Effective Date: June 26, 2026
Last Updated: June 26, 2026
1. Parties and scope
This Checkout Data Processing Addendum ("Addendum") forms part of the agreement between:
- SEQUENS LLP (operating QuantaRoute), a company registered in India ("QuantaRoute", "Data Processor", "Processor")
- The merchant entity that accepts this Addendum during QuantaRoute Checkout onboarding ("Merchant", "Data Fiduciary" for buyer personal data)
This Addendum applies when Merchant uses QuantaRoute Checkout — the address capture widget, OTP authentication, saved addresses, payment configuration, webhooks, and related Edge Functions — to process personal data of Merchant's buyers ("Buyers", "Data Principals").
Our general Privacy Policy and Terms & Conditions govern Merchant's use of the QuantaRoute developer portal and APIs. This Addendum supplements those documents for checkout buyer data.
2. Roles under the DPDP Act
| Party | Role | Responsibility |
|---|---|---|
| Merchant | Data Fiduciary | Determines why and how Buyer personal data is collected through its storefront; provides privacy notices to Buyers; obtains consent where required; responds to Buyer rights requests |
| QuantaRoute (SEQUENS LLP) | Data Processor | Processes Buyer personal data only on Merchant's documented instructions via the Checkout product; implements security measures; assists Merchant with erasure and compliance |
Merchant acknowledges that QuantaRoute does not control Merchant's relationship with Buyers and is not responsible for Merchant's privacy notices, consent practices, or lawful bases for processing.
3. Data categories processed
QuantaRoute may process the following categories of Buyer personal data on behalf of Merchant:
| Category | Examples | Purpose |
|---|---|---|
| Identity & contact | Email, phone (E.164), name if provided | OTP verification, saved-address lookup, session continuity |
| Delivery address | Flat/building/street, locality, district, state, pincode | Address capture, DigiPin geocoding, delivery validation |
| Location coordinates | Latitude, longitude, DigiPin code | Map pin placement, geocoding accuracy |
| Session & technical | Checkout session ID, buyer ID, UTM parameters, device/browser metadata in logs | Funnel analytics, fraud prevention, webhook correlation |
| Payment references | Razorpay order/payment IDs when Merchant enables integrated payment | Order completion webhooks, reconciliation (Merchant's Razorpay account) |
QuantaRoute does not store full payment card numbers. Card data is handled directly by Razorpay when Merchant uses BYO Razorpay mode.
3.1 Search library enhancement (de-identified)
Buyer delivery address data captured through Checkout may contribute to QuantaRoute Search — the shared geocoding and address-autocomplete library — only in de-identified form and only where Merchant has obtained valid Buyer consent (or another lawful basis under the DPDP Act).
Merchant must inform Buyers in its privacy notice that de-identified address components may be used to improve QuantaRoute location services, and obtain consent where required.
Included in the search library (location components only):
- Coordinates (latitude, longitude), DigiPin codes
- Pincode, locality, district, state, country
- Street name, building or premises name (where part of the address structure), normalized address tokens
- Administrative and street-context fields derived from spatial conflation (see QuantaRoute technical documentation)
Explicitly excluded — never written to the search library index:
- Email address, phone number, personal name
- Flat or unit number, floor number, saved-address label (e.g., "Home", "Office")
Excluded fields may still be processed transactionally for Checkout (OTP, delivery, saved addresses) but are stripped before search-library indexing. Merchant remains responsible for lawful collection and Buyer notices for all fields.
Buyer rights: Buyers should direct access, correction, erasure, and consent-withdrawal requests to Merchant (Data Fiduciary). Merchant may request search-library removal via Checkout erasure tools or quantaroute@gmail.com.
Merchant opt-out: Merchant may disable search-library contribution for Checkout address data by contacting hello@quantaroute.com (prospective effect; transactional Checkout continues).
4. Processor obligations
QuantaRoute will:
- Process Buyer personal data only to provide Checkout Services and as documented in this Addendum, the Privacy Policy, and Merchant's configuration
- Implement reasonable security safeguards (encryption in transit and at rest, access controls, API authentication)
- Ensure personnel and sub-processors with access to Buyer data are bound by confidentiality and data-protection obligations
- Not sell Buyer personal data
- Assist Merchant, within reasonable scope and timeframes, with:
- Buyer erasure requests (via checkout-admin
erase_buyeror support) - Security incident notification where Buyer data is affected
- Audit information reasonably required to demonstrate compliance (subject to confidentiality and security constraints)
- Buyer erasure requests (via checkout-admin
- Delete or return Buyer personal data upon termination of Checkout use, subject to legal retention requirements
- De-identify Buyer address contributions before indexing into QuantaRoute Search, excluding email, phone, personal name, flat number, floor number, and address label per Section 3.1
5. Merchant obligations
Merchant will:
- Provide Buyers with a clear privacy notice explaining checkout data collection, purposes (including de-identified search-library enhancement per Section 3.1), and rights
- Obtain valid consent or establish another lawful basis under the DPDP Act before collecting Buyer personal data and before Buyer address data may be used for QuantaRoute Search library improvement
- Configure allowed domains, webhook endpoints, and CRM integrations responsibly
- Not submit unlawful, excessive, or unnecessary personal data through Checkout
- Honour Buyer rights requests as Data Fiduciary and use QuantaRoute erasure tools or support channels when deletion in QuantaRoute systems is required
- Indemnify QuantaRoute against claims arising from Merchant's failure to comply with applicable data-protection law
6. Sub-processors
Merchant authorises QuantaRoute to engage the following categories of sub-processors. Material changes will be reflected in an updated Privacy Policy or notice where required by law:
| Sub-processor | Purpose | Data processed |
|---|---|---|
| Supabase | Database, authentication infrastructure, Edge Functions | Checkout sessions, addresses, logs |
| MSG91 | SMS OTP delivery | Phone numbers, OTP messages |
| Resend | Transactional email (OTP, notifications) | Email addresses, message content |
| MoEngage | CRM / engagement (when Merchant configures) | Buyer identifiers and events Merchant routes |
| CleverTap | CRM / analytics (when Merchant configures) | Buyer identifiers and events Merchant routes |
| WebEngage | CRM / engagement (when Merchant configures) | Buyer identifiers and events Merchant routes |
| Razorpay | Payment processing (BYO Razorpay mode) | Payment metadata, Buyer contact as required by PG |
| Shopify | Storefront integration (Shopify app merchants) | Store linkage, cart/checkout context |
| Vercel | Portal hosting | Request logs for developers.quantaroute.com |
Merchant CRM integrations (MoEngage, CleverTap, WebEngage) are activated only when Merchant provides credentials; QuantaRoute routes events on Merchant's instruction.
7. Security
QuantaRoute maintains technical and organisational measures aligned with the IT Rules, 2011 and DPDP Act, including TLS encryption, hashed credentials, API key authentication, rate limiting, and access controls on production systems.
Merchant is responsible for securing its Admin API key (qca_…), geocoding keys, webhook secrets, and Razorpay credentials. Keys displayed once at onboarding must be stored in a password manager.
8. Personal data breach
If QuantaRoute becomes aware of a personal data breach affecting Buyer data processed on behalf of Merchant, QuantaRoute will:
- Take reasonable steps to contain and remediate the breach
- Notify Merchant without undue delay with information reasonably available about the nature of the breach and mitigation steps
- Cooperate with Merchant's obligations to notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act <!-- counsel should verify notification timelines when rules are final -->
Merchant is responsible for notifying Buyers and authorities when Merchant, as Data Fiduciary, determines notification is required.
9. Erasure and retention
| Data type | Retention (default) |
|---|---|
| Checkout sessions | 90 days after completion, abandonment, or last activity |
| Buyer addresses & profiles | Until erasure request or merchant closure + 90 days |
| OTP / auth login attempts | 30 days |
| Webhook delivery logs | 90 days |
| Payment references (BYO Razorpay) | Up to 7 years where tax/GST records require |
Merchant may request Buyer erasure via the Checkout dashboard (Buyer data & DPDP section) or POST checkout-admin?action=erase_buyer with buyer ID, email, or phone. QuantaRoute will process verified erasure requests within 30 days, providing at least 48 hours' notice before permanent deletion where practicable.
10. Audit rights
Upon reasonable written request and subject to confidentiality, QuantaRoute will provide Merchant with information reasonably necessary to demonstrate compliance with this Addendum. On-site audits may be conducted no more than once per year with 30 days' notice, during business hours, and without disrupting operations. Merchant bears its own audit costs unless a material breach by QuantaRoute is confirmed.
11. Liability
Each party's liability under this Addendum is subject to the limitation of liability in the Terms & Conditions. Neither party excludes liability for fraud, wilful misconduct, or matters that cannot be limited under applicable law.
Processor liability for Buyer data breaches caused by QuantaRoute's failure to meet Processor obligations is limited to direct damages reasonably foreseeable at the time of the breach, except where law requires otherwise.
12. Term and termination
This Addendum begins when Merchant accepts it during checkout onboarding and continues while Merchant uses QuantaRoute Checkout. Upon termination, QuantaRoute will delete or anonymise Buyer personal data per Section 9, except where retention is required by law.
13. Governing law
This Addendum is governed by the laws of India. Courts in West Bengal, India have exclusive jurisdiction, consistent with the Terms & Conditions.
14. Acceptance
By checking the acceptance box during merchant onboarding or continuing to use QuantaRoute Checkout after this Addendum is posted, Merchant agrees to this Checkout Data Processing Addendum.
Questions: quantaroute@gmail.com | hello@quantaroute.com
SEQUENS LLP — QuantaRoute Checkout Data Processing Addendum