Privacy Policy

1. Scope and Applicability

This Privacy Policy applies to all websites, applications, and SaaS ERP services offered by Pagesoft Private Limited under the “Pages” and “Pagesoft” brands (collectively, the “Services”). It governs all interactions with our Services by users located in India.

We comply with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and applicable CERT-In security guidelines.

Pagesoft serves customers in India. Hosting is primarily on DigitalOcean (BLR1 and SGP1 regions) with certain functions on AWS. Cross-border processing may occur when data is handled in the SGP1 region or by global sub-processors, subject to contractual and security safeguards.

2. Definitions

• Personal Information means any information that identifies a natural person.
• Sensitive Personal Data or Information (SPDI) has the meaning under Rule 3 of the SPDI Rules and may include financial information, passwords, and similar categories when applicable.
• Business Data means company information and records uploaded to the ERP, including employee and operational data.
• Processing means any operation performed on information, including collection, storage, use, disclosure, and deletion.

3. Information We Collect

3.1 Personal Information

Name, email address, phone number, user credentials, billing and invoicing information, support communications.

3.2 Business Information

Company details, operational records, employee and payroll data, documents and datasets uploaded or generated within the ERP.

3.3 Usage and Technical Information

Log data, IP address, device and browser details, operating system, timestamps, feature usage, and diagnostics.

3.4 Cookies and Analytics Data

Information collected through cookies and similar technologies, including analytics events (see Section 8).

4. How We Collect Information

• Directly from you when you register, subscribe, configure integrations, or communicate with us.
• Automatically through logs, telemetry, cookies, and analytics when you access our websites or applications.
• From third parties such as payment gateways, verification providers, communication and support platforms that you interact with while using the Services.

5. Purpose of Processing

• Provide, operate, maintain, and secure the Services.
• Create and manage user accounts and authentication.
• Process transactions, billing, and payments.
• Deliver customer support and incident response.
• Improve performance, reliability, and user experience.
• Send transactional communications and service notices.
• Comply with legal obligations and enforce our terms.

Pagesoft does not sell or rent your Personal Information.

6. Third-Party Service Providers

We may share limited information with trusted third parties strictly for the purposes set out in Section 5. These providers are bound by confidentiality and appropriate security obligations consistent with Indian law.

• Payment Processing: Razorpay; Verification Suite: Cashfree
• Email & SMS: MSG91; Email delivery: Twilio SendGrid
• Analytics: Google Analytics
• Customer Support: Crisp
• Hosting: DigitalOcean (BLR1, SGP1), Amazon Web Services for specific functions

Integrations you enable within the ERP may involve additional processors as selected by you. Their privacy practices are governed by their respective policies.

7. Data Retention and Account Lifecycle

• Inactivity for non-payment (45 days): Your account becomes inactive and access to applications is restricted.
• Non-payment (180 days): Your account is soft-deleted from active clients and the data deletion countdown begins.
• Permanent deletion: All user-generated data, including backups, is permanently deleted 180 days after soft-deletion (approximately 360 days from initial non-payment).
• Backups: Retained for up to 180 days.
• User export: You can export user-generated data directly from the application at any time.
• Early deletion: Account deletion before the retention period is not available.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage. Categories include:

• Strictly necessary: Core functions such as authentication and security.
• Analytics: Usage measurement and performance diagnostics.

You can control cookies via your browser settings. Disabling certain cookies may impact functionality.

Marketing emails are not sent at present. Pagesoft may introduce promotional communications in the future. When that happens, users will receive opt-out choices in each message and within account settings.

9. Data Security

• Hosting primarily on DigitalOcean regions BLR1 and SGP1, with certain functions on AWS.
• Encryption in transit using industry-standard TLS and encryption at rest where applicable.
• Role-based access controls, logging, monitoring, and periodic reviews.
• Reasonable security practices and procedures as required under the SPDI Rules.
• Incident response aligned with CERT-In advisories and applicable notification duties, including reporting notifiable cyber incidents to CERT-In within six (6) hours of becoming aware.
• Retention of relevant system logs for at least 180 days, in line with CERT-In directions.

10. Data Sharing and Disclosure

• With third-party service providers listed in Section 6 to operate and support the Services.
• To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• To enforce our Terms of Service and protect our rights, users, and the public from harm or fraud.

We do not sell or rent Personal Information.

11. User Rights and Requests

Subject to applicable law, you may:

• Access and review Personal Information you have provided.
• Request correction of inaccurate Personal Information.
• Withdraw consent for processing of Sensitive Personal Data or Information where consent is relied upon.
• Export user-generated data from within the application.

Submit requests by email to info@pagesoft.app. We will respond within 30 to 45 days.

12. Children's Privacy

The Services are intended for use by businesses and are not directed to individuals under 18 years of age. We do not knowingly collect information from minors.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified on our website and, where appropriate, by email or in-product notice. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

14. Grievance Redressal

In accordance with Rule 5(9) of the SPDI Rules, Pagesoft has appointed a Grievance Officer. For complaints or concerns regarding data handling, contact:

Name: Jobith M Basheer
Email: grievance@pagesoft.app
Address: Pagesoft Private Limited, No. 17, 2nd Floor, 2nd Main Srinidhi Layout, KSRTC Layout, Herohalli, Bengaluru, Karnataka, India – 560091

We will acknowledge and resolve grievances within one (1) month from the date of receipt, as required under the SPDI Rules.

15. Contact Us

16. International Data Transfers

We may process or store Personal Information outside India (for example, in DigitalOcean SGP1 or through global sub-processors) subject to contractual and security safeguards. Pagesoft follows applicable Indian laws regarding cross-border data transfers. Under the Digital Personal Data Protection Act, 2023 (on commencement), transfers are generally permitted except to countries the Central Government may notify as restricted. We will update this section if and when such restrictions are notified.

Until the DPDP Act and its final rules are fully in force, our processing remains governed by the IT Act, SPDI Rules, and applicable CERT-In directions.

Related Policies

• Terms of Service
• Cancellation & Refund Policy
• Shipping & Delivery Policy