Privacy Policy
Effective 1 April 2025 | Last updated 17 March 2026 | Version 2.1
GovYapar is committed to protecting your privacy. We do not sell your personal data to third parties for advertising purposes. Ever.
This Privacy Policy describes how GovYapar Technologies Private Limited collects, uses, stores, shares and protects personal information when you use the GOव्यापा₹.com platform. This policy complies with the IT Act 2000, IT (SPDI) Rules 2011 and the Digital Personal Data Protection Act 2023 (DPDPA).
1. Information We Collect
1.1 Information you provide directly
- Identity: Full name, PAN number, Aadhaar (last 4 digits), date of birth
- Contact: Email, mobile number, WhatsApp number, postal address
- Business: Business name, type, CIN, GSTIN(s), industry, turnover range
- Financial documents: Bank statements, cancelled cheques, ITR copies, GST returns
- KYC documents: PAN card, Aadhaar card, passport, director certificates
- Payment: Processed by Razorpay — we store only transaction IDs and amounts, never full card details
1.2 Automatically collected
- Usage data: pages visited, features used, clicks
- Device information: IP address, browser type, OS
- City/state from IP (we do not collect precise GPS location)
- Communication logs with our CA team
1.3 From third parties
- GSTN: Filing status, return data, GSTIN verification (with your authorisation)
- MCA: Company registration data for incorporation services
2. How We Use Your Information
- Service delivery — Provide GST, incorporation, trademark and other compliance services
- CA assignment — Match you with an appropriate Chartered Accountant
- Communication — Deadline reminders, filing confirmations, CA messages via email, WhatsApp, SMS
- Platform improvement — Analyse usage to improve features and service quality
- Legal compliance — Comply with GST Act, Companies Act, Income Tax Act, AML regulations
- Fraud prevention — Detect and prevent fraudulent use
- Billing — Process payments and maintain records required by law
- Marketing (with consent) — Send information about new services; you can opt out anytime
3. Legal Basis for Processing (DPDPA 2023)
- Consent — Marketing communications and optional features
- Contract performance — Processing to deliver services you have requested and paid for
- Legal obligation — Retention of financial records (GST Act: 8 years, Companies Act, Income Tax Act)
- Legitimate interest — Fraud detection, security monitoring, platform improvement
4. Data Sharing
We do not sell your personal data. We share information only as follows:
Service delivery partners
- Assigned CA — Your name, GSTIN, contact details and relevant documents
- Government portals — GSTN, MCA, DPIIT, Income Tax portal as required
- Razorpay — Payment processing (their Privacy Policy applies)
- Twilio — WhatsApp and SMS delivery
- SendGrid — Email delivery
- Amazon Web Services — Cloud storage (AES-256 encrypted at rest)
Legal requirements
We may disclose information if required by law, court order, or government authority, or to protect our rights or user safety.
5. Data Retention
| Data type | Retention period | Legal basis |
|---|
| Account / profile data | Until deletion + 90 days | Contract performance |
| GST returns and tax documents | 8 years | GST Act requirement |
| Payment records | 8 years | Income Tax Act |
| KYC documents | 5 years post-relationship | AML regulations |
| Communication logs | 3 years | Legitimate interest |
| Usage / analytics data | 18 months | Legitimate interest |
| Marketing preferences | Until withdrawal of consent | Consent |
6. Your Rights Under DPDPA 2023
- Access — Request a copy of personal data we hold about you
- Correction — Request correction of inaccurate or incomplete data
- Erasure — Request deletion, subject to legal retention obligations
- Grievance redressal — Raise concerns with our Data Protection Officer
- Nomination — Nominate another person to exercise your rights in case of incapacity
Email privacy@govyapar.com with subject "Data Rights Request". We respond within 30 days.
Data Protection Officer: Priya Mehta | dpo@govyapar.com | +91 98765 43210
7. Security
- AES-256 encryption for all data at rest on AWS S3
- TLS 1.3 for all data in transit
- Multi-factor authentication available for user accounts
- Role-based access control for CA and admin team
- Annual third-party security audits and penetration testing
- ISO 27001 aligned information security management
8. Cookies
- Essential cookies — Required for login sessions and platform functionality; cannot be disabled
- Analytics cookies — Google Analytics 4; can be opted out via browser settings
- Marketing cookies — Only with explicit consent; disabled by default
9. Children
The Platform is not directed at children under 18. We do not knowingly collect data from minors. Contact privacy@govyapar.com if you believe we have inadvertently done so.
10. Contact
GovYapar Technologies Private Limited
302, Okhla Phase II, New Delhi – 110020
Email: privacy@govyapar.com | Response within 30 days
You may also lodge a complaint with the Data Protection Board of India once operationalised under DPDPA 2023.