This Privacy Policy explains how BharatReach handles the personal data and business data you entrust to us when you use our service. It is written to comply with India's Digital Personal Data Protection Act, 2023 and to satisfy the disclosure expectations of platforms whose APIs we integrate with (Meta Platforms, WhatsApp Business, and others).
01Who we are
BharatReach is operated by Sakuraj Technologies Pvt. Ltd., a company incorporated in India. For the purposes of the DPDP Act 2023, Sakuraj Technologies Pvt. Ltd. is the Data Fiduciary for personal data you provide through the BharatReach platform.
Registered office:
101 Kalwar Road, Jhotwara,
Jaipur, Rajasthan, India 302012
We can be contacted at prateek@bharatreachdsp.com or by phone at +91 8302680873.
02Information we collect
We collect only the data we need to run the BharatReach agents on your behalf. The categories are:
Account information
- Owner name and contact phone number
- Registered business name
- Business email address (if provided)
- City, state, and PIN code of operation
- GSTIN, Udyam Registration Number (optional)
Catalog and content data
- Product titles, descriptions, categories, prices, stock
- Product photographs and other media you upload
- Business hours, location, service area
Conversation data
- Inbound and outbound WhatsApp Business messages routed through Interakt's WhatsApp Business API integration
- Inbound Instagram direct messages and comments routed through the Meta Graph API
- Customer phone numbers and Instagram handles that you converse with through our platform
Platform behaviour
- Which posts the AI agents generated and when they were published
- Engagement signals returned by Meta Graph (likes, comments, reach) for posts published through us
- Marketplace listing status reported by ONDC, Amazon, Meesho, and other connected platforms
Technical data
- IP address, browser type, device type
- Session cookies (see Section 11)
- Server logs of requests you make to our application
We do not collect Aadhaar numbers, bank account numbers, card numbers, or biometric data. Payments are processed by our payment partner and we never see your full card details.
03How we use your data
We use the data above strictly for these purposes:
- To run the seven BharatReach agents on your behalf — VYAPAAR (commerce), PRACHAR (marketing), SAHAYAK (customer service), NAZAR (intelligence), LEKHA (compliance), VITTIYA (credit), and SANCHALAN (operations) — so they can publish content, send messages, sync catalogs, and respond to customers as you have configured.
- To improve the platform through aggregated and anonymised analytics. Individual MSME data is never sold or used to train third-party models.
- To process subscription payments and send you receipts and service announcements.
- To respond to your support requests and to communicate changes to the service.
- To comply with legal obligations, including tax, accounting, and government scheme requirements.
04Sub-processors we share data with
We rely on a small set of trusted vendors to operate BharatReach. Each is bound by a written data-processing agreement.
- Anthropic, Inc. — Claude API for AI inference. Receives the minimum text and structured data needed to generate a response. Anthropic does not use API data to train its models.
- Interakt — WhatsApp Business API provider. Receives messages routed between your customers and your business account.
- Meta Platforms, Inc. — Facebook and Instagram APIs. Receives content we publish on your behalf and any messages or comments routed through their Graph API.
- Supabase — managed PostgreSQL database and object storage. Hosts your account data, catalog, and conversation history.
- Vercel, Inc. — application hosting and edge-delivery. Sees request logs but does not access your database content.
- Razorpay Software Pvt. Ltd. — payment processor for subscription billing.
We do not sell your data. We do not share your data with advertisers, data brokers, or marketing networks for their own purposes.
05Storage and security
Your data is stored in Supabase's managed PostgreSQL database and object storage with the following safeguards:
- AES-256 encryption at rest
- TLS 1.2 or higher in transit
- Row-level security policies enforcing per-MSME isolation
- Daily encrypted backups with 30-day retention
- Application secrets stored in encrypted environment variables
- Two-factor authentication required for our administrative access
We will notify you and the appropriate authority of a personal data breach within the timelines mandated by the DPDP Act 2023.
06Data retention
We retain different categories of data for different periods:
- Active account data — for the duration of your subscription.
- Deletion-window data — for 30 days after you cancel or request deletion, to allow restoration in case of accidental cancellation. After 30 days, data is permanently removed from primary systems and from backups on rolling 30-day expiry.
- Transaction records — invoices, payment receipts, and tax-relevant records are retained for 7 years as required by the Income Tax Act 1961 and Indian accounting standards.
- Anonymised analytics — aggregated and de-identified metrics may be retained indefinitely.
07Your rights under the DPDP Act
Under the DPDP Act 2023 you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or outdated information.
- Erase your data, subject to the carve-outs described in Section 6 above.
- Withdraw consent at any time, with effect from the date of withdrawal.
- Nominate another person to exercise these rights in the event of your death or incapacity.
- Grievance redressal by contacting our Grievance Officer (see Section 13). If unsatisfied, you may approach the Data Protection Board of India.
08How to request data deletion
To request deletion of your BharatReach data, including any data we hold on your behalf from Meta (Facebook, Instagram) or WhatsApp integrations, follow these steps.
Email: prateek@bharatreachdsp.com
Subject line: Data Deletion Request
Please include: the registered phone number (with country code) and registered business name. This helps us verify the request is from the account owner.
What happens next
- We acknowledge your request within 7 days.
- We verify the request through the registered phone or email and then queue deletion.
- Deletion completes within 30 days of verification.
What gets deleted
- Your account profile and business information
- Product catalog, photos, and other uploaded media
- Conversation history (WhatsApp and Instagram messages stored on our systems)
- Content generated by the BharatReach agents on your behalf
- OAuth tokens and access credentials linking us to your Meta / Instagram / WhatsApp Business accounts
What does not get deleted
- Aggregated, anonymised analytics that no longer identify you
- Transaction records and invoices retained for the statutory 7-year period under Indian tax law
- Records we are legally required to preserve for an ongoing investigation or court order
Disconnecting BharatReach from your Meta or WhatsApp account on those platforms' side will also revoke our access. We will still complete the deletion of any data already mirrored to our systems on the timeline above.
09Children
BharatReach is a business-to-business service intended for registered MSME owners and operators aged 18 and above. We do not knowingly collect personal data from individuals under 18. If we discover that we have done so, we will delete the data promptly.
10International transfers
Your data is primarily stored on Supabase infrastructure in a region we select to balance latency for Indian users with regulatory compliance. AI inference requests to the Claude API are processed by Anthropic, which may serve those requests from data centres outside India. Where data crosses borders, it remains subject to the contractual protections of our processor agreements, and only the minimum text needed for a model response is transmitted.
12Changes to this policy
We may update this Privacy Policy from time to time. When we make a material change, we will email you at least 30 days before the change takes effect and will update the “Effective date” at the top of this page. Continued use of the service after the effective date constitutes acceptance of the updated policy.
13Grievance officer and contact
For privacy questions, data subject requests, or grievance redressal under the DPDP Act 2023, please contact:
Prateek Saxena
Grievance Officer, Sakuraj Technologies Pvt. Ltd.
prateek@bharatreachdsp.com
+91 8302680873
101 Kalwar Road, Jhotwara, Jaipur, Rajasthan, India 302012
We aim to acknowledge every privacy request within 7 days and resolve it within 30.