01 Our Core Promise
GrowYaara was built by people who understand Indian retail. We know the trust you are placing in us when you connect your store systems, customer records, and financial data to our platform.
Our core promise is simple and unconditional:
Your store data, customer records, inventory, and financials will never be sold to any third party, competitor, brand, distributor, or data broker โ ever.
Your business data is not used for advertising, benchmarking services sold to others, industry reports for third parties, or any commercial purpose outside serving your store.
All GrowYaara data is stored on AWS Mumbai region servers. Your data does not leave Indian borders.
You can export or delete your data at any time. Closing your account means your data is permanently deleted within 90 days.
02 Tally & Busy Data
GrowYaara integrates with TallyPrime and Busy accounting software. This integration is designed to add intelligence above your existing accounting setup โ not to replace it or extract data beyond what is needed for GrowYaara's features.
How the Integration Works
The GrowYaara-Tally / Busy integration operates through a local sync agent that you install on the same machine running Tally or Busy. The agent reads authorised ledger and transaction data and syncs it to your GrowYaara account.
| Data Type | Accessed? | Stored in GrowYaara? | Purpose |
|---|---|---|---|
| Sales vouchers & invoices | Yes โ with your permission | Yes โ in your account only | Billing intelligence, analytics |
| Purchase entries | Yes โ with your permission | Yes โ in your account only | Inventory cost tracking |
| Ledger balances (store) | Yes โ with your permission | Yes โ in your account only | Financial reporting |
| Customer financial records | Only if explicitly enabled | Only if explicitly enabled | CRM & outstanding tracking |
| Supplier / vendor data | Only if explicitly enabled | Only if explicitly enabled | Purchase management |
| Bank accounts & reconciliation | No | No | Not part of GrowYaara features |
| Tax filings & GST returns | No | No | Not part of GrowYaara features |
| Payroll & salary data | No | No | Not part of GrowYaara features |
The Tally / Busy sync is permission-based. During setup, you choose which company, date range, and voucher types to sync. You can pause, modify, or disconnect the integration at any time from Settings > Integrations. Disconnecting immediately stops all new data sync.
What Happens to Synced Tally / Busy Data
- Synced data is stored in your GrowYaara account โ isolated and accessible only to you and staff you authorise
- It is used exclusively to power GrowYaara features in your account โ analytics, inventory tracking, billing intelligence
- It is never shared with other retailers, brands, distributors, or any commercial third party
- It is never used to benchmark your store's performance against industry data sold to others
- When you disconnect or close your account, synced data is deleted along with all your other GrowYaara data
03 What We Do Not Store
We are explicit about what GrowYaara does not store or process โ because we believe your business data belongs to you, and we access only what is necessary to serve your store.
04 What We Do Store
In the spirit of full transparency, here is exactly what GrowYaara stores on your behalf โ all within your isolated, encrypted account.
| Data Category | Examples | Encryption |
|---|---|---|
| Store identity | Store name, address, GSTIN, contact | AES-256 at rest |
| Inventory records | Models, IMEI numbers, purchase prices, stock counts | AES-256 + IMEI hashing |
| Sales & billing | Invoices, payment modes, amounts | AES-256 at rest |
| Customer profiles | Name, phone, device purchased, EMI | AES-256 at rest |
| Cashback schemes | Scheme names, IMEI eligibility, claim dates | AES-256 at rest |
| Staff records | Names, roles, attendance, targets | AES-256 at rest |
| Tally / Busy sync data | Authorised vouchers & ledger data | AES-256 at rest, TLS in transit |
| App usage logs | Feature usage, session data โ anonymised | Anonymised, aggregated |
05 We Never Sell Your Data
This deserves its own section because it is that important.
Trenzyrange will never sell, rent, license, or trade your store's commercial data โ including sales figures, inventory data, customer records, pricing data, IMEI records, or any data synced from Tally or Busy โ to any third party for any commercial purpose. This is not just a policy. It is our founding principle.
We Do Not:
- Sell your sales data to mobile brands (Samsung, Vivo, OPPO, Realme, etc.) for market intelligence
- Share aggregated retailer data with distributors, industry bodies, or research firms as a paid service
- Use your pricing data to power commercial pricing intelligence products for third parties
- Provide your customer data to insurance companies, fintech lenders, or any other commercial entity
- Use your business data for advertising targeting on any platform outside GrowYaara
- Allow any GrowYaara employee to access your data for personal or commercial purposes outside their job scope
The Only Exceptions
The only situations where your data is ever shared externally are:
- You initiate it โ e.g., submitting a cashback claim shares relevant IMEI data with that specific brand only
- Legal obligation โ a valid court order or statutory requirement under Indian law
- Infrastructure providers โ our cloud host (AWS Mumbai) stores encrypted data as part of hosting infrastructure, governed by their DPA
06 Encryption & Infrastructure
Every piece of data in GrowYaara is protected by multiple layers of encryption and infrastructure security.
| Security Layer | Standard / Detail |
|---|---|
| Data in transit | TLS 1.2 minimum โ all API calls, sync, app traffic |
| Data at rest | AES-256 encryption โ all databases and file storage |
| IMEI & sensitive fields | Additional field-level hashing on top of AES-256 |
| Cloud infrastructure | AWS Mumbai (ap-south-1) โ data stays in India |
| Database backups | Encrypted daily backups โ 30-day retention |
| API authentication | OAuth 2.0 tokens โ time-limited, rotated regularly |
| App on-device | Local data encrypted using Android Keystore |
| Tally / Busy sync agent | Encrypted channel โ data never stored locally in plaintext |
Our cloud infrastructure is hosted on AWS, which is ISO 27001, SOC 1/2/3, and PCI-DSS compliant. GrowYaara undergoes regular independent security audits and penetration testing. Results are reviewed by our engineering and security teams.
07 Access Controls
Access to your data โ from both within your store team and within GrowYaara's internal teams โ is strictly controlled.
Within Your Store
- Store owners control which staff members can access which modules via role-based permissions
- Staff can be restricted from viewing pricing, profit margins, customer financials, or cashback data
- All staff logins are PIN or biometric protected on the device
- Session timeouts and inactivity locks prevent unauthorized device access
Within GrowYaara
- Production database access is restricted to a small number of authorised engineers with documented, role-based access
- All internal access to customer data requires multi-factor authentication
- Access logs are maintained and regularly audited โ any unusual access is flagged automatically
- GrowYaara support staff access only the minimum data needed to resolve your support request โ and only with your implicit consent when you raise a ticket
- No GrowYaara employee can access your data for personal use or commercial gain โ this is a termination offence
08 Store Data Isolation
Every GrowYaara store account operates in complete isolation from every other store account. This is a foundational design principle, not an afterthought.
- Your inventory, customers, sales, and cashback data are stored in a dedicated, logically isolated data space for your store
- No other retailer โ even if they use GrowYaara โ can see any part of your data
- AI insights are generated at the individual store level using your own data alone โ your data is never pooled into a shared model that other retailers access
- Multi-store accounts (Growth plan) share data only within your own chain โ never across unrelated accounts
- Aggregated, anonymised platform-level analytics (e.g., which app features are popular) never include identifiable store or business data
09 Breach Response
In the unlikely event of a data security incident, GrowYaara has a documented incident response plan.
- We will notify affected users within 72 hours of becoming aware of a confirmed breach that affects their data
- Notifications will be sent via in-app alert, registered mobile number SMS, and email
- We will clearly communicate what data was affected, what steps we have taken, and what you should do
- We will report to relevant Indian regulatory authorities as required by law
- A post-incident report summarising the cause and remediation will be published on our status page
If you discover a security vulnerability in GrowYaara โ the app, website, or API โ please report it responsibly to security@growyaara.com. We take all reports seriously and respond within 48 hours. Responsible disclosure is always appreciated.
10 Your Controls
You have full control over your data at all times. These controls are available directly within the GrowYaara app โ no support ticket needed for most actions.
Download your inventory, customers, sales, and cashback history in CSV or Excel format. Settings > Data > Export.
Pause or fully disconnect the integration instantly. Settings > Integrations > Disconnect.
Add, remove, or restrict staff permissions at any time. Settings > Staff > Manage Roles.
Remove individual customer records permanently. Customers > Select Customer > Delete.
Close your account and request permanent deletion of all data. Settings > Account > Delete Account.
See a log of recent staff login activity in your store account. Settings > Security > Activity Log.
11 Contact Security Team
For data security questions, vulnerability reports, or concerns about how your data is handled, contact our security team directly. We respond to all security matters within 48 hours.