Terms of Service & Data Protection Agreement

1.1 You own your data. All business information, brand assets, customer lists, website content, creative materials, analytics data, and any other data you provide to VyapaarGrowth remains your sole and exclusive property at all times. We do not claim any ownership, intellectual property rights, or licensing interests over your data.

1.2 You control your data. You determine what data is shared with us, how it is used within our services, and you may request export, modification, or permanent deletion of your data at any time.

1.3 Data portability. Upon contract termination or at any point during our engagement, you may request a complete export of all your data in standard machine-readable formats (CSV, JSON, or PDF) at no additional cost. We will fulfill such requests within 7 business days.

2.1 Business development only. We process your data exclusively to deliver the digital growth services you have engaged us for. This includes: website design and development, SEO optimization, social media management, advertising campaigns, WhatsApp marketing, AI chatbot deployment, CRM integration, and performance analytics.

2.2 No secondary use. We do NOT:

• Sell, rent, lease, trade, or transfer your data to any third party
• Use your data for our own marketing, advertising, or promotional purposes
• Mine your data for patterns, trends, or insights for any purpose other than your business growth
• Share your data with advertiser-supported services
• Use your data to train AI models, machine learning systems, or algorithms beyond what is necessary to deliver your specific services
• Derive competitive intelligence or aggregate your data with other clients' data
• Use your customer lists to contact, solicit, or market to your customers directly

2.3 Commitment statement. Modeled after Microsoft Azure's data privacy principle: "We process your data only with your agreement, and when we have your agreement, we use your data to provide only the services you have chosen." This same standard applies to VyapaarGrowth.

3.1 Encryption. All data is encrypted both at rest (AES-256) and in transit (TLS 1.2/1.3). Database connections use SSL/TLS encryption. Payment processing is handled by PCI-DSS Level 1 compliant processors (Stripe and Razorpay).

3.2 Access controls. Access to customer data is restricted to authorised VyapaarGrowth personnel who require it to deliver your specific services. All access is logged and auditable. We implement role-based access control (RBAC) across all systems.

3.3 Infrastructure. Data is stored on Supabase (PostgreSQL) with Row-Level Security (RLS) enabled, hosted on enterprise-grade cloud infrastructure with SOC 2 Type II compliance. Backups are automated and encrypted.

3.4 Breach notification. In the unlikely event of a data breach affecting your information, we will notify you within 72 hours of becoming aware, provide details of the incident, and outline remediation steps taken -- consistent with GDPR Article 33 standards.

4.1 Authorised sub-processors. We use the following services to deliver your growth solutions. Each is bound by data processing agreements and operates under strict confidentiality obligations:

4.2 Sub-processor obligations. Modeled after AWS's approach: sub-processors can perform only the functions we have engaged them to provide, and they are bound by the same contractual privacy commitments that we make to you.

4.3 No unauthorised sharing. We will not share your data with any third party not listed above without your prior written consent.

5.1 We will not disclose your data unless required by a valid and binding legal order from a competent government authority.

5.2 If we receive a government demand for your data, we will attempt to redirect the requesting authority to obtain the data directly from you.

5.3 If compelled to disclose your data, we will provide you with reasonable notice (unless legally prohibited) and a copy of the demand, allowing you to seek legal protection or other appropriate remedy.

These commitments mirror the data disclosure principles of Microsoft Azure and Amazon Web Services.

6.1 VyapaarGrowth provides AI-powered digital marketing services including: website design and development, SEO optimization, social media management, advertising campaigns, WhatsApp marketing, AI chatbot deployment, CRM setup, and performance analytics for Indian and international SMEs.

6.2 Growth guarantee. We guarantee a minimum 15% improvement in agreed-upon KPIs (traffic, leads, or revenue) within the contract period. If this target is not met, the client is eligible for a service credit or pro-rata refund as per the Refund Policy.

6.3 Intellectual property. All websites, creatives, campaigns, and digital assets created for you become your exclusive property upon full payment. VyapaarGrowth retains only the right to showcase anonymised case studies and portfolio references.

7.1 All plans are billed monthly or as agreed. Indian clients may pay via Razorpay (UPI, NetBanking, Cards). International clients may pay via Stripe (Cards, AED, USD). GST at 18% applies to Indian invoices under SAC 9983.

7.2 Invoices are generated automatically upon payment confirmation and sent to your registered email.

7.3 30-day money-back guarantee applies to the first billing cycle for all new clients.

8.1 Clients agree to provide timely access to business assets (logos, credentials, social accounts) and to respond to campaign approvals within 48 hours.

8.2 Delays in client response do not affect the growth guarantee timeline.

8.3 The client warrants that all data provided is accurate, lawfully collected, and the client has the right to share it with VyapaarGrowth for the purposes described herein.

9.1 We retain your data only for as long as necessary to provide the services you have engaged, plus any statutory retention period required by applicable law.

9.2 Upon contract termination, we will retain your data for 90 days to allow for export. After this grace period, all your data will be permanently and irreversibly deleted from our systems, including backups, within 30 additional days.

9.3 You may request immediate deletion at any time by contacting us. We will confirm deletion in writing within 14 business days.

Modeled after Microsoft Azure: "If you leave the service or your subscription expires, Microsoft follows strict standards for removing data from its systems."

Under applicable data protection laws (including India's Digital Personal Data Protection Act 2023, GDPR for EU/UK clients, and UAE's Federal Decree-Law No. 45 of 2021), you have the right to:

• Access -- Request a copy of all personal data we hold about you
• Rectification -- Correct any inaccurate or incomplete data
• Erasure -- Request permanent deletion of your data ("right to be forgotten")
• Portability -- Receive your data in a standard, machine-readable format
• Restriction -- Limit how we process your data
• Objection -- Object to specific processing activities
• Withdraw consent -- Revoke consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at azam.u@live.in or WhatsApp +91 9959482300. We will respond within 30 business days.

11.1 For Indian clients: governed by the laws of India, subject to the jurisdiction of courts in Hyderabad, Telangana.

11.2 For UAE/Dubai clients: governed by the laws of the United Arab Emirates, subject to the jurisdiction of courts in Dubai.

11.3 Disputes shall first be resolved through good-faith negotiation. If unresolved within 30 days, either party may initiate binding arbitration in the relevant jurisdiction.