Skip to main content
KartMindBack to Home

Privacy Policy

Last updated: 24 March 2026

KartMind is operated by Four Step Process (“we”, “us”, “our”). We are committed to protecting your privacy and handling your personal data responsibly in accordance with India’s Digital Personal Data Protection Act, 2023 (DPDP Act). This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

1. Data We Collect

We collect the following data when you use KartMind:

Account Information

  • Mobile phone number (used for OTP authentication)
  • Business details: business name, city, and business type (provided during onboarding)
  • WhatsApp number (if provided, for receiving daily business reports)

Business Data

  • Order records (items, amounts, payment method, timestamps)
  • Expense records (amounts, categories, notes, timestamps)
  • Menu items and prices

Automatically Collected Data

  • Device type and browser information (for ensuring compatibility)
  • Basic usage analytics (page views, feature usage) to improve the Service

2. How We Use Your Data

We use your data to:

  • Authenticate your identity and secure your account via OTP.
  • Provide the core Service: tracking orders, expenses, and generating business insights and daily profit summaries.
  • Send daily business reports to your WhatsApp number (if you have opted in by providing your WhatsApp number).
  • Improve the Service through aggregated, anonymised usage analytics.
  • Communicate with you about service updates, billing, and support.

3. Data Storage and Security

Your data is stored securely on Supabase, a trusted cloud database platform, with servers that follow industry-standard security practices. We implement the following security measures:

  • Row-Level Security (RLS) policies ensure you can only access your own business data.
  • All data is transmitted over encrypted HTTPS connections.
  • OTP-based authentication with no passwords stored on our servers.
  • Offline data is stored locally on your device using IndexedDB and synced securely when connectivity is restored.

4. Data Sharing

We do not sell, rent, or trade your personal or business data to any third party. We may share data only in the following limited circumstances:

  • Service providers: We use third-party services (Supabase for database hosting, Vercel for app hosting) that process data on our behalf under strict data processing agreements.
  • Legal requirements: We may disclose data if required by law, court order, or government authority under applicable Indian law.
  • Aggregated data: We may use anonymised, aggregated data (that cannot identify you or your business) for research and improving our services.

5. Cookies and Local Storage

KartMind uses cookies and browser local storage for the following purposes:

  • Authentication cookies: To keep you logged in securely across sessions.
  • IndexedDB (local storage): To store order and expense data locally on your device for offline functionality. This data remains on your device and syncs with our servers when you are online.
  • Service Worker cache: To enable the app to load and function offline (PWA functionality).

We do not use third-party advertising or tracking cookies.

6. Data Retention

We retain your data for as long as your account is active and you have an active subscription. If you cancel your subscription or delete your account:

  • You may request a copy of your data within 30 days of account deletion.
  • Your personal data will be permanently deleted within 90 days of your deletion request.
  • Anonymised, aggregated data (which cannot identify you) may be retained for analytics purposes.

7. Your Rights Under the DPDP Act 2023

Under India’s Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: You can request a summary of your personal data that we hold and how it is being processed.
  • Right to Correction: You can update or correct your business information through the app settings, or contact us for assistance.
  • Right to Erasure: You can request complete deletion of your account and all associated data by contacting us.
  • Right to Grievance Redressal: If you have concerns about how your data is handled, you can contact us and we will respond within 30 days.
  • Right to Nominate: You may nominate another person to exercise your data rights in case of your death or incapacity, as per the DPDP Act.

8. Children’s Privacy

KartMind is a business tool intended for use by adults (18 years and older). We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via the app or WhatsApp. The “Last updated” date at the top of this page indicates when this policy was last revised.

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a grievance regarding data handling, please contact us:

  • WhatsApp: +91 7568154065
  • Company: Four Step Process
  • Location: Jodhpur, Rajasthan, India
Read our Terms of Service