Privacy Policy

This Privacy Policy describes how Vehixo Digital Private Limited ("Vehixo", "we", "us", "our"), operating the ERP Hunter platform at erphunter.com (the "Platform"), collects, uses, discloses, and protects personal data of visitors, registered buyers, and verified implementation partners.

ERP Hunter is the operating system for ERP implementation partners. Partners license per-seat workspaces and invite their own clients ("Buyers") into private rooms to run discovery, draft RFPs, and collaborate on bids. We are committed to processing personal data lawfully under India's Digital Personal Data Protection Act, 2023 (DPDP Act), and — where applicable — the EU/UK GDPR and other regional privacy laws.

1. Who we are

The data fiduciary (controller) is Vehixo Digital Private Limited, a company incorporated in India with its registered office at Bangalore, Karnataka 560076. For privacy questions, contact privacy@erphunter.com.

2. Information we collect

2.1 Information you provide

• Account data: name, work email, hashed credentials, role (Buyer or Partner), and organization details.
• Partner profile: firm name, website, ERP specialisations, geographies, optional case studies.
• Buyer project data: discovery inputs, RFP scope, modules, timeline, budget range, functional and technical requirements.
• Communications: in-workspace messages, threads on RFPs, support requests.
• Payment data: for Partners — billing identifiers processed by PCI-DSS compliant payment processors. We do not store full card numbers.

2.2 Information we generate

• AI-generated content: structured RFPs, bid drafts, parsed external RFPs, and summaries derived from your inputs.
• Audit log: actor, timestamp and diff for every publish, role change, and bid action inside a workspace.

2.3 Information collected automatically

• Usage data: pages visited, features used, timestamps.
• Device data: IP address, browser, OS, language, time zone.
• Cookies: session cookies for authentication and limited analytics. No third-party advertising cookies.

3. How we use information

• Operate the platform — workspaces, invitations, RFP creation, bidding, messaging, audit.
• Run AI-assisted features — drafting RFPs and bids, parsing inbound RFPs. AI outputs are reviewed by users before being acted upon; we do not make solely automated decisions with legal or similarly significant effects.
• Bill Partners per active seat and issue invoices.
• Detect fraud and enforce our Terms.
• Improve the platform via aggregated, de-identified analytics.
• Send transactional emails (account, invite, RFP status, bids). Marketing emails only with consent and an unsubscribe link.
• Comply with legal obligations.

4. Legal bases for processing

Where the DPDP Act or GDPR applies, we rely on: contract (to provide the platform you request), consent (for marketing and optional features), legitimate interests (security, fraud prevention, product improvement), and legal obligation (tax, accounting, regulatory).

5. AI processing and your data

We use third-party AI model providers (e.g., OpenAI, Google) under enterprise agreements that prohibit those providers from training their models on your inputs. We send only the minimum data needed to generate an output. We do not sell your data and do not allow AI providers to use it for any purpose other than serving our request.

6. Sharing and disclosure

• Between users in the same workspace: a partner and its invited buyer see each other's workspace contributions by design.
• Never across workspaces: one partner cannot see another partner's clients or RFPs. One buyer's data is never exposed to a different partner.
• Service providers: hosting, email, payments, AI providers, analytics — bound by data processing agreements.
• Legal: when required by law, court order, or to protect rights, safety, and integrity of the platform.
• Business transfers: in connection with a merger or acquisition, with notice to affected users.

We do not sell personal data.

7. International transfers

We are headquartered in India. Some service providers process data in other jurisdictions (e.g., USA, EU). Where required, we use contractual safeguards (e.g., Standard Contractual Clauses) to protect your data.

8. Data retention

We retain personal data for as long as your account is active and as needed to provide the Platform. After account closure, we retain data only as required to comply with legal obligations, resolve disputes, and enforce agreements (typically up to 7 years for financial records).

9. Security

We use industry-standard safeguards: TLS in transit, encryption at rest, role-based access controls, audit logs, regular security reviews, and least-privilege access for our team. No system is perfectly secure; we encourage strong passwords and prompt reporting of suspected incidents.

10. Your rights

Subject to applicable law, you may:

• access, correct, or update your personal data;
• request deletion ("right to erasure") of your account and associated data;
• withdraw consent for processing based on consent;
• object to or restrict certain processing;
• request data portability;
• nominate a legal representative under the DPDP Act;
• lodge a complaint with the Data Protection Board of India or your local supervisory authority.

To exercise rights, email privacy@erphunter.com. We respond within 30 days.

11. Children

The Platform is not intended for individuals under 18. We do not knowingly collect data from children.

12. Changes

We may update this Policy. Material changes will be notified by email or in-app at least 14 days before they take effect. The "Effective date" above shows when the latest version applies.

13. Contact

Vehixo Digital Private Limited
Registered Office: Bangalore, Karnataka 560076, India
Email: privacy@erphunter.com