Privacy Policy

Busiman Private Limited is an India-based technology company providing business management software. References to "Busiman", "we", "our", or "us" mean Busiman Private Limited and its affiliates, if any.

This Policy applies when you access or use our Services, communicate with us, or otherwise interact with Busiman. "Personal Data" means any data about an individual who is identifiable by or in relation to such data. Terms like "Data Principal" and "Data Fiduciary" have the meanings given in the DPDP Act. For legacy contexts, references to "Sensitive Personal Data or Information" (SPDI) follow the SPDI Rules.

• Account and identity data: name, email address, phone number (if provided), company name, branch/location identifiers, role/permissions, and login identifiers. If you sign in with Google, we receive identifiers and profile information from Google as permitted by your settings.
• Business content you provide: product catalogs, inventory and warehouse data, customer/vendor details, documents, and records you upload or create using the Services.
• Files and media you upload: when you upload files, we obtain the file, metadata (e.g., type, size), and store the file using our cloud storage provider (e.g., Amazon S3 via presigned URLs).
• Device, log and usage data: IP address, device type, browser, operating system, timestamps, pages/features used, and error information for diagnostics and security.
• Cookies and similar technologies: session cookies and local storage for authentication, preferences, and reliability. See Cookies section below.
• Communications: support requests, email content you send us, feedback, and survey responses.
• Payments: if paid services are enabled, payment information is processed by our payment partners (e.g., card networks or UPI PSPs). We do not store full card PAN, CVV, or UPI PIN on our systems.

• Consent: where you have given consent (e.g., creating an account, enabling features, or accepting cookies that are not strictly necessary).
• Performance of contract: to provide and support the Services you request, including core functionality, account management, and customer support.
• Legal obligations: to comply with applicable laws, lawful requests, and regulatory requirements (e.g., taxation, audit, security, and record retention).
• Legitimate uses under DPDP: to prevent fraud and abuse, maintain network and information security, and improve our Services in a manner consistent with your reasonable expectations and with safeguards.
• Vital interests/public interest: where required to protect individuals or comply with law enforcement or court orders.

• To create and manage accounts and user roles.
• To deliver, maintain, and improve the Services.
• To process uploads and store files using cloud storage.
• To authenticate users (including via Google).
• To provide customer support and respond to requests.
• To monitor and secure our Services, prevent fraud and unauthorized access, and detect anomalies.
• To communicate service notices, updates, and changes to terms or policies.
• If paid services are enabled, to facilitate payments via third-party processors.

The Services are not intended for use by children. Under the DPDP Act, a child is an individual under 18 years of age. We do not knowingly collect Personal Data from children without verifiable consent of a parent or lawful guardian. If you believe a child has provided Personal Data to us, please contact us to request deletion.

• Service providers: infrastructure, cloud hosting (e.g., AWS), storage, authentication, analytics, communications, and support partners who process data on our instructions and under contractual safeguards.
• Integrations you enable: when you connect third-party services (e.g., Google sign-in), data is shared as necessary per your configuration and the third party’s terms.
• Compliance and safety: to comply with law, lawful requests, enforce our terms, or protect rights, safety, and security.
• Business transfers: in connection with a merger, acquisition, restructuring, or sale of assets, subject to continued protections consistent with this Policy.

We do not sell Personal Data. We do not share payment card PAN, CVV, or UPI PIN with any party other than the compliant payment processor you select.

We may process and store Personal Data in India and/or other jurisdictions where our or our service providers’ systems are located. Where cross-border transfers occur, we implement appropriate safeguards consistent with the DPDP Act and applicable guidance. By using the Services, you understand that your data may be transferred to, stored, and processed in such locations.

We retain Personal Data for as long as necessary to fulfill the purposes described in this Policy, to provide the Services, and as required by law (e.g., tax, audit, and compliance). Criteria used to determine retention periods include the nature of the data, the context of processing, legal requirements, and whether an account is active. Offline/temporary queues (e.g., local IndexedDB for reliability) are processed and cleared periodically.

• Encryption in transit, access controls, and defense-in-depth practices to protect data from unauthorized access.
• Role-based access and auditability within the application.
• Vendor due diligence and contractual safeguards with service providers.
• Continuous monitoring and incident response procedures. While no system is 100% secure, we work to mitigate risks promptly.

You have the following rights, subject to applicable law:

• Access and portability: receive a summary of your Personal Data that we process.
• Correction and updating: request correction, completion, or updating of inaccurate or incomplete Personal Data.
• Erasure: request erasure when data is no longer necessary, consent is withdrawn, or processing is unlawful, subject to legal retention obligations.
• Grievance redressal: escalate complaints to our Grievance Officer. You may also escalate to the Data Protection Board of India pursuant to the DPDP Act.
• Nomination: nominate an individual to exercise rights in the event of your death or incapacity, where provided by law.

To exercise rights, contact us using the details below. We may verify your identity and request information necessary to process your request.

Where processing is based on consent, you can withdraw consent at any time without affecting processing that occurred before withdrawal. Certain core, strictly necessary cookies and processing required to provide the Services may continue where permitted by law. You can also manage browser settings to control cookies.

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, improve reliability, and understand product usage at an aggregate level. You can set your browser to refuse cookies or alert you when cookies are being set (the Services may not function properly without certain cookies). We do not use advertising cookies that track you across third-party websites.

We do not use solely automated processing that produces legal or similarly significant effects concerning you without appropriate human oversight.

We may update this Policy to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the updated Policy with a new effective date and, where required, provide notice or request consent to material changes.

If you have questions, requests, or complaints about this Policy or our privacy practices, please contact:

If you are not satisfied with our response, you may escalate to the Data Protection Board of India, subject to the DPDP Act.