Privacy Policy

1. Introduction

Atulyam TechnoLabs LLP ("we", "us", "our") operates the AtulyamAccounts cloud accounting platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

We collect information that you provide directly to us and information collected automatically when you use the Service.

• Account Information — Name, email address, phone number, business name, GSTIN, PAN, and billing address when you register or update your account.
• Financial Data — Chart of accounts, journal entries, invoices, bills, bank transactions, contacts, and other accounting data you enter into the platform.
• Payment Information — Billing details processed through our payment partner Razorpay. We do not store credit/debit card numbers on our servers.
• Usage Data — IP address, browser type, device information, pages visited, features used, timestamps, and session duration collected automatically via server logs.
• Contact Form Submissions — Name, email, phone, business name, and message content submitted through our contact form.
• Cookies & Local Storage — Session cookies for authentication, preference cookies for language/theme settings, and local storage for offline PWA functionality.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service, including accounting, invoicing, GST compliance, and reporting features.
• To process subscriptions, payments, and billing through Razorpay.
• To send transactional communications — invoices, payment confirmations, account alerts, and security notifications.
• To respond to your inquiries, support requests, and feedback.
• To generate GST returns and e-Way bills as requested by you.
• To detect, prevent, and address fraud, security issues, and technical problems.
• To enforce our Terms of Service and comply with legal obligations.
• To send occasional product updates and feature announcements (you may opt out at any time).

4. Data Storage & Security

Your data is stored on secure servers within India. We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit.
• Encrypted database storage for sensitive fields (passwords, API keys).
• Role-based access control (RBAC) with organization-level isolation.
• Two-factor authentication (2FA) support via SMS and WhatsApp.
• IP-based and time-based access restrictions.
• Comprehensive audit logging of all data modifications.
• Regular security reviews and vulnerability assessments.

5. Multi-Tenant Data Isolation

The Service operates on a multi-tenant architecture. Each organization's data is logically isolated using organization-level scoping enforced at the application layer. No organization can access another organization's financial data, users, or settings. Vendor administrators managing multiple organizations can only access organizations explicitly assigned to them.

6. Data Sharing & Disclosure

We do not sell, trade, or rent your personal or financial data. We may share information only in the following circumstances:

• Service Providers — With trusted third parties who assist in operating the Service (payment processing via Razorpay, SMS/WhatsApp notifications, email delivery), bound by confidentiality obligations.
• Legal Compliance — When required by Indian law, regulation, legal process, or governmental request, including GST authorities and tax regulators.
• Business Transfers — In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.
• With Your Consent — When you explicitly authorize sharing, such as sending invoices to your clients via email or WhatsApp.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Financial records are retained in accordance with Indian tax and accounting regulations (minimum 8 years for GST-related records). Upon account deletion, personal data is removed within 90 days, except where retention is required by law. Activity logs and anonymized usage data may be retained for analytics purposes.

8. Your Rights

Under applicable Indian data protection laws, you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete data.
• Deletion — Request deletion of your account and personal data, subject to legal retention requirements.
• Data Export — Export your financial data in standard formats (CSV, Excel, PDF) at any time from within the Service.
• Withdraw Consent — Withdraw consent for optional communications at any time.

9. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function. We use preference cookies to remember your language, theme, and dashboard layout. We do not use third-party advertising or tracking cookies. You can configure your browser to reject cookies, but this may impair Service functionality.

10. Children's Privacy

The Service is intended for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a minor, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email to your registered address. Your continued use of the Service after such notice constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: info@atulyam.tech
• Address: 605, Silver Radiance 4, Opp. Umiya Campus, S.G. Highway, Gota, Ahmedabad - 380061, Gujarat, India
• Contact Form: https://accounts.atulyam.tech/contact