Privacy Policy

Data Fiduciary / Controller: Big Market 360 Private Limited, a company incorporated under the Companies Act 2013, with its registered office at F211, B-wing, Express Zone Commercial Hub, Goregaon East, Mumbai – 400063, Maharashtra, India.

Product: Easedesk — a cloud-based ERP platform serving Indian businesses.

Contact for privacy matters: [email protected]

Data Protection Officer: [email protected]

Account & registration information: When you create an account or trial, we collect your name, business email address, phone number, company name, company PAN / GSTIN (if provided), and billing address.

Business data you input ("Customer Data"): Data you enter into Easedesk — including employee records, salary details, invoices, purchase orders, vendor information, financial transactions, GST data, and any other business records — is stored on your behalf. This data belongs entirely to you. We process it only to provide the Services as described in our Terms of Service.

Usage and log data: We automatically collect technical data when you use our platform, including IP addresses, browser type and version, device type, operating system, pages visited, actions taken within the platform, session duration, and error logs. This data is used to maintain security, debug issues, and improve the platform.

Communications: If you contact our support team, sales team, or send us feedback, we retain those communications to assist you and improve our Services.

Payment information: Payment card and banking details are collected and processed by our payment processors (Razorpay, PayU). We do not store full card numbers on our servers. We retain billing records (amount, date, plan, invoice) as required by Indian accounting and GST law.

Cookies and tracking: We use essential, functional, and analytics cookies as described in our Cookie Policy. We do not use advertising or behavioural tracking cookies.

We process your information for the following purposes, each grounded in a lawful basis under the DPDP Act 2023 and applicable law:

• Providing Services (contractual necessity): Creating and managing your account, processing your Customer Data, enabling platform features, and fulfilling your subscription.
• Billing and payments (contractual necessity): Processing subscription fees, generating GST invoices, and managing payment failures or disputes.
• Customer support (contractual necessity): Responding to support tickets, debugging issues, and training support staff using anonymised examples.
• Security and fraud prevention (legitimate interest): Monitoring for unauthorised access, detecting abuse, preventing fraud, and maintaining the integrity of our platform.
• Legal compliance (legal obligation): Complying with Indian law including DPDP Act 2023, IT Act 2000, GST Act, Companies Act, and any court order or regulatory direction.
• Product improvement (legitimate interest): Analysing aggregated, anonymised usage patterns to identify bugs, improve performance, and develop new features.
• Communications (consent): Sending product updates, feature announcements, or marketing communications where you have opted in. You may opt out at any time by clicking "Unsubscribe" in any marketing email or contacting [email protected].

All Customer Data is stored in data centres located within India, in compliance with applicable Indian data localisation requirements. Our primary infrastructure uses Cloudflare's Indian edge network for global performance, with data residency maintained in India.

Backup copies are stored in geographically redundant locations within India for disaster recovery purposes.

We do not transfer your Customer Data outside India except where required by applicable law or at your explicit instruction (for example, if you use third-party integrations that are hosted outside India).

We do not sell, rent, or trade your personal information or Customer Data to any third party. We share data only in the following limited circumstances:

• Service providers (processors): Trusted third-party vendors who help us deliver our Services — such as cloud infrastructure providers, payment processors, and transactional email services — under contractual obligations that require them to protect your data and use it only for the purposes we specify.
• Legal and regulatory requirements: When required by applicable Indian law, a valid court order, regulatory direction, or law enforcement request. We will, where legally permitted, notify you before disclosing your data.
• Protection of rights: Where necessary to protect the rights, property, or safety of Big Market 360 Private Limited, our customers, or the public.
• Business transfers: In connection with a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and you will be informed of the privacy policy applicable thereafter.
• With your consent: Any other sharing we may wish to do will only occur with your explicit prior consent.

We retain your data for the following periods:

• Active subscription: Customer Data is retained for the duration of your subscription.
• Post-termination: Customer Data is retained for 30 days after account termination to allow data export. After 30 days it is deleted or anonymised, except where retention is required by law.
• Financial records: Billing records, GST invoices, and financial transaction logs are retained for a minimum of 7 years as required under Indian accounting and GST law (CGST Act 2017 and Income Tax Act 1961).
• Employment records: If you process employee data through our payroll or HR modules, certain records may need to be retained for periods prescribed under applicable labour laws (e.g., PF records, ESI records).
• Security logs: Access and security logs are retained for 12 months for incident investigation purposes.

Big Market 360 Private Limited implements industry-standard technical and organisational security measures to protect your data, including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for all data in transit
• Role-based access controls (RBAC) within the platform
• Multi-factor authentication support
• Comprehensive audit logs for all data access and modifications
• Regular security testing and vulnerability assessments
• Access controls limiting employee access to Customer Data on a need-to-know basis

However, no security system is impenetrable. You agree to use our Services at your own risk and to take reasonable precautions to protect your own credentials and data.

Data breach notification: In the event of a personal data breach that is likely to result in a risk to your rights, we will notify you and the relevant Data Protection Board (as required under DPDP Act 2023) within 72 hours of becoming aware of the breach.

Under the Digital Personal Data Protection Act 2023, you have the following rights with respect to your personal data processed by us:

• Right to access: Request a summary of personal data we hold about you and how it has been used.
• Right to correction: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request erasure of personal data that is no longer necessary for the purpose for which it was collected, subject to legal retention requirements.
• Right to grievance redressal: Raise a complaint about our data processing with our Data Protection Officer at [email protected].
• Right to withdraw consent: Where our processing is based on your consent, you may withdraw consent at any time. This will not affect the lawfulness of processing prior to withdrawal.
• Right to nominate: Nominate an individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond within 30 days of receiving a verifiable request.

You also have the right to file a complaint with the Data Protection Board of India if you believe your data rights have been violated.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete such information promptly. If you believe a minor has provided us with personal data, please contact us at [email protected].

We use essential, functional, and analytics cookies to operate and improve our platform. We do not use advertising or third-party tracking cookies. For a complete description of all cookies we set and how to manage them, see our Cookie Policy.

Our platform may integrate with or link to third-party services (e.g., Razorpay for payments, government portals for GST/PF filing, WhatsApp Business API for notifications). These third parties operate under their own privacy policies. When you use a third-party integration, you are also subject to that third party's privacy terms. We are not responsible for the privacy practices of third-party services.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify you of material changes via email to your registered address or through a prominent notice in the platform, at least 15 days before the changes take effect.

Your continued use of the Services after the effective date of any change constitutes acceptance of the updated Privacy Policy.

For any privacy-related queries, access requests, or complaints:

Privacy enquiries: [email protected]

Data Protection Officer: [email protected]

Postal address:
Big Market 360 Private Limited
F211, B-wing, Express Zone Commercial Hub
Goregaon East, Mumbai – 400063
Maharashtra, India