Legal

Privacy Policy

Last updated: 29 April 2026 · Effective immediately

RetailerOS, operated by Kosha Systems, takes the privacy of your business and customer data seriously. This policy explains what we collect, why, how we use it, and your rights. If anything here is unclear, write to us — we're happy to walk through it.

1. Who we are

"RetailerOS" refers to the software-as-a-service platform operated by Kosha Systems Pvt. Ltd. ("Kosha", "we", "us", "our"), a company registered in India. When you use RetailerOS — whether the website, the application, or any related service — Kosha Systems is the data controller of personal information you provide.

2. Information we collect

We collect only what we need to run your account, deliver the service, and improve the product:

Account information — name, mobile number, email, store name, GSTIN (if provided), business address.
Authentication data — phone OTP, password hashes (we never store passwords in plain text).
Business data you enter — inventory, customer records, invoices, IMEI numbers, schemes, repairs, ledger entries. This is your data; we are custodians.
Billing data — payment instrument tokens (handled by our payment processor), billing address, invoice history. We do not store full card numbers.
Usage data — feature usage, login times, device/browser type, IP address, error logs. Used to improve performance and diagnose issues.
Communications — support tickets, chat transcripts, feedback you send us.

3. How we use your information

To provide and maintain the service.
To send transactional notifications (receipts, system alerts, important policy updates).
To process billing and payments.
To comply with legal obligations (e.g., GST records).
To improve the product, with usage data aggregated and anonymised wherever possible.
To respond to support requests.

We do not sell your personal information or your customers' data to third parties. Ever.

4. Sharing and disclosure

We share data only in three narrow situations:

Service providers we depend on (cloud infrastructure, WhatsApp Business API, payment gateway, email service). Each is bound by a data-processing agreement.
Legal requirements — when compelled by Indian law, court order, or government authority. We will notify you unless legally prohibited.
Business transfers — if Kosha Systems is acquired or merged, your data may transfer to the new entity, who must continue to honour this policy.

5. Data retention

We retain account data for as long as your account is active. After cancellation:

We keep your data for 90 days to allow account recovery.
Tax-relevant records (invoices, GST data) are retained for 8 years per Indian regulations.
All other personal data is deleted within 90 days of your written request to privacy@retaileros.com.

6. Your rights

You have the right to:

Access the personal information we hold about you.
Correct inaccurate data.
Delete your account and associated data (subject to retention requirements above).
Export your business data in a standard format (CSV, JSON).
Withdraw consent for non-essential processing.

Write to privacy@retaileros.com to exercise any of these rights. We respond within 30 days.

7. Cookies and tracking

We use a minimal set of cookies — strictly necessary cookies for login sessions, and one analytics cookie (with consent) to understand product usage. We do not use advertising cookies, third-party trackers, or sell behavioural data.

8. Security measures

See our Security page for full details. In short: data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is role-based, audited, and limited to staff with a clear need.

9. Children

RetailerOS is a B2B service for retail businesses. We do not knowingly collect data from anyone under 18. If you believe we have, contact us and we'll delete it immediately.

10. International data transfers

Your data is primarily stored on servers in India. If we transfer data outside India for processing (e.g., cloud backups), we ensure equivalent protection via standard contractual clauses.

11. Changes to this policy

We may update this policy as the product evolves or laws change. Material changes will be communicated via email and an in-app banner at least 30 days before they take effect. Your continued use after that date indicates acceptance.

12. Contact us

For privacy questions, data requests, or complaints:

Kosha Systems Pvt. Ltd.
Email: privacy@retaileros.com
Subject line: "Privacy — [your shop name]"

If you're not satisfied with our response, you have the right to complain to the Indian Data Protection Board.