Privacy policy
Effective Date: 1st April 2026
Last updated: 1st April 2026
This Privacy Policy (“Policy”) applies to the GST reconciliation, analytics, reporting, and data processing software platform, together with its associated applications, dashboards, modules, interfaces, APIs, integrations, and related services (collectively, the “Software” or “Platform”) operated by DAHOTRE CORPTECH PRIVATE LIMITED (“Company”, “we”, “our”, or “us”).
This Policy forms an integral part of the applicable Terms of Use, subscription documents, and other binding contractual terms governing access to and use of the Software. By accessing or using the Software, the relevant User and Subscriber acknowledge that they have read and understood this Policy and agree to be bound by it, to the extent applicable.
1. INTRODUCTION AND APPLICABILITY
1.1 This Policy applies to: (i) individual users of the Software (“Users”); (ii) organisations subscribing to the Software (“Subscribers”); and (iii) authorised personnel, employees, consultants, and representatives of Subscribers.
1.2 This Policy governs the processing of data uploaded, transmitted, integrated, received, stored, viewed, downloaded, or otherwise processed through the Software.
1.3 In the event of inconsistency between this Policy and the Terms of Use or governing contract, the Terms of Use or governing contract shall prevail to the extent of such inconsistency.
1.4 This Policy is product-specific and has been drafted for a GST reconciliation and financial data processing platform used in a business and enterprise context.
2. NATURE OF THE SOFTWARE
2.1 The Software is a technology platform intended to facilitate: (i) GST reconciliation; (ii) invoice matching and comparison; (iii) financial and transactional data processing; (iv) analytics, dashboards, and reporting; and (v) allied workflow, audit trail, and exception management functions.
2.2 The Company provides the Software solely as a technology-enabled platform and does not, merely by providing the Software: (i) provide tax, legal, accounting, or audit advice; (ii) certify correctness of returns, records, reconciliations, or reports; or (iii) assume the Subscriber’s statutory or regulatory compliance obligations.
2.3 The Software functions on the basis of data made available by the Subscriber or User, whether by upload, manual entry, integration, synchronisation, or other authorised means.
2.4 The Company does not independently originate or validate business, accounting, tax, vendor, invoice, or statutory data processed through the Software, except for system-generated logs, usage records, and technical metadata required for operation, security, and support.
3. DEFINITIONS
3.1 “Applicable Law” means all applicable laws, rules, regulations, notifications, directions, and binding legal requirements, including, where relevant, the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.
3.2 “Personal Data” shall have the meaning assigned under Applicable Law.
3.3 “Subscriber Data” means all data, information, files, records, and datasets submitted, uploaded, transmitted, or otherwise made available by or on behalf of the Subscriber through the Software.
3.4 “Processing” means any operation performed on data, including collection, storage, use, analysis, retrieval, transmission, disclosure, deletion, anonymisation, or destruction.
4. CATEGORIES OF DATA PROCESSED
4.1 The Company may process the following categories of data:
(A) Business/ Transactional Data
(i) GST-related records and return data; (ii) inward and outward supply details; (iii) purchase and sales records; (iv) invoice data, debit notes, credit notes, and adjustments; (v) vendor, supplier, customer, and counterparty details; (vi) accounting and financial records; (vii) reconciliation outputs, mismatches, variances, and audit trails.
(B) User and Account Data
(i) names, usernames, and login IDs; (ii) email addresses and phone numbers; (iii) user roles, permissions, and account administration details; (iv) authentication-related information.
(C) Technical Data
(i) IP addresses; (ii) device, browser, and system information; (iii) access timestamps, session logs, and usage analytics; (iv) diagnostic, performance, and security logs.
(D) Support and Communication Data
(i) support requests; (ii) implementation and onboarding communications; (iii) issue reports and service correspondence.
4.2 The nature and extent of data processed will depend on the modules used, integrations enabled, user permissions configured, and the Subscriber’s chosen deployment of the Software.
4.3 The Company does not independently verify the legality, completeness, authority, or correctness of Subscriber Data unless expressly agreed in writing under a separate service arrangement.
5. PERSONAL DATA AND BUSINESS DATA
5.1 A substantial portion of the data processed through the Software may relate to business entities, commercial transactions, statutory registrations, and financial records and may therefore not constitute Personal Data.
5.2 The Software may process data relating to listed companies and other business entities. The fact that such information relates to a commercial organisation does not, by itself, make it Personal Data.
5.3 To the extent any Personal Data is processed through the Software, such processing shall be subject to Applicable Law.
5.4 The Subscriber is responsible for determining the legal character of the data it uploads or causes to be uploaded, including whether such data constitutes Personal Data, confidential information, regulated information, or non-personal business data.
5.5 The Company shall not be responsible for incorrect classification, tagging, or treatment of data by the Subscriber or User.
6. SOURCES AND PURPOSES OF PROCESSING
6.1 Data processed through the Software may originate from: (i) direct uploads or manual entries by the Subscriber or User; (ii) imports from ERP, accounting, finance, or billing systems; (iii) third-party integrations or APIs enabled by the Subscriber; (iv) onboarding, implementation, and support interactions; and (v) system-generated logs and metadata.
6.2 The Company processes data only for purposes connected with provision and administration of the Software, including: (i) operating the Software and enabling access; (ii) performing reconciliation, analytics, reporting, and matching functions; (iii) enabling integrations, imports, synchronisation, exports, and configurable outputs; (iv) maintaining security, audit trails, system integrity, and abuse prevention; (v) troubleshooting, diagnostics, support, and account management; (vi) improving platform stability, usability, and performance; and (vii) complying with Applicable Law and enforcing contractual rights.
6.3 The Company does not sell Personal Data as part of the ordinary business model of the Software.
6.4 The Company may use anonymised, aggregated, statistical, or non-identifiable information for internal analytics, service improvement, security analysis, and product enhancement.
6.5 The outputs generated by the Software depend on the accuracy, completeness, and configuration of the data supplied by the Subscriber or User. The Company does not guarantee that any output, report, comparison, or reconciliation is accurate, complete, final, or sufficient for statutory, tax, audit, accounting, or legal reliance without independent verification.
7. ROLE OF THE COMPANY
7.1 In relation to Subscriber Data, the Company acts primarily as a technology service provider and, where applicable, as a processor or service provider on behalf of the Subscriber, unless otherwise required by Applicable Law or expressly agreed otherwise in writing.
7.2 The Subscriber shall be solely responsible for:
(i) determining the purpose of processing;
(ii) deciding what data is uploaded or integrated;
(iii) ensuring lawful collection, disclosure, and processing of such data;
(iv) obtaining all required notices, permissions, approvals, and consents;
(v) configuring user access and permissions;
(vi) determining retention requirements applicable to its business; and
(vii) independently validating outputs generated by the Software before reliance for compliance, filing, audit, legal, or financial purposes.
7.3 The Company shall not be responsible for verifying: (i) the legality or authority for upload of Subscriber Data; (ii) whether required consents or notices have been obtained; (iii) whether the data is accurate, current, complete, or lawful; or (iv) whether the Subscriber’s use of the Software complies with its internal policies, contracts, or statutory duties.
7.4 Nothing in this Policy shall be construed to mean that the Company assumes the role of tax advisor, legal counsel, auditor, or compliance manager for the Subscriber.
8. SUBSCRIBER AND USER OBLIGATIONS
8.1 The Subscriber and each User represent, warrant, and undertake that: (i) all data uploaded or processed through the Software is lawful and properly authorised; (ii) they have the necessary right or lawful basis to provide such data for processing; (iii) all required notices, permissions, and consents have been obtained, where applicable; (iv) use of the Software does not violate Applicable Law, confidentiality obligations, or third-party rights; and (v) important outputs and reconciliations will be independently reviewed before being acted upon.
8.2 The Subscriber shall be responsible for maintaining confidentiality of credentials, controlling user access, and promptly notifying the Company of suspected unauthorised access or compromise.
8.3 The Company shall have no responsibility or liability for: (i) unlawful or unauthorised data uploaded by the Subscriber or User; (ii) absence of required consent, notice, or authority; (iii) inaccurate, incomplete, stale, duplicate, or misleading data; (iv) misuse or incorrect configuration of the Software by the Subscriber or User; or (v) claims, proceedings, or liabilities arising from Subscriber data handling practices or reliance on Software outputs without independent review.
9. NO PROFESSIONAL ADVICE OR NO STATUTORY SUBSTITUTE
9.1 The Software is a facilitative technology tool and does not constitute tax advice, legal advice, accounting advice, audit certification, or statutory validation.
9.2 The Software does not replace independent professional review, internal controls, or statutory due diligence by qualified advisors or internal teams.
9.3 Any report, dashboard, summary, mismatch indication, reconciliation, or recommendation generated by the Software is operational and informational in nature and must be independently assessed by the Subscriber before being relied upon for compliance, filing, litigation, audit sign-off, financial statements, or other high-impact decision-making.
10. DATA STORAGE, CLOUD INFRASTRUCTURE, AND SECURITY
10.1 Data processed through the Software may be stored, hosted, backed up, transmitted, or otherwise processed using third-party cloud, hosting, database, security, monitoring, and infrastructure providers.
10.2 Such infrastructure may be located in India or outside India, subject to Applicable Law and the Company’s operational requirements.
10.3 The Company may use commercially reasonable care in selecting such providers, but does not own or control the underlying infrastructure of such third parties.
10.4 The Subscriber acknowledges that operation of cloud-based software services ordinarily involves reliance on third-party infrastructure and networks.
10.5 The Company implements reasonable technical and organisational measures designed to protect data from unauthorised access, misuse, alteration, loss, or disclosure. Such measures may include access controls, role-based permissions, authentication safeguards, encryption where applicable, logging, monitoring, backups, and incident response processes.
10.6 No digital system or transmission method is completely secure. Security also depends materially on the Subscriber’s internal controls, access management, device hygiene, network security, and third-party integrations.
10.7 The Company shall not be liable for downtime, outages, corruption, delay, loss, breaches, or unauthorised access arising from: (i) third-party cloud or infrastructure providers; (ii) compromised credentials; (iii) weak passwords or inadequate access controls by the Subscriber; (iv) insecure Subscriber devices or networks; (v) third-party integrations, APIs, or external systems; or (vi) circumstances beyond the reasonable control of the Company.
11. LOGS, AUDIT TRAILS, AND MONITORING
11.1 The Software may maintain access logs, activity histories, audit trails, usage records, and system logs for security, accountability, traceability, troubleshooting, dispute resolution, and service improvement.
11.2 Such logs may include login timestamps, actions performed, records accessed, imports, exports, reports generated, configuration changes, and other system activities.
11.3 The Company may use such records internally for security review, incident investigation, support handling, and enforcement of contractual rights.
12. DATA RETENTION AND DELETION
12.1 Data shall be retained for such period as may be: (i) necessary during the subscription or service relationship; (ii) operationally required for functioning, support, backup, audit, or security purposes; (iii) required under Applicable Law; or (iv) necessary for enforcement of legal rights or resolution of disputes.
12.2 Upon expiry or termination of the applicable relationship: (i) access to the Software may be suspended or revoked; (ii) the Subscriber may lose access to stored data after the applicable transition period, if any; and (iii) data may be deleted, anonymised, archived, or rendered inaccessible in accordance with the Company’s retention protocols, contractual commitments, or Applicable Law.
12.3 The Company shall have no obligation to retain data indefinitely after termination unless expressly agreed in writing or required by Applicable Law.
12.4 Backup copies, residual logs, and archival records may continue to exist for a limited period due to technical, operational, legal, or recovery requirements.
13. DATA SHARING AND DISCLOSURE
13.1 The Company may disclose or make data available, strictly on a need-to-know basis, to: (i) cloud, hosting, storage, monitoring, and infrastructure providers; (ii) implementation, support, security, and technical service providers; (iii) professional advisors, auditors, or consultants engaged under confidentiality obligations; (iv) affiliates involved in lawful service delivery or support, where applicable; (v) governmental, judicial, quasi-judicial, regulatory, tax, or law enforcement authorities where required by Applicable Law or lawful process; and (vi) a successor entity in connection with merger, acquisition, restructuring, financing, or transfer of business or assets, subject to continuity of obligations where commercially and legally feasible.
13.2 The Company does not disclose Subscriber Data to third parties for unrelated sale or marketing as part of the ordinary operation of the Software.
13.3 Where the Subscriber enables third-party integrations, exports, connectors, or APIs, data may be transmitted to or from such systems at the Subscriber’s direction, and the Company shall not be responsible for the privacy, legality, or security practices of such third parties.
14. CROSS-BORDER DATA TRANSFER
14.1 Data may be stored, transferred, mirrored, or accessed outside India where necessary for operation of the Software, global infrastructure, support workflows, security management, or service delivery.
14.2 Any such transfer shall be subject to Applicable Law.
14.3 To the extent legally required, the Subscriber shall remain responsible for obtaining any necessary permissions, notices, or consents for such transfer, unless otherwise expressly agreed in writing.
15. USER RIGHTS AND REQUESTS
15.1 To the extent mandated by Applicable Law and subject to the nature of the Company’s role, a User may seek rights such as access, correction, updating, deletion, or withdrawal of consent in relation to Personal Data.
15.2 Where the relevant data is controlled by the Subscriber, or where the Company acts only on the Subscriber’s behalf, the Company may require such request to be routed through or validated by the Subscriber.
15.3 The Company may refuse, limit, or defer a request where: (i) it is not legally required to comply; (ii) compliance is not technically feasible; (iii) the Company is not the correct responding party; (iv) the request affects rights of others; or (v) retention is required for law, security, audit, or dispute-related purposes.
16. CONFIDENTIALITY, THIRD-PARTY SERVICES, AND INCIDENTS
16.1 The Company recognises that data processed through the Software may include confidential, commercially sensitive, strategic, financial, or compliance-related information and shall use reasonable measures to maintain confidentiality in accordance with its internal practices and contractual commitments.
16.2 The Software may interoperate with third-party applications, APIs, ERP systems, accounting systems, authentication services, and other external tools. The Company does not control the privacy or security practices of such third parties and shall not be liable for losses arising from such third-party systems or integrations.
16.3 The Company may maintain internal processes for responding to suspected security incidents affecting the Software and may take such steps as it considers appropriate, including containment, investigation, mitigation, remediation, and legally required notification.
16.4 The Company does not guarantee that every attempted attack, anomaly, suspicious event, or unsuccessful threat will result in notice to the Subscriber.
17. USER AGE
17.1 The Software is an enterprise and business-focused platform and is not intended for use by minors.
17.2 The Subscriber shall not knowingly use the Software in a manner that violates Applicable Law relating to children’s data.
18. CHANGES TO THIS POLICY
18.1 The Company may update or modify this Policy from time to time due to changes in law, the Software, infrastructure, service model, or risk management requirements.
18.2 The updated Policy may be posted on the Platform, website, or otherwise communicated through appropriate means.
18.3 Continued use of the Software after such update becomes effective shall constitute acceptance of the revised Policy, to the extent permitted by Applicable Law and the governing contract.
19. LIMITATION OF LIABILITY
19.1 To the maximum extent permitted by Applicable Law, the Company shall not be liable for: (i) data uploaded, shared, entered, or integrated by the Subscriber or User; (ii) unlawful, unauthorised, or improper processing initiated by the Subscriber or User; (iii) absence of required notices, permissions, approvals, or consents; (iv) inaccurate, incomplete, outdated, duplicated, manipulated, or misleading data; (v) any decision, filing, action, or omission taken on the basis of Software-generated outputs without independent review; (vi) losses caused by third-party infrastructure, APIs, connectivity failures, or cloud provider incidents; (vii) breaches caused by compromised credentials, Subscriber systems, User practices, or third-party environments; (viii) indirect, incidental, special, punitive, or consequential losses; or (ix) regulatory action, tax demands, penalties, interest, proceedings, or claims arising from Subscriber conduct, Subscriber data, Subscriber compliance failures, or Subscriber reliance on Software outputs.
19.2 The Subscriber expressly acknowledges that the Software is a facilitative tool and that final responsibility for legal, tax, financial, regulatory, and commercial decisions remains with the Subscriber.
19.3 This Clause shall be read together with, and shall be subject to, the limitation of liability, disclaimers, exclusions, and risk allocation set out in the Terms of Use and governing contract, which shall prevail where applicable.
20. GOVERNING LAW, JURISDICTION, AND CONTACT
20.1 This Policy shall be governed by and construed in accordance with the laws of India.
20.2 Subject to any agreed dispute resolution mechanism in the Terms of Use or governing contract, the courts at Pune, Maharashtra shall have exclusive jurisdiction over disputes arising out of or in connection with this Policy.
21. CONTACT
For questions, requests, notices, or grievances relating to this Policy, Users and Subscribers may contact:
DAHOTRE CORPTECH PRIVATE LIMITED
Address: [Floor 7, Kotibhaskar Business Court, Karve Rd, opposite Karishma Society, Kothrud Industrial Area, Kothrud, Pune, Maharashtra 411038]
Email: [varun.d@heyxia.io]
Phone: [+91 9699984943]
Attention: [} Grievance Officer/ Compliance Contact