Version 1.0Effective: 05 February 2026

Privacy Policy

Last Updated: 04 February 2026
Effective Date: 05 February 2026
Version: 1.0

1. Who We Are

Welcome to Seer, an offline-first salon management platform designed for salons and spas in Tamil Nadu, India.

This Privacy Policy explains how Indraveen Technologies ("we", "us", "our", or "Company") collects, uses, stores, and protects your personal data when you use our Progressive Web Application and website (collectively, the "Service").

Company Details:

Legal Name: Indraveen Technologies
Registered Address: G1, Block No 7 & 13, Sumeru City, IAF Road, Selaiyur, Chennai - 600073, Tamil Nadu, India
GSTIN: 33AJXPM3656L1ZH
Contact Email: support@indraveentech.in
Privacy Email: support@indraveentech.in

This Privacy Policy is drafted in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and applies to all users of Seer within India and internationally.

2. Important: Understanding Data Roles

2.1 When You (Salon Owner) Use Seer

You are the Data Fiduciary for customer data you enter. We are the Data Processor acting on your behalf.

This means:

You control what customer data you collect (names, phone numbers, service history).
You are responsible for obtaining consent from your customers if required.
You must handle data subject requests (access, deletion, correction) from your customers.
We process this data solely based on your instructions through the app.

Your Obligations:

Maintain appropriate records of customer services and transactions.
Handle customer complaints and data requests directly.
Comply with DPDPA 2023 in your capacity as Data Fiduciary.

Our Obligations:

Process your customer data only as instructed by you through the app.
Implement security measures to protect the data.
Not use customer data for our own purposes.
Assist you with data subject requests when technically feasible.

2.2 When We Collect Your Business Account Data

We are the Data Fiduciary for your salon owner account information. You are the Data Principal (the person whose data we process).

This applies to:

Your name, email, phone number.
Your salon details (shop name, address, staff names).
Your usage data, billing information, and app activity.

For this data, we are responsible for DPDPA compliance, and you have rights under Section 3 and 6 of this policy.

2.3 Indemnification

You agree to indemnify and hold Indraveen Technologies harmless from any claims, damages, losses, or legal actions arising from:

Your failure to obtain proper consent from your customers when required.
Your misuse of customer data entered into Seer.
Your violation of DPDPA 2023 or other applicable laws.
Unauthorized access to customer data due to your failure to secure your account.

We are not liable for how you collect, use, or share your customer data outside of Seer's intended functionality.

3. Information We Collect

3.1 Account & Authentication Data (Salon Owner Only)

What we collect:

Full name
Email address
Phone number (for account recovery)
Password (stored as hashed value using bcrypt - we never see your plain password)
Google account information (if you sign in with Google OAuth)

Why we collect it:

To create and manage your owner account.
To authenticate your login.
To send critical notifications (password resets, subscription alerts).

Important: Your email address is your login credential and cannot be removed while your account is active. If you wish to stop receiving emails, you must delete your account (see Section 5.3).

Legal basis: Performance of contract (DPDPA 2023, Section 7).

3.2 Business Profile Data

What we collect:

Salon/spa name and address.
Business phone number.
Staff names and their commission rates.
Services offered and pricing.

Why we collect it:

To enable multi-staff commission tracking.
To generate service records and reports.
To customize the app for your business type.

Legal basis: Performance of contract (DPDPA 2023, Section 7).

3.3 Customer Records (You Control This Data)

What you enter into Seer:

Your customers' names and phone numbers (optional).
Service history and transaction records.
Payment records.

Important: We process this data on your behalf. You are responsible for obtaining consent from your customers when required by law.

Why we process it:

To enable you to track services and staff performance.
To generate weekly settlement reports.
To maintain service history for your records.

Legal basis: Processing on behalf of Data Fiduciary (you) - DPDPA 2023.

3.4 Service & Transaction Data

What we collect:

Service details (date, time, service type, price).
Staff who performed the service.
Payment method (cash/online) and amounts.
Commission calculations.
Service status (completed/cancelled).

Why we collect it:

To help you manage salon operations.
To calculate staff commissions automatically.
To generate weekly settlement reports.
To provide complete audit trail (no deletion, only cancellation).

Legal basis: Performance of contract (DPDPA 2023, Section 7).

3.5 Device & Usage Data

What we automatically collect:

Device type, browser type/version, OS.
Screen resolution (to optimize PWA layout).
App usage patterns (feature usage, error logs).

What we DO NOT collect:

GPS location data.
IP addresses (not logged or stored).
Browsing history outside Seer.
Contact lists or other phone data.

Legal basis: Legitimate interests (DPDPA 2023, Section 7).

3.6 Cookies & Local Storage

What we use:

Better Auth Session Cookie: Essential cookie to keep you (owner) logged in. Contains an encrypted session token and expires when you log out or after 30 days of inactivity.
IndexedDB Storage: Staff devices store data locally using browser IndexedDB for offline functionality. This data syncs automatically when online. Owner data is stored on server.

Important for Staff: Local data on staff devices is not encrypted at rest by the app. Use device security features (PIN, password, biometric lock).

Cookie Banner: We do not require a cookie consent banner because we only use essential cookies necessary for the Service to function.

3.7 Payment Information

What we collect:

Subscription plan, billing cycle, payment status.
Razorpay Customer ID and Subscription ID.

What we DO NOT collect or store:

Credit card numbers, CVV codes, expiry dates, or bank account details.

Why: All payment processing is handled securely by Razorpay (PCI-DSS compliant). We never see or store your payment card details.

4. How We Use Your Data

We use your personal data only for the following purposes:

4.1 Service Delivery

Create and manage salon owner accounts.
Enable offline-first service logging for staff.
Sync data across owner and staff devices.
Calculate staff commissions automatically.
Generate weekly settlement reports.
Process subscription payments.
Provide customer support.

4.2 Communication

Send transactional emails (subscription expiring, password reset).
Send important service updates (maintenance, security, policy changes).
Send promotional emails about new features (only if you opt in).

4.3 Legal Compliance

Maintain transaction records for 7 years (as required by Indian Income Tax Act).
Respond to lawful requests from authorities.
Enforce our Terms of Service.

4.4 Analytics & Improvement (Future)

We may implement analytics tools in the future. If we add these tools, we will update this Privacy Policy and notify you.

We will NEVER sell your data to third parties, use your data for advertising, or share data with marketers.

5. Your Rights Under DPDPA 2023

As a Data Principal (salon owner), you have the following rights:

5.1 Right to Access

Request a summary of personal data we process about you, or a copy of your data in JSON format.

How to exercise: Go to Settings → Export Data, or email support@indraveentech.in

5.2 Right to Correction

Request correction of inaccurate or incomplete personal data.

How to exercise: Edit your profile in Settings, or email support@indraveentech.in

5.3 Right to Erasure (Right to be Forgotten)

Request deletion of your account and personal data. We will delete your account within 30 days.

Note: We retain transaction history for 7 years to comply with Indian tax laws. Personal identifiers will be anonymized after this period.
How to exercise: Email support@indraveentech.in with subject "Account Deletion Request".

5.4 Right to Data Portability

Export your business data (services, staff records, commissions) in XLSX format anytime.

How to exercise: Go to Settings → Export Data (even after subscription expires).

5.5 Right to Withdraw Consent

You can withdraw consent for marketing emails or optional features at any time.

5.6 Right to Nominate

You may nominate another person to exercise your rights in the event of your death or incapacity (as per DPDPA 2023, Section 9).

How to nominate: Email support@indraveentech.in with nominee details.

6. Grievance Redressal & Complaints

6.1 Grievance Officer

If you have any concerns about how we handle your personal data, contact our Grievance Officer:

Name: Data Protection Officer, Indraveen Technologies
Email: support@indraveentech.in
Response Time: We will acknowledge your grievance within 7 working days and provide a resolution within 90 days.

6.2 Complaint to Data Protection Board

If you are not satisfied with our response, you have the right to file a complaint with the Data Protection Board of India via their official portal (once operational).

7. Data Sharing & Third-Party Services

We share your data only with essential service providers required to operate Seer. We do not sell, rent, or trade your data.

7.1 Service Providers

Payment Gateway: Razorpay (India). PCI-DSS Level 1 compliant.
Cloud Hosting & Database: Neon Database, Railway (Singapore/India). SOC 2 Type II compliant.
Email Service: Resend (US/India). GDPR/SOC 2 compliant.
Authentication: Google OAuth (Global).

7.2 International Data Transfers

Your data may be stored and processed on servers located in Singapore and globally. We ensure that international transfers comply with DPDPA 2023 cross-border data transfer requirements.

8. Data Security & Storage

8.1 Security Measures We Implement

Encryption in Transit: TLS 1.3 (HTTPS).
Password Security: Hashed using bcrypt.
Database Security: Encryption at rest (AES-256).
Backups: Encrypted backups stored securely.

8.2 Offline-First Architecture & Device Security (Critical)

Seer is an offline-first Progressive Web App designed for staff to work without internet.

Owner Data: Stored on server, accessible from any device.
Staff Data: Stored locally on staff devices using IndexedDB, syncs when online.
Local data on staff devices is not encrypted at rest by the Seer app.
If someone gains physical access to an unlocked staff device, they may be able to view locally stored data.

Your Responsibility (for staff devices):

Use a strong PIN, password, or biometric lock on all staff devices.
Enable device-level encryption.
Do not leave devices unlocked in public areas.

9. Data Retention Policy

9.1 While Your Account is Active

Account & Business Data: Retained indefinitely.
Service Records: Retained for the duration of your subscription + 7 years for tax compliance.

9.2 After Account Deletion

Grace Period: 30 days to cancel deletion.
Anonymization: After 30 days, identifiers are removed.
Tax Compliance: Transaction history is retained for 7 years (Indian Income Tax Act), then permanently deleted.

9.3 After Subscription Expires

You can still login and export all your data in XLSX format even after subscription expires.
Data is retained until you request deletion.

10. Data Breach Notification

In the event of a personal data breach, we will:

Notify the Data Protection Board of India and affected users within 72 hours (or as prescribed by law).
Assess the impact and take immediate containment measures.
Notify you via email with details of the breach and protective steps you can take.

11. Children's Privacy

Seer is intended for business owners aged 18 years or older. We do not knowingly collect personal data from minors. If discovered, such accounts will be deleted immediately.

12. Marketing Communications & Opt-Out

Transactional Emails: Mandatory (subscription alerts, security, resets). You cannot opt out unless you delete your account.
Promotional Emails: Optional. You can opt out via the "Unsubscribe" link or App Settings.

13. Changes to This Privacy Policy

We may update this policy to reflect legal or product changes.

Material Changes: We will notify you via email at least 30 days in advance.
Minor Changes: We will update the "Last Updated" date.

Continued use of Seer constitutes acceptance of the updated policy.

14. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts in Chennai, Tamil Nadu, India.

15. Contact Us

For questions or Data Subject Rights Requests, please contact:

Data Protection Officer
Indraveen Technologies
G1, Block No 7 & 13, Sumeru City, IAF Road,
Selaiyur, Chennai - 600073, Tamil Nadu, India

Email: support@indraveentech.in
Support Hours: Monday to Saturday, 10:00 AM to 8:00 PM IST

Version 1.0Effective: 05 February 2026

Privacy Policy

Last Updated: 04 February 2026
Effective Date: 05 February 2026
Version: 1.0

1. Who We Are

Welcome to Seer, an offline-first salon management platform designed for salons and spas in Tamil Nadu, India.

Company Details:

Legal Name: Indraveen Technologies
Registered Address: G1, Block No 7 & 13, Sumeru City, IAF Road, Selaiyur, Chennai - 600073, Tamil Nadu, India
GSTIN: 33AJXPM3656L1ZH
Contact Email: support@indraveentech.in
Privacy Email: support@indraveentech.in

This Privacy Policy is drafted in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and applies to all users of Seer within India and internationally.

2. Important: Understanding Data Roles

2.1 When You (Salon Owner) Use Seer

You are the Data Fiduciary for customer data you enter. We are the Data Processor acting on your behalf.

This means:

You control what customer data you collect (names, phone numbers, service history).
You are responsible for obtaining consent from your customers if required.
You must handle data subject requests (access, deletion, correction) from your customers.
We process this data solely based on your instructions through the app.

Your Obligations:

Maintain appropriate records of customer services and transactions.
Handle customer complaints and data requests directly.
Comply with DPDPA 2023 in your capacity as Data Fiduciary.

Our Obligations:

Process your customer data only as instructed by you through the app.
Implement security measures to protect the data.
Not use customer data for our own purposes.
Assist you with data subject requests when technically feasible.

2.2 When We Collect Your Business Account Data

We are the Data Fiduciary for your salon owner account information. You are the Data Principal (the person whose data we process).

This applies to:

Your name, email, phone number.
Your salon details (shop name, address, staff names).
Your usage data, billing information, and app activity.

For this data, we are responsible for DPDPA compliance, and you have rights under Section 3 and 6 of this policy.

2.3 Indemnification

You agree to indemnify and hold Indraveen Technologies harmless from any claims, damages, losses, or legal actions arising from:

Your failure to obtain proper consent from your customers when required.
Your misuse of customer data entered into Seer.
Your violation of DPDPA 2023 or other applicable laws.
Unauthorized access to customer data due to your failure to secure your account.

We are not liable for how you collect, use, or share your customer data outside of Seer's intended functionality.

3. Information We Collect

3.1 Account & Authentication Data (Salon Owner Only)

What we collect:

Full name
Email address
Phone number (for account recovery)
Password (stored as hashed value using bcrypt - we never see your plain password)
Google account information (if you sign in with Google OAuth)

Why we collect it:

To create and manage your owner account.
To authenticate your login.
To send critical notifications (password resets, subscription alerts).

Important: Your email address is your login credential and cannot be removed while your account is active. If you wish to stop receiving emails, you must delete your account (see Section 5.3).

Legal basis: Performance of contract (DPDPA 2023, Section 7).

3.2 Business Profile Data

What we collect:

Salon/spa name and address.
Business phone number.
Staff names and their commission rates.
Services offered and pricing.

Why we collect it:

To enable multi-staff commission tracking.
To generate service records and reports.
To customize the app for your business type.

Legal basis: Performance of contract (DPDPA 2023, Section 7).

3.3 Customer Records (You Control This Data)

What you enter into Seer:

Your customers' names and phone numbers (optional).
Service history and transaction records.
Payment records.

Important: We process this data on your behalf. You are responsible for obtaining consent from your customers when required by law.

Why we process it:

To enable you to track services and staff performance.
To generate weekly settlement reports.
To maintain service history for your records.

Legal basis: Processing on behalf of Data Fiduciary (you) - DPDPA 2023.

3.4 Service & Transaction Data

What we collect:

Service details (date, time, service type, price).
Staff who performed the service.
Payment method (cash/online) and amounts.
Commission calculations.
Service status (completed/cancelled).

Why we collect it:

To help you manage salon operations.
To calculate staff commissions automatically.
To generate weekly settlement reports.
To provide complete audit trail (no deletion, only cancellation).

Legal basis: Performance of contract (DPDPA 2023, Section 7).

3.5 Device & Usage Data

What we automatically collect:

Device type, browser type/version, OS.
Screen resolution (to optimize PWA layout).
App usage patterns (feature usage, error logs).

What we DO NOT collect:

GPS location data.
IP addresses (not logged or stored).
Browsing history outside Seer.
Contact lists or other phone data.

Legal basis: Legitimate interests (DPDPA 2023, Section 7).

3.6 Cookies & Local Storage

What we use:

Better Auth Session Cookie: Essential cookie to keep you (owner) logged in. Contains an encrypted session token and expires when you log out or after 30 days of inactivity.
IndexedDB Storage: Staff devices store data locally using browser IndexedDB for offline functionality. This data syncs automatically when online. Owner data is stored on server.

Important for Staff: Local data on staff devices is not encrypted at rest by the app. Use device security features (PIN, password, biometric lock).

Cookie Banner: We do not require a cookie consent banner because we only use essential cookies necessary for the Service to function.

3.7 Payment Information

What we collect:

Subscription plan, billing cycle, payment status.
Razorpay Customer ID and Subscription ID.

What we DO NOT collect or store:

Credit card numbers, CVV codes, expiry dates, or bank account details.

Why: All payment processing is handled securely by Razorpay (PCI-DSS compliant). We never see or store your payment card details.

4. How We Use Your Data

We use your personal data only for the following purposes:

4.1 Service Delivery

Create and manage salon owner accounts.
Enable offline-first service logging for staff.
Sync data across owner and staff devices.
Calculate staff commissions automatically.
Generate weekly settlement reports.
Process subscription payments.
Provide customer support.

4.2 Communication

Send transactional emails (subscription expiring, password reset).
Send important service updates (maintenance, security, policy changes).
Send promotional emails about new features (only if you opt in).

4.3 Legal Compliance

Maintain transaction records for 7 years (as required by Indian Income Tax Act).
Respond to lawful requests from authorities.
Enforce our Terms of Service.

4.4 Analytics & Improvement (Future)

We may implement analytics tools in the future. If we add these tools, we will update this Privacy Policy and notify you.

We will NEVER sell your data to third parties, use your data for advertising, or share data with marketers.

5. Your Rights Under DPDPA 2023

As a Data Principal (salon owner), you have the following rights:

5.1 Right to Access

Request a summary of personal data we process about you, or a copy of your data in JSON format.

How to exercise: Go to Settings → Export Data, or email support@indraveentech.in

5.2 Right to Correction

Request correction of inaccurate or incomplete personal data.

How to exercise: Edit your profile in Settings, or email support@indraveentech.in

5.3 Right to Erasure (Right to be Forgotten)

Request deletion of your account and personal data. We will delete your account within 30 days.

Note: We retain transaction history for 7 years to comply with Indian tax laws. Personal identifiers will be anonymized after this period.
How to exercise: Email support@indraveentech.in with subject "Account Deletion Request".

5.4 Right to Data Portability

Export your business data (services, staff records, commissions) in XLSX format anytime.

How to exercise: Go to Settings → Export Data (even after subscription expires).

5.5 Right to Withdraw Consent

You can withdraw consent for marketing emails or optional features at any time.

5.6 Right to Nominate

You may nominate another person to exercise your rights in the event of your death or incapacity (as per DPDPA 2023, Section 9).

How to nominate: Email support@indraveentech.in with nominee details.

6. Grievance Redressal & Complaints

6.1 Grievance Officer

If you have any concerns about how we handle your personal data, contact our Grievance Officer:

Name: Data Protection Officer, Indraveen Technologies
Email: support@indraveentech.in
Response Time: We will acknowledge your grievance within 7 working days and provide a resolution within 90 days.

6.2 Complaint to Data Protection Board

If you are not satisfied with our response, you have the right to file a complaint with the Data Protection Board of India via their official portal (once operational).

7. Data Sharing & Third-Party Services

We share your data only with essential service providers required to operate Seer. We do not sell, rent, or trade your data.

7.1 Service Providers

Payment Gateway: Razorpay (India). PCI-DSS Level 1 compliant.
Cloud Hosting & Database: Neon Database, Railway (Singapore/India). SOC 2 Type II compliant.
Email Service: Resend (US/India). GDPR/SOC 2 compliant.
Authentication: Google OAuth (Global).

7.2 International Data Transfers

Your data may be stored and processed on servers located in Singapore and globally. We ensure that international transfers comply with DPDPA 2023 cross-border data transfer requirements.

8. Data Security & Storage

8.1 Security Measures We Implement

Encryption in Transit: TLS 1.3 (HTTPS).
Password Security: Hashed using bcrypt.
Database Security: Encryption at rest (AES-256).
Backups: Encrypted backups stored securely.

8.2 Offline-First Architecture & Device Security (Critical)

Seer is an offline-first Progressive Web App designed for staff to work without internet.

Owner Data: Stored on server, accessible from any device.
Staff Data: Stored locally on staff devices using IndexedDB, syncs when online.
Local data on staff devices is not encrypted at rest by the Seer app.
If someone gains physical access to an unlocked staff device, they may be able to view locally stored data.

Your Responsibility (for staff devices):

Use a strong PIN, password, or biometric lock on all staff devices.
Enable device-level encryption.
Do not leave devices unlocked in public areas.

9. Data Retention Policy

9.1 While Your Account is Active

Account & Business Data: Retained indefinitely.
Service Records: Retained for the duration of your subscription + 7 years for tax compliance.

9.2 After Account Deletion

Grace Period: 30 days to cancel deletion.
Anonymization: After 30 days, identifiers are removed.
Tax Compliance: Transaction history is retained for 7 years (Indian Income Tax Act), then permanently deleted.

9.3 After Subscription Expires

You can still login and export all your data in XLSX format even after subscription expires.
Data is retained until you request deletion.

10. Data Breach Notification

In the event of a personal data breach, we will:

Notify the Data Protection Board of India and affected users within 72 hours (or as prescribed by law).
Assess the impact and take immediate containment measures.
Notify you via email with details of the breach and protective steps you can take.

11. Children's Privacy

Seer is intended for business owners aged 18 years or older. We do not knowingly collect personal data from minors. If discovered, such accounts will be deleted immediately.

12. Marketing Communications & Opt-Out

Transactional Emails: Mandatory (subscription alerts, security, resets). You cannot opt out unless you delete your account.
Promotional Emails: Optional. You can opt out via the "Unsubscribe" link or App Settings.

13. Changes to This Privacy Policy

We may update this policy to reflect legal or product changes.

Material Changes: We will notify you via email at least 30 days in advance.
Minor Changes: We will update the "Last Updated" date.

Continued use of Seer constitutes acceptance of the updated policy.

14. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts in Chennai, Tamil Nadu, India.

15. Contact Us

For questions or Data Subject Rights Requests, please contact:

Data Protection Officer
Indraveen Technologies
G1, Block No 7 & 13, Sumeru City, IAF Road,
Selaiyur, Chennai - 600073, Tamil Nadu, India

Email: support@indraveentech.in
Support Hours: Monday to Saturday, 10:00 AM to 8:00 PM IST