Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.
This Privacy Policy ("Policy") governs the manner in which Sudha Software Solutions Private Limited, a company incorporated under the Companies Act, 2013, and having its registered office at:
04, Sudha Market, Purnadih Chowk, Phulwaria, Kodarma, Jharkhand – 825418,
("Company", "we", "our", "us") collects, stores, processes, handles, protects, and discloses personal information of its users ("you", "your", "User").
This Policy is drafted in compliance with:
- •Information Technology Act, 2000
- •IT (Reasonable Security Practices & Procedures and Sensitive Personal Data or Information) Rules, 2011
- •The Digital Personal Data Protection Act, 2023 (DPDP Act)
- •Indian Contract Act, 1872
- •Bharatiya Nyaya Sanhita (BNS), wherever applicable to cyber offences
- •General Data Protection Regulation (GDPR) for international users
- •Industry best practices including ISO 27001 principles
Your use of our websites, mobile applications, software products, SaaS platforms, and related services ("Services") constitutes your consent to the terms of this Policy.
If you do not agree with any section of this Policy, you must discontinue using our Services immediately.
For clarity and legal precision:
1.1 "Personal Data / Personal Information" (PI)
Any data that can identify an individual such as name, phone number, email ID, IP address, etc.
1.2 "Sensitive Personal Data or Information" (SPDI)
As per IT Rules, includes:
- •Passwords
- •Financial information (account numbers, card details)
- •Biometric data
- •Health records
- •Sexual orientation
- •Any detail relating to above categories
Note: We do not store financial data; all payment processing is done by third-party secure gateways.
1.3 "Non-Personal Data" (NPD)
Aggregated or anonymised data, such as device details, analytics, cookies, performance logs.
1.4 "Processing"
Includes storing, collecting, analysing, modifying, retrieving, using, transmitting, erasing, and archiving.
1.5 "Third Parties"
Includes hosting services, analytics providers, payment gateways, SMS/email providers, or regulators.
We collect information through:
- •Direct submission
- •Automated tools
- •Cookies and tracking scripts
- •Third-party integrations
- •API-based interactions
2.1 Personal Information
- •Name
- •Email address
- •Phone number
- •Company details
- •Identity verification documents (if required for enterprise onboarding)
- •Address
- •Payment invoices and transaction metadata
2.2 Sensitive Personal Data
Collected only when absolutely necessary and with explicit consent.
2.3 Technical & Log Data
- •IP address
- •Browser & OS details
- •Device ID, device type
- •Login timestamps
- •Error logs
- •Session analytics
- •Crash reports
- •Network identifiers
2.4 Cookies & Tracking Technologies
We use:
- •Essential operational cookies
- •Performance/analytics cookies
- •Security cookies
- •Third-party cookies (e.g., Google Analytics)
Users may disable cookies, but some services may not function properly.
Your data is processed strictly for legitimate and lawful purposes, including:
- Account creation and authentication
- Providing and improving our Services
- Verifying user identity to prevent fraud and cyber misuse
- Managing subscriptions, payments, invoices, GST compliance
- Technical troubleshooting & security monitoring
- Communicating service updates, notices, alerts
- Compliance with applicable laws and regulatory obligations
- Analytics, product enhancement, and performance optimization
- Responding to legal notices, disputes, and fraud prevention
We will not use your information for purposes beyond what is expressly stated without obtaining fresh consent.
If you are a user from the EU/EEA, processing is based on:
- •Contractual Necessity
- •Legitimate Interests
- •Explicit Consent
- •Legal Obligations
5.1 With Service Providers
We share data with vendors essential for our operations:
- •Hosting providers (AWS, GCP, Azure, etc.)
- •Payment gateways (Razorpay, Stripe, PayPal, etc.)
- •SMS/Email providers
- •Analytics tools
- •Customer support tools
- •Backup and storage services
All such parties are contractually obligated to maintain strict confidentiality.
5.2 With Government/Legal Authorities
We may disclose information in case of:
- •Court orders
- •Police investigations
- •Legal notices
- •Regulatory audits
- •Tax obligations
5.3 Business Transfers
If there is a sale, merger, acquisition, or restructuring, user data may be transferred with strict confidentiality protections.
We retain data only as long as necessary:
- •Account data: until you delete your account
- •Transaction data: 8 years (mandatory under Indian tax laws)
- •Logs: 90–365 days
- •Backups: as per internal retention cycles
After the retention period, data is securely deleted or anonymised.
Depending on the jurisdiction, you have the right to:
7.1 Access
Request a copy of your stored data.
7.2 Correction
Request corrections in inaccurate or incomplete information.
7.3 Erasure
Request deletion of your information ("Right to be Forgotten"), unless retention is legally mandatory.
7.4 Withdraw Consent
Stop marketing or revoke permission.
7.5 Data Portability (GDPR)
Receive your data in machine-readable format.
7.6 Objection to Processing
Object to direct marketing or automated profiling.
To exercise rights, email: contact@sudhasoftwaresolutions.com
We follow strong security protocols including:
- •AES-256 encryption for data at rest
- •TLS 1.3 encryption for data in transit
- •ISO 27001 aligned internal procedures
- •Role-based access control
- •Multi-factor authentication
- •Regular security audits & VAPT
- •Logging & monitoring
- •Secure coding practices (OWASP)
- •Least-privilege access policies
However, we disclaim responsibility for breaches beyond reasonable control such as:
- •Zero-day vulnerabilities
- •User negligence
- •Attacks on third-party service providers
- •Force majeure events
Our Services are not intended for individuals under 18 years of age.
We do not knowingly collect personal information of minors.
Depending on service architecture, data may be stored or processed in:
- •India
- •Singapore
- •USA
- •Europe
Transfers follow:
- •Standard Contractual Clauses (GDPR)
- •Adequacy mechanisms
- •Contractual safeguards
Our Services may contain links to third-party websites.
We are not responsible for their privacy practices or content.
In case of a data breach:
- We will investigate and contain the breach immediately.
- Notify affected users (if risk is significant).
- Notify authorities wherever legally required:
- CERT-In (under IT Act)
- DPDP Board (if applicable)
- Apply corrective measures.
We disclaim liability for breaches occurring due to:
- •User negligence
- •Compromised third-party networks
- •Internet-wide attacks beyond our control
To the fullest extent permitted by law:
- •The Company shall not be liable for indirect, incidental, punitive, exemplary, or consequential damages.
- •Total liability shall not exceed the amount paid by the user in the preceding 3 months, capped at ₹5,000, unless expressly agreed by separate contract.
You shall indemnify and defend the Company, its directors, employees, and affiliates from losses, damages, or claims arising out of:
- •Your breach of this Policy
- •Unauthorized use of our Services
- •Violation of applicable laws
- •Misuse or fraudulent activity conducted using your account
We reserve full rights to update or amend this Policy at any time.
Changes shall be posted with a "Last Updated" date.
Continued use of our Services signifies acceptance.
Sudha Software Solutions Private Limited
Address: 01, Ground Floor, BOI Zonal Audit Office Building, Pragati Path, New Makchund Toli, Babu Bazar, Ranchi, Jharkhand – 834001
Email: contact@sudhasoftwaresolutions.com
Phone: +91 6204351245
This Policy shall be governed by the laws of India.
All disputes are subject to the exclusive jurisdiction of courts in Ranchi, Jharkhand.