Skip to main content

Audacieuse: Privacy Policy

Effective Date: June 18, 2026

This Privacy Policy explains how Audacieuse AI Innovations Private Limited ("we", "us"), operator of the Audacieuse Platform, our KiEo (online stores) and GanitSy (GST and accounting) products, collects, uses, shares, and protects personal data. It applies to our websites, dashboards, and the Platform.

Two roles to keep in mind:

  • For Merchants' account data (people who sign up to use KiEo or GanitSy), we are the Data Fiduciary (controller).
  • For Shoppers' data that a Merchant collects through their KiEo storefront , and for any personal data within the financial and tax records a Merchant processes through GanitSy, the Merchant is the Data Fiduciary and we act as the Data Processor on the Merchant's behalf, see the Data Processing Addendum. Shoppers should read the relevant Merchant's own privacy notice.

1. Data we collect

From Merchants:

  • Account & contact details (name, email, phone, business name, GSTIN, address).
  • Billing data (plan, payment status, invoices; card/UPI details are handled by our payment processor, not stored by us).
  • Store configuration and content you create.
  • Usage, device, log, and analytics data (IP address, browser, actions, AI usage).
  • Support communications.

On behalf of Merchants (Shopper data), as processor:

  • Shopper order, contact, and delivery details; storefront activity. We process this only to provide the Platform to the Merchant.

2. Why we use it (purposes)

  • To provide, operate, secure, and improve the Platform.
  • To process subscriptions, billing, and AI metering, and to issue invoices.
  • To provide support and send service/transactional communications.
  • To detect, prevent, and address fraud, abuse, and security issues.
  • To comply with legal obligations and enforce our terms.
  • With your consent, to send product updates and marketing (you can opt out).

3. Legal bases / consent

We process personal data on the basis of your consent and/or for the legitimate uses and legal obligations recognised under the DPDP Act and other applicable law. Where we rely on consent, you may withdraw it at any time (this will not affect prior processing and may limit features).

4. AI processing

Some features send content you provide to AI models (our own and third-party providers such as Azure OpenAI, Google, or Anthropic) to generate outputs.

  • Optional and opt-in. AI features are optional. By enabling or using an AI feature you consent to sending the relevant content to the AI providers listed above; you can disable AI features in settings at any time.
  • No training / no reuse. The AI providers we use process your data and your Shoppers' data solely to handle your request and return the output. Under the enterprise/API terms on which we use these services (e.g. Azure OpenAI), that data is not used to train or improve their models.
  • Change notice. If we add, remove, or change AI providers, we will notify affected merchants at least 30 days in advance.

Do not submit personal or sensitive data to AI features unless necessary and lawful.

5. Sharing and disclosure

We share personal data only with:

  • Service providers / processors who help us run the Platform (hosting/cloud, payment processing, email/communications, analytics, AI providers), under appropriate obligations.
  • Authorities, where required by law or to protect rights, safety, and security.

For Shoppers' data, we process and share only on the documented instructions of the relevant Merchant (the Data Fiduciary), as detailed in our Data Processing Addendum, not unilaterally under this Policy.

We do not sell personal data.

6. International transfers

Some of our providers (including the AI providers in §4 and other cloud sub-processors) operate outside India, including in the United States. Where personal data is transferred outside India, we transfer it only to jurisdictions and under mechanisms permitted by the DPDP Act framework, relying on Standard Contractual Clauses or equivalent contractual safeguards with the provider, and impose corresponding data-protection obligations on them (see the Data Processing Addendum §§6.2 and 9). A list of provider jurisdictions and the safeguards relied on is available on request at Rita Agrawal ([email protected]).

7. Retention

We retain personal data for as long as needed to provide the Platform, comply with legal/tax obligations, resolve disputes, and enforce agreements. After account closure, we delete or anonymise personal data within 90 days, except where law requires longer retention (e.g. GST invoices and tax records, which Indian law requires us to keep for several years, or a litigation hold). This aligns with the export window in our Billing Policy §9.

8. Security

We use reasonable technical and organisational measures (encryption in transit, access controls, tenant isolation, monitoring) to protect personal data. No system is perfectly secure; we cannot guarantee absolute security.

9. Your rights (Data Principal rights under DPDP)

Subject to applicable law, you may:

  • Access a summary of the personal data we process about you.
  • Request correction, completion, or updating of inaccurate data.
  • Request erasure of your data.
  • Withdraw consent.
  • Nominate another person to exercise your rights in case of death/incapacity.
  • Grievance redressal (see §12).

To exercise these rights, contact us at Rita Agrawal ([email protected]). Shoppers should contact the relevant Merchant first, as the Merchant is the Data Fiduciary for their data.

10. Children

The Platform is for businesses and is not directed to children. We do not knowingly collect children's data through Merchant accounts.

11. Cookies and similar technologies

We and our providers use cookies and similar technologies for authentication, preferences, security, and analytics. You can control cookies through your browser; some features may not work without them.

12. Grievance Officer / Data Protection contact

We will acknowledge your request within 48 hours and address grievances within 30 days, as required by the DPDP Act, or sooner where another law requires it.

13. Changes

We may update this Policy; we will post the updated version with a new effective date and, for material changes, provide notice.