Sakhi Cloud

Privacy Policy

Sakhi Cloud India Private Limited

Last updated: 8 July 2026 · Version 0.1 (interim)

1. About this policy

This Privacy Policy explains how Sakhi Cloud India Private Limited (CIN: U47912TS2026PTC212920; GSTIN: 36ABTCS1022R1ZP), with its registered office at Flat No. 401, Dream Homes, Dhanunjaya Apartments, Srinagar Colony, Khairatabad, Hyderabad – 500073, Telangana (“Sakhi Cloud”, “we”, “us”, “our”) collects and handles your personal data when you use the Sakhi Cloud app, website and services (the “Services”).

It applies to everyone who uses Sakhi Cloud — Stores (shopkeepers), Household Customers, and Transporters (delivery providers). It should be read alongside our Terms of Service (Master Platform Agreement), but is written to stand on its own.

We handle personal data in line with India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the rules made under it.

2. Who is responsible for your data

For the personal data you give us about yourself as a registered user, and data we collect directly to run the Services, Sakhi Cloud is the Data Fiduciary (the entity that decides how and why your data is used).

Where a Store uses Sakhi Cloud to handle its own customers’ personal data (for example, a shopkeeper managing their customers’ orders and contact details), the Store is the Data Fiduciary for that data and Sakhi Cloud acts as its Data Processor, handling that data only to run the Services. Stores are responsible for having a proper basis (including consent where required) to use their customers’ data.

3. What data we collect

3.1 Account and profile data

  • Phone number (verified by one-time password) — all users
  • Email address (verified) — Stores, and other roles where provided
  • Profile / display name, preferred language, and notification preferences
  • A PIN or device security credentials you set to protect your account

3.2 Store, household and transporter details

  • Stores: store name, operating hours, payment methods accepted, and precise store location (GPS); GSTIN / PAN and tax details where you provide them
  • Households: household name, address details (colony, flat, landmark) and precise location (GPS), and the names and phone numbers of household members you invite
  • Transporters: identity and verification data (see Section 3.7), and vehicle, driving-licence and permit details

3.3 Content you create and exchange

Messages, orders, product listings and descriptions, product and catalogue images, voice recordings you send, and transaction records exchanged with the people you connect with.

3.4 Location data

With your device’s permission, we collect precise GPS location to set store and delivery addresses and to enable delivery tracking. While a delivery is in progress, the Transporter’s live location is shared with the relevant Store and Household Customer for that order only. You can turn off location permission in your device settings, though some features may not work correctly.

3.5 Device and notification data

Device push-notification tokens so we can send you alerts, delivered through our push provider and the app-store push services (Apple APNs and Google FCM).

3.6 Technical and diagnostic data

Operational telemetry — such as request traces, performance data and error logs — used to keep the Services running, secure and reliable. This does not include the content of your messages.

3.7 Identity verification data (Transporters)

Before a Transporter can accept deliveries, they must complete identity verification (KYC) carried out by our verification provider, Didit. This includes checking a government identity document, a liveness check, and a biometric face-match against the document. The document images and biometric checks are handled by the verification provider under its own safeguards, on our instructions, only to confirm identity and prevent fraud. From this process we receive and keep only your verified name and a document reference — not your document images or biometric data.

3.8 Financial / credit data

Where a Store extends credit to a Household Customer using the platform’s credit-tracking feature, we record credit limits, outstanding balances and payment history to operate that feature.

3.9 Data we derive

We may generate anonymised, aggregated statistics about platform usage, and summary insights for Stores (such as sales and inventory dashboards).

4. How we use your data and our lawful basis

We use your data to:

  • create and manage your account and verify your identity;
  • run the core Services — chat, orders, catalogue, deliveries, tracking, payment recording and dispute tools;
  • provide the AI features described in Section 5;
  • send you service notifications and communicate with you;
  • keep the Services secure, prevent fraud and abuse, and meet legal obligations;
  • maintain, troubleshoot and improve the Services.

Our lawful basis under the DPDP Act is your consent, given when you register and use the Services, and — where applicable — the legitimate uses permitted by the Act. You can withdraw consent at any time (Section 9); doing so may mean you can no longer use some or all of the Services.

We do not sell your personal data.

5. AI features and how your data is used with them

Sakhi Cloud is an AI-assisted platform. AI is used to:

  • interpret your chats and turn them into draft orders and product suggestions;
  • transcribe your voice messages into text;
  • recognise products in photos you upload and generate clean catalogue images;
  • power search and recommendations across the catalogue.

Two things you should know:

  • AI outputs are assistive only. A draft order, transcription or suggestion always requires a person to confirm it before anything happens. AI results can be wrong or incomplete — please check them.
  • We do not allow AI providers to train their models on your content, and we do not use your personal data to train third-party AI models. We may use anonymised, aggregated data to improve the Services.

To provide these features we share only the content needed for each task (for example, message text, an audio clip, or a product photo) with the providers listed in Section 6.

6. Who we share data with

Other users. The purpose of Sakhi Cloud is trade between connected users, so your messages, orders and (during a delivery) live location are shared with the specific Stores, Customers or Transporters you deal with.

Service providers (sub-processors). We use trusted third parties to run parts of the Services. They may only use your data on our instructions and under confidentiality:

ProviderWhat they doData involved
AnthropicAI interpretation of chats into draft orders and product suggestionsMessage text
OpenAIConverting voice messages into text (transcription)Voice recordings
GoogleRecognising products in photos, generating catalogue images, and powering catalogue searchProduct photos and product data
QdrantCatalogue search (a vector database)Product data (as search embeddings)
Expo, Apple (APNs), Google (FCM)Delivering push notifications to your deviceDevice push-notification tokens
DiditVerifying Transporter identity (KYC)Identity documents and biometric checks (held by the provider)
Amazon Web ServicesCloud hosting and storageService data generally
Monitoring / observability providerPerformance and error monitoringTechnical and diagnostic data (no message content)

A current list of our material sub-processors is available on request.

Legal and safety. We may share data where required by law, to respond to lawful requests from authorities, or to protect the rights, safety and security of our users, the public or Sakhi Cloud.

7. Transfers outside India

Some processing — including certain AI processing and cloud hosting — takes place outside India, because some of our providers’ default processing locations are outside India. Where we transfer personal data outside India, we do so in line with the DPDP Act (including Section 16) and any applicable government restrictions, and we apply contractual and technical safeguards to protect it.

8. How long we keep your data, and our transaction ledger

We keep personal data only as long as needed for the purposes described in this policy, or as required by law:

  • Account data is kept while your account is active, and for a reasonable period afterwards to meet legal, accounting and dispute-resolution needs.
  • Voice recordings are kept only as long as needed to deliver and support the relevant conversation, then deleted or anonymised.
  • Identity verification records are kept as needed to evidence verification and prevent fraud, and as required by law.
  • Transaction and credit records are kept as needed for accounting, tax, dispute-resolution and legal purposes.

Our transaction ledger. For integrity and audit reasons, certain transactions are recorded in an append-only ledger that cannot be edited after the fact. If you ask us to erase data, or you close your account, and deletion from that ledger is not technically possible without breaking its integrity, we will instead irreversibly anonymise or redact your personal data within those records — except where the law requires us to keep identifiable data.

9. Your rights

Under the DPDP Act, you can:

  • access a summary of the personal data we hold about you and how we use it;
  • correct, complete or update your personal data;
  • erase your personal data (subject to Section 8 and legal retention requirements);
  • withdraw consent you previously gave;
  • nominate another person to exercise your rights if you die or become incapacitated;
  • raise a grievance with us (Section 12).

To exercise any of these, use the options available in the app where provided, or contact our Grievance Officer (Section 12). We will respond within the timelines set by the DPDP Act.

10. Children

The Services are for people aged 18 and over. We do not knowingly process the data of children. If you provide data about another household member, you confirm it does not relate to a child unless you have verifiable consent from that child’s parent or lawful guardian.

11. Security

We use reasonable technical and organisational safeguards — including encryption in transit, access controls and regular reviews — to protect your data against unauthorised access, loss or damage. No system is perfectly secure, so please also keep your device and account credentials safe, and tell us immediately if you suspect any unauthorised use.

12. Contact and Grievance Officer

For any question, request or complaint about your personal data, contact our Grievance Officer:

  • Name: Kranthi Chakilala
  • Email: chk909@gmail.com
  • Address: 2-35, Thadparthy, Tatiparthy, Gopalpeta, Mahabubnagar, Telangana – 509206

We will acknowledge and respond within the timelines set by the DPDP Act and its rules. If you are not satisfied with our response, you may escalate to the Data Protection Board of India.

13. Website cookies

Our website may use strictly necessary cookies to operate, and basic analytics to understand how the site is used. The Sakhi Cloud app does not use third-party advertising or analytics tracking.

14. Changes to this policy

We may update this policy from time to time. If we make material changes we will notify you through the app or by email, and update the “Last updated” date at the top. Continued use of the Services after a change means you accept the updated policy.