Privacy Policy

1. Personal Data We Collect

Depending on the services you use, we may collect:

• Identity and contact data: name, email address, phone number, postal address.
• Account data: username, password (stored in hashed form), preferences.
• KYC and statutory data: PAN, government-issued identity documents, photographs, and other documents you submit for registration, filing, or compliance services.
• Business data: company/entity details, financial and accounting records, GST details, and documents relevant to the services you engage.
• Payment data: transaction records. We do not store full card numbers or banking credentials; payments are processed by third-party payment gateways.
• Technical and usage data: IP address, device and browser information, pages visited, and cookies (see Section 8).

2. How and Why We Use Your Data (Purposes)

We process personal data to:

• create and manage your account;
• provide, perform, and improve the services you request (including preparing and filing documents with government authorities);
• process payments and issue invoices;
• communicate with you about your service requests, updates, and support;
• comply with legal, regulatory, and statutory obligations;
• detect, prevent, and address fraud, security issues, and misuse;
• send service-related and, where you have consented, promotional communications.

We process personal data only for the purposes for which it was collected, or for purposes compatible with and disclosed to you.

3. Legal Basis and Consent

We process personal data on the basis of your consent and/or for legitimate uses permitted under the DPDP Act (such as performance of a service you have requested or compliance with law). Where processing is based on consent, you may withdraw consent at any time (see Section 6); withdrawal does not affect processing already carried out and may limit our ability to provide certain services.

4. Sharing and Disclosure

We do not sell your personal data. We may share it with:

• Independent professionals (e.g., Chartered Accountants, Company Secretaries, advocates) engaged to deliver your services;
• Government authorities and portals (e.g., MCA, GST Network, Income Tax Department, trademark registry) as necessary to perform the services or as required by law;
• Data Processors / service providers (e.g., payment gateways, cloud hosting, IT and communication providers) who process data on our behalf under contractual confidentiality and security obligations;
• Legal and regulatory recipients where disclosure is required by law, court order, or to protect our rights.

We require our Data Processors to process personal data only on our instructions and to maintain appropriate security safeguards.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to provide the services, and to comply with legal, statutory, audit, and tax record-keeping obligations (which, for certain financial and corporate records, may require retention for several years). When data is no longer required, we will erase or anonymise it in accordance with applicable law.

6. Your Rights as a Data Principal

Under the DPDP Act, you have the right to:

• Access a summary of the personal data we process about you and the processing activities;
• Correct, complete, update, or erase your personal data;
• Withdraw consent previously given;
• Grievance redressal — raise a complaint with our Grievance Officer (Section 9);
• Nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any right, contact our Grievance Officer (Section 9). We will respond within the timelines prescribed under applicable law. We may need to verify your identity before acting on a request.

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India.

7. Children's Data

Our services are intended for users who are 18 or older. We do not knowingly process the personal data of children except with verifiable consent of a parent or lawful guardian and in accordance with the DPDP Act. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

8. Cookies and Tracking

We use cookies and similar technologies to operate the Platform, remember preferences, analyse usage, and improve our services. You can control cookies through your browser settings; disabling some cookies may affect functionality. [If you use analytics/advertising cookies (e.g., Google Analytics, Meta Pixel), disclose them specifically and provide a consent mechanism.]

9. Data Security

We implement reasonable technical and organisational security safeguards (such as access controls, encryption in transit, and secure hosting) to protect personal data against unauthorised access, disclosure, alteration, and loss. No method of transmission or storage is fully secure; while we strive to protect your data, we cannot guarantee absolute security.

In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines required under the DPDP Act and Rules.

10. Cross-Border Transfers

Personal data is primarily stored and processed in India. Where data is transferred outside India (for example, via cloud or service providers), we do so in compliance with the DPDP Act and any restrictions notified by the Government of India.

11. Changes to This Policy

We may update this Policy from time to time. The revised version will be posted on the Platform with an updated "Last updated" date and, where required, we will seek fresh consent.