Back to Home

Privacy Policy

CollectKro — collectkro.com

Effective: June 3, 2026

India

join@collectkro.com

Last updated: June 2026

1. Introduction

CollectKro ("we", "us", "our", or "the Platform") is a cloud-based Software as a Service (SaaS) platform, a sole proprietorship business operating under Indian law, accessible at collectkro.com. We are committed to protecting the privacy and security of all users of our platform.

This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and what rights you have in relation to your data. It applies to:

  • Business Owners — individuals or organisations that register and use CollectKro to manage their members and collect fees
  • Staff / Sub-Admin Users — employees or agents added by a Business Owner
  • Members / End Customers — customers of the businesses using CollectKro, whose data is managed by the Business Owner

By accessing or using CollectKro, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy should be read together with our Terms of Service.

This policy is governed by the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and other applicable Indian laws.

2. Who is the data controller?

CollectKro acts in different capacities depending on the data involved:

  • Data Fiduciary (Controller): For data provided directly by Business Owners when registering or subscribing to CollectKro, we are the Data Fiduciary under the DPDPA.
  • Data Processor: For member and customer data entered by Business Owners on behalf of their clients, CollectKro acts as a Data Processor. The Business Owner is the Data Fiduciary responsible for that data and for obtaining appropriate consent from their members.

By using CollectKro, Business Owners confirm that they have obtained all necessary permissions and consents from their members before uploading or processing member data on the platform.

3. Data we collect

3.1 Business owner data

  • Full name, email address, and mobile number
  • Business name, type, address, and GSTIN (optional)
  • Razorpay account OAuth access and refresh tokens (encrypted and stored securely in our database)
  • Bank account details and PAN card details — these are transmitted directly to Razorpay for KYC purposes and are not stored on CollectKro servers
  • CollectKro subscription plan and billing history
  • Login credentials (password is stored as a bcrypt hash — never in plain text)

3.2 Member / customer data (entered by the business owner)

  • Full name, mobile number, and email address
  • Membership plan, start date, expiry date, and payment status
  • Payment history, amounts paid, and notes added by the business owner

This data is entered by the Business Owner or imported by them via Excel/CSV. CollectKro processes this data on behalf of the Business Owner.

3.3 Payment transaction data

  • Payment amount, date, and status (success / failed / pending)
  • Razorpay payment reference ID
  • Payment method category (UPI / card / net banking — category only)

CollectKro does NOT store card numbers, CVV, UPI PINs, bank passwords, or any sensitive payment credentials.

3.4 Technical and usage data

  • IP address at the time of login
  • Browser type and device type
  • Pages visited and actions taken within the app (for analytics and debugging)
  • Session data stored in encrypted cookies
  • Error logs for platform debugging
  • WhatsApp message delivery status (delivered / read / failed)

4. How we use your data

  • To create, maintain, and manage your CollectKro account
  • To enable member management, payment collection, and automated WhatsApp reminders
  • To process your CollectKro subscription payments via Razorpay
  • To generate and deliver GST-compliant invoices to members
  • To send transactional emails and OTP/SMS notifications for account security
  • To provide real-time dashboard analytics and reports
  • To monitor platform performance and fix technical issues
  • To respond to support queries and onboarding assistance
  • To comply with applicable legal obligations including tax and audit requirements
  • To detect and prevent fraud, abuse, or misuse of the platform

5. Third-party integrations and data sharing

5.1 Razorpay

CollectKro integrates with Razorpay as its primary payment gateway for UPI AutoPay, one-time payment links, and payment processing. Business Owner bank and KYC details are transmitted to Razorpay for merchant onboarding. Razorpay's own privacy policy governs its handling of such data. CollectKro is not a payment aggregator. Visit razorpay.com/privacy.

5.2 WhatsApp Business infrastructure

Member phone numbers, names, payment amounts, due dates, and other message-related information may be processed through CollectKro's centrally managed WhatsApp Business infrastructure for the purpose of delivering transactional messages on behalf of Business Owners.

5.3 Cloud hosting and infrastructure

All data is hosted on secure cloud servers (such as AWS or DigitalOcean) located in India or compliant with Indian data residency requirements. Data is encrypted at rest and in transit using TLS/SSL.

5.4 Email service provider

Transactional emails including invoices, OTPs, and notifications are delivered via a third-party transactional email service (such as SendGrid or AWS SES). Email addresses are shared for delivery purposes only.

5.5 No advertising or data sale

CollectKro does not sell, rent, or share user data with advertisers or any third parties for marketing purposes. No third-party advertising trackers, remarketing pixels, or analytics SDKs that share data externally are used.

6. Automated WhatsApp messaging

CollectKro sends automated WhatsApp messages to members on behalf of the Business Owner. These include payment reminders, expiry notifications, payment confirmations, and welcome messages. Message templates are pre-approved through the WhatsApp Business API. Members who wish to opt out of such messages should contact the Business Owner, as the Business Owner controls communication with their members.

7. Security measures

  • All data transmissions are encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt — never stored in plain text
  • Razorpay OAuth tokens are encrypted in the database
  • Role-based access control ensures staff have limited access only
  • Two-factor authentication (OTP via SMS) is required for Business Owner login
  • All admin access is logged with timestamps and IP addresses
  • Database access is restricted to application servers only
  • Regular security reviews and audits are conducted

In the event of a personal data breach, CollectKro will take reasonable steps to investigate, mitigate, and notify affected parties and competent authorities where required under applicable law.

8. Data retention

  • Active account data is retained for the duration of the subscription
  • Upon account termination, Business Owner and member data is retained for 90 days for dispute resolution, then permanently deleted
  • Payment transaction records may be retained for up to 7 years for tax and legal compliance under Indian law
  • Business Owners may request data deletion by contacting us at join@collectkro.com
  • Members wishing to have their data deleted must contact the Business Owner directly, who is the Data Fiduciary for their information

9. Your rights under Indian law (DPDPA 2023)

As a registered Business Owner on CollectKro, you have the following rights:

  • Right to access — request a summary of personal data processed about you
  • Right to correction — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data, subject to legal retention requirements
  • Right to grievance redressal — raise concerns with our Grievance Officer
  • Right to withdraw consent — where processing is based on consent, you may withdraw it; this does not affect past processing

To exercise any of these rights, email us at join@collectkro.com. We will respond within 30 days.

10. Cookies and session data

CollectKro uses cookies and session-based storage necessary for platform functionality, including maintaining your logged-in state and session security. We do not use advertising cookies or third-party tracking cookies. You may manage cookie preferences through your browser settings.

11. Children's privacy

CollectKro is a B2B platform intended for use by businesses. It is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

12. Cross-border data transfers

All data is primarily stored within India. Any transfer of data outside India, if required for platform operations (such as email delivery), is conducted in compliance with applicable Indian data protection law and with appropriate safeguards in place.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our platform, practices, or applicable law. When we make material changes, we will notify registered users via email or an in-app notification. Your continued use of the platform after any such changes constitutes your acceptance of the updated policy.

14. Grievance officer and contact

CollectKro — Privacy & Data Grievances

Websitecollectkro.com
Emailjoin@collectkro.com
Grievance OfficerSatyam Shrivastava
Officer Emailjoin@collectkro.com
Response TimeWithin 30 days