ComplianceCheck

Simplifying compliance for Indian businesses

Privacy Policy

Last updated: November 2025 | Version 1.0

DPDP Act 2023 Compliant

1. Introduction

ComplianceCheck India ("Company", "we", "us") is committed to protecting your privacy and personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

2. Data We Collect

We collect the following categories of personal data:

Account Information

Full name, email address, phone number, password (encrypted)

Purpose: Account creation and authentication

Company Information

Company name, GSTIN, PAN, industry type, employee count, state

Purpose: Customizing compliance assessments

Assessment Responses

Your answers to compliance questionnaires

Purpose: Generating compliance reports

Payment Information

Transaction records (card details handled by Razorpay)

Purpose: Processing payments and generating invoices

Technical Data

IP address, browser type, device information

Purpose: Security, analytics, and service improvement

3. Legal Basis for Processing

Under the DPDP Act 2023, we process your personal data based on:

  • Consent: Your explicit consent provided during registration
  • Contract: Necessary for providing our services to you
  • Legal Obligation: Compliance with applicable laws (e.g., GST, IT Act)
  • Legitimate Interest: Improving our services and preventing fraud

4. Data Sharing

We may share your data with:

  • Razorpay: Payment processing (PCI-DSS compliant)
  • Supabase: Database and authentication services
  • Amazon Web Services: Email delivery and cloud infrastructure
  • PostHog: Product analytics (anonymized data)

We do not sell your personal data to third parties. All service providers are contractually bound to protect your data.

5. Data Retention

We retain your data as follows:

  • Account data: Until you request deletion + 30-day grace period
  • Assessment data: 3 years from completion
  • Payment records: 7 years (as required by Income Tax Act and GST Act)
  • Consent logs: 7 years (DPDP Act compliance)
  • Server logs: 180 days (CERT-In requirements)

6. Your Rights (Data Principal Rights)

Under the DPDP Act 2023, you have the following rights:

Right to Access

Request a copy of all your personal data

Right to Correction

Request correction of inaccurate data

Right to Erasure

Request deletion of your personal data

Right to Withdraw Consent

Withdraw consent at any time via account settings

Right to Nominate

Designate a nominee to exercise rights on your behalf

To exercise these rights, visit your Account Settings or contact us at compliancecheck@zohomail.in

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption at rest and in transit (TLS 1.2+)
  • Regular security assessments
  • Access controls and authentication
  • Employee training on data protection

8. Cookies

We use essential cookies for authentication and session management. Analytics cookies (PostHog) are used only with your consent to improve our services. You can manage cookie preferences in your browser settings.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or through the Service. Continued use after changes constitutes acceptance. We will seek fresh consent if required under the DPDP Act.

10. Grievance Redressal

For any privacy concerns or complaints, contact our Grievance Officer:

Grievance Officer

ComplianceCheck India

Email: compliancecheck@zohomail.in

Address: Pune, Maharashtra, India

Response within 48 hours. Resolution within 30 days.

If not satisfied, you may escalate to the Data Protection Board of India as established under the DPDP Act 2023.

11. Contact Us

For general privacy inquiries:

ComplianceCheck India
Email: compliancecheck@zohomail.in
Address: Pune, Maharashtra, India