Privacy Policy

Tara Retail AI Pvt. Ltd. (“Tara”, “we”, “us”) operates the Tara AI platform — a retail intelligence and operations system for Indian sellers. This Privacy Policy explains what data we collect, why we collect it, and the choices you have.

We act as a data controller for account information you provide directly, and as a data processor for the customer, order, catalogue, and message data your store generates while using the Service.

Account data: name, email, phone number, business name, GSTIN, billing address, and authentication identifiers (e.g. Supabase user ID).

Store operational data: products, prices, inventory, orders, invoices, e-Way bills, customer profiles, and conversations on connected channels (WhatsApp, marketplaces).

Usage data: pages viewed, features used, browser, device, IP address, time zone, and approximate location — used to keep the Service secure and to improve it.

Support data: messages you send to our support team, including any attachments.

To provide the Service — running AI agents, generating GST e-invoices, sending WhatsApp messages on your behalf, syncing inventory with marketplaces, and surfacing analytics.

To keep the Service safe — detecting fraud, abuse, and security incidents.

To bill you and to comply with tax, accounting, and audit obligations under Indian law.

To improve the Service in aggregate. We do not use your private store data or your customers’ messages to train foundation models for third parties.

We process personal data on the basis of (a) your consent (e.g. for non-essential cookies and marketing), (b) the performance of our contract with you, (c) compliance with legal obligations (GST, e-invoicing, tax records), and (d) our legitimate interests in operating and securing the Service.

When you connect your WhatsApp Business account, Tara processes inbound and outbound messages on your behalf, in line with WhatsApp Business Platform policies. You remain the data controller for your customers’ data; you are responsible for collecting valid consent before initiating template messages and for honouring opt-outs.

We will never use your customers’ contact information to message them on behalf of any other business.

We share data only with sub-processors that help us deliver the Service, under data-processing agreements that require equivalent safeguards. Categories include: cloud infrastructure (Google Cloud), authentication (Supabase), AI providers (Google Gemini and others), payment gateways, GST IRP, courier APIs, observability tools, and customer support.

We share data with authorities only where required by law, and only to the extent necessary.

Some sub-processors operate outside India. Where data is transferred internationally, we rely on appropriate safeguards (such as standard contractual clauses) and configure regions to keep most operational data within India.

Account and billing data is retained for the life of your account and for the period required to comply with Indian tax and accounting law (typically 8 years for invoices and statutory records).

Operational data (orders, customers, messages) is retained while your account is active. After cancellation, you may export it for 30 days, after which we delete or anonymise it from production systems within 90 days, subject to backup rotation.

We use TLS in transit and AES-256 at rest, role-based access controls, audit logs, and least-privilege access for engineers. We test our defences regularly and disclose material breaches to affected customers without undue delay.

Subject to applicable law, you have the right to access, correct, export, or delete your personal data, to withdraw consent, and to object to certain processing. To exercise these rights, write to privacy@tara.ai or use the in-app settings.

If you are an end-customer of a Tara seller, please contact that seller first — we will support them in fulfilling your request.

We use a small number of essential cookies for authentication and session management. We use analytics cookies only with your consent. You can clear cookies any time from your browser.

The Service is not directed to children under 18, and we do not knowingly collect their data. If you believe a child has provided personal data to us, contact privacy@tara.ai and we will delete it.

We may update this Policy from time to time. Material changes will be notified at least 14 days in advance via the dashboard or email.

Privacy questions: privacy@tara.ai. Grievance officer (DPDP Act): grievance@tara.ai.