Privacy Policy

Last updated: 2 May 2026

The short version: we collect only what we need to run the app, we don't sell your data to anyone, and you can export or delete your data any time.

1. Who is the controller

SmartBoutique is operated by QuantumBytes (Punjab, India). For data about your boutique (customers, orders, etc.), you — the boutique owner — are the data controller. We are a data processor on your behalf.

2. Data we collect about your account

• When you sign up: boutique name, owner name, email, phone, optional city, chosen username and password (hashed).
• While using the app: data you put in — customers, orders, payments, measurements, uploaded photos, expenses, attendance.
• Operational logs: request timestamps, IP addresses (for rate limiting), error reports. No third-party analytics or tracking pixels.

3. How we use it

• To run the service for you (showing your data back to you).
• To send you essential service emails (trial expiry, billing receipts, security alerts). We do not send marketing emails to your account email without your explicit opt-in.
• To detect and stop abuse (spam, brute-force login, fraud).
• To produce aggregate, anonymous usage stats (e.g. "average orders per boutique") for our own product decisions — never tied back to you.

4. What we do NOT do

• We do not sell, rent or share your data with advertisers, marketers or data brokers.
• We do not use your customers' data to train AI models.
• We do not embed third-party tracking pixels (Google Analytics, Facebook Pixel, Hotjar, etc.) on pages where your boutique data is shown.

5. Data your boutique collects from its customers

Your customers' data (name, phone, measurements, balance) belongs to your boutique. You are responsible for telling your customers how their data is used. We strongly recommend you keep this data accurate, only use it for the boutique relationship, and respond promptly if a customer asks you to update or delete their record.

6. Where we store data

All data is stored on servers in India (DigitalOcean Bangalore, BLR1 region). Daily encrypted backups are retained for 30 days. We do not transfer your data outside India.

7. How long we keep it

• While your account is active: as long as you use SmartBoutique.
• After cancellation: 60 days (so you can re-activate or export). Then permanently deleted.
• Backups: rolling 30-day window.
• Operational logs: 30 days, then auto-deleted.

8. Your rights

• Access: log in any time to see all your data.
• Export: CSV exports for customers / orders / payments are available from inside the app.
• Correction: edit any of your data directly in the app.
• Deletion: in the SmartBoutique mobile app, open More → My account → Danger zone → Delete boutique & account. This permanently deletes your boutique and every customer, order, payment, product and staff record cascaded under it, immediately. You can also email us to do the same; we respond the same business day.
• Portability: we'll provide a full database dump on request, no charge.

9. Cookies

We use one essential cookie for login session (NextAuth JWT). No tracking cookies, no advertising cookies.

10. Security

See our Security page for the full list of measures: HTTPS, bcrypt password hashing, per-tenant isolation, daily backups, login + upload rate limiting, file-type validation.

11. Children

SmartBoutique is a B2B product for boutiques. We do not knowingly collect data from anyone under 18.

12. Contact

Questions, concerns, data subject requests — email [email protected] or call +91 94782 10404. We respond within 7 business days.