Privacy Policy & Data Protection Notice

Intelliob Technologies Private Limited (“Intelliob”, “we”, “us”, or “our”) provides business cloud software products including MoneyFacts ERP, PayCare Payroll & HRMS, Accord eHR, TimeMate Attendance, and BillGini Expense Management. We are committed to transparency in our processing of personal data.

This Privacy Policy acts as the Privacy Notice under Section 5 of India's Digital Personal Data Protection Act, 2023 (DPDP Act). It applies to all users (individuals or business entities) accessing our website, subscribing to our SaaS services, or interacting with our mobile applications.

We collect only the minimum personal data necessary to provide you with enterprise-grade cloud ERP, HR, payroll, and billing solutions.

A. User Account Details (Direct Collection)

When you sign up, request a demo, or contact sales, we collect account details such as your full name, business email address, company name, mobile phone number, and physical office address.

B. Customer Service Data (Data Uploaded by You)

In using our SaaS platforms, you (as the Data Fiduciary/Controller of your business) upload personal data of your employees, vendors, and clients. We process this purely on your instructions:

• PayCare & Accord eHR: Employee names, email addresses, contact details, date of birth, PAN, Aadhaar, salary structure, bank account numbers, tax declarations, and family details (for insurance/nomination).
• TimeMate: Daily attendance logs, check-in/check-out times, leaves, geolocational data (only for mobile check-in verification), and biometric templates (if integrated with on-premise hardware).
• MoneyFacts ERP & BillGini: Billing data, receipts, invoices, expense details, vendor names, GSTIN, tax records, bank transaction logs, and details of transactions.

C. Device and Usage Data (Automated Collection)

When accessing our web or mobile apps, we automatically log information such as your IP address, browser type, operating system version, device hardware model, API call logs, error logs, and session activity.

Under Section 4 of the DPDP Act 2023, we process personal data only for lawful, specific, and declared purposes:

Intelliob does not sell, trade, or distribute your personal information. We share personal data only with trusted partners and third-party subprocessors who assist in delivering our services:

• Cloud Infrastructure Providers: AWS (Amazon Web Services) and Google Cloud Platform (GCP) for secure database storage and application hosting.
• Payment Gateways: Razorpay or other PCI-DSS compliant processors to handle subscription fees securely.
• Communications Partners: Email and SMS gateways to dispatch transactional notifications (OTP verification, salary credit alerts).

All subprocessors operate under strict data protection agreements that match our standards and comply with the DPDP Act 2023. We do not transfer personal data outside of India except in compliance with regulatory cross-border transfer rules set by the Government of India.

We maintain reasonable technical and organizational security measures to protect your digital personal data against loss, unauthorized access, or disclosure, in alignment with Section 8(5) of the DPDP Act:

• Data in Transit: Encrypted using TLS 1.3 protocol with SHA-256 signatures for all web and mobile traffic.
• Data at Rest: Customer database instances and file attachments are encrypted with AES-256 standards.
• Access Control: Logical isolation of databases per customer subscription, preventing cross-tenant access. Two-Factor Authentication (2FA) is enforced for admin users.
• Vulnerability Management: Periodic automated vulnerability scanning, penetration testing, and code audits.

Under India's DPDP Act, 2023, you (as a Data Principal) have specific statutory rights. You can exercise these by contacting our Grievance Officer:

• Right to Access: Request a summary of the personal data being processed, the names of subprocessors shared with, and the processing activities performed.
• Right to Correction & Completion: Correct inaccurate data or complete incomplete details across our databases.
• Right to Erasure (“Right to be Forgotten”): Request the deletion of your personal data when the purpose of collection has been served, or when you withdraw consent.
• Right to Withdraw Consent: You can withdraw consent at any time. Withdrawal stops further processing immediately, unless processing is required by other tax or labor statutes.
• Right to Nominate: Nominate another individual to exercise your rights under this Act in the event of death or physical/mental incapacity.

In accordance with Section 8(4) of the DPDP Act, we delete your personal data as soon as the purpose of its collection is satisfied, or upon withdrawal of consent.

Retention Schedule:

• Active Accounts: Stored for the duration of your active subscription.
• Account Cancellation: Data is kept in a deactivated state for a 90-day grace period to allow account restoration. After 90 days, data is hard-deleted from production databases.
• Backups: Deletion from encrypted offline backups occurs automatically within 6 months of database erasure.

Our website and SaaS platforms utilize small text files called cookies to deliver core features and optimize your user experience:

• Essential Cookies: These are strictly necessary for login authentication (e.g., maintaining your Firebase session) and protection against CSRF (Cross-Site Request Forgery) attacks. Disabling these will prevent the software from operating.
• Preference Cookies: Used to save UI settings like dark/light theme preference, panel layouts, and language settings.
• Analytics & Performance Cookies: Used to measure traffic performance and track website usage patterns. These are used only if you explicitly accept the cookie prompt on landing pages.

You can manage cookie settings directly in your web browser. However, please note that restricting essential cookies will limit your ability to access our products.

If you have any questions about this policy, wish to exercise your rights, or have a grievance regarding your personal data, you may contact our designated Grievance Officer:

Under the DPDP Act 2023, if you are unsatisfied with our grievance response, you have the right to lodge a formal complaint with the Data Protection Board of India (DPBI).