CreatorBeeHive ("Platform", "we", "our", "us") is committed to maintaining the confidentiality, integrity, and security of all personal information entrusted to us by our business clients ("Merchants") and their customers ("End-Users").

1. Information We Collect

We collect data to provide our Software-as-a-Service (SaaS) solutions. This includes:

A. From Merchants (Business Users)

**Identity Data:** Name, Username, and Government-issued ID (if required for KYC).
**Contact Data:** Business email address and billing address.
**Financial Data:** Bank account details or UPI IDs for payout processing (handled via secure gateways).
**Technical Data:** Integration tokens and API configurations for third-party platforms.

B. From End-Users (Customers of Merchants)

**Authentication Data:** Email address or Phone number used for access verification.
**Platform Identifiers:** Unique user IDs (UIDs) from third-party communication platforms (e.g., Telegram) to facilitate access control.
**Transaction Data:** Payment confirmation details and subscription duration.

Note: We do not access, store, or read private message content, media, or personal conversations. Our scope is strictly limited to membership status verification.

2. Purpose of Data Processing

We process your data for the following legitimate business purposes:

To provision and manage SaaS accounts.
To automate membership access via API integrations.
To process subscription payments via regulated Payment Aggregators.
To send transactional notifications (invoices, password resets, access links).
To prevent fraud and ensure the security of our infrastructure.

3. Disclosure to Third Parties

We operate with a strict "Need to Know" policy. Data is shared only with:

Payment Processors (Razorpay/Stripe): To process secure transactions.
Cloud Infrastructure (AWS/Vercel): For hosting and database services.
Communication Service Providers (Telegram API): Strictly for the purpose of managing group/channel access permissions.
Legal Authorities: When required by Indian law under the IT Act, 2000.

4. Data Security Standards

We employ enterprise-grade security practices:

All data in transit is encrypted via TLS 1.2/1.3 (HTTPS).
Sensitive authentication tokens are hashed and salted.
We do not store credit card numbers on our servers; they are tokenized by our payment partners.

5. Data Retention Policy

**Active Accounts:** Data is retained as long as the Merchant subscribes to our services.
**Inactive Accounts:** Data is archived for 90 days post-cancellation, then permanently deleted.
**Financial Records:** Retained for 8 years as mandated by the Income Tax Act, 1961.

6. Cookies & Local Storage

We use session cookies strictly for authentication and CSRF (Cross-Site Request Forgery) protection. We do not use third-party advertising cookies.

7. Your Rights

Under the applicable laws, you have the right to request access to, correction of, or deletion of your personal data. Please submit requests via our support portal.

8. Links to Third-Party Sites

Our platform interacts with third-party APIs (e.g., Telegram, Google). We are not responsible for the privacy practices or content of these external platforms. Users are advised to review the privacy policies of such platforms separately.

9. Grievance Redressal Mechanism

In accordance with the Information Technology Act, 2000 and Rules made thereunder, the contact details of the Grievance Officer are provided below:

Grievance Officer: Compliance Team

Address: 153a, block 5 , patan , sikar , rajasthan , 332718

Email: [email protected]

Phone: +918239509548

We will acknowledge all grievances within 48 hours and redress the same within 1 month from the date of receipt of the grievance.

10. Updates to Policy

We reserve the right to modify this policy at any time. Significant changes will be notified via email or a prominent notice on our dashboard.

Privacy Policy