* Unaati Hai Jahan Pragati Hai Wahan *
en
en
an abstract photo of a curved building with a blue sky in the background

Privacy Policy

PRIVACY POLICY

Last Updated as on 12-12-2025-

This Privacy Policy (“Policy”) applies to the website, platform, mobile application and services operated by CBV Ventures Private Limited under the brand “Unaati” (“Company”, “we”, “us”, “our”), including all associated features, modules, sub-domains, portals (collectively “Platform” / “Services”).

By accessing or using the Platform, or by providing any personal data to us, you (“you”, “User”, “Data Principal”) consent to the collection, processing, use, storage, transfer and disclosure of your personal data as described herein.

1. DEFINITIONS

1.1 “Personal Data” means any data about an individual who is identifiable by or in relation to such data, directly or indirectly; including any information that can identify a natural person.

1.2 “Sensitive Personal Data or Information” (“SPDI”) refers to data categories considered sensitive under applicable laws/regulations (e.g. identity document numbers, financial account numbers, Aadhaar, PAN, KYC documents, payment data, biometric data, etc.).

1.3 “Data Principal” means the individual to whom the personal data relates (you, the user).

1.4 “Data Fiduciary” means CBV Ventures Private Limited, which determines the purpose and means of processing personal data.

1.5 “Processor / Service Provider / Third-Party Partner” means any third-party (e.g. payment gateway, KYC agency, logistics partner, cloud hosting provider) engaged by the Data Fiduciary to process, store, or handle Personal Data on behalf of the Data Fiduciary.

1.6 “Processing” means any operation or set of operations performed on personal data — collection, recording, storage, retrieval, use, disclosure, transfer, deletion, analysis or any manipulation.

2. APPLICABILITY & SCOPE

This Policy applies to:

  • All individuals who access or use the Platform;

  • Users registering on the Platform (retailers, wholesalers, businesses, customers);

  • Vendors, partners, third-party service providers, agents, consultants engaged by the Company;

  • Any person whose data is collected, stored, processed, transferred, or disclosed by the Company in the course of its operations.

This Policy does not apply to data practices of third-party websites, applications or services linked from or integrated with the Platform — except where those third parties are acting as our Processors under contract.

3. CATEGORIES OF DATA COLLECTED

We may collect and process the following categories of data about you, depending on the features you use and the services you opt for:

3.1 Personal Data voluntarily provided by you

  • Full name, mother’s name (if required), date of birth, gender;

  • Email address; mobile phone number; other contact information;

  • Address (residential and/or business), business address (for retailers/wholesalers), GST or business-registration details (if applicable);

  • Identity / KYC documents and information: PAN, Aadhaar (or other permitted identity proofs), photograph(s), business-proof documents, invoices, business license, GST registration details;

  • Financial data: Bank account number, UPI ID or other payment identifiers used for disbursement or receipt of funds/payments; transaction history, payment confirmations;

  • Business-related data: Business name, type, inventory or order details, order history, credit history, credit limit / usage, repayment history (if credit or financing feature available), purchase orders, invoices, business turnover details (if voluntarily provided);

  • Communication data: Queries, feedback, support requests, service-related correspondence; preferences, consent for newsletters/promotions (if provided);

3.2 Automatically collected and technical data

  • IP address; device identifiers; browser type and version; operating system; device type/model; device language settings; time zone; unique application or device IDs (where applicable);

  • Usage and activity data: Pages visited, features used, session duration, click data, scroll data, navigation paths, form interactions; error logs, crash reports (if using mobile application);

  • Cookies, web beacons, tracking pixels, local storage, and other similar technologies (collectively “Tracking Technologies”) to manage sessions, authenticate users, store preferences, and analyse usage;

  • Geolocation data (approximate or precise) — only if you grant consent or enable location-based features (for e.g. service availability, delivery or logistics scheduling).

3.3 Data obtained from third parties, partners or publicly available sources

  • KYC / identity verification agencies or background-check providers;

  • Payment gateway(s), banking or financial services partners used for processing payments or credit;

  • Logistics, supply-chain, fulfillment, or credit/financing partners (where services are outsourced) for order execution;

  • Business partners, suppliers, vendors, or affiliate partners whose data you authorise us to access or share;

  • Public or government databases, registries, or databases accessible under law (to verify identity, business registration, compliance).

4. PURPOSES OF PROCESSING

We may process your Personal Data for one or more of the following purposes:

  • To enable functional features of the Platform: user registration, account creation, authentication, login;

  • To verify your identity and business credentials (KYC), validate documents, ensure compliance with regulations, prevent fraud, and maintain integrity of the Platform;

  • To enable financial transactions: order placement, payments, credit disbursement, refunds, settlements, invoicing, accounting, reconciliation;

  • To manage supply-chain, inventory, orders, delivery logistics, credit/financing (if applicable), and business-related operations;

  • To support customer services: respond to queries, grievances, support requests; send service-related notifications (transactional alerts, order updates, payment confirmations, credit status);

  • To send marketing or promotional communications (offers, newsletters, updates), only if you have provided explicit consent;

  • To analyse usage, traffic, features usage, user behaviour — to monitor performance, improve services, user experience, design, security and offerings;

  • To carry out internal record-keeping, audit, compliance, risk-management, fraud detection/prevention, security monitoring;

  • To comply with legal, regulatory or contractual obligations — including compliance with laws, investigations, court orders, tax or financial regulations;

  • To handle disputes, enforce agreements or terms of service, protect legal rights, and pursue legitimate business interests consistent with user rights.

We commit to data minimization — collecting only what is necessary for the stated purposes.

5. LEGAL BASIS FOR PROCESSING

Where required under applicable laws (including the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and applicable provisions under the Information Technology Act, 2000 and associated SPDI Rules), we will process your Personal Data only after obtaining your free, informed, explicit consent (where consent is legally required).

Processing may also be carried out on the basis of:

  • Performance of a contract to which you are party (e.g. purchase, payment, credit, service agreements);

  • Compliance with legal or regulatory obligations applicable to the Company;

  • Legitimate interests of the Company — such as fraud prevention, risk-management, security, analytics, business operation — balanced against your rights and interests;

You may withdraw your consent at any time. Withdrawal will be prospective and will not affect processing done before withdrawal.

6. COOKIES & TRACKING TECHNOLOGIES

6.1 We use cookies, web beacons, tracking pixels, local storage, and other Tracking Technologies to:

  • Maintain login sessions and user authentication;

  • Store user preferences, language settings, platform settings;

  • Improve the performance and functionality of the Platform;

  • Analyse traffic, usage patterns, user behaviour, feature usage;

  • Provide personalised content and offers (with consent), and relevant recommendations;

  • Conduct analytics, audits, debugging, error-tracking and service-improvement activities.

6.2 On your first visit, or when legally required, we will present a clear notice regarding use of cookies/tracking, and wherever required obtain your consent.

6.3 You may disable cookies via browser settings or device settings. However, doing so may impair or disable certain features of the Platform.

7. SHARING, DISCLOSURE & THIRD-PARTY PROCESSORS

7.1 We may share or disclose your Personal Data with third parties, only for the purposes described and only to the extent necessary. Such third parties may include:

  • Payment gateways, banks, financial institutions for processing payments, disbursements, refunds, credit/financing;

  • KYC/verification agencies, background-check or identity-verification service providers;

  • Logistics, supply-chain, fulfillment, delivery partners for order execution and related services;

  • Business partners, vendors, suppliers, affiliates — where you have opted in or as required for services;

  • Cloud hosting providers, data-storage services, IT infrastructure providers;

  • Analytics, marketing, communication, customer-support service providers (only with consent, where applicable);

  • Government or regulatory authorities — if demanded by applicable law, subpoena, court order, or regulatory request;

  • Internal staff, authorized employees, consultants, auditors — strictly on need-to-know basis, under confidentiality obligations.

7.2 We will not sell, rent, lease, trade, or otherwise monetize your Personal Data by transferring it to third parties for commercial purposes.

7.3 All third-party processors or partners will be bound by written agreements obligating them to process data only for the defined purpose, maintain confidentiality and security, and comply with applicable laws/regulations.

8. DATA RETENTION & DELETION

8.1 We retain Personal Data only for as long as is necessary to fulfill the purpose for which it was collected (including business operations, order fulfilment, payments, credit/settlement, legal compliance, audit, record-keeping).

8.2 After the expiry of retention period (or upon your lawful request for deletion / erasure), we will delete or anonymize your Personal Data — except where retention is required by law or regulatory requirements (e.g. tax, compliance, audit, or contractual obligations).

8.3 We will use best efforts to ensure that data held by third-party processors is also deleted or anonymized, where applicable, when deletion is requested.

9. SECURITY & DATA PROTECTION MEASURES

We implement and maintain appropriate organisational, technical and administrative safeguards, including but not limited to:

  • Encryption of data in transit and at rest (where applicable);

  • Secure servers, firewalls, intrusion detection/ prevention, access-controls;

  • Role-based access: only authorised personnel with need-to-know may access Personal Data;

  • Regular security audits, vulnerability assessments, penetration testing (where feasible);

  • Secure handling of financial data and payment-related data — via compliance-certified payment gateways or secure protocols;

  • Confidentiality obligations for employees, vendors, processors, and third-party partners;

  • Incident response, breach-detection and mitigation procedures;

  • Logging and monitoring of access and modifications (audit trail) for accountability.

Despite all reasonable safeguards, absolute security cannot be guaranteed; we disclaim liability for incidents outside our reasonable control.

10. RIGHTS OF DATA PRINCIPAL & MECHANISM TO EXERCISE THEM

As a Data Principal, you have the following rights under applicable law (including DPDP Act), subject to lawful limitations and requirements:

  • Right to Access: Request a copy of personal data we hold about you;

  • Right to Correction / Rectification: Request correction or update of inaccurate, incomplete or outdated data;

  • Right to Deletion / Erasure: Request deletion of personal data — subject to retention obligations under law/regulation;

  • Right to Withdraw Consent: Withdraw consent for processing where consent was the basis;

  • Right to Data Portability: Where technically feasible, request portability of your data to another service provider;

  • Right to Nominate / Authorise Representative: In case of incapacity or death, nominate a person for exercising rights (if applicable) — per DPDP Act;

  • Right to Lodge Complaint / Grievance: For concerns over misuse or breach of data, non-compliance, or other privacy grievances.

10.1 How to Exercise Your Rights

To exercise any of the above rights, please contact our Grievance Officer / Data Protection Officer (DPO) using the contact details in Section 13 below.
We will:

  • Acknowledge your request within 48 hours of receipt;

  • Provide requested information or action (correction, deletion, data-export) within a reasonable timeframe (or as legally required);

  • Inform you of any denial of request with reasons, if applicable (e.g. regulatory retention requirement).

We will not discriminate or deny services to you for exercising your rights.

11. CHILDREN / MINORS

Our Platform is not aimed at children under 18 years of age. We do not knowingly collect data from minors. If we become aware that we have inadvertently collected personal data of a minor, we will promptly delete it or take remedial action.

12. INTERNATIONAL DATA TRANSFERS

Where we store or process data on servers located outside India (e.g. via cloud hosting), we ensure appropriate safeguards — through contractual, technical, and organisational measures — to protect data, and to comply with applicable cross-border data transfer regulations under Indian law.

13. GRIEVANCE OFFICER / DATA PROTECTION OFFICER (DPO) CONTACT

For any privacy-related queries, complaints, rights requests (access, correction, deletion), or other concerns, please contact:

Name: _______
Designation: Data Protection Officer / Grievance Officer
Email: ______@unaati.com
Phone:
Registered Address of Company: 7B, Hansalaya Building, Barakhamba Road-110001, Delhi

We commit to respond to all legitimate grievances / requests in a timely and transparent manner, in compliance with applicable law.

14. AMENDMENTS / CHANGES TO POLICY

We may modify or update this Policy from time to time, to reflect changes in:

  • business practices, platform features, services offered;

  • data-processing practices (new data collection, new partners, new services);

  • applicable laws, regulations or statutory requirements;

  • security or technical requirements.

When we do so, we will:

  • publish the updated Policy on the Platform with a revised “Last Updated” date;

  • where required by law or if changes are material, obtain your fresh consent;

  • provide notice of the changes through appropriate means (email, in-platform notification, banner).

Your continued use of the Platform after such updates constitutes acceptance of the revised Policy.

15. GOVERNING LAW & JURISDICTION

This Policy, and any data-processing or privacy-related operations by the Company, shall be governed by the laws of India, including the DPDP Act, IT Act and associated regulations.
Any disputes arising out of or related to this Policy shall be subject to the exclusive jurisdiction of courts in New Delhi

16. DECLARATION & CONSENT

By using the Platform, registering, providing data, or continuing to use the services, you confirm that you have read, understood and agreed to this Policy.
You give your informed, explicit consent to the collection, processing, use, storage, transfer and disclosure of your Personal Data as described herein.

SUPPORT

The Future of Retail Supply

Values

Menus

Contactus@unaati.com

© Copyright CBV Ventures Pvt. Ltd.

Home
Our Approach
Core Values
Careers
Articles
FAQs

+91-8448991545

About Us
Terms & Conditions
Privacy Policy
Contact Us
Refund & Cancellation