← Trust Center & Legal
Privacy & Data

Privacy Policy

What we collect, why, how long we keep it, and your rights under the DPDP Act, 2023.

Company: EcomSarthi Business Solutions LLP ("EcomSarthi", "we", "us", "our")
Product: Ecom10x — One Dashboard. Every Marketplace. (the "Platform" or "Service")
Effective Date: [EFFECTIVE_DATE — e.g., 1 August 2026] · Version: [VERSION — e.g., 1.0] · Next Review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]

1. Introduction

This Privacy Policy describes how EcomSarthi Business Solutions LLP processes personal data and business data when you use Ecom10x, a cloud-based multi-marketplace management platform for sellers on Amazon, Flipkart, Meesho and other marketplaces. We act primarily as a Data Fiduciary (as defined under the Digital Personal Data Protection Act, 2023, the "DPDP Act") for account data of our Users, and as a Data Processor / service provider for marketplace business data that Users connect to the Platform.

By creating an account or using the Platform you acknowledge this Policy. Where consent is the applicable legal basis, we obtain it as described in our User Consent Policy.

2. Definitions

  • "User" / "you" — the business entity and its authorised personnel using Ecom10x.
  • "Marketplace Data" — data obtained from marketplaces you connect (orders, inventory, listings, shipments, returns, settlements) via official APIs, official OAuth authorisation, or official seller-panel report files you upload.
  • "Personal Data" — data about an identifiable individual, as defined in the DPDP Act.
  • "Connected Account" — a marketplace seller account linked to Ecom10x by you.

3. Data We Collect

a) Account & business information: name, email, phone, business name, GST details, billing information, seller IDs.

b) Authentication data: OAuth tokens, access tokens and refresh tokens issued by marketplaces under their official authorisation flows. We never ask for, collect, or store your marketplace passwords.

c) Marketplace Data: orders, inventory, products, listings, prices, shipment information, returns, and settlement reports from Connected Accounts or files you upload.

d) Technical & usage data: device information, browser information, IP address, usage analytics, security logs, audit logs, and cookies (see Cookie Policy).

4. Purposes of Processing

We process data to: (i) provide, operate and secure the Service; (ii) synchronise orders, inventory, listings, prices, shipments, returns and settlements across Connected Accounts; (iii) generate analytics, profitability, reconciliation and business insights for you; (iv) provide support and communicate service notices; (v) detect fraud, abuse and security incidents; (vi) comply with law; and (vii) improve the Platform using aggregated, de-identified information.

We practise data minimisation: we request only the marketplace scopes and data fields needed for the features you use.

5. Legal Bases

We rely on: (a) your consent, obtained at signup and at each marketplace connection; (b) legitimate uses recognised under the DPDP Act, including processing necessary for the purpose for which you voluntarily provided data; and (c) legal obligations (e.g., tax and accounting laws).

6. Data Sharing

We do not sell personal data. We share data only with: (i) the marketplaces you connect, as necessary to execute your instructions through their official APIs; (ii) our vetted subprocessors (hosting, database, email, communications — see Subprocessor Policy) under contractual confidentiality and security obligations; (iii) your own team members according to the roles and permissions you configure; (iv) professional advisers and authorities where required by law; and (v) a successor entity in a merger or acquisition, subject to this Policy.

7. Security

We protect data using HTTPS/TLS encryption in transit, encryption at rest, secure token storage, role-based access control, least-privilege access, audit logging, access monitoring, automatic session logout, API rate limiting and fraud detection. Details are set out in the Security Policy. No method of transmission or storage is absolutely secure; we cannot guarantee absolute security, but we maintain commercially reasonable safeguards appropriate to the risk.

8. Data Retention

We retain data as described in the Data Retention Policy: in summary, for as long as your account is active plus a limited wind-down period, or as required by Indian law. Marketplace tokens are deleted promptly on disconnection (see Data Deletion Policy).

9. Your Rights

Subject to the DPDP Act, you (and, where applicable, individuals whose personal data you provide) have the right to: access a summary of personal data processed; correct or update inaccurate data; erase personal data no longer required; nominate a person to exercise rights in case of death or incapacity; withdraw consent (which may limit Service functionality); and raise a grievance. Requests may be made to [PRIVACY_EMAIL — e.g., privacy@ecom10x.in]; we respond within timelines prescribed under applicable law.

10. Children

Ecom10x is a business tool and is not directed at children. We do not knowingly process personal data of individuals under 18 except incidentally within business records you upload.

11. Cross-Border Transfers

Data may be processed on cloud infrastructure located outside India where permitted by the DPDP Act and applicable rules. We apply the same protections regardless of location and honour any government-notified restrictions on transfers to specific territories.

12. Grievance Officer

[GRIEVANCE_OFFICER_NAME], Grievance Officer
EcomSarthi Business Solutions LLP, [REGISTERED_OFFICE_ADDRESS OF ECOMSARTHI BUSINESS SOLUTIONS LLP]
Email: [GRIEVANCE_OFFICER_EMAIL — e.g., grievance@ecom10x.in]. We acknowledge grievances within 48 hours and aim to resolve them within timelines required under applicable law.

13. Changes

We may update this Policy from time to time. Material changes will be notified by email or in-product notice at least 15 days before taking effect. The version and effective date above always reflect the current Policy.

Governing Law & Dispute Resolution

This document is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, without regard to conflict-of-law principles.

Any dispute arising out of or in connection with this document shall first be attempted to be resolved amicably through good-faith negotiation within thirty (30) days of written notice. Failing amicable resolution, the dispute shall be referred to arbitration by a sole arbitrator appointed in accordance with the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be [JURISDICTION_CITY — e.g., New Delhi], India, and proceedings shall be conducted in English. Subject to the foregoing, the courts at [JURISDICTION_CITY — e.g., New Delhi], India shall have exclusive jurisdiction.

Contact

EcomSarthi Business Solutions LLP
[REGISTERED_OFFICE_ADDRESS OF ECOMSARTHI BUSINESS SOLUTIONS LLP]
Support: [SUPPORT_EMAIL — e.g., support@ecom10x.in] · Legal: [LEGAL_EMAIL — e.g., legal@ecom10x.in] · Phone: [SUPPORT_PHONE_NUMBER]