Legal

Privacy Policy

Last updated: 11 July 2026

1. Introduction

ComplianceGrid ("we", "us", or "our") operates the website complianceengine.in and the ComplianceGrid SaaS platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using ComplianceGrid, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, firm name, and password when you register.
  • Client & Company Data: Company details, director information, and shareholder information that you upload or enter into the platform, including sensitive personal data such as PAN, Aadhaar number, and Director Identification Number (DIN) of directors and shareholders of the companies you manage.
  • Payment Information: Billing details processed through Razorpay. We do not store card numbers — Razorpay handles PCI-DSS compliant payment processing.
  • Communications: Messages sent through our support system or email.

Where you (the practising professional, firm, or authorised user of the Service) upload personal data — including PAN, Aadhaar, or DIN — belonging to directors, shareholders, or other individuals connected to your client companies, you act as the party responsible for obtaining the necessary consent or lawful authorisation from those individuals ("Data Principals") before such data is entered into ComplianceGrid, in accordance with the Digital Personal Data Protection Act, 2023. ComplianceGrid processes this data solely on your instructions, for the purpose of compliance task generation, document preparation, and regulatory tracking.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time on platform, session data.
  • Device & Technical Data: IP address, browser type, operating system, referring URLs.
  • Cookies: Session cookies for authentication, preference cookies for settings. See Section 8 for details.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and improve the ComplianceGrid Service
  • Process payments and manage your subscription
  • Send transactional emails (receipts, task reminders, account notifications)
  • Respond to support requests and resolve issues
  • Send service announcements and important security updates
  • Analyse usage patterns to improve the product
  • Comply with applicable legal obligations

We do not send marketing emails without your explicit consent. You may opt out of non-essential communications at any time.

4. Data Storage & Security

We take data security seriously. Key measures include:

  • AES-256 Encryption: All data stored in our Supabase Pro database is encrypted at rest using AES-256 — bank-grade encryption.
  • HTTPS / TLS 1.3: All data in transit is encrypted via HTTPS with TLS 1.3.
  • Automatic Daily Backups: Your data is backed up every 24 hours with point-in-time recovery capability.
  • Access Controls: Role-based access controls ensure only authorised personnel access your data.
  • Infrastructure: Hosted on Supabase Pro (enterprise PostgreSQL) and Vercel Edge Network — both ISO 27001 and SOC 2 certified infrastructure providers.

While we implement industry-standard protections, no system is 100% immune to all threats. We encourage you to use strong passwords and to notify us immediately at security@complianceengine.in if you suspect any security issue.

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data or client data to any third party.

We share data with the following categories of third-party service providers only to the extent necessary to deliver the Service:

  • Supabase: Database hosting and storage (servers in Singapore/US region)
  • Vercel: Application hosting and edge network
  • Razorpay: Payment processing (subject to Razorpay's own Privacy Policy)
  • Resend: Transactional email delivery
  • Anthropic Claude: AI-powered compliance suggestions (only user queries, no personal client data shared)

All third-party providers are required by contract to keep your information confidential and use it only to provide services to us.

We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of ComplianceGrid, our users, or others.

6. Your Data Rights

Under applicable law (including India's Digital Personal Data Protection Act, 2023), you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention obligations)
  • Data Portability: Export your data in a standard format at any time — without restriction
  • Withdraw Consent: Withdraw consent for non-essential processing at any time
  • Grievance Redressal: File a complaint with our Data Protection Officer

These rights extend to individuals whose data is uploaded to the platform by a practising professional (such as directors and shareholders of a managed company). Such individuals may exercise these rights either through the professional managing their company's account or by contacting us directly.

To exercise any of these rights, contact us at privacy@complianceengine.in. We will respond within 30 days.

7. Data Retention

We retain your account data for as long as your account is active. After account deletion, we retain anonymised aggregate data for analytics and retain minimal records required by law (e.g., payment records for 7 years as required by Indian tax law).

You may request deletion of your data at any time. Upon verified request, we will delete personal data within 30 days, except where retention is required by law.

8. Cookies

We use the following types of cookies:

  • Strictly Necessary: Authentication session cookies required for you to log in and use the platform. Cannot be disabled.
  • Preference Cookies: Remember your settings (theme, language preferences).
  • Analytics Cookies: Anonymous usage analytics to improve the product. You may opt out.

We do not use advertising cookies or tracking cookies for third-party marketing.

9. Children's Privacy

ComplianceGrid is a professional B2B platform intended for adults 18 years and older. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us data, contact us at privacy@complianceengine.in.

10. International Data Transfers

Our primary data is stored on Supabase servers in Asia-Pacific (Singapore) region. Some service providers may process data outside India. We ensure appropriate safeguards — including contractual clauses consistent with applicable data protection law — are in place for any cross-border transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy. We recommend reviewing this page periodically.

12. Contact & Grievance Officer

For privacy concerns, data requests, or grievances:

Data Protection / Grievance Officer

ComplianceGrid (complianceengine.in)

Email: privacy@complianceengine.in

We respond to all requests within 30 days.