Privacy Policy

Last updated: January 2025

1. Introduction

Vruza AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Customer Reputation System for e-commerce merchants in Pakistan.

2. Information We Collect

2.1 Merchant Information

  • Business name, address, and contact details
  • Email address and phone number
  • Payment and billing information
  • API usage data and logs

2.2 Customer Data (Anonymized)

  • Hashed phone numbers (SHA-256 encrypted)
  • Partial delivery addresses (first 3 characters only)
  • Order history and transaction outcomes
  • Risk scores and verification status

3. How We Use Your Information

  • Provide and maintain our fraud prevention services
  • Calculate customer risk scores across merchants
  • Improve our machine learning algorithms
  • Process payments and manage subscriptions
  • Send service updates and security alerts
  • Comply with legal obligations

4. Data Sharing and Privacy

We NEVER share personally identifiable information (PII).All customer data is anonymized through SHA-256 hashing before being shared across our network.

4.1 Cross-Merchant Data Sharing

To provide accurate risk scores, we share anonymized customer behavior data (order completion rates, COD acceptance rates) across participating merchants. This creates a network effect that benefits all merchants while protecting customer privacy.

4.2 Third-Party Services

  • Stytch (authentication provider)
  • Cloudflare (infrastructure and security)
  • Neon (database hosting)
  • Stripe (payment processing)

5. Data Security

We implement industry-standard security measures:

  • SHA-256 encryption for all customer identifiers
  • HTTPS/TLS encryption for all data transmission
  • Cloudflare WAF and DDoS protection
  • Regular security audits and penetration testing
  • Role-based access control for merchant data

6. Data Retention

We retain anonymized customer data for 2 years after the last recorded transaction. Merchant account data is retained for 3 years after account closure for legal compliance purposes.

7. Your Rights (PDPA Compliance)

Under the Pakistan Data Protection Act (PDPA), you have the right to:

  • Access your personal data
  • Request data correction or deletion
  • Withdraw consent for data processing
  • File a complaint with regulatory authorities
  • Request data portability

8. Customer Dispute Mechanism

End customers can dispute their risk scores or request data deletion by contacting the merchant who submitted their data. Merchants can submit disputes on behalf of customers through our dashboard.

9. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify merchants via email of any material changes at least 30 days before they take effect.

11. Contact Us

For privacy-related inquiries, please contact:

  • Email: privacy@vruza.ai
  • Address: [To be added]
  • Phone: [To be added]