Privacy Policy

Samplr ("we", "our", or "us") is committed to protecting the personal and business information of brand accounts on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information relating to you and your business when you use samplr.in as a brand ("Brand Account").

By creating a Brand Account or using any brand-facing features of the Platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Platform.

We comply with applicable Indian data protection law, including the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA) to the extent it is in force.

Account Credentials: Your email address and password (stored as a bcrypt hash) used to log in to the Platform.

Company Information: Company name, website URL, industry, company size, and a brief brand description provided during onboarding or in your Brand Profile.

Contact Details: Name and email address of the individual operating the Brand Account, and a business phone number if provided.

Logo and Media: Brand logo and product images you upload to the Platform.

Brand Questionnaire Responses: Answers you provide in the Brand Profile Questionnaire, used to improve sampler matching accuracy.

Campaign Data: Campaign titles, descriptions, targeting parameters (age, gender, region, product category), sample quantities, campaign budgets, start and end dates, and campaign status history.

Product Catalogue: Product names, descriptions, categories, images, dimensions, weight, and prices for products listed on the Platform.

Order Data: Store order details, including order IDs, item quantities, order status updates, and the delivery information of customers who purchase your products.

Payment and Transaction Data: Payment references, Razorpay order and payment IDs, payment status, and campaign fee history. We do not store your card details; payments are processed by Razorpay.

Usage Data: Pages visited, features used, campaign actions taken, timestamps, and device/browser type used to access the Platform.

Communications: Messages sent via the contact form or email, retained to resolve queries and improve support quality.

OAuth Login Data: If you sign in via Google, we receive your name, email address, and profile picture from Google, subject to the permissions you grant.

Phone Verification: If you verify your brand phone number, we store the verification status and the OTP request history (not the OTPs themselves).

We use the information we collect to:

• Create and manage your Brand Account
• Run, schedule, and manage your sampling campaigns
• Match your campaigns with relevant samplers using our algorithm
• Display your products in the Samplr store for direct consumer purchases
• Process campaign payments and store order transactions
• Provide you with aggregated campaign feedback and insights
• Send transactional emails: OTP verification, password reset, campaign status updates, and order notifications
• Improve and personalise the Platform and matching algorithm
• Detect and prevent fraud, abuse, or policy violations
• Comply with legal obligations

We do not sell your data. We may share information with:

• Samplers: Your brand name, product name, product images, campaign description, and other campaign details are shown to matched samplers. Your personal contact details are not exposed to samplers.
• Payment Processors: Razorpay processes all campaign and store payments. Your payment data is governed by Razorpay's privacy policy.
• Logistics Partners: Shiprocket receives shipment details (package contents, weight, pickup address) necessary to fulfil sampling dispatch.
• Email Service Providers: Resend processes transactional emails sent to your Brand Account email address on our behalf.
• Authentication Providers: Google receives only the OAuth callback data necessary to authenticate your session if you use Google sign-in.
• Legal Requirements: We may disclose information when required by law, court order, or to protect the safety, rights, or property of Samplr or others.

We do not share your campaign data, product data, or brand details with other brands on the Platform.

As a brand running sampling campaigns, you receive limited sampler data necessary for campaign fulfillment:

• Sampler delivery address (for dispatching samples)
• Anonymous or pseudonymous feedback responses submitted by matched samplers
• Aggregated demographic and preference insights from campaign participants

You must not use sampler personal data for any purpose other than the specific campaign for which it was provided. You must not contact samplers directly, add them to marketing lists, or share their data with third parties. Misuse of sampler data is a material breach of our Terms and may result in immediate account termination.

When a consumer purchases your product through the Samplr store, you receive the customer's name, delivery address, and email address solely for the purpose of fulfilling that order. This data must not be used for marketing, added to CRM systems, or shared with third parties without the customer's explicit consent.

We retain your Brand Account data for as long as your account is active or as needed to provide services. Campaign data and order records are retained for a minimum of 3 years for business and legal compliance purposes, even after account deletion. You may request deletion of your account by contacting hello@samplr.in. Some data will be retained in anonymised or aggregated form.

We implement the following security measures to protect your Brand Account:

• Password hashing using bcrypt
• JWT-based session authentication with token expiry
• HTTPS encryption in transit for all data
• Rate limiting on authentication and sensitive endpoints
• Input validation and parameterised queries to prevent injection attacks
• OTP-based email and phone verification

We encourage you to use a strong, unique password and enable OTP verification on your account. Do not share your login credentials with unauthorised individuals.

Under applicable Indian law and the DPDPA, you may have the right to:

• Access the personal and business data we hold about your Brand Account
• Correct inaccurate or incomplete data via your Brand Profile
• Request erasure of your data (subject to legal and contractual retention obligations)
• Withdraw consent to processing where processing is based on consent

To exercise these rights, contact us at hello@samplr.in.

Samplr uses browser local storage (not traditional cookies) to maintain your authentication session. We do not use tracking, advertising, or third-party analytics cookies on brand-facing pages.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised date, and where appropriate, by email to your registered Brand Account address. Continued use of the Platform after changes are posted constitutes acceptance.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:
hello@samplr.in
163/D, Maniktala Main Rd, Kolkata, WB, India — 700054