Privacy Policy

Last updated: November 2025

1. Introduction

KudoScan ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully to understand our practices regarding your personal data.

This Privacy Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, password
  • Business Information: Business name, address, category, description, logo, and other profile details
  • Payment Information: Billing address and payment method details (processed securely through Razorpay, compliant with RBI guidelines)
  • Communication Data: Messages, feedback, and other communications you send to us

2.2 Information Automatically Collected

When you use our Service, we automatically collect:

  • Session Data: Session IDs, IP addresses, and user agent information
  • Usage Data: QR code scans, review suggestions accessed, features used, and interaction patterns
  • Device Information: Browser type, operating system, device identifiers
  • Cookies and Tracking: Session cookies, authentication tokens, and remember-me cookies

2.3 Information from Third Parties

We may receive information from third-party services you connect to our platform:

  • Google Business Profile: Business profile data, reviews, and related information when you connect your Google account
  • Payment Processors: Transaction data and payment status from Razorpay (RBI-compliant)
  • AI Services: Data necessary for generating review suggestions

3. How We Use Your Information

We use the collected information for the following purposes, in compliance with the Digital Personal Data Protection Act, 2023:

  • To provide, maintain, and improve our Service
  • To process your registration and manage your account
  • To process payments and manage subscriptions
  • To generate AI-powered review suggestions
  • To send you service-related communications, including confirmations, updates, and support messages
  • To respond to your inquiries and provide customer support
  • To monitor and analyze usage patterns and trends
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations under Indian law and enforce our Terms of Service

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Session Cookies: To maintain your login session and remember your preferences
  • Authentication Cookies: To securely authenticate your identity
  • Remember-Me Cookies: To keep you logged in across browser sessions (valid for 14 days)
  • Analytics: To understand how users interact with our Service

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service. Our use of cookies complies with the Information Technology Act, 2000.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances, in compliance with the Digital Personal Data Protection Act, 2023:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service, all of whom are bound by confidentiality agreements:

  • Razorpay: Payment processing and subscription management (RBI-compliant)
  • Google: Business Profile integration and OAuth authentication
  • AI Service Providers: For generating review suggestions
  • Email Services: For sending transactional and marketing emails
  • Cloud Storage: For storing business logos and uploaded files (AWS S3)

5.2 Legal Requirements

We may disclose your information if required by Indian law, court orders, or in response to valid requests by Indian government authorities, including under the Information Technology Act, 2000.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to compliance with applicable Indian data protection laws.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These measures include:

  • Encryption of data in transit using HTTPS/TLS
  • Secure password hashing and authentication mechanisms
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure payment processing through PCI-compliant providers
  • Regular audits and compliance checks

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by Indian law. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or legitimate business purposes under Indian law.

8. Your Rights Under Digital Personal Data Protection Act, 2023

As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal information:

  • Right to Access: Request access to your personal information and obtain a summary of the data we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information, subject to legal obligations
  • Right to Data Portability: Request transfer of your data in a structured, commonly used format
  • Right to Grievance Redressal: File complaints with our Grievance Officer or the Data Protection Board
  • Right to Withdraw Consent: Withdraw consent for data processing where processing is based on consent
  • Right to Nominate: Nominate another individual to exercise your rights in case of death or incapacity

To exercise these rights, please contact us at contact@betamize.com or our Grievance Officer. We will respond to your request within 30 days as required under the DPDPA, 2023.

9. Consent and Lawful Basis

Under the Digital Personal Data Protection Act, 2023, we process your personal data based on:

  • Consent: Where you have provided explicit consent for specific processing activities
  • Legitimate Use: For providing the Service you have requested and for our legitimate business interests
  • Legal Obligations: To comply with applicable Indian laws, including tax and regulatory requirements
  • Public Interest: For purposes of public interest, including prevention of fraud and ensuring security

You have the right to withdraw your consent at any time. However, withdrawal of consent may affect your ability to use certain features of the Service.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately. We will take appropriate steps to delete such information in accordance with Indian law.

11. Data Localization and Transfer

We primarily store and process your personal data within India. In cases where data needs to be transferred outside India for service provision (e.g., cloud storage, AI processing), we ensure that:

  • Such transfers comply with the Digital Personal Data Protection Act, 2023
  • Appropriate safeguards are in place to protect your data
  • Data is transferred only to countries or entities approved under Indian law
  • We maintain adequate security measures for cross-border data transfers

12. Grievance Redressal

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your privacy concerns:

Email: contact@betamize.com
Response Time: We will acknowledge your grievance within 24 hours and resolve it within 15 days as per IT Rules, 2021. For data protection complaints, we will respond within 30 days as per DPDPA, 2023.

You also have the right to file a complaint with the Data Protection Board of India if you are not satisfied with our response.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and sending you an email notification at least 7 days in advance. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Company Name: BetaMize
Email: contact@betamize.com
Phone: +91 9977127384