Privacy policy
Your data, in your control.
Last updated: 2026-05-10 · India operations
SellerDost ("we", "us") is operated by SMEMinds Technologies. This policy explains what personal data we handle when you use SellerDost — the marketing site, the dashboard at saarthi.smeminds.com, and the Saarthi assistant — and the rights you have under India's Digital Personal Data Protection Act, 2023 ("DPDPA").
1. What we collect
Account data: the email address and WhatsApp number you give us at signup, your business name, GSTIN(s), legal name, registered address, and the marketplace(s) you sell on.
Marketplace data: orders, returns, inventory, settlements, sponsored-ads reports — whatever you upload from Amazon Seller Central, Flipkart Seller Hub, or Myntra Studio. Once SP-API / Marketplace API integrations are live (separate consent step), we also pull this directly with your authorisation.
Saarthi conversations: the messages you send and receive through the WhatsApp bot or the in-app chat widget. Voice notes are transcribed by Sarvam AI / OpenAI Whisper; the audio is stored securely and deleted when you erase your account.
Operational metadata: IP address, user-agent, timestamps for every sensitive change (audit log). Sparingly used for security and abuse-detection.
2. How we use it
- To run the dashboards, KPIs, alerts, GSTR-1 generation, and Saarthi answers.
- To compose the morning brief and surface anomalies (low stock, return spikes, reimbursement opportunities, settlement mismatches).
- To bill the subscription on the tier you selected.
- To debug failures (audit log, server-side error monitoring).
We do not sell your data, share it with Amazon / Flipkart / Myntra outside what those platforms' APIs require, share it with your CA, or use it to train public-facing AI models. The Saarthi system uses your data only to answeryour questions in your account.
3. Where it lives
Hosted on Microsoft Azure in India (Central India / Pune region) — your application data and database never leave Indian data centres for routine operations. The only outbound data flows are:
- Anthropic Claude API (us-east-1) for Saarthi reasoning. We send the message you typed plus the relevant query results Saarthi needs to answer it — that includes your own business identifiers (GSTINs, ASINs, order IDs), rupee amounts, supplier names, and any text you yourself wrote into the conversation. We do not send payment-instrument data (we don't hold any). Anthropic processes this under a data-processing agreement; messages are not used to train their public models.
- Sarvam AI (Bengaluru) for Hindi STT/TTS — your voice notes go to Sarvam and are transcribed back to text we hold.
- OpenAI Whisper (us-east-1) as STT fallback when Sarvam is unavailable — same data, same DPA-bound treatment.
- Meta WhatsApp Business Cloud API (multi-region, including India) for message delivery.
Each is gated by contractual data-processing agreements and used only for the immediate operation. No cross-customer data sharing.
4. Retention
- Audio uploads (voice notes, Saarthi voice replies) — retained while your account is active; deleted when you erase your account.
- CSV uploads — the original raw file and the derived structured data (orders, returns, etc.) are retained while your account is active, so your historical analysis keeps working; both are deleted when you erase your account.
- Account + business data — retained while your account is active. After you close it, we delete or anonymise within 30 days, except where retention is required by law (GST records: 6 years).
- Audit log — retained 24 months minimum for DPDPA + ISO 27001 readiness.
5. Lawful basis for processing
Under DPDPA §6 we process your data on the lawful basis of consent for sign-up, billing, marketplace integrations, Saarthi conversations, and marketing communications. We rely on the certain legitimate uses ground (DPDPA §7) only for: server-side error monitoring, fraud / abuse detection, audit-log retention, and responding to lawful requests from Indian regulators or law-enforcement. We do not invoke any "legitimate interest" basis broader than this.
6. Automated decision-making (DPDPA §8)
Saarthi uses LLM-driven analysis to surface recommendations (low stock, return spikes, reimbursement gaps, ad-spend anomalies). These are advisory — every recommendation is human-reviewable in /dashboard, can be dismissed or marked done, and produces no automated action against your marketplace account, your bank, or any third party without your explicit confirmation. We do not run automated pricing changes, automated PO creation, or any other action with legal or significant effect on you without a human-in-the-loop.
If at any point we add a feature with autonomous decisions of legal or significant effect, you will be notified at least 14 days in advance, the feature will be opt-in, and we will offer human review of any decision on request.
7. Your rights under DPDPA
- Access — see what we hold on you. Email privacy@sellerdost.com.
- Correction — fix anything inaccurate. Most fields are self-serve in /settings.
- Erasure — self-serve via Settings → Danger Zone → "Delete my account". A 7-day grace window starts on request; you can cancel any time before it ends. At day 7 the purger runs: your PII (name, email, phone) is anonymised; Saarthi conversations are hard-deleted; CSV uploads and raw storage objects are deleted. GST records are retained 6 years per CGST Act §35(1); audit logs and consent records are retained 24 months per DPDPA §8(6) breach-notification readiness. If you can't access the Settings page (account locked, etc.), email privacy@sellerdost.com from your registered email and we'll process within 30 days.
- Withdraw consent — granular per-purpose toggles live at Settings → Privacy & Consent (Saarthi reasoning, voice STT, marketing channels). For WhatsApp messages specifically, you can also reply STOP / UNSUBSCRIBE from the same WhatsApp number on file and we silence the channel immediately.
- Grievance — write to our DPO at dpo@sellerdost.com. We respond within 7 working days.
8. Children
SellerDost is for businesses. We do not knowingly process data of children under 18. If you believe a child has signed up, contact privacy@sellerdost.com and we'll delete the account.
9. Changes to this policy
We'll email registered users at least 14 days before any material change takes effect. The date at the top of this page reflects the most recent version.
10. Contact
SMEMinds Technologies, Mumbai · privacy@sellerdost.com