⚠️ Important Notice: This Privacy Policy is aligned with Indian Data Protection laws, including compliance with GST record retention requirements (6 years) and IT Rules 2021. This is NOT a legal document - consult an attorney for your specific situation.
1. Overview & Data Controller
1.1 Who We Are
Aurinko360 ("we," "us," "our") operates as a data controller for personal and business data you provide through our Platform. Your data is processed primarily in India.
1.2 Data Controller
Aurinko360
Email: privacy@aurinko360.com
Website: https://aurinko360.com
1.3 Our Commitment
We are committed to protecting your privacy and ensuring transparent data practices. This policy explains what information we collect, how we use it, and your rights regarding your data.
2. Information We Collect
2.1 Account Information
- Name, email address, phone number
- Business name, GST registration number, PAN
- Business address, contact information
- Bank account details (for payments/refunds)
- Profile photo or company logo
2.2 Business Data
- Customer details (names, email, GST number, addresses)
- Invoice information (amounts, items, dates)
- Purchase history and transaction records
- Business documents and reports
2.3 Technical Data
- IP address and location
- Browser type, device information
- Pages visited, time spent on Platform
- Login history and account activity
- Error logs and diagnostic data
2.4 Communication Data
- Email correspondence with support
- Chat messages and support tickets
- Feedback and survey responses
3. How We Use Your Data
3.1 Primary Purposes
- Service Delivery: Create invoices, manage customers, calculate GST
- Account Management: Authentication, billing, account updates
- Legal Compliance: GST filing, tax record maintenance, regulatory reporting
- Customer Support: Respond to inquiries and troubleshoot issues
- Security: Detect fraud, prevent abuse, maintain platform security
3.2 Secondary Purposes
- Product improvement and analytics
- Marketing communications (with your consent)
- Performance monitoring and optimization
- Audit trail and compliance verification
3.3 Legal Basis for Processing
We process your data under:
- Contract: To provide Aurinko360 services you've subscribed to
- Legal Obligation: GST Act (compliance, record retention)
- Your Consent: Marketing, analytics, cookies
- Legitimate Interest: Fraud detection, security, service improvement
4. Data Retention & Compliance
4.1 GST Act Requirements (6-Year Retention)
As per GST Act, Section 36, we must retain:
- All invoices generated through Aurinko360
- Customer GST registration details
- Payment records and transaction history
- Business documents and communications
Retention Period: 6 years from the end of the financial year in which the invoice was issued.
4.2 Income Tax Act Requirements
Business records must be retained for 6 years under Income Tax Act, 1961, Section 44AA.
4.3 Post-Termination
Upon account termination:
- Active account data is deleted within 90 days
- GST/Tax-related data is retained per legal requirements (6 years)
- Backup copies may be retained for 30 additional days
- You may request data export before deletion
4.4 Legal Process
We retain data if required by law enforcement, court orders, or regulatory authorities.
5. Data Sharing & Disclosure
5.1 We Share Data With:
- Payment Processors: Razorpay, PayU, or other payment gateways (limited to transaction data)
- Cloud Hosting Providers: Data stored on secure servers (anonymized)
- Legal Authorities: If required by law or court order
- Auditors: Only aggregated, anonymized data
- Your Customers: Only data you explicitly share (via invoice PDFs, etc.)
5.2 We DO NOT Share:
- Personal data with marketing agencies
- Bank account or payment information with third parties
- GST/tax data with competitors or unauthorized parties
- Email addresses or contact info without consent
- Your data to advertisers
5.3 Data Processing Agreements
All third-party processors sign Data Processing Agreements (DPAs) committing to data protection standards equivalent to ours.
6. Data Security
6.1 Security Measures
- Encryption in Transit: HTTPS/TLS encryption for all data transmitted
- Encryption at Rest: AES-256 encryption for stored data
- Password Security: Bcrypt hashing (cost=12) for passwords
- Access Control: Role-based access, principle of least privilege
- Session Management: Secure cookies, HttpOnly flag, 1-hour expiry
- Authentication: Multi-factor authentication (MFA) available
- Firewalls & Monitoring: 24/7 security monitoring and threat detection
6.2 What We Can't Guarantee
While we maintain high security standards, no online platform is 100% secure. We are not liable for unauthorized access resulting from:
- User-shared passwords or credentials
- Compromised user devices or networks
- Zero-day exploits or unforeseen vulnerabilities
6.3 Breach Notification
If a data breach occurs, we will notify affected users within 24 hours and provide instructions on protecting their accounts. We will file reports with authorities as required by law.
7. Your Data Rights
7.1 Right to Access
You can download your data anytime from Account Settings → Data Export. We'll provide it in a machine-readable format (JSON/CSV) within 7 days.
7.2 Right to Rectification
You can update your account information anytime. If you identify errors, contact us at privacy@aurinko360.com.
7.3 Right to Erasure
You can request deletion of your account and personal data. However, we will retain tax/GST-related data for 6 years as required by law.
7.4 Right to Object
You can opt out of marketing communications, cookies, and analytics anytime.
7.5 Data Portability
We'll provide your data in a portable, machine-readable format so you can move to another service.
7.6 How to Exercise Rights
Email privacy@aurinko360.com with "Data Subject Rights Request" and specify what you need. Verification may be required for security.
8. Cookies & Tracking
8.1 Types of Cookies
- Essential: Login session, CSRF protection, security (always active)
- Performance: Google Analytics (with anonymization enabled)
- Functional: User preferences, language selection
- Marketing: Pixel tracking, retargeting ads (opt-in only)
8.2 Cookie Consent
We show a cookie banner on first visit. You can:
- Accept all cookies
- Reject non-essential cookies
- Customize your preferences
- Change settings anytime in Account → Privacy Settings
8.3 Do Not Track
If your browser has "Do Not Track" enabled, we respect that preference and will not use marketing cookies.
9. Third-Party Services
9.1 Integrated Services
- Google OAuth: For sign-up/login (we receive email, name, profile picture)
- Facebook Login: For sign-up/login (we receive email, public profile)
- Razorpay/PayU: Payment processors (we share transaction data only)
- Google Analytics: Website analytics (anonymized IP, aggregated data)
9.2 Privacy of Third-Party Services
These services have their own privacy policies. We are not responsible for their practices. We recommend reviewing their policies before connecting your account.
9.3 Disconnecting Services
You can disconnect integrated services from Account → Integrations. This does not delete data already shared.
10. GDPR & CCPA Compliance
10.1 GDPR (For EU Users)
If you are in the European Union, GDPR applies. You have:
- Right to access your personal data
- Right to correct inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to lodge a complaint with your supervisory authority
10.2 CCPA (For California Users)
If you are in California, CCPA provides:
- Right to know what data we collect
- Right to delete your data (with exceptions)
- Right to opt-out of data sale (we don't sell data)
- Right to non-discrimination for exercising CCPA rights
10.3 Indian Law
Aurinko360 complies with IT Rules 2021 and other applicable Indian privacy laws.
This Privacy Policy is effective as of July 17, 2026. We reserve the right to update this policy anytime.
Changes will be posted here with an updated "Last Updated" date. Your continued use of Aurinko360 after changes
constitutes acceptance of the updated Privacy Policy.