Privacy Policy

This Privacy Policy explains how Harsh Agrawal, a sole proprietorship trading as “CaterTrack” (“CaterTrack”, “we”, “us”, or “our”), collects, uses, discloses, and safeguards your information when you use our website at https://catertrack.in and the CaterTrack web and mobile applications (together, the “Service”).

We are committed to protecting your privacy and complying with applicable Indian law, including the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023. By using the Service, you agree to the practices described in this policy.

We collect the following categories of information:

• Account information — name, email address, phone number, username, and password (stored only as a secure cryptographic hash).
• Business & operational data — information you enter to run your business, such as customers, orders, bookings, quotations, menus, expenses, invoices, and your business profile (including GSTIN, address, and bank details where you choose to add them).
• Billing information — your subscription plan, billing cycle, invoices, and the billing profile (company name, GSTIN, address) you provide for tax invoices.
• Payment information — payments are processed by our payment gateway, Razorpay. We do not collect or store your card number, CVV, UPI PIN, or bank credentials. See “Payments” below.
• Usage & technical data — IP address, device and browser type, log data, audit trails of actions you take, and cookies needed to keep you signed in and to secure the Service.

We use your information to:

• provide, operate, maintain, and improve the Service;
• create and manage your account and your subscription;
• process payments, issue invoices, and send billing and renewal notices;
• send transactional communications (account, security, and service notices);
• provide customer support and respond to your requests;
• detect, prevent, and address fraud, abuse, security, and technical issues; and
• comply with our legal and regulatory obligations.

We do not sell your personal data, and we do not use your business or customer data for advertising.

Subscription payments are processed securely through Razorpay Software Private Limited (“Razorpay”), a PCI-DSS compliant payment gateway. When you make a payment, your card, UPI, or netbanking details are submitted directly to Razorpay over an encrypted connection and are governed by Razorpay’s Privacy Policy.

CaterTrack only receives a payment reference, status, and the masked metadata needed to confirm your transaction and generate your invoice. We never have access to, and never store, your full card number, CVV, UPI PIN, or bank login credentials.

We share information only with trusted service providers who help us operate the Service, and only to the extent necessary:

• Razorpay — to process payments and recurring subscriptions.
• Cloud hosting & infrastructure providers — to host the application, database, and backups.
• Email / communication providers — to deliver transactional messages.
• Legal & regulatory authorities — when required by law, court order, or to protect our rights, users, or the public.

CaterTrack is a multi-tenant platform. Each group and business is logically isolated, and your business data is never shared with other customers.

We retain your personal and business data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax, and accounting obligations (for example, invoices may be retained as required under Indian tax law). When data is no longer required, we delete or irreversibly anonymise it.

You have the right to access, correct, export, and delete your personal data. CaterTrack provides these controls directly inside the application:

• Access & export — you can export the personal data associated with your account from your profile settings.
• Correction — you can update your account and business details at any time.
• Deletion — you can request deletion of your account, after which we deactivate it and anonymise your personal data, subject to legal retention requirements.

To exercise any of these rights, use the in-app controls or contact us at support@catertrack.in.

We use strictly necessary cookies to authenticate you, keep you signed in, and protect the Service against fraud and abuse. These cookies are essential for the Service to function. We do not use third-party advertising or cross-site tracking cookies.

We protect your data with industry-standard safeguards, including encryption in transit (HTTPS/TLS), securely hashed passwords, strict role-based access controls, tenant isolation, and audit logging. While no method of transmission or storage is perfectly secure, we work continually to protect your information and to limit access to it.

The Service is intended for businesses and users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the contact details of our Grievance Officer are below. We will acknowledge and resolve your complaints within the timelines prescribed by law.

• Grievance Officer: Harsh Agrawal
• Email: grievance@catertrack.in
• Business: Harsh Agrawal (trading as CaterTrack)
• Address: [Street address / shop / building], [Area / landmark], [City], Gujarat [PIN code], India