1. Overview
VENSYAM BUSINESS SYSTEMS (OPC) PRIVATE LIMITED ("Vensyam", "we", "us")
is the data fiduciary for Saathi360. This Privacy Policy explains what personal
data we collect, how we use it, who we share it with, and the rights you have as
a Data Principal under the Digital Personal Data Protection Act, 2023 (DPDPA) and
the Information Technology Act, 2000.
2. Data We Collect
2.1 Information you provide
- Account signup: name, email, phone number, business name, business type, GSTIN (if applicable), billing address
- Business data: products, inventory, invoices, customers, suppliers, staff records, expenses — everything you enter into the platform
- Payment information: UPI / bank reference for subscription payments (no card details stored)
- Support interactions: messages, tickets, screenshots you send to our support team
2.2 Information we collect automatically
- Usage logs: pages visited, actions taken, feature usage, timestamps — to improve the product and troubleshoot issues
- Device info: IP address, browser type, OS, screen resolution — for security and compatibility
- Cookies: session cookies for authentication; no third-party advertising cookies
3. How We Use Your Data
- To provide and maintain the Saathi360 service
- To process your subscription payments and issue tax invoices
- To respond to your support requests
- To send transactional emails (invoices, renewal reminders, security alerts)
- To send occasional product updates or feature announcements (you can unsubscribe)
- To detect, prevent, and respond to fraud, abuse, or security incidents
- To comply with legal obligations under Indian law (GST, tax, regulatory)
We do NOT: sell your data, share it with advertisers, use it
to train AI models without your consent, or access your business data except
when strictly necessary for support or legal compliance.
4. Data Sharing
We share your data only with the following categories of third parties, and only when necessary:
- Cloud hosting providers (servers in India) — for data storage and compute, bound by strict data protection contracts
- Email service providers — for sending transactional emails (invoices, password resets, notifications)
- Payment gateways — when you subscribe to a paid plan (currently manual bank transfer; future: Razorpay / Stripe)
- Legal authorities — only when required by a valid legal order or regulatory request
- Successor entities — in the event of a merger, acquisition, or sale of Vensyam Business Systems
We do NOT share your data with advertisers, data brokers, or marketing services.
5. Data Retention
- Active accounts: data retained as long as your account is active
- Cancelled accounts: data retained for 90 days (grace period for resubscription) before permanent deletion
- Tax invoices: retained for 8 years per Rule 56 of the CGST Rules, 2017 (legal obligation — cannot be deleted on request)
- Activity logs: retained for 12 months for security and audit purposes
- Backups: rolling 14-day retention
6. Your Rights (Data Principal Rights under DPDPA)
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to access: request a copy of the personal data we hold about you
- Right to correct: correct or update inaccurate data
- Right to erase: request deletion of your personal data (subject to legal retention requirements)
- Right to data portability: export your data in a structured, machine-readable format
- Right to withdraw consent: stop marketing communications at any time
- Right to grievance redressal: file a complaint with our Data Protection Officer (contact below)
To exercise any of these rights, email
[email protected] from your registered
email. We will respond within 30 days.
7. Data Security
- All data in transit is encrypted using TLS 1.2+
- All data at rest is encrypted using industry-standard AES-256
- Access to production systems is restricted to a small number of authorised engineers and logged
- Passwords are hashed using industry-standard algorithms (never stored in plaintext)
- Two-factor authentication is available for all users and mandatory for SaaS admin accounts
- Regular security audits and penetration testing
8. Cookies
We use only essential cookies:
- Session cookie: to keep you logged in (required)
- CSRF cookie: to prevent cross-site request forgery (required)
- Theme preference cookie: to remember your UI settings (optional)
We do NOT use third-party advertising cookies, tracking pixels, or analytics
cookies that profile you across other sites.
9. Children's Privacy
Saathi360 is not intended for use by individuals under the age of 18. We do
not knowingly collect data from minors. If you believe a minor has provided data
to us, contact us and we will delete it.
10. International Transfers
Your data is stored on servers located in India. We do not transfer personal
data outside India except where strictly necessary for service delivery (e.g.
email infrastructure in transit) and always with appropriate safeguards.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be
notified via email and in-app notification at least 15 days before taking effect.
The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact & Grievance Officer
For privacy questions, data access requests, or grievances, contact:
Data Protection Officer
VENSYAM BUSINESS SYSTEMS (OPC) PRIVATE LIMITED
Email: [email protected]
Response time: within 30 days of receipt