← Back to Paasho

Privacy Policy

Last updated: May 2026

1. Who This Policy Applies To

This Privacy Policy applies to all users of Paasho — both Sellers (home businesses and small businesses who create stores) and Buyers (visitors who browse stores and place orders). By using Paasho, you agree to the practices described here.

2. Information We Collect

2a. Seller Account Data

  • Identity: Full name, email address (via Google Sign-In), and mobile number (verified via WhatsApp).
  • Store profile: Store name, store bio, cover photo, category, listing type (food menu, products, or services), website/social link, UPI ID (displayed on your storefront for buyer reference), and your chosen store URL slug.
  • Location: City, area, and pincode. If you use the "nearby" feature, your approximate GPS coordinates (latitude/longitude) at the time of setup. We do not track your real-time or continuous location.
  • Working hours and availability: Days, times, or open-24h status you configure; your daily "available today" toggle status.
  • Delivery preferences: Delivery type (radius, specific areas, or pickup only) and delivery area details you provide.
  • Payment preferences: Your stated preference (UPI, cash on delivery, or both). We do not store or process actual payment transactions — all payments happen directly between you and the buyer.
  • WhatsApp verification: Your WhatsApp number and verification timestamp, to confirm your account and enable buyer order links.

2b. Buyer Data

  • Buyers do not need an account to browse or place orders.
  • A randomly generated visitor ID (UUID) is stored in your browser's localStorage to count unique visitors for seller analytics. It is not linked to your identity.
  • A randomly generated session ID is created per browsing session for the same purpose.
  • When you submit a review, we collect your Google account display name and profile photo (via Google Sign-In). We do not store your Google email address — only a one-way identifier (Google sub ID) used to prevent duplicate reviews.

2c. Usage and Analytics Data

  • Page views, product views, and order-redirect clicks — associated with anonymous visitor and session IDs, not your identity.
  • Feature interactions (e.g., share clicks, boost activations) logged against your seller account for platform improvement and Pins credit purposes.

2d. AI Feature Data

  • When you use AI to generate a product description or store bio, your input text (product name, category, notes) is sent to our AI provider (Groq) to generate a response. We do not store the input or output beyond the immediate request.
  • When you use AI Studio to generate a product photo, your uploaded image or prompt is sent to our image-generation provider (FAL). Generated images are stored in Cloudinary and linked to your product listing.

2e. WhatsApp Customer Support

  • If you message our WhatsApp number for support, your message and a short conversation history (last 6 messages) are temporarily stored in our cache (Redis) for up to 6 hours to provide contextual responses. This data is automatically deleted after 6 hours.
  • Support conversations are processed by an AI assistant (Groq Llama 3.3 70B). Only your phone number and message content are used — no personal account data is attached.

2f. Payment Data (Pins Purchases)

  • When you purchase Pins, payment is processed by Razorpay. We receive confirmation of payment (order ID, payment ID, amount) but do not store your card number, bank details, or UPI credentials. All sensitive payment data is handled exclusively by Razorpay.

3. How We Use Your Data

  • To create and operate your store and display it to buyers in your area.
  • To enable buyers to discover stores nearby and place orders via WhatsApp.
  • To verify your WhatsApp number and link orders to your store.
  • To operate the Pins system — tracking earned and spent Pins, processing purchases, and awarding referral bonuses.
  • To power analytics dashboards showing you store views, order leads, and product performance.
  • To send transactional emails: store-live confirmation, Founding Seller badge, Pin purchase receipts, and weekly performance digests.
  • To moderate reviews and prevent fake or abusive content.
  • To detect and prevent platform abuse, spam, and fraudulent activity.
  • To improve the platform through aggregated, anonymised usage analysis.

4. What Is Publicly Visible

The following information on your store profile is public and visible to all visitors:

  • Store name, bio, cover photo, category, and listing type.
  • Your city and area.
  • Your products, descriptions, prices, and photos.
  • Your working hours and availability status.
  • Your UPI ID (if you have entered one) — displayed so buyers can reference it during payment.
  • Your website or social link (if provided).
  • Your average rating and approved customer reviews.
  • Your Founding Seller badge (if applicable).

Your email address, mobile number, and GPS coordinates are never shown publicly.

5. Data Sharing

We do not sell your personal data. We share data only with the following service providers who help us operate the platform:

  • Supabase — database and authentication (servers in EU/US regions).
  • Cloudinary — photo storage and delivery (CDN globally).
  • Razorpay — payment processing for Pin purchases (India).
  • Resend — transactional email delivery.
  • Upstash (Redis) — rate limiting, caching, and short-lived session data.
  • Groq — AI text generation for product descriptions, bios, and WhatsApp support responses.
  • FAL — AI product image generation.
  • Google — OAuth sign-in for Sellers; Google Identity Services for reviewer authentication.
  • Meta / WhatsApp Business API — seller WhatsApp verification and order link generation.
  • OpenStreetMap / Nominatim — location geocoding (city/area search and reverse geocoding). No personal data is sent — only coordinates or place names.

6. Cookies and Local Storage

  • Authentication cookies: Set by Supabase Auth to maintain your login session as a Seller. These are essential and cannot be disabled without logging out.
  • Reviewer session cookie: A short-lived signed cookie set after Google sign-in on a review page. Expires after 7 days.
  • Visitor ID (localStorage): A randomly generated UUID stored in your browser to count unique visitors for seller analytics. It is not linked to any personal identity and you can clear it by clearing your browser data.
  • We do not use advertising cookies, third-party tracking cookies, or fingerprinting.

7. Reviews

  • Reviews are submitted under your Google display name and profile photo. These are displayed publicly on the seller's storefront.
  • We store your Google sub ID (a one-way identifier, not your email) to enforce the one-review-per-store rule.
  • Sellers can reply to reviews publicly. Replies are visible to all store visitors.
  • Reviews are subject to moderation and may be removed if they violate our content guidelines.

8. Referral Programme

When you share your referral link and a new seller signs up through it, we record the association to credit your account with Pins. We do not share the referred seller's personal data with you — you only see the referral count and Pin credit.

9. Your Rights

  • Access and correction: You can view and update your store profile, name, location, working hours, and other details at any time from your dashboard settings.
  • Account deletion: You can request deletion from your account settings. Your store is immediately hidden from buyers. After a 15-day grace period (during which you can cancel), your account and all associated data are permanently deleted. Data is removed from our systems within 30 days of deletion confirmation.
  • Data portability: You may request a copy of your personal data by emailing us.
  • Objection: You may ask us to stop using your data for non-essential purposes. Note that some uses (e.g., fraud prevention) are necessary to operate the platform safely.

10. Data Retention

  • Seller accounts and associated data are retained while the account is active.
  • Deleted accounts: data removed within 30 days, except where legal retention obligations apply.
  • WhatsApp CS chat history: deleted automatically after 6 hours (Redis TTL).
  • Review verification codes: deleted automatically after 15 minutes.
  • Anonymous analytics events (visitor/session IDs): retained for up to 12 months for trend analysis, then deleted.
  • Razorpay payment records: retained for the period required by Indian tax law.

11. Children

Paasho is not intended for users under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this policy as we add new features. We will update the "Last updated" date at the top and, for material changes, notify active Sellers by email.

13. Contact

For privacy requests, data deletion, or questions, email [email protected]. We aim to respond within 48 hours.