Privacy Policy

1. Introduction

Easemylife is a proprietorship based in Mumbai, India, registered under the Goods and Services Tax (GST) Act. We operate the platform at easemylifetools.com, which provides online business tools including expense tracking, payroll management, and related services for small businesses.

This Privacy Policy explains what personal data we collect, why we collect it, how we store and protect it, and what rights you have over your data. It applies to all users of our platform, including account holders and their authorised team members.

By creating an account or using our services, you agree to the collection and use of your data as described in this policy. We are committed to handling your data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

2. Information We Collect

We collect the following categories of data when you use our platform:

a) Account Information

When you register for an account, we collect:

• Full name
• Email address
• Phone number
• Business name and details
• Password (stored in encrypted form only)

b) Business Data

Data you enter while using our tools, including:

• Expense records and financial entries
• Employee and payroll information (if using payroll tools)
• Business reports and exported files

This data belongs to you. We process it solely to provide and operate the services you have signed up for.

c) Usage Data

We automatically collect certain technical information when you access our platform:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and actions taken within the platform
• Date and time of access

3. How We Use Your Information

We use the data we collect for the following purposes:

• Providing the service: Processing your business data, generating reports, and operating the tools you use
• Authentication: Verifying your identity when you sign in and managing account access
• Billing and payments: Processing subscription payments, issuing invoices, and managing your billing cycle
• Customer support: Responding to your queries, troubleshooting issues, and assisting with account-related requests
• Service improvement: Analysing usage patterns (in aggregate, not individually) to improve platform performance and develop new features
• Communication: Sending transactional emails such as payment confirmations, password resets, and important service updates

We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising or profiling purposes.

4. Data Storage and Security

We take the security of your data seriously and implement the following measures:

• Hosting: Our platform is hosted on Railway, a cloud infrastructure provider. Your data is stored in a PostgreSQL database managed within this infrastructure.
• Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS).
• Password security: User passwords are hashed using bcrypt before storage. We never store passwords in plain text, and our team cannot view your password.
• Backups: We perform regular database backups to ensure data can be recovered in the event of a system failure. Backups are stored securely on Amazon S3.
• Access control: Access to production systems and databases is restricted to authorised personnel only.

While we implement reasonable security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

5. Third-Party Services

We use the following third-party services to operate our platform. Each service only receives the minimum data necessary to perform its function:

• Brevo — for sending transactional emails (payment confirmations, password resets, account notifications). Brevo receives your email address and the content of the transactional message.
• Razorpay — for processing payments within India. Razorpay handles your payment information directly; we do not store your card or bank account details on our servers.
• Stripe — for processing international payments. Like Razorpay, Stripe handles payment information directly and is PCI-DSS compliant.
• Railway — for hosting our application and database infrastructure.
• Amazon S3 — for storing encrypted database backups.

Each of these providers has their own privacy policies and data handling practices. We encourage you to review their respective policies. We select providers that maintain appropriate security standards and data protection practices.

6. Data Retention

We retain your data as follows:

• Active accounts: Your data is retained for as long as your account is active and your subscription is in effect.
• After deletion request: When you request account deletion, we will remove your personal data and business data from our active systems within 90 days of the request. This period allows us to process the request, handle any pending billing matters, and ensure no data is needed for legitimate business or legal obligations.
• Backups: Deleted data may persist in encrypted backups for up to 30 days after removal from active systems, after which it is permanently purged.
• Legal obligations: We may retain certain records (such as billing and invoice data) for longer periods if required by Indian tax or accounting laws.

7. Your Rights Under the DPDP Act 2023

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to Access: You can request a summary of the personal data we hold about you and how it is being processed.
• Right to Correction: You can request that we correct any inaccurate or incomplete personal data. You can also update most of your information directly through your account settings.
• Right to Erasure: You can request that we delete your personal data, subject to any legal obligations that require us to retain certain records.
• Right to Data Portability: You can request a copy of your data in a commonly used, machine-readable format. Our platform also provides built-in export features for your business data.
• Right to Grievance Redressal: If you are dissatisfied with how we handle your data or respond to your requests, you have the right to raise a grievance with our Grievance Officer (see Section 12 below). If the grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India as established under the DPDP Act.
• Right to Nominate: You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity, as provided under the DPDP Act.

To exercise any of these rights, contact us at service@eml.net.in. We will respond to your request within 30 days.

8. Cookies

We use cookies in a limited and transparent manner:

• Session cookies: We use session cookies to maintain your authentication state after you sign in. These cookies contain a JSON Web Token (JWT) and are essential for the platform to function.
• No third-party tracking cookies: We do not use any third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites.

Since we only use strictly necessary cookies for authentication, no separate cookie consent is required. If we change our cookie practices in the future, we will update this policy accordingly.

9. Children's Privacy

Our platform is designed for businesses and is not intended for use by individuals under the age of 18 years. We do not knowingly collect personal data from children.

If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete that data from our systems. If you believe a minor has provided us with personal data, please contact us at service@eml.net.in so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Notify you via email at the address associated with your account
• Where required by law, obtain your consent before applying changes that materially affect how your data is processed

We encourage you to review this page periodically to stay informed about how we protect your data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us:

12. Grievance Officer

In accordance with the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address any concerns or complaints you may have regarding the processing of your personal data:

The Grievance Officer will acknowledge your complaint within 48 hours and work to resolve it within 30 days of receipt. If you are not satisfied with the resolution, you may approach the Data Protection Board of India for further redressal.