1. Introduction

Avirastra ("we," "our," or "us") is a technology company headquartered in Jaipur, Rajasthan, India, providing enterprise software solutions, custom application development, AI automation services, and hospitality management platforms, including our flagship product Manestro.

This Privacy Policy explains how Avirastra collects, uses, stores, shares, and protects the personal data of individuals who visit our website (avirastra.com), use our services, or interact with us in any capacity. We are committed to protecting your privacy and complying with applicable laws, including the Digital Personal Data Protection (DPDP) Act, 2023, and the Information Technology (IT) Act, 2000.

By using our website or services, you agree to the collection and use of your information as described in this policy. If you disagree, please discontinue use of our website and services.

2. Information We Collect

We collect the following categories of personal data when you interact with our website or use our services:

2.1 Information You Provide Directly

Full name, email address, phone number, and company name submitted via contact forms or consultation booking
Business details and project requirements shared during onboarding or sales discussions
Payment and billing information (processed securely through third-party payment gateways)
Communications, feedback, or support requests sent to our team

2.2 Information Collected Automatically

IP address, browser type, device type, operating system, and screen resolution
Pages visited, time spent on pages, clickstream data, and referral source
Cookies and similar tracking technologies (see Section 7 for details)
Geographic location data (city/region level only)

2.3 Information From Third Parties

Business contact data from professional networks, referral partners, or publicly available sources
Integration data received when you connect third-party tools with our services (e.g., APIs, CRMs)
Analytics data from Google Analytics or similar services

3. How We Use Your Information

Avirastra uses collected personal data only for legitimate business purposes, which include:

3.1 Service Delivery

To provide, operate, and maintain our software development, automation, and consulting services
To manage your account, process transactions, and fulfill contractual obligations
To deliver and manage Manestro (our hospitality management platform) and associated features

3.2 Communication

To respond to your inquiries, support requests, or feedback
To send service-related updates, invoices, and project communications
To send promotional communications, newsletters, and product updates (with your consent)

3.3 Improvement and Analytics

To analyze usage patterns and improve our website, products, and services
To conduct research and development for new features and offerings
To prevent fraud, abuse, and unauthorized access

3.4 Legal Compliance

To comply with applicable laws, regulations, and legal proceedings
To enforce our Terms of Service and other agreements

4. Legal Basis for Processing

Under the Digital Personal Data Protection Act, 2023, we process your data on the following grounds:

Consent - Where you have provided explicit consent (e.g., subscribing to our newsletter)
Contractual Necessity - Where processing is required to perform a contract with you
Legitimate Interest - For fraud prevention, security, and improving our services
Legal Obligation - Where we are required by law to process your data

5. Data Sharing and Disclosure

Avirastra does not sell, rent, or trade your personal data. We may share your information only in the following circumstances:

5.1 Service Providers

We work with trusted third-party vendors who assist us in delivering our services, including cloud hosting providers, payment processors, email and communication platforms, analytics tools, and monitoring tools.

All third-party processors are contractually bound to handle your data securely and only for specified purposes.

5.2 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority in India or any applicable jurisdiction.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred as part of the transaction. We will notify you of any such change and ensure your data remains protected.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by applicable law. Our general retention periods are:

Client and project data: Retained for 7 years after the end of a business relationship (as required for financial and legal compliance)
Marketing and lead data: Retained for 2 years, or until you withdraw consent
Website analytics: Retained for 26 months (aggregated and anonymized thereafter)
Support communications: Retained for 3 years
Upon expiration of the retention period, we securely delete or anonymize your data.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience. We use the following types of cookies:

7.1 Essential Cookies

Required for the website to function properly. These cannot be disabled and do not store personally identifiable information.

7.2 Analytics Cookies

Used to collect anonymous data about how visitors use our website (e.g., pages visited, time spent). We use Google Analytics for this purpose.

7.3 Marketing Cookies

Used to display relevant advertisements and track campaign effectiveness. These are activated only with your consent.

8. Data Security

Avirastra implements industry-standard technical and organizational security measures to protect your personal data, including:

SSL/TLS encryption for all data transmission
AES-256 encryption for data stored at rest
Role-based access control and multi-factor authentication for internal systems
Regular security audits and vulnerability assessments
Employee data protection training and confidentiality agreements
While we take all reasonable precautions, no method of transmission or electronic storage is 100% secure. We encourage you to use strong passwords and report any suspected security vulnerabilities to contact@avirastra.com.

9. Your Rights Under the DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access - Request a copy of the personal data we hold about you
Right to Correction - Request correction or update of inaccurate or incomplete data
Right to Erasure - Request deletion of your personal data (subject to legal retention obligations)
Right to Grievance Redressal - Lodge a complaint with our Data Protection Officer or the Data Protection Board of India
Right to Withdraw Consent - Withdraw previously given consent at any time (this will not affect past processing)
Right to Nominate - Nominate a person to exercise these rights on your behalf in the event of your death or incapacity
To exercise any of these rights, please contact us at contact@avirastra.com. We will respond within 30 days.

10. Children's Privacy

Avirastra's services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us immediately at contact@avirastra.com and we will promptly delete such data.

11. International Data Transfers

Avirastra is based in India and primarily processes data within India. However, some of our third-party service providers may be located outside India. When data is transferred internationally, we ensure adequate safeguards are in place, including data processing agreements that comply with applicable data protection standards.

12. Third-Party Links

Our website may contain links to third-party websites, including our product Manestro (manestro.in) and social media platforms. This Privacy Policy does not apply to those websites. We encourage you to read the privacy policies of any third-party sites you visit, as we have no control over their data practices.

13. Manestro - Specific Data Practices

Manestro is Avirastra's hospitality management and QR ordering platform. If you are a client or end-user of Manestro, the following additional data practices apply:

Guest order data (items ordered, timestamps, table numbers) is collected to process and manage restaurant orders
Restaurant/merchant business data is used to configure and maintain your Manestro account
QR code scan data may be collected for analytics purposes at the restaurant level
Payment data is processed exclusively through PCI-compliant payment gateways; Avirastra does not store full payment card numbers
Manestro clients (restaurants and hospitality businesses) act as data fiduciaries for their guests' data and are responsible for ensuring their own compliance with applicable privacy laws.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last Updated" date at the top of this document
Post a notice on our website (avirastra.com) for 30 days
Notify registered users via email where required by law
Continued use of our website or services after the updated policy is posted constitutes your acceptance of the revised terms.

15. Grievance Officer and Contact Information

In accordance with the IT Act, 2000 and the DPDP Act, 2023, we have designated a Grievance Officer to address data protection concerns:

Grievance Officer - Data Protection Avirastra Technology and Innovation Jaipur, Rajasthan - 302001, India Email: contact@avirastra.com Phone: +91 82094 97380 Business Hours: Monday to Saturday, 10:00 AM to 6:00 PM IST

We aim to acknowledge all complaints within 3 business days and resolve them within 30 business days. If you are not satisfied with our resolution, you may escalate your complaint to the Data Protection Board of India.

This Privacy Policy is governed by the laws of India.