Privacy Policy

This Privacy Policy applies to services provided by Orderzo Technologies Private Limited (CIN: U62099TS2026PTC216704) ("Orderzo", "we", "us", "our") — a company incorporated in India under the Companies Act, 2013, with its registered office at:

For privacy concerns or data requests, contact us at chetan@orderzo.io with subject "DPDPA Request".

We collect the following categories of personal data:

From business owners (our customers):

• Mobile phone number (used as unique identifier)
• Business name, business type, business address (if provided)
• UPI ID (for receiving payments from your customers)
• Items / menu / pricing you create in the app
• Order and transaction records you create

From business owners' customers (data you enter):

• Customer name and phone number (entered by business owner)
• Order history and payment records

Automatic collection:

• IP address, browser type, device information
• Pages visited, features used, timestamps
• Crash logs and error reports (no personal content)

We use your data only for:

• Operating Orderzo — your account, orders, bills, payments, invoices
• Sending OTPs for phone verification at login
• Generating and storing PDF invoices
• Generating UPI payment links (using your UPI ID) to share with your customers
• Customer support requests you send us
• Improving the product (anonymized analytics)
• Legal compliance (tax records, audit trails)

We do NOT: sell your data to third parties, share it for advertising, or use it for purposes other than running Orderzo.

Under the Digital Personal Data Protection Act, 2023, we process your data based on:

• Consent — you sign up willingly and accept these terms
• Contract performance — to deliver the service you signed up for
• Legal obligation — tax records, regulatory filings
• Legitimate interest — security, fraud prevention, product improvement

To run Orderzo, we use these third-party providers, each with their own privacy policies. We disclose them per DPDP Act Section 5:

• Supabase Inc. — Database and file storage. All Orderzo data is hosted in AWS Mumbai (Asia Pacific - Mumbai region).
• Vercel Inc. — Web hosting and serverless functions for orderzo.io.
• Cloudflare Inc. — DNS routing and DDoS protection.
• Google Workspace — Our business email (info@orderzo.io, support@orderzo.io, chetan@orderzo.io).
• Razorpay Software Pvt Ltd — Payment processing for subscription billing. When you upgrade to a paid plan, your payment details (UPI ID, card, bank info) are processed by Razorpay directly. We never see or store your payment credentials. Razorpay privacy policy
• Meta Platforms (WhatsApp): When you send invoices via WhatsApp, we use wa.me deep links to open your WhatsApp app. We do not access WhatsApp message content — you communicate with your customer directly through your own WhatsApp account.

When we add new processors (such as SMS delivery via MSG91 or similar providers), we will update this list and notify users of material changes via email.

All Orderzo data is stored in AWS Mumbai (Asia Pacific - Mumbai region) via Supabase Cloud — kept exclusively within India, in line with the Digital Personal Data Protection Act, 2023.

• Encrypted in transit (HTTPS/TLS 1.3)
• Encrypted at rest (AES-256)
• Regular automated backups
• Access restricted to authorized personnel only
• Our infrastructure provider Supabase is SOC 2 Type II certified

We retain your data only as long as your account is active or as required by law.

• Active accounts: kept indefinitely while in use
• Deleted accounts: data removed within 90 days, except records required for tax/legal purposes (kept for 7 years per Indian tax law)
• Crash logs and analytics: 90 days

As an Indian Data Principal, you have the right to:

• Access — request a copy of your personal data
• Correction — fix incorrect data about yourself
• Deletion — ask us to delete your data
• Withdraw consent — at any time
• Grievance redressal — contact us first; if unsatisfied, escalate to the Data Protection Board of India
• Nominate — designate someone to exercise rights on your behalf

To exercise any of these rights, email our Grievance Officer at chetan@orderzo.io with subject "DPDPA Request" and your registered phone number. Erasure requests: responded within 7 days (per DPDP Act). Other requests: within 30 days.

Orderzo is built for businesses run by adults (18+). We do not knowingly collect data from anyone under 18. If you believe we have inadvertently collected data from a minor, contact us at info@orderzo.io and we will delete it.

We use minimal cookies — only what is needed to keep you logged in and to remember your preferences. We do not use advertising or tracking cookies. We use Vercel's built-in analytics (no personal data captured).

In case of any personal data breach, we will notify affected users within 72 hours via email and notify the Data Protection Board of India per DPDP Act requirements.

We may update this Privacy Policy when we add new features or to comply with new laws. Changes take effect when posted. We will notify users of material changes via email or in-app notice.

This Privacy Policy is governed by the laws of India. Any disputes are subject to exclusive jurisdiction of courts in Hyderabad, Telangana.