Privacy Policy

1. Information We Collect

1.1 Account Information

When you create a VendorStocks account, we collect your name, email address, phone number, business name, GSTIN, role (buyer, seller, or both), and business address. This information is required to provide the service and verify your identity as a legitimate business entity.

1.2 Vendor Verification Documents

To maintain a verified marketplace, sellers and vendors are required to submit business documents during onboarding — including but not limited to GST certificates, PAN, business registration documents, and any custom documents requested by buyers as part of approval workflows. These documents are stored securely and accessed only for verification and compliance purposes.

1.3 Business & Transactional Data

The inventory data, product listings, RFQs, quotations, purchase orders, proforma invoices, tax invoices, payment records, and vendor or buyer interactions you generate on VendorStocks belong entirely to you. We store this information on your behalf to provide the service and do not use it for any unrelated purpose.

1.4 Payment Information

When transactions occur on VendorStocks, we collect payment-related metadata such as transaction IDs, amounts, payment status, and bank reference numbers. We do not store full card numbers, CVVs, UPI PINs, or net banking credentials — these are handled directly by our PCI-DSS compliant payment gateway partners.

1.5 Usage Data

We automatically collect information about how you interact with the platform — pages visited, features used, search queries, RFQ activity, timestamps, browser type, IP address, device identifiers, and operating system. This helps us improve the platform, diagnose issues, and detect suspicious activity.

1.6 AI Assistant Interactions

When you use our built-in AI assistant, your queries and the assistant's responses are logged to improve accuracy, train safety filters, and provide support. We do not use your private business data to train third-party AI models without your explicit consent.

1.7 Communication Data

If you contact our support team, send messages to other users on the platform, or interact with sellers and buyers through our messaging tools, we retain those communications to provide support, ensure transparency in transactions, and resolve disputes.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the VendorStocks platform
• Verify vendor and buyer identities and process onboarding workflows
• Process RFQs, purchase orders, quotations, invoices, and payments
• Send transactional communications including order confirmations, invoice notifications, payment reminders, and shipping updates
• Send promotional communications about new features, vendors, or product categories (you may opt out of promotional emails at any time)
• Power the AI assistant to help you find products, vendors, and inventory insights
• Monitor and analyze usage patterns to improve features and performance
• Detect, investigate, and prevent fraudulent transactions, fake listings, and other illegal activity
• Comply with legal obligations under Indian law, including GST, tax, and accounting regulations
• Respond to support queries and resolve disputes between buyers and sellers

3. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We share information only in the following limited circumstances:

• Between buyers and sellers on the platform: When you submit an RFQ, place an order, or receive an order, relevant business information (your business name, GSTIN, contact details, shipping address, and order details) is shared with the counterparty to enable the transaction. This is a necessary part of using a B2B/B2C marketplace.
• Service providers: We use trusted third-party services that process data on our behalf under strict data processing agreements — including cloud hosting and database providers, payment gateways, email and SMS delivery services, analytics tools, and shipping logistics partners.
• Legal requirements: We may disclose information if required by Indian law, court order, regulatory authority, or government agency — including for GST audits, tax investigations, or law enforcement requests.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified in advance and given the option to delete your account before the transfer.
• With your consent: We may share information with third parties when you have explicitly consented.

4. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.3 and at rest using AES-256
• Strict access controls and role-based permissions are enforced across our infrastructure
• Row-level security ensures data isolation between organizations on the platform
• Vendor verification documents are stored in access-restricted storage with audit logging
• Our infrastructure undergoes regular security audits and vulnerability assessments
• Payment processing is handled by PCI-DSS compliant gateway partners

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please contact us immediately at support@skylightsenergy.in.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. If you close your account, we will delete or anonymize your personal data within 90 days, except where retention is required for legal, tax, or regulatory purposes.

Business records — including invoices, purchase orders, GST records, and transaction history — may be retained for up to 3 years to comply with the Indian GST Act, Companies Act, and Income Tax Act requirements. Vendor verification documents are retained for the duration of the vendor relationship plus the legally required period thereafter.

6. Your Rights

You have the following rights with respect to your personal data:

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to statutory retention requirements such as GST records)
• Portability: Request your data in a machine-readable format (CSV, JSON, or PDF where applicable)
• Objection: Object to certain types of processing, including marketing communications
• Withdrawal: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at the address below. We will respond within 30 days, in line with the Digital Personal Data Protection Act, 2023.

7. Cookies

We use cookies and similar tracking technologies to keep you signed in, remember your preferences, analyze platform usage, and improve your experience. Please see our Cookie Policy for full details on what we collect and your choices.

8. Children's Privacy

VendorStocks is a B2B and B2C platform intended for use by registered businesses and their authorized employees. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that a child under 18 has provided personal information, we will delete it immediately.

9. Marketplace Disclaimer

VendorStocks operates as a technology platform that connects independent buyers and sellers of electrical components and switchgear. We are not a party to the transactions, contracts, or agreements formed between buyers and sellers on our platform.

Our role is limited to providing the technology infrastructure to list products, send RFQs, generate quotations, raise purchase orders, issue invoices, and process payment workflows; performing baseline vendor verification through document checks (which does not constitute an endorsement or guarantee of the vendor); and facilitating communication and record-keeping between transacting parties.

We are not responsible for:

• The quality, accuracy, safety, legality, or fitness of products listed by sellers
• The truthfulness or completeness of product descriptions, specifications, certifications, or pricing provided by sellers
• The performance, delivery, or fulfilment of orders by sellers
• Payment defaults, delayed payments, or non-payment by buyers
• Tax compliance (including GST liability) of individual buyers or sellers — each party is responsible for their own tax obligations
• Disputes, damages, returns, warranty claims, or losses arising from transactions between users
• The conduct, representations, or actions of any user on the platform

Buyers and sellers transact with each other directly and at their own risk. We strongly recommend that users perform their own due diligence — including verifying product specifications, vendor credentials, and commercial terms — before entering into any transaction.

While we provide a vendor verification system and dispute resolution support as a service, the legal contract for sale and purchase is solely between the buyer and the seller. VendorStocks is not liable for any direct, indirect, incidental, or consequential damages arising from transactions facilitated through the platform, except as expressly required by applicable law.

For details on dispute resolution mechanisms, vendor obligations, and buyer responsibilities, please refer to our Terms & Conditions.

10. International Data Transfers

VendorStocks is operated from India and your data is primarily stored on servers located in India. If we transfer data outside India for processing (for example, to global service providers), we ensure appropriate safeguards are in place as required by the Digital Personal Data Protection Act, 2023.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post a notice on the VendorStocks platform at least 30 days before the changes take effect. Your continued use of the service after that date constitutes acceptance of the updated policy.