Privacy Policy

Last Updated: October 7, 2025

This Privacy Policy explains how Harshit Raj Sharma ("We," "Us") collects, uses, and protects information in connection with the Accounting Business Management System [Accounting BMS] (hereinafter referred to as the "Service").

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

1. Information We Collect

We act as a Data Processor for the data you provide. We collect two types of information:

Firm User Data: To create and manage user accounts for your firm's employees, we collect personal information such as full names, usernames, email addresses, contact numbers, and roles within your organization.

Your Client Data: The Service is designed to store the data of your clients, which may include sensitive personal and financial information such as names, PAN, Aadhaar, GSTIN, contact details, financial records, tax return information, and encrypted tax portal credentials ("Client Data").

2. How We Use Your Information

Your information is used exclusively to:

  • Provide, maintain, and improve the Service
  • Manage user accounts and authentication
  • Handle billing and subscription management
  • Provide customer support
  • Generate reports and analytics for your firm
  • Track GST and IT return filing statuses
  • Process payments and maintain ledgers

Important: We will never sell, rent, or share Your Client Data with any third parties for their marketing purposes. Your data remains your property.

3. Data Security

We are committed to protecting your data with industry-standard security measures:

Encryption: Sensitive fields such as Aadhaar numbers, tax portal usernames, and passwords are encrypted using AES-256-GCM encryption before being stored in our database. Each encryption uses a unique initialization vector (IV) for maximum security.

Secure Authentication: User passwords are hashed using bcrypt with salt rounds. We implement JWT-based session management with configurable expiration times and session limits.

Secure Hosting: The application and its database are hosted on secure cloud infrastructure (Render.com for application hosting and Neon.tech for PostgreSQL database) with enterprise-grade security measures.

Access Controls: Your data is accessible only to authorized users from your firm, based on the roles you assign (Admin, Manager, Accountant, Operator). Each user can only access data they are authorized to view.

Database Security: We use PostgreSQL with encrypted connections and implement proper indexing for performance while maintaining data integrity.

4. Data Sharing and Disclosure

We do not share your data except in the following limited circumstances:

With Service Providers: We may share information with trusted third-party service providers who help us operate our Service, such as cloud hosting providers (Render.com, Neon.tech). These providers are bound by confidentiality agreements and have no access to your encrypted sensitive data.

For Legal Reasons: We may disclose information if required to do so by law or in response to valid requests by public authorities, such as tax authorities or courts in India.

No Third-Party Analytics: Unlike many SaaS applications, we do not use third-party analytics services like Google Analytics or Firebase that could access your data. We maintain complete control over your information.

5. Data Retention

We will retain your data for as long as your subscription is active. Upon termination of your service, we will securely delete all of your data from our servers within 90 days, unless otherwise required by law or professional obligations.

Backup Retention: We maintain regular backups of your data to ensure business continuity. These backups are also encrypted and stored securely.

6. Your Rights

You (the Firm) have the right to:

  • Access, correct, or request the deletion of your data
  • Export your data in a structured format
  • Request information about how your data is being processed
  • Withdraw consent for data processing (subject to service limitations)

Client Data Responsibility: As the owner of Your Client Data, you are responsible for handling data access, correction, or deletion requests from your own clients in accordance with applicable laws.

7. Data Processing and Privacy

Data Processing: We process your data solely for the purpose of providing the Service. We do not sell, rent, or share your data with third parties except as required by law or with your explicit consent.

Professional Standards: We understand the sensitive nature of accounting and tax data. We maintain the highest standards of confidentiality and security as expected in the professional services industry.

Compliance: Our data processing practices are designed to comply with applicable Indian laws and regulations, including the Information Technology Act, 2000, the Digital Personal Data Protection (DPDP) Act, 2023, and related rules. All data is protected under DPDP Act compliance.

8. Service Providers

We use the following service providers to operate our Service:

  • Render.com: For application hosting and deployment
  • Neon.tech: For PostgreSQL database hosting
  • Vercel: For frontend hosting and deployment

These providers have access to your data only to the extent necessary to provide their services and are bound by strict confidentiality agreements. They do not have access to your encrypted sensitive data.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Material changes will be announced at least 30 days before they take effect. By continuing to use the Service after changes are effective, you agree to be bound by the new policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: sharmaharshitraj03@gmail.com
Phone: +91 9149547346
Provider: Harshit Raj Sharma

This Privacy Policy constitutes part of our Terms and Conditions and should be read in conjunction with them.