Skip to main content
Indostra
Back to Home

Privacy Policy

DPDP Act 2023 Compliant

Effective Date: September 27, 2025

1. Overview

Indostra Technologies Pvt. Ltd. (“Indostra”, “we”, “us”) is committed to protecting your privacy. This policy outlines how we handle your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian laws.

By using our services (QR ordering, KOT routing, payments), you consent to the data practices described in this policy.

2. Data We Collect

We collect only the data necessary to provide our restaurant operating system:

  • Business Data: Restaurant name, GSTIN, FSSAI license number, and address.
  • Personal Data (Account): Name, email address, and phone number of the account owner and staff members.
  • Customer Data (End Users): When a guest scans a QR code, we may collect temporary session data (table number, order items). We do not collect customer phone numbers unless they opt-in for digital receipts.
  • Payment Data: Transaction logs (Amount, Time, Method). Note: We do not store full Credit Card/UPI details. These are handled by RBI-compliant payment gateways (Razorpay/PhonePe).

3. How We Use Data

Your data is processed for specific, lawful purposes:

  • To process orders and route KOTs to the correct kitchen station.
  • To facilitate payments and generate GST-compliant invoices.
  • To communicate important service updates (e.g., downtime, new features).
  • To comply with legal obligations (tax audits, law enforcement requests).

4. Sharing & Disclosure

We do not sell your personal data. We may share data with trusted third parties strictly for service delivery:

  • Cloud Infrastructure: AWS/Google Cloud (Meity-empanelled servers in India).
  • Payment Processors: To verify transactions.
  • Communication: SMS/WhatsApp providers (for OTPs and alerts).

5. Your Rights

Under the DPDP Act, you act as the Data Principal and have the right to:

  • Access: Request a summary of your personal data processed by us.
  • Correction: Update inaccurate or misleading personal data.
  • Erasure: Request deletion of your data once the purpose is served (unless retention is required by law).
  • Grievance Redressal: Contact our Grievance Officer for any privacy concerns.

6. Security & Retention

We implement industry-standard security measures, including encryption in transit (TLS 1.2+) and at rest (AES-256). Access to personal data is restricted to authorized personnel on a need-to-know basis.

We retain data only as long as necessary. Upon account closure, business data is retained for 8 years as mandated by GST and Income Tax laws, after which it is securely archived or deleted.

7. Cookies & Trackers

We use essential cookies to keep you logged in and functional cookies to remember your preferences (e.g., dark mode, language). We use aggregated, anonymized analytics to improve platform performance.

8. Grievance Officer

In accordance with the IT Act 2000 and DPDP Act 2023, the contact details of the Grievance Officer are provided below:

Name: Privacy Officer, Indostra

Email: hello@indostra.com

Address: Koramangala, Bengaluru, Karnataka 560034, India