Privacy Policy

Effective date: 13 June 2026 · Last updated: 01 March 2026

BizSathi ("we", "our", "us") operates the platform at bizsathi.com — a commission-based B2B sales network connecting Indian manufacturers and product companies with independent sales agents. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it.

We are an early-stage startup committed to handling your data responsibly. This policy is prepared in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). By registering on BizSathi you acknowledge that you have read and agreed to this policy.

1. Who We Are

BizSathi is the Data Fiduciary under the DPDP Act. For any privacy queries or complaints, contact us at:

Email: privacy@bizsathi.com

Website: bizsathi.com

Response time: Within 30 days of receiving a complaint

2. Data We Collect

We collect personal data that you provide directly and data generated by your use of the platform.

2.1 Account Data

Full name, email address, and mobile phone number
Password (stored as a one-way bcrypt hash — we cannot see your password)
Role: Company or Sales Agent

2.2 Identity Verification (KYC) — Sensitive Personal Data

To verify identity and comply with financial regulations, sales agents must submit:

PAN number and a scan of the PAN card
Aadhaar number and a scan of the Aadhaar card

Sensitive data notice: PAN and Aadhaar details are stored AES-256 encrypted at rest on AWS S3 (Mumbai region) and are only accessible to our team for verification purposes.

2.3 Business / Company Data

Company name, registered address, state, and GSTIN
Supporting documents: GST certificate, PAN card, incorporation certificate, bank statement
Product catalogue: name, description, price, commission percentage, images

2.4 Lead and Sales Data

Prospect details submitted as leads: name, phone, email, address, city
Lead status updates, notes, follow-up dates, and messages
Commission amounts, payment references, TDS information

2.5 Technical Data

IP address (used for rate-limiting and abuse prevention only)
Browser / device type via standard HTTP headers
Authentication tokens (short-lived JWTs; refresh tokens stored server-side)
Application logs for security auditing (retained for 90 days)

3. How We Use Your Data

Purpose	Legal basis (DPDP Act)
Create and manage your account	Consent at registration
Verify your identity (KYC review)	Consent + legitimate purpose (compliance)
Match sales agents with companies and products	Performance of contract
Track leads, commissions, and payouts	Performance of contract
Send OTP, transactional emails, and payment notifications	Consent + contract
Detect fraud, abuse, and enforce rate limits	Legitimate purpose (security)
Generate TDS certificates and financial reports	Legal obligation
Improve platform features	Legitimate purpose (aggregated, anonymised data)

We do not sell your personal data, use it for advertising, or share it for purposes unrelated to operating the platform.

4. Third-Party Service Providers

We share data with the following providers only to the extent necessary for their service:

Provider	Purpose	Data shared
Amazon Web Services (AWS)	Cloud hosting, file storage (S3 — Mumbai), email delivery (SES)	All platform data stored in AWS ap-south-1
Razorpay	Payment processing	Commission amounts and transaction IDs
MSG91	OTP SMS and WhatsApp notifications	Mobile phone number, message text

AWS stores data exclusively in the ap-south-1 (Mumbai) region — your data does not leave India.

5. Data Security

All files (KYC documents, company documents) are encrypted with AES-256 before upload to S3.
Sensitive database fields (PAN, Aadhaar numbers) are stored encrypted.
All data in transit is protected by TLS 1.2+.
Files are served via short-lived signed URLs — no permanent file links.
Passwords are hashed with bcrypt (cost 12).
Rate limiting is applied to all authentication endpoints.

If you discover a security vulnerability, please report it to security@bizsathi.com.

6. Data Retention

Data category	Retention period
Account data (name, email, phone)	Duration of account + 3 years after closure
KYC documents (PAN, Aadhaar scans)	5 years (financial regulations)
Commission and payout records	7 years (Income Tax Act)
Lead data	Duration of active engagement + 2 years
Application / security logs	90 days
Audit logs	1 year

After the retention period, data is securely deleted or anonymised.

7. Your Rights under the DPDP Act, 2023

As a Data Principal you have the following rights:

→

Right to access: Request a summary of the personal data we hold about you.

→

Right to correction: Ask us to correct inaccurate or incomplete personal data.

→

Right to erasure: Request deletion of your data, subject to legal retention obligations.

→

Right to grievance redressal: Lodge a complaint with us; if unresolved, escalate to the Data Protection Board of India.

→

Right to nominate: Nominate someone to exercise your rights on your behalf.

→

Right to withdraw consent: Withdraw consent at any time — this does not affect prior lawful processing.

To exercise any right, email privacy@bizsathi.com with the subject "Data Rights Request". We will respond within 30 days.

8. Children's Privacy

BizSathi is intended for adults (18+). If you believe a minor has registered, contact us at privacy@bizsathi.com and we will delete the account immediately.

9. Changes to This Policy

We may update this policy as BizSathi grows. Material changes will be notified by email at least 15 days before they take effect. Continuing to use BizSathi after that date means you accept the updated policy.

10. Contact

Privacy queries: privacy@bizsathi.com

Security issues: security@bizsathi.com

Website: bizsathi.com

If your complaint is not resolved within 30 days, you may escalate to the Data Protection Board of India once constituted under the DPDP Act, 2023.

Terms and Conditions Cookie Policy Log in Home