1. Introduction
Kredo Analytics Private Limited ("Company", "we", "us") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect personal information when you make payments through Kredo Lens.
2. Information We Collect
| Data | Purpose | Required |
|---|---|---|
| Full Name | Invoice generation, identification | Yes |
| Invoice delivery, confirmations | Yes | |
| Phone | Razorpay checkout, notifications | Yes |
| Billing Address | GST invoice compliance | Yes |
| GSTIN | B2B invoicing | Optional |
| IP Address | Fraud prevention, audit | Auto |
We do NOT store: card numbers, CVV, UPI PIN, or net banking credentials. These are processed directly by Razorpay (PCI DSS Level 1 certified).
3. How We Use It
- Payment Processing — create orders, process via Razorpay
- Invoice Generation — GST-compliant invoices
- Invoice Delivery — email invoices and confirmations
- Accounting — sync with Zoho Books for GST filing
- Audit & Security — maintain audit trail
We do not use your data for marketing, advertising, or profiling.
4. Third-Party Services
- Razorpay — payment gateway (name, email, phone)
- AWS S3 — encrypted invoice storage (ap-south-1)
- Zoho Books — accounting sync
We do not sell, rent, or trade your personal information.
5. Data Security
- AES-256-GCM encryption for secrets at rest
- HTTPS/TLS for all communication
- HMAC-SHA256 request signing
- Per-tool rate limiting
6. Data Retention
- Transaction records: 8 years (Indian tax law)
- Invoice PDFs: 8 years
- Audit logs: 3 years
- Failed payments: 1 year, then anonymised
7. Your Rights
You may access, correct, or request deletion of your data (subject to legal retention). Email support@kredo.in with subject "Data Request".
8. Grievance Officer
Kredo Analytics Private Limited
Email: support@kredo.in
Bengaluru, Karnataka, India
Concerns addressed within 30 days.