Privacy Policy

Account & identity: phone number, name, business/shop details, and (for some sign-in flows) email address.

Workforce data you add: employee profiles, attendance entries, leave records, salary settings, and related notes you choose to store.

AI Chat inputs: questions you ask and the context required to answer them (for example, attendance/salary queries). We store chat queries and responses to improve reliability and to help you review history.

Verification & security data: one-time passwords (OTPs) and verification metadata (timestamps, rate-limit events). We do not store SMS content beyond what is required to operate OTP verification.

Location (mobile app): when you mark attendance, the app may capture your device location to verify you are at the shop. Location is used only at the moment of marking attendance; we do not track location in the background.

Contacts (mobile app): if you choose to add a customer to your khata ledger from your phone contacts, we use the specific contact you select. We do not upload your full address book.

Camera & photos (mobile app): images you capture or pick to attach to attendance entries and KYC documents. We access the camera and photo library only when you start one of these actions.

Push notifications (mobile app): a device push token (issued by Apple/Google) so we can send attendance, leave, and salary alerts. You can disable notifications in your device settings at any time.

Payments: payment status and transaction metadata from payment providers (for example, order IDs, timestamps, and plan information). We do not store full card details on our servers.

Device/usage data: basic diagnostics and logs (such as request identifiers, IP address, browser/device type, and error logs) to keep Services secure and working.

We use the information to:

• Provide and operate the Services (login, dashboards, and records).
• Send OTPs and prevent abuse (rate limiting and fraud prevention).
• Process subscriptions and payment verification.
• Provide customer support (including WhatsApp support, if used).
• Improve features and reliability (analytics and debugging).
• Comply with legal obligations and enforce our terms.

We share information only as needed to provide the Services, such as with:

• Infrastructure providers (hosting, databases, logging).
• SMS/verification providers to send OTPs.
• Payment processors to create orders, verify payments, and manage subscriptions.
• AI service providers when you use AI Chat (we send only what’s needed to answer your request).

We may disclose information if required by law, to protect rights and safety, or to prevent fraud and abuse.

Depending on how you access the Services, we may use subprocessors that process limited technical or usage data on our behalf, for example:

• Vercel — hosting, edge delivery, and backend compute for the web app and API.
• Twilio — sending one-time passwords (OTPs) over SMS and WhatsApp notifications (uses your phone number and the message content).
• Cashfree — Aadhaar offline eKYC verification. When an employee chooses to verify, the Aadhaar number and OTP are sent to Cashfree to confirm identity; we retain only a masked form and the verification result, never the full number.
• Razorpay — processing subscription payments and verifying transactions.
• Anthropic (Claude) and Google (Gemini) — generating AI Chat responses; we send only the context needed to answer your request.
• Cloudflare R2 — secure object storage for files you upload (KYC documents, attendance photos) and generated invoice PDFs.
• Expo — delivering push notifications through Apple and Google push services (uses a device push token).
• Sentry — error monitoring and crash reporting (diagnostic data, with sensitive fields redacted).
• Vercel Analytics and Vercel Speed Insights — on our website only: page views and Web Vitals-style performance metrics to understand reliability and speed.

These tools are configured for service improvement and security; they are not used to sell personal data. Where a subprocessor cannot meet our instructions, we will change providers or adjust processing.

If you use Arth Saathi as an employee of a business, your employer is usually the primary decision-maker for workforce records (such as attendance and salary inputs). We process that information on behalf of the business to provide the product, as described in this policy and in your employer’s own notices where they apply.

The mobile app requests device permissions only for the features that need them. Each is optional and can be granted or revoked in your device settings:

• Location — to verify you are at the shop when marking attendance (used only at that moment, not in the background).
• Camera & photos — to capture or attach images for attendance and KYC documents.
• Contacts — to add a selected customer to your khata ledger.
• Notifications — to send attendance, leave, and salary alerts.

Denying a permission only disables that specific feature; the rest of the app continues to work.

We keep data for as long as needed to provide the Services and for legitimate business purposes (such as security, dispute resolution, and compliance). In general, workforce records you create (such as employees, attendance, leaves, and salary settings) are retained while your account is active. Security/verification data (such as OTP metadata and abuse-prevention logs) is retained for shorter periods. Owner AI chat messages and related analytics may be stored to operate the assistant and improve reliability; we apply rolling deletion on a schedule aligned with our internal retention policy. You can request export or deletion of your account data, subject to legal requirements and backup retention windows.

We use reasonable technical and organizational safeguards to protect data. No system is 100% secure, so please use strong passwords and keep your devices secure.

• Access and update your profile/business information.
• Request export or deletion of data (where applicable).
• Opt out of non-essential communications (if any).

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children.

We may update this policy from time to time. We will post the latest version on this page and update the effective date.

If you have questions or requests about privacy, contact us via the in-app support channel.