๐ฅ
Section 01
Information We Collect
๐คAccount Information
Name, email address, and password (hashed โ never stored in plain text).
๐ชStore Information
Your Shopify store URL, product catalog, collections, and inventory data.
๐Usage Data
Pages visited, features used, conversation logs, and analytics from Krato sessions.
๐ณPayment Information
Billing details processed by Razorpay. Raw card numbers are never stored on our servers.
๐ฌConversation Data
Messages between your store visitors and Krato, plus purchase intent signals.
๐Technical Data
IP address, browser type, device information, and session identifiers.
โ๏ธ
Section 02
How We Use Your Information
๐คProvide, operate, and improve Krato and the MahanX platform
๐ฏPersonalise the AI experience for your store and customers
๐ฐProcess transactions and send related GST tax invoices
๐Send technical notices, security alerts, and support messages
๐Generate analytics and insight reports for your dashboard
๐Monitor and analyse trends to improve our services
๐ก๏ธDetect, investigate, and prevent fraudulent transactions and illegal activities
โ๏ธComply with our legal obligations under applicable law
๐
We do not use your data for advertisingKrato data is used exclusively to operate the service and improve AI performance for your specific store. We never serve ads or share data for advertising purposes.
๐
Section 04
Data Storage & Security
Your data is stored on secure servers (Microsoft Azure, India region). We implement industry-standard security measures:
๐
TLS/SSL
All data encrypted in transit
๐ก๏ธ
AES-256 Fernet
Sensitive data encrypted at rest
๐
Security Audits
Regular vulnerability assessments
๐ค
RBAC
Role-based internal access controls
โฑ๏ธ
Rate Limiting
Protection on all API endpoints
๐งน
Input Sanitization
SQL injection & XSS prevention
โน๏ธ
While we take reasonable precautions, no method of internet transmission is 100% secure. We will notify you of any breach that affects your personal data within 72 hours as required by law.
โณ
Section 05
Data Retention
We retain your account information while your account is active. If you close your account, your personal data is removed within 30 days, except where:
โบWe are required to retain it by applicable law (e.g., GST records for 7 years)
โบIt is necessary to resolve active disputes or enforce agreements
โบConversation analytics have been anonymised and aggregated (may be retained indefinitely)
๐ง
Request deletion anytimeEmail support@mahanx.in to request immediate deletion of your personal data. We respond within 30 days.
โ๏ธ
Section 07
Your Rights
Under GDPR and India's DPDP Act 2023, you have the following rights regarding your personal data:
๐๏ธAccess
Request a copy of the personal data we hold about you
โ๏ธCorrection
Request correction of inaccurate or incomplete data
๐๏ธDeletion
Request deletion of your personal data (subject to legal obligations)
๐ฆPortability
Request a machine-readable export of your data (ZIP format)
๐ซObjection
Object to how we use your data for marketing purposes
โธ๏ธRestriction
Request that we restrict processing of your data
๐ง
Exercising your rightsEmail support@mahanx.in to exercise any right. We respond within 30 days. We comply with GDPR and the DPDP Act 2023.
๐ถ
Section 08
Children's Privacy
Krato is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.
๐จ
If we learn a minor has provided dataWe will delete it promptly upon discovery. If you believe your child's data has been collected, contact us immediately at support@mahanx.in.
๐ฌ
Privacy questions?
Email support@mahanx.in ยท We respond within 24h on business days.