Privacy Policy

1. Who we are (Data Fiduciary)

The Data Fiduciary responsible for the personal data processed through this application is identified below. The Data Fiduciary determines the purpose and means of processing your personal data.

[Company legal name], [registered address], [contact email] (to be completed before launch)

2. Personal data we collect

We collect personal data that you provide to operate your business records within the application, and data generated through your use of it.

• Account data: name, username, email, phone and login credentials.
• Business records you enter: customers, vendors, employees, items, locations and the documents you create (quotations, orders, invoices, challans, credit notes, purchase orders/invoices, receipts and payments).
• Usage and security data: log entries, audit trail of changes, and technical information needed to keep the service secure.

3. Purpose of processing

We process personal data only for lawful purposes connected with providing the service to you:

• To create and maintain your account and organisations.
• To let you record, search and produce your business documents.
• To provide support, security, backups and service continuity.
• To comply with applicable legal and tax obligations.

4. Consent

We process your personal data on the basis of your consent, or for legitimate uses permitted by the DPDP Act. You may withdraw consent at any time; withdrawal does not affect processing already carried out lawfully, and may limit your ability to use the service.

Where you enter personal data about third parties (for example your own customers or employees) into the application, you confirm you have the necessary basis to do so.

5. Your rights as a Data Principal

Subject to the DPDP Act, you have the following rights in respect of your personal data:

• Right to access: obtain a summary of the personal data we process about you. The application provides a self-serve data export of your organisation's records.
• Right to correction and updation: correct, complete or update inaccurate personal data.
• Right to erasure: request deletion of personal data that is no longer required for the purpose it was collected, subject to legal retention obligations.
• Right of grievance redressal: raise a grievance with our Grievance Officer (see below).
• Right to nominate: nominate another individual to exercise your rights in the event of death or incapacity.

6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described above, or as required by applicable law (for example, tax and accounting record-keeping periods). When data is no longer required, it is deleted or anonymised. Records you delete in the application may be retained for a limited period in backups before being purged.

7. Security safeguards

We implement reasonable security safeguards to protect personal data, including access controls, role-based permissions, encryption of sensitive secrets at rest, and an audit trail. Despite these measures, no method of transmission or storage is completely secure.

8. Data sharing and processors

We do not sell your personal data. We may share it with Data Processors who help us run the service (for example hosting and email/SMS delivery) under appropriate contractual safeguards, and where required by law.

9. Grievance Officer

Under the DPDP Act you may contact our Grievance Officer with any concern about the processing of your personal data. We will respond within the timelines prescribed by law.

[Grievance Officer name] — [email address] — [postal address] (to be completed before launch)

10. Changes to this policy

We may update this policy from time to time. Where changes are material, we will ask you to review and accept the updated version when you next use the application.

11. Contact

For any privacy question, contact us at:

[Company legal name], [registered address], [contact email] (to be completed before launch)