A
AskBooks
en
Back to home

Privacy Policy

Effective: 1 April 2026Governing law: IndiaEntity: Askflow Private Limited

This Privacy Policy explains how Askflow Private Limited (“AskBooks”, “we”, “us”) collects, uses, shares, and protects your personal data when you use our websites, mobile apps, and accounting software (collectively, the “Service”). It complies with India’s Digital Personal Data Protection Act, 2023 (DPDPA) and supplementary global standards.

1. Who we are

Askflow Private Limited (AskBooks is a brand of Askflow) is a private limited company incorporated under the Companies Act 2013, with its registered office in Bengaluru, Karnataka, India. For the purposes of the DPDPA we act as a Data Fiduciary in respect of the personal data we collect from website visitors and account owners, and as a Data Processor on behalf of customers in respect of the personal data customers upload into the Service.

2. Personal data we collect

2.1 Data you provide

  • Account data: name, email, mobile number, business name, GSTIN, PAN, billing address.
  • Authentication data: hashed passwords (Argon2id), TOTP/MFA secrets, session tokens.
  • Customer content: invoices, vouchers, ledgers, payroll records, bank statements, employee details and any other data you upload while using the Service. You are the controller of this content.
  • Support communications: emails, WhatsApp messages, call recordings (only if you consent), screenshots and tickets you send to our team.

2.2 Data collected automatically

  • Device & usage: IP address, browser type, operating system, screen resolution, device identifiers, language, time-zone.
  • Diagnostic logs: request paths, response codes, error stacks (sanitised — query parameters that look like passwords/PII are redacted server-side).
  • Cookies & similar: session cookies, locale preference, analytics identifiers — see our Cookie Policy.

3. Why we process your data (lawful purposes)

  • Service delivery: creating accounts, authenticating users, storing your books, generating GST/e-Invoice/e-Way Bill responses on your behalf.
  • Compliance: meeting our obligations under the GST Act, Companies Act, Income Tax Act, and DPDPA.
  • Security: detecting fraud, preventing abuse, investigating incidents, applying rate-limits, blacklisting tokens after logout.
  • Communication: sending account notifications, security alerts, product updates, billing notices and (with your consent) marketing emails.
  • Improvement: aggregated, de-identified analytics to improve product reliability and performance — never individual profiling.

4. How we share data

We do not sell personal data. We share it only with:

  • Subprocessors who help us run the Service — listed in our Data Processing Agreement with audited security controls.
  • Government & GSP partners when you submit returns/e-invoices through us — restricted to data needed for that filing.
  • Law enforcement only where compelled by valid legal process under Indian law and after notice to you, unless legally prohibited.
  • Successors in a merger, acquisition or sale — with continuation of the protections described here.

5. Data localisation

All customer content is stored on servers physically located in India (currently Mumbai and Hyderabad regions). Backup encrypted snapshots remain in India. We do not transfer customer content outside India without your prior written consent.

6. Retention

  • Active account data is retained for as long as your subscription is active.
  • On cancellation, customer content is retained for 30 days (recovery window) and then permanently deleted within a further 60 days.
  • Tax-relevant ledgers may be retained for 8 years from the end of the relevant financial year as required under section 36 of the CGST Act.
  • Server access logs are retained for 180 days, then aggregated.

7. Your rights under DPDPA

You have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or out-of-date data.
  • Request erasure of your data (subject to retention obligations above).
  • Withdraw consent for marketing communications at any time.
  • Nominate another individual to exercise your rights in case of incapacity.
  • Lodge a complaint with the Data Protection Board of India.

Submit any of these requests to dpo@askbooks.in — our Data Protection Officer responds within 7 working days.

8. Security

We employ defence-in-depth: TLS 1.3 in transit, AES-256 at rest, JWT RS256 authentication, Argon2id password hashing, mandatory MFA for admins, role-based access control, multi-tenant isolation enforced at every database query, rate-limited APIs, daily encrypted backups, and 24×7 SOC monitoring. See our Security Policy and Trust Center.

9. Children

The Service is intended for businesses. We do not knowingly collect personal data from children below 18. If you believe a minor has provided data, write to dpo@askbooks.in for prompt deletion.

10. Changes to this policy

Material changes will be notified by email and an in-app banner at least 14 days before they take effect. The “Effective” date above always reflects the latest version. Previous versions are archived and available on request.

11. Contact us

Data Protection Officer (DPO): dpo@askbooks.in
Grievance Officer (per Rule 5(9), IT Rules 2021): grievance@askbooks.in
Postal: Askflow Private Limited, Bengaluru, Karnataka 560034
Phone: +91 77953 33729

Questions? Email legal@askbooks.in or write to Askflow Private Limited, Bengaluru, Karnataka 560034.