BlinkAudit

Privacy Policy

Version 1.0 · Last updated 2024-06-28

1. Who we are

This Privacy Policy explains how WhizzAct Private Limited ("we", "us") collects, uses, stores and protects your personal data when you use Whizzance, our cloud accounting service. We act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDPA").

2. Personal data we collect

Account data (username, email, mobile, password hash); workspace and company details you enter (business name, address, GSTIN, PAN); financial records you create (ledgers, vouchers, invoices, stock); and technical data (IP address, device/browser information, log and audit data).

3. Purpose of processing

We process your data to: provide and operate the accounting service; authenticate you and secure your account; maintain a statutory audit trail of changes to your books; process subscription payments; provide support; and comply with legal obligations. We process data on the basis of your consent and for legitimate, lawful uses permitted by the DPDPA.

4. Consent

We obtain your consent at sign-up before processing your personal data, and record it (version, date, IP). You may withdraw consent at any time from the Privacy & My Data centre or by contacting our Grievance Officer; withdrawal does not affect processing already carried out, nor records we must retain by law.

5. Your rights as a Data Principal

Under the DPDPA you have the right to: access a summary of your personal data; correct or update it; request erasure; nominate another individual to exercise your rights; and grievance redressal. You can exercise access and erasure from the in-app Privacy & My Data centre, or by emailing our Grievance Officer.

6. Data retention

We retain financial books of account for 8 years as required by the Companies Act, 2013 and the Income-tax Act, 1961. Other personal data is retained only as long as necessary for the purposes above or as required by law, after which it is deleted or anonymised.

7. Data sharing

We do not sell your personal data. We share data only with processors who help us operate the service (e.g. our payment gateway Cashfree for billing, and our cloud hosting provider), under appropriate contractual safeguards, and where required by law or a competent authority.

8. Security

We apply reasonable technical and organisational safeguards including encryption in transit, hashed passwords, access controls, scoped multi-tenant isolation, and an immutable audit trail. No method of transmission or storage is completely secure; in the event of a personal data breach we will notify the Data Protection Board and affected users as required by the DPDPA.

9. Children

The service is intended for businesses and is not directed at children. We do not knowingly process the personal data of children without verifiable parental consent.

10. Grievance Officer

For any privacy questions, requests, or complaints, contact our Grievance Officer: Grievance Officer, privacy@whizzact.com. We will respond within the timelines prescribed under the DPDPA. If unsatisfied, you may approach the Data Protection Board of India.

11. Changes

We may update this policy; we will revise the version and date above and, where required, seek fresh consent.

WhizzAct Private Limited · Mumbai, Maharashtra, India · support@whizzact.com