This Privacy Policy describes how Sutracom Technologies Pvt. Ltd. (“Sutracom,” “we,” “us,” or “our”) collects, uses, and shares information in connection with your use of our website (sutracom.in) and our cloud ERP platform, Sutracom CloudERP (collectively, the “Services”). By accessing or using our Services, you agree to the terms of this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
We collect information you directly provide to us, including:
- Account registration details (name, email address, phone number, company name)
- Billing and payment information (processed securely via Razorpay — we do not store card details)
- Business data you enter into the platform (invoices, contacts, inventory, accounting entries)
- Communications and support requests you send to us
- Information submitted through our contact and lead generation forms
1.2 Information Collected Automatically
When you use our Services, we automatically collect certain technical information, including:
- IP address, browser type, operating system, and device identifiers
- Pages visited, features used, and time spent on the platform
- Log data including access times, URLs visited, and error reports
- Cookies and similar tracking technologies (see Section 8)
1.3 Information from Third Parties
We may receive information about you from third-party sources such as:
- Payment processors (Razorpay) for transaction confirmation
- GSTN portal for GST return filing status
- Analytics providers (e.g., Google Analytics) for usage insights
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve our Services
- Process your subscription payments and send billing notifications
- Respond to your inquiries, support requests, and feedback
- Send transactional emails (account confirmations, invoices, alerts)
- Send product updates, tips, and promotional communications (opt-out available)
- Comply with legal obligations under Indian law (IT Act 2000, GST law)
- Prevent fraud, abuse, and security incidents
- Analyse usage patterns to improve the product experience
3. Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide the Services you subscribed to
- Legitimate interests: Improving our platform, preventing fraud, and communicating about our Services
- Legal obligation: Compliance with applicable Indian laws and regulations
- Consent: Where you have given explicit consent (e.g., marketing emails)
4. Data Sharing and Disclosure
We do not sell your personal data. We share your information only in the following circumstances:
- Service providers: Trusted vendors who process data on our behalf (hosting on DigitalOcean, database via Supabase, payments via Razorpay, DNS via Cloudflare)
- Legal requirements: When required by law, court order, or government authority in India
- Business transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to users
- With your consent: For any purpose you have explicitly consented to
5. Data Storage and Security
Your data is stored on secure servers hosted by Supabase (database) and DigitalOcean (application infrastructure), with data centres located in Singapore and Mumbai. We implement the following security measures:
- 256-bit AES encryption for data at rest
- TLS 1.3 encryption for all data in transit
- Role-based access controls limiting staff access to customer data
- Daily automated backups with 30-day retention
- Regular security audits and penetration testing
- Two-factor authentication for all internal system access
While we implement robust security measures, no system is completely secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by applicable law.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide Services. After account termination:
- Active account data is retained for 30 days post-cancellation for recovery purposes
- Financial and accounting records are retained for 7 years as required by Indian tax law
- Support communication records are retained for 3 years
- You may request earlier deletion of non-legally-mandated data by contacting us
7. Your Rights
Under applicable law, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Receive your data in a machine-readable format
- Opt-out: Unsubscribe from marketing communications at any time
- Grievance: Lodge a complaint with our Grievance Officer or the relevant data protection authority
To exercise any of these rights, email us at: privacy@sutracom.in
8. Cookies
We use cookies and similar technologies to:
- Keep you logged in to your account (essential cookies)
- Remember your preferences (functional cookies)
- Understand how you use our platform (analytics cookies — Google Analytics)
- Deliver relevant communications (marketing cookies, where consented)
You can control cookie settings via your browser settings. Disabling essential cookies may impair platform functionality.
9. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 14 days before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
11. Grievance Officer
In accordance with the Information Technology Act, 2000 and IT (Reasonable Security Practices) Rules, 2011, the details of the Grievance Officer are:
- Name: Rohit Sharma
- Designation: Grievance Officer
- Email: grievance@sutracom.in
- Address: Sutracom Technologies Pvt. Ltd., Mumbai, Maharashtra - 400001
- Response time: Within 30 days of receiving your grievance
12. Contact Us
For any privacy-related questions or concerns, please contact us at:
- Email: privacy@sutracom.in
- Website: sutracom.in/contact
- Address: Sutracom Technologies Pvt. Ltd., Mumbai, Maharashtra - 400001, India