Privacy Policy

Ardhanex Tech Pvt Ltd ("we," "our," or "us") operates ShootBox (available at shootbox.in). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform and services.

By using ShootBox, you consent to the collection and use of your information as described in this policy. We are committed to complying with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

2.1 Information You Provide

• Account Information: Name, email address (collected via Google OAuth or magic link authentication).
• Product Images: Photos you upload for AI processing and generation.
• Product Profiles: Product names, descriptions, categories, materials, colors, and brand information you provide.
• Payment Information: Transaction details processed through our payment partners (Razorpay and PhonePe). We do NOT store credit card numbers, bank account details, or UPI IDs on our servers.
• Feedback: Ratings, flags, and comments you provide on generated content.
• Waitlist Information: Email address and optional name if you join our waitlist.
• Communications: Any messages or inquiries you send to our support team.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, generation types, timestamps of activity.
• Device Information: Browser type, operating system, screen resolution.
• IP Address: Collected for security, fraud prevention, and analytics.
• Cookies: Essential cookies for authentication and session management. See Section 7 for details.

We use the collected information for the following purposes:

• Service Delivery: Processing your product images, generating AI content, managing your projects and credits.
• Account Management: Creating and maintaining your account, authentication, and access control.
• Payment Processing: Facilitating credit purchases and maintaining transaction records.
• AI Improvement: Using anonymized and aggregated generation data to improve our AI models and output quality (only with your explicit feedback consent).
• Communication: Sending transactional emails (account confirmations, payment receipts), and with your consent, promotional updates about new features.
• Security: Detecting and preventing fraud, abuse, and unauthorized access.
• Analytics: Understanding usage patterns to improve the platform experience.
• Legal Compliance: Meeting legal obligations, responding to lawful requests, and protecting our rights.

Your data is stored securely using industry-standard infrastructure:

• Database: Hosted on Supabase (PostgreSQL) with row-level security (RLS) policies ensuring users can only access their own data.
• File Storage: Product images and generated assets are stored in encrypted cloud storage with access-controlled buckets.
• Authentication: Managed through Supabase Auth with secure session handling. Passwords are never stored in plain text.
• Encryption: All data in transit is encrypted using TLS/SSL (HTTPS). Data at rest is encrypted using AES-256.
• Access Control: Only authorized personnel have access to production systems, with multi-factor authentication enforced.

While we implement strong security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but will promptly notify affected users in the event of a data breach as required by applicable law.

We do NOT sell, rent, or trade your personal information. We may share data with the following categories of third parties:

• AI Model Providers: Product images are sent to AI model APIs (such as Replicate, OpenAI) for processing. These providers process data per their own privacy policies and data processing agreements.
• Payment Processors: Razorpay and PhonePe handle payment transactions. We share only the minimum data required for payment processing.
• Cloud Infrastructure: Supabase (database and storage), Vercel (hosting) — operating as data processors under our direction.
• Analytics: Anonymized usage data may be processed by analytics services to improve platform performance.
• Legal Requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users and company.

Under the Digital Personal Data Protection Act (DPDPA), 2023 and applicable Indian law, you have the following rights:

• Right to Access: Request a copy of your personal data that we hold.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Right to Data Portability: Request your data in a commonly used, machine-readable format.
• Right to Withdraw Consent: Withdraw your consent for data processing at any time (this may limit your ability to use certain features).
• Right to Grievance Redressal: File a complaint with us or with the relevant Data Protection Board.

To exercise any of these rights, contact us at support@shootbox.in. We will respond within 30 days of receiving your request.

ShootBox uses the following types of cookies:

• Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
• Analytics Cookies: Used to understand how users interact with the platform. These are anonymized and can be opted out of.

We do NOT use advertising or tracking cookies. We do not share cookie data with third-party advertisers.

We retain your data as follows:

• Account Data: Retained as long as your account is active. Deleted within 90 days of account deletion request.
• Product Images & Generated Content: Stored as long as your account is active. You can delete individual projects and their associated assets at any time.
• Payment Records: Retained for 8 years as required by Indian tax and accounting laws.
• Usage Logs: Anonymized after 12 months.
• Waitlist Data: Retained until you sign up or request removal.

ShootBox is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.

Your data may be processed by third-party services located outside of India (e.g., AI model APIs, cloud infrastructure). In such cases, we ensure that appropriate safeguards are in place through data processing agreements and the privacy policies of these providers. By using ShootBox, you consent to such transfers.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

Continued use of ShootBox after policy changes constitutes acceptance of the updated terms.

In accordance with the Information Technology Act, 2000, and the DPDPA, 2023, the Grievance Officer for ShootBox is:

• Name: Manak Raj Bajaj
• Designation: Director, Ardhanex Tech Pvt Ltd
• Email: support@shootbox.in
• Address: Model Town, Panipat, Haryana 132103, India

Grievances will be addressed within 30 days of receipt.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

• Company: Ardhanex Tech Pvt Ltd
• Email: support@shootbox.in
• Address: Model Town, Panipat, Haryana 132103, India