeguards including JWT-based authentication with mutex-protected token refresh, AES-256-GCM field-level encryption for sensitive PII (Aadhaar, PAN), TLS 1.3 in transit via Cloudflare, role-based access controls, rate limiting on authentication endpoints, and audit trails on all data-mutating operations. Our infrastructure runs on Google Cloud Run in asia-south1 (Mumbai) for India data residency, with MongoDB Atlas as the system of record. We are launch-grade today; multi-region failover and a public uptime SLA ship after our launch monitoring stack is live.

Under the DPDP Act 2023, you have the right to: • Access: request a copy of the personal data we hold about you. • Correction: ask us to correct inaccurate or incomplete data. • Erasure: request deletion of your data, subject to legal retention obligations. • Portability: receive your data in a machine-readable format. • Grievance redressal: lodge a complaint with our Data Protection Officer. To exercise any of these rights, contact us at contact@tanvrit.com. We will respond within 30 days.

We use essential cookies to operate the platform (session management and authentication) and analytics cookies to understand usage. See our Cookie Policy at tanvrit.com/cookies for details.

The Tanvrit platform is intended for use by businesses and individuals aged 18 and above. We do not knowingly collect personal data from children under 18. If we become aware of such collection, we will delete the data promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

For privacy-related queries, to exercise your rights, or to reach our Data Protection Officer: Tanvrit Pvt. Ltd. 168, Plot No - 945, Gayatri Mandir se Purab New Ariya, Sasaram, Bihar 821115 Email: contact@tanvrit.com Phone: +91 91874 75150