Privacy Policy
Last updated: 1 May 2026
1. Who we are
Vantag ("we", "our", "us") operates the Vantag Retail Intelligence platform distributed under the brands Vantag (Singapore), Retail Nazar (India) and Retail Jaga Jaga (Malaysia). References to "Platform" include our websites, mobile apps, Edge Agent software and cloud APIs.
2. What data we collect
- Account data: name, email, phone, business name, role, preferred language and country.
- Store metadata: shop name, address, camera labels, zone polygons, floor-plan diagrams you upload.
- Camera data: RTSP URLs, camera IPs, credentials (encrypted at rest), health-check results.
- Event data: incident type, timestamp, camera, confidence score, bounding boxes and a short evidence clip (default 10 seconds).
- Billing data: plan, invoice history, Razorpay payment identifiers. We do NOT store card numbers — Razorpay is PCI-DSS Level 1.
- Technical data: IP address, browser, device fingerprint, login timestamps, API request logs.
Raw video footage stays on your Edge device by default. Only short evidence clips attached to a triggered incident are uploaded to our cloud — never continuous recording.
3. Why we collect it (lawful basis)
- Contract performance — to operate the service you subscribed to.
- Legitimate interest — to detect fraud, prevent abuse and secure the Platform.
- Consent — for marketing emails; you can opt out at any time.
- Legal obligation — tax records, lawful law-enforcement requests.
4. How long we keep it
- Account data: for the life of your subscription + 7 years for tax records.
- Incident evidence clips: default 30 days, configurable 15–90 days per tenant plan.
- Audit logs: 1 year.
- Backups: 35 days rolling, encrypted.
5. Who we share it with
We do not sell your data. We share only with:
- Infrastructure vendors (Hostinger VPS in Singapore/Mumbai) under DPA.
- Razorpay for payment processing.
- Email delivery (SMTP provider) for transactional mail.
- Law-enforcement when compelled by a valid legal order.
6. Your rights
You can request access, correction, deletion, export, or restriction of your personal data at any time by writing to privacy@retail-vantag.com. We respond within 30 days.
- India (DPDP Act 2023): you are the Data Principal; we are the Data Fiduciary.
- Singapore (PDPA 2012): access + correction rights under sections 21 & 22.
- Malaysia (PDPA 2010): access + correction rights under sections 30 & 34.
- Indonesia (UU PDP No. 27/2022): access, correction, deletion and objection rights as a Data Subject.
- EU/UK (GDPR/UK-GDPR): all Articles 15–22 rights apply.
7. Security
TLS 1.2+ in transit, AES-256 at rest, scrypt-hashed passwords, SOC-2-aligned access controls, quarterly penetration tests, hardware-isolated Edge inference (video never leaves the store unless it becomes an incident).
8. Cookies
We use strictly necessary cookies (auth session, CSRF) and a preference cookie for language/region. No third-party advertising cookies.
9. Children
The Platform is intended for B2B use. We do not knowingly collect data from anyone under 18.
10. Changes to this policy
We will notify account admins by email at least 14 days before any material change. Archived versions are available on request.
11. Contact & grievance
Grievance Officer: privacy@retail-vantag.com
Postal: Vantag Data Protection Office, Singapore & Mumbai offices.