Uplyft
← Back to siteLogin

Business HQ — Privacy Policy

Last updated: On publication / launch

Data Fiduciary: Uplyft, a sole proprietorship registered under Udyam/MSME, Bangalore, Karnataka, India ("Uplyft", "we", "us").

Product: "Business HQ" (the "Service").

Contact: admin@uplyft.in · +91 8296995163

This Privacy Policy explains how Uplyft collects, uses, shares, and protects personal data in connection with Business HQ. It is written to be aware of India's Digital Personal Data Protection Act, 2023 (DPDP Act). For DPDP purposes, Uplyft acts as a Data Fiduciary for account and billing data, and largely as a Data Processor for the business data our Clients enter into their tenants.

1. Who this applies to

This policy applies to Clients (the businesses we invite), their Authorized Users (e.g., staff), and visitors who interact with us. Where you enter personal data about your own customers or employees into Business HQ, you are the Data Fiduciary for that data and Uplyft processes it on your behalf and instructions.

2. Data we collect

a) Account & contact data — name, business name, email, phone, login credentials, role, and communications with us.

b) Business data you enter — the records you and your Authorized Users create in Business HQ: finance/GST and accounting records, inventory, CRM contacts and deals, staff and roles, and niche-module data. This may include personal data about your customers, vendors, and staff. You control and are responsible for this data.

c) Payment data — collected and processed by Razorpay. We receive limited transaction metadata (e.g., success/failure, mandate status, plan, amount). We do not store full card numbers or bank credentials.

d) AI interaction data — prompts and content you submit to AI Features (Ava, AI employees). Where you use your own AI provider key, that content is sent to your chosen provider (e.g., Anthropic) under your provider account.

e) Usage & technical data — log data, device/browser information, IP address, and product analytics used to operate, secure, and improve the Service.

f) Cookies — see Section 8.

3. How we use data

We use personal data to:

provide, operate, and maintain Business HQ and your tenant;

authenticate users and enforce roles and access;

process subscriptions and billing (via Razorpay);

provide support, onboarding (done-for-you), and communicate service and account notices;

power AI Features you choose to use;

monitor, secure, debug, and improve the Service;

comply with legal, tax, and accounting obligations; and

enforce our Terms and prevent fraud or misuse.

We process data on lawful bases recognised under the DPDP Act, principally consent and the legitimate uses / necessity to provide a service you requested, and to meet legal obligations.

4. Hosting & sub-processors

Business HQ relies on the following third parties, who process data on our behalf:

Sub-processor Purpose Notes

Supabase Database (Postgres), authentication, storage India / global cloud hosting; each tenant isolated

Razorpay Payment processing & subscription mandates Handles payment/bank data directly

Netlify Frontend hosting / delivery Serves the web application

Anthropic AI model for AI Features Used when a Client uses AI; if you supply your own key, usage runs under your provider account

Each sub-processor maintains its own privacy and security terms. We aim to engage providers with appropriate safeguards.

5. Data isolation & security

Tenant isolation. Each Client's data is logically isolated. We use Postgres Row-Level Security (RLS) and access controls so that one tenant cannot access another tenant's data.

Access controls. Access to production data is limited to what is needed to operate and support the Service.

Encryption in transit and reliance on our hosting providers' security posture for data at rest.

Backups. We (via Supabase) maintain backups to support recovery.

No system is perfectly secure; we cannot guarantee absolute security, but we take reasonable technical and organizational measures appropriate to the risk.

In the event of a personal data breach, we will act in accordance with our obligations under the DPDP Act, including notifying the Data Protection Board and affected persons where required.

6. Data retention & deletion

We retain account and business data for as long as your account is active and as needed to provide the Service.

After cancellation or termination, data is handled per the Refund & Cancellation Policy: an export window is provided, after which Client Data is scheduled for deletion from active systems (residual copies may persist in backups for a limited period before being overwritten).

We may retain limited records (e.g., invoices, tax records) where required by Indian law.

7. Your rights under the DPDP Act

Subject to the DPDP Act and its rules, you may:

access a summary of your personal data and how it is processed;

request correction, completion, or updating of inaccurate data;

request erasure of your personal data where no longer needed or where consent is withdrawn;

withdraw consent (which may limit or end your ability to use the Service);

nominate another individual to exercise your rights in case of death or incapacity; and

raise a grievance with us (Section 10) and, if unresolved, approach the Data Protection Board of India.

To exercise rights, email admin@uplyft.in. We may verify your identity before acting. Where the personal data belongs to your customers/employees (data you entered), please direct such requests to the relevant Client, whom we will support as processor.

8. Cookies & tracking

We use strictly necessary cookies for login/session management and may use limited analytics cookies to understand usage and improve the Service. You can control cookies through your browser; disabling essential cookies may break functionality.

9. Children

Business HQ is a B2B tool not intended for children (persons under 18). We do not knowingly collect personal data of children through the Service. Clients must not use the Service to knowingly process children's data without lawful consent as required by the DPDP Act.

10. Grievance / contact officer

For privacy questions, requests, or grievances, contact:

Grievance Officer — Uplyft

Email: admin@uplyft.in · Phone: +91 8296995163

Bangalore, Karnataka, India

We aim to acknowledge and respond within the timelines required under applicable law.

11. International transfer

Data may be stored or processed on cloud infrastructure located in India and/or other countries via our sub-processors. Where data is transferred outside India, we rely on our providers' safeguards and process such transfers consistent with the DPDP Act and any restrictions notified by the Government of India.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by a reasonable means (email or in-product notice). The "Last updated" date reflects the latest version.

Terms of ServicePrivacy PolicyRefund & Cancellation
© 2026 Uplyft · Bangalore, Karnataka, India · admin@uplyft.in · +91 8296995163