Business Roadmap is an AI-powered business consultancy platform headquartered at Sector 52, Noida, Uttar Pradesh – 201301, India. We operate through businessroadmap.in and provide services including Feasibility Studies, Due Diligence Reports, and Detailed Project Reports (DPR) across 786 districts of India in 9 Indian languages, powered by an AI automation framework with expert human oversight.
Business Roadmap exercises full and exclusive authority over the collection, use, storage, and deletion of personal data submitted through our platform. We determine the purpose and manner of all data processing, and all such decisions vest solely with Business Roadmap. By using our services, you acknowledge and accept this authority.
The following terms carry the meanings defined under the DPDP Act, 2023 and shall be read accordingly throughout this Policy:
| Term | Meaning |
|---|---|
| Data Principal ("You") | The individual whose personal data is being collected or processed — i.e., the user, visitor, or client of Business Roadmap who has voluntarily accessed the platform or availed services. |
| Business Roadmap ("We / Us / Our") | Business Roadmap — the entity that solely determines the purpose and manner of processing your personal data, with full authority over all data decisions. |
| Data Processor | Third-party service providers who process personal data strictly on our behalf and under our instructions (e.g., payment gateways, cloud storage providers, OTP delivery services). |
| Personal Data | Any digital data by which you can be identified directly or indirectly, including name, phone number, email address, location, business details, and any information voluntarily submitted while availing our services. |
| Processing | Any operation performed on personal data — collection, storage, use, analysis, sharing, transfer, archival, or deletion. |
| Consent | Your free, specific, informed, unconditional, and unambiguous agreement expressed through a clear affirmative act (e.g., OTP verification or checkbox confirmation) prior to data collection. |
| Services | All products, reports, consultancy services, AI-generated outputs, and digital content offered by Business Roadmap through businessroadmap.in or any associated communication channel. |
| Data Protection Board | The Data Protection Board of India, constituted under §18 of the DPDP Act, 2023. |
We collect personal data that is necessary and proportionate for the delivery of our services. All data is voluntarily provided by you at the time of using our platform. The following categories may be collected:
| Category | Data Points Collected | Collection Mode |
|---|---|---|
| Identity Data | Full name, business name, designation | Enquiry form, onboarding form |
| Contact Data | Mobile number, email address, city/district, state, PIN code | Web forms, OTP verification |
| Business Data | Business idea, industry sector, investment range, language preference, project description, business model inputs | Feasibility Study / DPR intake form |
| Payment Data | Transaction ID, payment status, coupon code used. Card/bank credentials are NOT collected or stored by Business Roadmap — processed exclusively by our payment gateway partners. | Payment gateway (third-party processed) |
| Usage Data | Pages visited, session duration, device type, browser, IP address, referral source | Cookies, server logs, Google Analytics |
| Communication Data | Emails, WhatsApp messages, and support queries voluntarily sent to us | Direct communication channels |
We do not collect sensitive personal data pertaining to religion, caste, political opinions, health conditions, sexual orientation, or biometric identifiers. You are responsible for ensuring that any data submitted by you is accurate, complete, and lawfully provided. Business Roadmap shall not be liable for any consequences arising from inaccurate or misleading data submitted by you.
We process your personal data only for specified, explicit, and legitimate purposes under the DPDP Act, 2023. The legal bases applicable are Consent (§6) and Certain Legitimate Uses (§7):
| Purpose | Legal Basis |
|---|---|
| User registration, OTP-based authentication, and identity verification | Consent |
| Delivery of Feasibility Study, Due Diligence, and DPR reports | Consent / Contractual Service |
| Payment processing, invoicing, and transaction record maintenance | Consent / Legal Obligation |
| Customer support, query resolution, and grievance handling | Consent / Legitimate Use |
| Service updates, report delivery alerts, and status notifications | Consent |
| Promotional communications, newsletters, and business insights (opt-in only) | Consent (withdrawable) |
| Platform improvement, AI model quality enhancement, and analytics | Consent (aggregated/anonymized) |
| Legal compliance, fraud prevention, audit requirements, and enforcement of our rights | Legal Obligation / Legitimate Use |
| Protecting the rights, property, and safety of Business Roadmap, its team, and other users | Legitimate Use / Legal Obligation |
We obtain your consent through clear affirmative acts prior to collecting and processing your personal data. Our consent mechanism operates through:
a) Email OTP Verification — via our email service provider at the time of service request submission, confirming ownership of the email address provided.
b) Phone OTP Verification — via Firebase Authentication (SMS OTP) to validate your mobile number.
c) Explicit Checkbox Confirmation — a distinct, pre-unchecked checkbox on our intake forms confirming your acceptance of this Privacy Policy before form submission.
By completing any of the above verification steps and submitting your service request, you provide informed and unambiguous consent for the collection and processing of your personal data for the purposes stated in this Policy.
Right to Withdraw Consent: You may withdraw your consent for future processing at any time by writing to Contact@businessroadmap.in. Withdrawal of consent shall not affect the lawfulness of any processing carried out prior to such withdrawal. Importantly, if you withdraw consent after a service has been initiated or delivered, Business Roadmap shall have no obligation to issue a refund, and the withdrawal of consent shall not entitle you to cancel a delivered or in-progress service. We will process consent withdrawal requests within a reasonable timeframe as operationally feasible.
Your personal data is processed by our internal AI-powered framework and authorized human oversight team strictly for the following activities:
1. Report Generation: Business information submitted by you is processed by our AI agents to generate Feasibility Study Reports, Due Diligence Reports, or Detailed Project Reports — delivered via a secure, unique URL to your registered email. The content and quality of AI-generated reports is subject to our standard terms and conditions.
2. Service Communication: Your mobile number and email address are used for OTP delivery, report notifications, and support communications. WhatsApp may be used as a supplementary channel where you have provided consent, and we reserve the right to communicate with you through any channel for which you have provided contact details in connection with our services.
3. Quality Assurance & Training: Your submitted data (anonymized where practicable) may be reviewed by our internal team and used to enhance the performance, accuracy, and quality of our AI systems and service delivery. By using our services, you acknowledge and consent to this use.
4. Business Intelligence & Analytics: Aggregated and anonymized usage patterns are analyzed to improve our platform and service offerings. Business Roadmap reserves the right to publish aggregated, non-identifiable market insights derived from collective user data.
5. Legal, Compliance & Protection: Your data may be used to fulfill legal obligations, respond to governmental or judicial orders, enforce our contractual rights, prevent fraud, and protect the interests of Business Roadmap and its users.
Business Roadmap does not sell, rent, or trade your personal data to any third party for their independent commercial purposes. However, we share data with trusted service providers and as required by law, as set out below:
| Recipient | Purpose | Safeguard |
|---|---|---|
| Google LLC | OTP authentication, report storage, automated report generation and delivery | Google's enterprise security standards and data processing terms |
| Standard Service Provider | OTP email delivery and report notification | Standard Data Processing Agreement |
| Payment Gateway Partners | Secure payment processing and transaction verification | RBI-compliant, PCI-DSS certified processors |
| TinyURL | URL shortening for report delivery links | No personal data shared beyond URL string content |
| Government / Legal / Regulatory Authorities | Compliance with applicable laws, court orders, regulatory directives, law enforcement requests, or to defend Business Roadmap's legal rights | Mandatory legal basis; disclosure limited to what is required |
| Business Successors | In the event of a merger, acquisition, restructuring, or sale of Business Roadmap's assets, your data may be transferred to the successor entity as part of business assets | Successor bound by equivalent privacy obligations |
All data processors engaged by Business Roadmap are contractually obligated to process your data solely as per our instructions and to maintain security standards consistent with the DPDP Act, 2023. Business Roadmap is not responsible for the independent privacy practices of any third-party platforms you may navigate to from our website.
We retain your personal data for as long as is necessary to fulfill the purpose for which it was collected, to comply with applicable legal obligations, to resolve disputes, and to enforce our agreements. The following retention schedule applies as a general guideline:
| Data Category | Retention Period | Post-Retention Action |
|---|---|---|
| OTP and Authentication Logs | 180 days from generation | Automatic deletion |
| Feasibility Study / Report & Business Data | 5 years from delivery date | Archived securely; purged thereafter |
| Payment & Transaction Records | 8 years (Income Tax Act, 1961 and GST compliance) | Archived; no active processing post-service period |
| Communication Records (Email / WhatsApp) | 3 years from last interaction | Deleted at end of retention unless legally required |
| Website Usage / Analytics Data | 26 months | Aggregated or auto-deleted per analytics platform settings |
| Inactive User Records | 5 years from last activity | Anonymized or deleted after reasonable notice |
Business Roadmap reserves the right to retain data beyond the periods specified above where required by law, ongoing legal proceedings, regulatory investigations, or to protect our legitimate legal interests. Retention periods are subject to review and may be revised by Business Roadmap without prior notice.
Under Chapter III of the DPDP Act, 2023, you have the following statutory rights with respect to your personal data held by Business Roadmap. These rights are subject to the limitations, exceptions, and operational constraints described herein:
Request a summary of the personal data we hold about you and the categories of processing carried out. We will provide this within a reasonable timeframe, subject to verification of your identity.
Request correction of inaccurate data or erasure of data no longer required for the purpose collected — subject to our legal retention obligations and operational requirements. Erasure of data does not entitle you to a refund for services already rendered.
Lodge a complaint with our designated Grievance Officer. If unresolved to your satisfaction, you may escalate to the Data Protection Board of India.
Nominate another individual to exercise your data rights on your behalf in the event of death or incapacity. Nomination requests must be submitted in writing with supporting documentation.
Withdraw consent for future processing at any time. Business Roadmap will act on the withdrawal within a reasonable operational timeframe. Withdrawal does not apply retrospectively to data already processed or services already delivered.
Where our AI systems are used to process your business data for report generation, you are hereby informed of this at the time of service purchase. Human oversight is applied as part of our quality assurance process.
Business Roadmap implements reasonable and appropriate technical and organizational security measures consistent with industry standards and the DPDP Rules, 2025. Our security framework includes:
Technical Safeguards: HTTPS encryption (TLS 1.2+) for data in transit; Google Firebase enterprise-grade encryption at rest; OTP-based two-factor authentication; role-based access controls; automated session management and token expiry.
Organizational Safeguards: Only authorized personnel within Business Roadmap have access to personal data on a strict need-to-know basis. AI-assisted monitoring is in place for anomalous access patterns. Periodic internal reviews of data handling procedures are conducted.
Data Breach Response: In the event of a personal data breach that poses a material risk to Data Principals, Business Roadmap will notify the Data Protection Board of India in accordance with applicable provisions of the DPDP Act and DPDP Rules. Affected Data Principals will be informed as appropriate and as directed by the Data Protection Board.
Business Roadmap's services are directed exclusively at adults aged 18 years and above. By using our platform or availing our services, you represent and warrant that you are at least 18 years of age. We do not knowingly collect or process personal data of individuals under 18 years of age.
If we determine that personal data of a minor has been collected, we will take reasonable steps to delete such data promptly. Business Roadmap shall not be liable for any consequences arising from misrepresentation of age by any user. If you suspect that a minor has accessed our services, please notify us immediately at Contact@businessroadmap.in.
We do not engage in behavioral monitoring, targeted advertising, or profiling of children, consistent with §9 of the DPDP Act, 2023.
Certain third-party data processors engaged by Business Roadmap are headquartered outside India and may process your data on servers located in other countries, including the United States.
Business Roadmap ensures such transfers are made only to jurisdictions not restricted under §16 of the DPDP Act, 2023. All such transfers are governed by applicable contractual safeguards and the security obligations under the DPDP Rules, 2025. By using our services, you consent to the transfer of your personal data to these jurisdictions to the extent necessary for service delivery.
Business Roadmap will monitor and update its data processor arrangements in accordance with any restricted country list published by the Government of India under the DPDP Act.
All reports, analyses, frameworks, methodologies, AI-generated outputs, content, branding, and documentation created or delivered by Business Roadmap — including Feasibility Study Reports, Due Diligence Reports, and Detailed Project Reports — are the exclusive intellectual property of Business Roadmap, unless expressly stated otherwise in a separate written agreement.
Upon payment and delivery of a report, you are granted a limited, non-exclusive, non-transferable, personal license to use the delivered report for your own private business evaluation purposes only. You may not reproduce, redistribute, resell, publish, modify, sub-license, or commercially exploit any report or content delivered by Business Roadmap without our prior written consent.
Any business ideas, inputs, or data you submit to Business Roadmap for the purpose of report generation are processed by us on a confidential basis for service delivery. Business Roadmap does not claim ownership over your underlying business idea. However, aggregated market patterns and insights derived from collective user data remain the property of Business Roadmap and may be used for research and product development.
Business Roadmap's reports, analyses, and AI-generated outputs are provided for informational and advisory purposes only and do not constitute legal, financial, investment, regulatory, or professional advice. Business Roadmap does not guarantee the accuracy, completeness, or fitness of any report for any specific commercial purpose.
To the maximum extent permitted by applicable law, Business Roadmap, its directors, employees, agents, and AI systems shall not be liable for:
(a) Any business decision made by you in reliance on our reports or data;
(b) Any loss of profit, revenue, business opportunity, or goodwill arising from use of our services;
(c) Any data loss, unauthorized access, or breach arising from your own actions or third-party systems;
(d) Any inaccuracies in AI-generated content resulting from erroneous or incomplete data submitted by you;
(e) Any delay in report delivery beyond our standard timelines due to technical failures, third-party outages, or force majeure events;
(f) Any regulatory, legal, or financial consequences arising from business decisions made using our reports.
In any event, the maximum aggregate liability of Business Roadmap to you under this Policy or in connection with our services shall not exceed the amount actually paid by you for the specific service in question.
Indemnification: You agree to indemnify and hold harmless Business Roadmap, its officers, directors, employees, and agents from any claims, damages, losses, liabilities, or expenses (including legal fees) arising out of: (a) your breach of this Policy; (b) your misuse of our services; (c) your submission of inaccurate, false, or misleading data; or (d) your violation of any applicable law.
This Privacy Policy and all matters arising out of or in connection with it shall be governed by and construed in accordance with the laws of India, including but not limited to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Indian Contract Act, 1872.
Any dispute, claim, or controversy arising out of or relating to this Policy, your use of our services, or the collection or processing of your personal data shall be subject to the exclusive jurisdiction of the courts located in Gautam Buddh Nagar (Noida), Uttar Pradesh, India. By using our platform, you irrevocably submit to this jurisdiction and waive any objection to proceedings in these courts on grounds of inconvenient forum.
Before initiating any formal legal proceedings, you agree to first attempt resolution by writing to Business Roadmap at Contact@businessroadmap.in with a detailed description of your grievance. Business Roadmap will make reasonable efforts to resolve the matter within 30 days of receiving such notice.
Business Roadmap has designated a Grievance Officer to handle all complaints and requests related to personal data processing under this Policy. You may contact the Grievance Officer at:
If your grievance is not resolved to your satisfaction after following the above process, you may escalate your complaint to the Data Protection Board of India. The Telecom Disputes Settlement and Appellate Tribunal (TDSAT) serves as the appellate authority.
Business Roadmap reserves the absolute right to update, modify, or replace this Privacy Policy at any time, at its sole discretion, to reflect changes in applicable law, business practices, service offerings, or data processing activities. The revised Policy will be posted at businessroadmap.in/privacy-policy with an updated effective date.
For material changes — defined as changes that substantively alter your rights or our data processing practices — we will make reasonable efforts to notify registered users via email or a website notice. However, it is your responsibility to periodically review this Policy. Continued use of our website or services following any update constitutes your acceptance of the revised Policy.
Business Roadmap shall not be liable for any consequences arising from your failure to review updated versions of this Policy. If you disagree with any revision, your sole remedy is to discontinue use of our services. No revised Policy shall affect transactions already completed or reports already delivered prior to the effective date of the revision.
For any queries, requests, or concerns regarding your personal data or this Privacy Policy, please contact us through the following channels: