This Privacy Policy explains how Metacomic Private Limited("we", "us") handles personal data in connection with the SupplierProof service. We are committed to processing personal data lawfully and in line with the Digital Personal Data Protection Act, 2023 (DPDP Act).
1. Data we process
About you (the user)
- The CIN / GSTIN you enter and the tier you select for a lookup.
- Payment confirmation details from our payment partner (we do not receive or store your full card or bank details).
- Basic technical data — IP address, browser type, and usage logs — for security and service operation.
About the businesses you look up
When you run a check, we retrieve information from public records (MCA, GST, and related statutory sources) through licensed data providers. This may include the names, DINs, and statutorily disclosed contact and appointment details of directors and authorised signatories. This personal data originates from public statutory filings.
2. Why we process it & our legal basis
- To deliver the report you requested — performance of our service to you.
- Legitimate business verification — you confirm a lawful, legitimate purpose (vendor onboarding, due diligence, contract evaluation) before a lookup runs.
- Payments, security, and legal compliance — to take payment, prevent abuse, and meet legal obligations.
3. Retention
We retain lookup and transaction records only as long as necessary to provide the Service, support refunds and disputes, and meet legal and tax obligations, after which they are deleted or anonymised. Generated reports are delivered to you; we do not maintain a public directory.
4. Sharing & processors
We share data only with service providers acting on our instructions — our payment processor (Razorpay), our data providers (which return the public records), our AI processor (used to generate the risk summary), and cloud hosting and infrastructure providers. We do not sell personal data.
5. Security
We use reasonable technical and organisational safeguards, including encryption in transit, access controls, and secret-key management. No system is perfectly secure, but we work to protect data against unauthorised access, loss, or misuse.
6. Your rights
Subject to the DPDP Act and other applicable law, you may:
- request access to, or correction of, your personal data;
- request erasure of your personal data where applicable;
- withdraw consent for processing that relies on consent; and
- raise a grievance with our Grievance Officer.
If you are an individual named in a report and believe information about you is inaccurate, note that the source is a public record; we can explain the source and, where appropriate, direct you to the relevant authority to correct the underlying filing. To exercise any right, see our Contact & Grievance page.
7. Cookies
We use only essential cookies and similar technologies required to operate the Service and process payments. We do not use cookies for advertising.
8. Children
The Service is intended for business use by adults and is not directed at children.
9. Changes
We may update this Policy; the "Last updated" date reflects the latest version.
10. Grievance Officer
In accordance with applicable law, our Grievance Officer can be reached at support@supplierproof.com. Registered office: [registered office address], India. We aim to acknowledge grievances within the timelines required by law.