Privacy Policy

This Privacy Policy applies to all users of services operated by Maxto Private Limited, a company incorporated under the Companies Act, 1956, with its registered office at Talikoti, Karnataka, India.

Our services include:

• maxtoapp Platform (maxtoapp.azurewebsites.net) — Cloud-based SaaS for supermarkets, institutions, online sellers, and multi-store management. Accounts are created by our office — no public self-registration.
• Customer Shopping App — Mobile app for local online shopping where customers place orders
• Maxto Team App — Mobile app for team members. All team data is created and managed by our office staff, not collected by the app.

All services are offered exclusively within India. Your personal data will be stored and processed in India.

Information We Collect

When you use our Customer Shopping App, we may collect:

• Full name, phone number, and email address
• Delivery address(es) and location (for order delivery)
• Order history, cart data, and product preferences
• Payment information — processed securely through our payment partners (we do not store raw card/UPI credentials)
• Device type, OS version, app usage data, and crash logs
• Profile photo (if provided)
• Loyalty points balance and transaction history

How We Use This Information

• Process, confirm, and fulfill your orders from local stores
• Send order status updates and delivery notifications (SMS / push / email)
• Manage loyalty points and offer personalized promotions
• Provide customer support and handle refunds or disputes
• Improve app performance, detect fraud, and fix bugs
• Comply with applicable Indian laws and regulations

Data Sharing (Customer)

• Local Stores / Sellers — Your name, phone, and delivery address are shared with the store fulfilling your order
• Maxto Team Members — Your delivery address and contact number are shared with the assigned team member
• Payment Processors — Payment data is handled by our certified payment gateway partners
• Law Enforcement — Only when legally required

Information & How It Is Created

Team member profiles and records are created and managed entirely by our office staff — no personal data is collected directly from team members through the app.

Data entered by our office on behalf of team members includes:

• Full name, phone number, and email address
• Government-issued ID (Aadhaar, PAN, or Driving Licence) for identity verification
• Vehicle type, vehicle registration number, and driving licence details
• Bank account details for salary/payment disbursement
• Attendance, shift records, and task assignments
• Performance metrics and task history (recorded by management)

The Maxto Team App itself does not collect, store, or upload any personal data from the team member's device. It is used solely for viewing assigned tasks, navigation, and operational updates.

How We Use This Information

Office-created team member data is used to:

• Verify identity and eligibility for operations
• Assign tasks and manage daily operations through the app
• Process salary, incentives, and expense reimbursements
• Track attendance and compute payroll via the maxtoapp Payroll module
• Monitor performance and ensure service quality
• Handle grievances and support requests

Data Transmission to Branch Office

All team member data collected through the app is securely transmitted and processed at our Talikoti, Karnataka branch office. This data is used for:

• Account creation, KYC verification, and onboarding
• Task and route management and real-time logistics
• Performance analysis and service quality improvement
• Payroll processing integrated with the maxtoapp Payroll module

Data is not stored on the device permanently — all sensitive information is processed through our secure backend systems hosted in India.

Who Gets an Account

We create platform accounts for the following types of business users, after direct engagement with our office:

• Supermarkets & Retail Stores — for billing, inventory, and POS management
• Educational Institutions — for student records, attendance, and fee management
• Online Sellers — for e-commerce and multi-store management
• Businesses using Payroll — for employee salary and HR management

All account credentials (username, password, business details) are set up by our team and shared securely with the business owner or designated admin.

Data Created & Managed by Our Office

The following information is entered by our office staff on behalf of the business at the time of onboarding:

• Business owner / admin name, phone number, and email address
• Business name, type, GST number, and registered address
• Login credentials (passwords are hashed; never stored in plain text)
• Initial store/branch configuration and user role assignments

Data Entered by Business Users After Login

Once onboarded, the business user or their staff may enter the following data into the platform during day-to-day use:

• Inventory items, stock levels, pricing, and supplier details
• Sales and billing records, customer purchase history
• Employee data for payroll (names, salaries, PF/ESI, attendance)
• Student records for school management (names, fees, attendance)
• Browser/device information and session activity logs

This operational data belongs to the business user. Maxto Private Limited acts as a data processor for this information and does not use it for any purpose other than providing the platform service.

Sensitive Business Data

All business data entered into the platform (stock levels, customer purchase history, employee salaries, student records) is treated as strictly confidential. We do not sell, share, or use this data for marketing purposes. Access is restricted to the business owner, their designated staff, and authorized Maxto support personnel only.

Across all our products, we use collected data to:

• Provide, operate, and improve our services
• Send transactional communications (order confirmations, OTPs, receipts)
• Send service-related announcements and update notifications
• Power AI analytics, predictive features, and smart reporting
• Detect, prevent, and investigate fraud or illegal activities
• Enforce our Terms of Use and legal obligations
• Conduct internal research and product development

If we use your data for marketing, you will always have an option to opt-out. We will not send unsolicited promotional messages without your consent.

When We Share Data

We may share your personal data in the following circumstances:

• Service Delivery — With sellers, team members, and logistics providers to fulfill orders
• Payment Processing — With payment gateway partners to process transactions
• Group Entities — Within Maxto Private Limited's group entities and affiliates
• Technology Partners — With cloud hosting, analytics, and support tool providers under data processing agreements
• Legal Requirements — With government agencies, courts, or law enforcement when required by Indian law
• Business Transfers — In case of a merger, acquisition, or asset sale

We never sell your personal data to advertisers or third-party data brokers.

We implement industry-standard security measures to protect your data, including:

• TLS/SSL encryption for all data in transit
• Encrypted storage for sensitive fields (passwords, payment tokens)
• Role-based access controls — only authorized personnel can access specific data
• Regular security audits and vulnerability assessments
• Secure server infrastructure hosted in India

However, no method of transmission over the internet is 100% secure. Users are responsible for keeping their account credentials confidential. If you suspect unauthorized access, contact us immediately.

How Long We Keep Data

We retain your personal data for as long as your account is active or as needed to provide services. After account closure, we may retain data for:

• Compliance with applicable Indian laws (e.g., GST records: 6 years)
• Resolution of pending disputes, refunds, or legal claims
• Fraud prevention and security investigations

How to Delete Your Account

You can request account deletion by:

• Visiting your Profile → Settings → Delete Account within the app/platform
• Emailing us at info@maxtoapp.com with the subject “Account Deletion Request”

Deletion may be delayed if there are pending orders, active payroll cycles, or unresolved complaints. Once deleted, all personal data is removed except what is legally required to be retained.

Under applicable Indian data protection laws, you have the right to:

• Access — Request a copy of your personal data we hold
• Rectification — Correct inaccurate or outdated information through your profile settings
• Deletion — Request erasure of your personal data (subject to legal requirements)
• Opt-Out — Withdraw consent for marketing communications at any time
• Portability — Request your data in a structured, machine-readable format
• Grievance — Lodge a complaint with our Grievance Officer (details below)

To exercise any of these rights, contact us at info@maxtoapp.com. We will respond within 30 days.

Our services are not intended for users under the age of 13 years. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

For school management features, student data is collected and managed by the registered institution (business user) — not directly from the students themselves.

Your Consent

By accessing or using our Platform, apps, or services, you consent to the collection, use, storage, and sharing of your information as described in this Privacy Policy.

You may withdraw consent at any time by writing to our Grievance Officer with the subject line “Withdrawal of Consent for Processing Personal Data”. Withdrawal of consent may restrict your access to certain features.

Updates to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email, in-app notifications, or a notice on our website. Continued use of our services after changes constitutes your acceptance of the updated policy.