Privacy Policy

Account Books (“we”, “our”, or “us”) is a product of SOSM SERVICES PVT LTD (CIN: U70200PN2024PTC236589), a company incorporated under the Companies Act, 2013 and registered in Kolhapur, Maharashtra, India. This Privacy Policy governs how we collect, use, process, store, and disclose information obtained from users (“you” or “User”) who access or use our cloud-based ERP and accounting platform, Account Books, including our website, mobile applications, and related services (collectively, the “Platform”).

By accessing or using our Platform, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of the Platform immediately.

This Policy is published in compliance with: (i) Section 43A of the Information Technology Act, 2000; (ii) the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”); and (iii) applicable provisions of the Digital Personal Data Protection Act, 2023 (“DPDP Act”) as notified.

We collect information necessary to provide, improve, and secure our Platform. The categories of information we collect include:

2.1 Account & Registration Information

• Full name, email address, and mobile number of the account holder
• Business name, business type, and GSTIN (GST Identification Number)
• Designation, department, and role within your organisation
• Login credentials (passwords are stored only in hashed/encrypted form)

2.2 Business & Financial Data

• Sales, purchase, and invoice records entered into the Platform
• Inventory, stock, and manufacturing data
• Bank account details, payment records, and reconciliation data
• Employee records, salary details, and payroll data
• GST returns, tax computations, and compliance data
• Financial reports, P&L statements, and balance sheet data
• Fixed asset registers and depreciation schedules

2.3 Technical & Usage Data

• IP address, browser type, operating system, and device identifiers
• Pages visited, features used, session duration, and click-stream data
• Log files, error reports, and crash analytics
• Cookies, web beacons, and similar tracking technologies (see Section 9)

2.4 Communication Data

• Support tickets, chat messages, and email correspondence with our team
• Feedback, survey responses, and testimonials you provide
• Billing queries and subscription-related communications

We use the information we collect strictly for lawful purposes and to fulfil our contractual obligations to you. Specifically, we use your data to:

• Create, activate, and manage your Account Books account and subscription
• Provide and operate the Platform and all its modules (Accounting, GST, Inventory, Payroll, etc.)
• Process payments and manage billing for your subscription plan
• Generate and deliver GST returns, financial reports, and compliance documents
• Authenticate your identity and maintain the security of your account
• Send transactional communications including invoices, receipts, and alerts
• Provide customer support and resolve technical issues
• Send product updates, feature announcements, and service notifications
• Analyse usage patterns to improve Platform features and user experience
• Detect, investigate, and prevent fraudulent activity, unauthorised access, and abuse
• Comply with applicable laws, regulations, and legal processes in India
• Enforce our Terms of Service and other applicable agreements

Under applicable Indian privacy law, including the DPDP Act, 2023, we process your personal data on the following lawful bases:

We do not sell, rent, or trade your personal or business data to third parties. We may share your data only in the following limited circumstances:

5.1 Trusted Service Providers

We engage carefully vetted third-party vendors who assist us in operating the Platform, including cloud hosting providers (servers located in India or the EU), payment processors, email delivery services, and analytics platforms. These vendors process data only on our instructions and are bound by strict data processing agreements.

5.2 Legal & Regulatory Requirements

We may disclose your data when required to do so by a court order, government authority, or applicable law in India — including disclosures required by the Income Tax Department, GST authorities, or SEBI-regulated entities. We will, where legally permissible, notify you of such disclosures.

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of SOSM Services Pvt Ltd, your data may be transferred to the successor entity, which will be bound by privacy obligations no less protective than this Policy. We will notify affected users before any such transfer.

5.4 With Your Consent

We may share your data with third parties in any other manner with your explicit consent, which you may withdraw at any time.

6.1 Storage Location

All data processed through Account Books is stored on secure cloud servers. We prioritise data residency within India, and where cross-border transfer is required (e.g., for backup or disaster recovery), we ensure adequate safeguards are in place in compliance with the DPDP Act, 2023.

6.2 Retention Period

We retain your data for as long as your account is active or as required to provide you with our services. Specifically:

• Active account data: Retained throughout your subscription period
• Financial and GST records: Retained for a minimum of 8 years in compliance with the GST Act, 2017 and the Income Tax Act, 1961
• Employee and payroll records: Retained for 7 years after the last payroll period, as required under the Payment of Wages Act and EPF regulations
• Deleted account data: Anonymised or securely deleted within 90 days of account closure, subject to legal hold obligations
• Backup copies: Rotated and purged within 30 days of the primary deletion

We implement comprehensive technical and organisational security measures to protect your data against unauthorised access, disclosure, alteration, and destruction. Our security practices include:

• AES-256 encryption for all data at rest
• TLS 1.2+ encryption for all data in transit
• Multi-factor authentication (MFA) support for all user accounts
• Role-based access controls (RBAC) to limit internal data access on a need-to-know basis
• Regular third-party penetration testing and vulnerability assessments
• Automated intrusion detection and 24/7 security monitoring
• Secure development lifecycle (SDLC) with regular code reviews
• ISO 27001-aligned information security management practices
• Disaster recovery and business continuity planning with RPO < 4 hours

As a User of Account Books and a data principal under applicable Indian law, you have the following rights with respect to your personal data:

To exercise any of the above rights, submit a written request to privacy@accountbooks.in or contact our Grievance Officer at the address listed in Section 12. We will respond within 30 days and may ask for identity verification before processing your request.

Account Books uses cookies and similar technologies to enable essential Platform functionality, analyse usage, and improve your experience. We use the following categories of cookies:

You can manage or delete cookies through your browser settings at any time. Disabling strictly necessary cookies may impair the functionality of the Platform. We do not use third-party advertising cookies or cross-site tracking.

Account Books is a B2B platform intended exclusively for use by businesses and individuals aged 18 years or older. We do not knowingly collect personal data from persons under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately at privacy@accountbooks.in and we will take steps to delete such data promptly.

The Platform may contain links to third-party websites or offer integrations with third-party services (such as payment gateways, banking APIs, or government portals like the GST Network). This Privacy Policy applies solely to Account Books. We are not responsible for the privacy practices or content of third-party services, and we encourage you to review their respective privacy policies before use.

When you use government integrations (e.g., GSTN, MCA21), your data is transmitted directly to those government systems. Account Books acts only as a facilitator for such transmissions and does not store government portal credentials in plain text.

In accordance with the Information Technology Act, 2000 and the SPDI Rules, 2011, we have designated a Grievance Officer to address your privacy concerns:

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by:

• Posting a prominent notice on the Platform's dashboard
• Sending an email to the registered email address on your account
• Updating the “Last Updated” date at the top of this Policy

Your continued use of Account Books after the effective date of any revised Policy constitutes your acceptance of the changes. If you do not agree with any revised terms, you must discontinue use of the Platform and contact us to request account closure.

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023.

Any dispute arising out of or in connection with this Privacy Policy shall first be attempted to be resolved through mutual discussion. If unresolved within 30 days, such disputes shall be subject to the exclusive jurisdiction of the competent courts in Kolhapur, Maharashtra, India.