1. Who We Are
KaratX is a SaaS platform for jewellery business management, owned and operated by Profit Plug, a proprietorship firm.
Registered Address:
Ratlam, Madhya Pradesh - 457001, India
Privacy Contact:
privacy@getkaratx.in
This Privacy Policy applies to all domains operated by Profit Plug under the KaratX product, including:
- getkaratx.com - marketing website
- app.getkaratx.com - jeweller staff platform
- getkaratx.in - customer-facing portal
2. Who This Policy Applies To
This Policy governs the collection, use, storage, and protection of personal data across three distinct user classes:
Class A - Jeweller Subscribers
Shop owners and their staff who register and use KaratX as a business management platform.
Class B - Jewellers' Customers
End-customers of jeweller-subscribers who access the KaratX customer portal at getkaratx.in to view schemes, loyalty points, orders, or other records.
Class C - Website Visitors
Any individual who visits getkaratx.com without registering or logging in.
Each class is treated distinctly throughout this Policy. Where a provision applies to a specific class, it is clearly indicated.
3. Data We Collect
3.1 Class A - Jeweller Subscribers
Account & Business Information:
- Shop name, owner name, registered address, GSTIN
- Contact email address and mobile number
- Subscription and billing information, processed via Razorpay
Staff Information:
- Names, mobile numbers, and role assignments of staff added by the jeweller
Operational Data:
- Inventory records, product tagging data, and stock information
- Sales, orders, and karigar artisan workflow records
- Customer records, scheme enrollments, loyalty program data, and installment histories entered by the jeweller
- Financial and ledger entries, vouchers, and transaction records
- Outlet and multi-store configuration data
Technical Data:
- Login timestamps and session data
- IP addresses and device or browser information
- Error logs and diagnostic data
3.2 Class B - Jewellers' Customers
Identity Information:
- Name and mobile number, verified via OTP at login
Transactional Information:
- Scheme enrollment details, installment history, and redemption records
- Loyalty points balance and transaction history
- Order and purchase history
- All such data is entered into KaratX by the jeweller and reflects records maintained by the jeweller
Technical Data:
- OTP request logs and login timestamps
- Portal session data
3.3 Class C - Website Visitors
- Pages visited, time spent, and navigation behaviour
- Device type, browser, and operating system
- IP address and approximate geographic location
- Data collected via cookies and third-party tracking tools as described in Section 6
4. Data Controller and Data Processor
This distinction is critical and governs how responsibility is allocated for Class B data.
For Class A data: Profit Plug acts as the Data Controller. We determine the purposes and means of processing jeweller-subscriber data.
For Class B data: The jeweller-subscriber is the Data Controller. They own the customer relationship and are responsible for the lawfulness of collecting and inputting their customers' data into KaratX. Profit Plug acts solely as a Data Processor, processing Class B data on the instructions of and on behalf of the jeweller-subscriber.
Profit Plug:
- Does not independently use Class B data for any purpose beyond delivering the platform service to the jeweller
- Does not cross-reference Class B data across different jeweller accounts
- Does not sell, rent, or otherwise commercialise Class B data
- Is not responsible for the accuracy, completeness, or legality of data that jewellers input about their customers
Jeweller-subscribers are solely responsible for:
- Obtaining all necessary consents from their customers before inputting customer data into KaratX
- Ensuring their use of KaratX complies with applicable privacy laws in their jurisdiction
- Responding to data requests made by their own customers
5. How We Use Data
5.1 Class A - Jeweller Subscribers
- To create, manage, and deliver the KaratX platform and its features
- To process subscription payments and manage billing
- To communicate about the account, service updates, and support
- To enforce our Terms of Use and prevent misuse
- To improve platform features and performance
- To comply with legal and regulatory obligations
5.2 Class B - Jewellers' Customers
- To authenticate portal access via OTP
- To display scheme, loyalty, order, and transaction records as maintained by the jeweller
- To send OTP messages and account notifications where applicable
We do not use Class B data for advertising, profiling, marketing, or any purpose beyond providing portal access on behalf of the jeweller.
5.3 Class C - Website Visitors
- To understand how our marketing website is used
- To measure the performance of advertising campaigns
- To improve our website and marketing content
7. Third-Party Data Processors
We share data with the following third-party processors solely for the purposes indicated. We do not sell personal data to any third party under any circumstances.
| Processor | Purpose | Data Shared |
|---|---|---|
| Razorpay | Subscription billing and payment processing | Name, email, transaction amount |
| SMSAlert | OTP delivery and SMS notifications | Mobile number |
| Interakt | WhatsApp notifications | Name, mobile number |
| Resend | Transactional email delivery | Name, email address |
| Google LLC | Analytics, advertising measurement, error monitoring | Anonymised usage data, pixel events, error context |
| Meta Platforms | Advertising measurement | Pixel events |
| Microsoft | Session recording and analytics | Session behaviour data |
| LinkedIn Corporation | Advertising measurement | Pixel events |
| Sentry | Error monitoring and diagnostics | Error context, request metadata |
Each processor operates under its own privacy policy and data processing terms. We enter into data processing agreements with processors where required.
8. Data Retention
Class A - Jeweller Subscribers
- Data is retained for the duration of the active subscription
- An account is considered inactive when no user associated with the shop has logged in for a continuous period of 60 days
- Inactive account data is retained for a further period of 24 months from the date inactivity begins
- At the end of the 24-month retention window, data is permanently deleted or irreversibly anonymised
- Jewellers may request earlier deletion by contacting privacy@getkaratx.in
Class B - Jewellers' Customers
- Retained for as long as the associated jeweller's account remains active
- Upon deletion or permanent deactivation of the jeweller's account, Class B data is deleted within 90 days
Class C - Website Visitors
- Analytics and tracking data is retained as per the data retention policies of the respective third-party tools, including Google Analytics and Microsoft Clarity
9. Cross-Border Data Transfers
Some of our third-party processors, including Google LLC, Meta Platforms, Microsoft, LinkedIn Corporation, and Sentry, are headquartered and store data outside India. By using KaratX, you acknowledge and consent to the transfer of certain data to servers and processors located outside the Republic of India, including in the United States. We ensure such transfers occur under appropriate contractual safeguards where applicable.
10. Data Security
We implement reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- HTTPS and TLS encryption across all domains
- Authentication-gated access to all uploaded and stored files
- Separate JWT tokens for portal and staff platform sessions
- Rate limiting on OTP generation and login endpoints
- Role-based access control within jeweller accounts
- HTTP security headers including HSTS
Notwithstanding the above, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of data and disclaim liability for breaches caused by circumstances beyond our reasonable control.
11. Your Rights
Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian law, you have the following rights with respect to your personal data:
- Right to Access: Request confirmation of whether we hold your data and obtain a copy
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your data, subject to legal retention obligations and active subscription status
- Right to Grievance Redressal: Lodge a complaint regarding how your data is handled
To exercise any of these rights, contact:
privacy@getkaratx.in
We will respond to all verified requests within 30 days.
12. Children
KaratX services are strictly intended for individuals aged 18 years and above. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that data from a minor has been collected, we will delete it immediately. If you believe a minor's data has been submitted through our platform, please contact privacy@getkaratx.in.
13. Changes to This Policy
We reserve the right to update or modify this Privacy Policy at any time. Material changes will be communicated to registered jeweller accounts. Continued use of the KaratX platform or any of its domains after any changes to this Policy constitutes your acceptance of the revised Policy.
The current version of this Policy is always available at getkaratx.com/policies/privacy-policy.
14. Governing Law and Jurisdiction
This Privacy Policy is governed by the laws of the Republic of India, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000 and rules made thereunder.
Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the courts of Ratlam, Madhya Pradesh, India.
15. Contact Us
For any privacy-related queries, requests, or grievances:
Email: privacy@getkaratx.in
Address: Profit Plug, 122/2, Sant Nagar, Gali No. 2, Ratlam, Madhya Pradesh - 457001, India
We aim to respond to all privacy-related communications within 30 days of receipt.
© KaratX - Profit Plug. All rights reserved.