Privacy Policy

Contents

1. Introduction
2. Data Fiduciary & Contact
3. Scope
4. Information We Collect
5. How We Use Information
6. Legal Bases for Processing
7. Cookies & Similar Technologies
8. Sharing & Disclosure
9. International Transfers
10. Data Retention
11. Security Measures
12. Your Rights
13. Children's Privacy
14. Third-Party Links
15. Changes to This Policy
16. Grievance & Contact

1. Introduction

Ascent24 Technologies LLP (LLPIN: AAP-8255) ("we", "us", "our") operates BestERP.in ("BestERP" or the "Platform"). We respect your privacy and are committed to protecting personal data in accordance with applicable laws, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Digital Personal Data Protection Act, 2023 ("DPDPA") as it comes into force, and — where applicable to international users — principles consistent with the EU General Data Protection Regulation ("GDPR").

This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and the choices available to you. By using BestERP, you acknowledge this Policy. If you use the Platform on behalf of an organization, you confirm you have authority to accept this Policy for that organization.

2. Data Fiduciary & Contact

For personal data processed in connection with BestERP.in, the data fiduciary (controller) is:

3. Scope

This Policy applies to:

• Visitors to besterp.in and related marketing pages;
• Registered account holders, administrators, staff, and authorized users of a BestERP workspace;
• Trial and paying subscribers;
• Individuals whose data is submitted to the Platform by our customers (e.g. CRM contacts, employees). For such data, our customer is typically the data fiduciary and BestERP acts as a data processor — see Section 8.

4. Information We Collect

4.1 Information you provide

• Account & profile — name, email, phone, company name, job role, password (stored hashed), billing address, GSTIN or tax identifiers where applicable;
• Business data — records you enter into BestERP (customers, invoices, inventory, HR records, documents, etc.);
• Communications — support tickets, emails, feedback, and survey responses;
• Payment-related data — billing details; card/bank data is processed by payment partners and not stored in full on our servers.

4.2 Information collected automatically

• Usage & logs — IP address, browser type, device identifiers, pages viewed, features used, timestamps, and error logs;
• Cookies & similar tech — see Section 7;
• Location — approximate location derived from IP address for security, localization, and compliance.

4.3 Sensitive personal data

BestERP is a business platform. We do not require you to submit sensitive personal data (such as health, biometric, or financial account credentials) except where a module legitimately needs it for your business process. If you choose to store such data, you are responsible for lawful collection, notice, and consent under applicable law.

5. How We Use Information

We use personal data to:

• Provide, operate, maintain, and personalize the Platform;
• Authenticate users and enforce security;
• Process subscriptions, invoices, and payments;
• Provide customer support and respond to inquiries;
• Send service-related notices (account, billing, security, product updates);
• Improve performance, fix bugs, and develop new features (including aggregated/anonymized analytics);
• Comply with legal obligations, court orders, and government requests;
• Detect, prevent, and address fraud, abuse, or security incidents;
• Send marketing communications where permitted — you may opt out at any time.

6. Legal Bases for Processing

Depending on context and applicable law, we rely on:

• Contract — processing necessary to deliver the Service you subscribed to;
• Consent — where required (e.g. certain marketing, optional cookies);
• Legitimate interests — security, product improvement, and B2B communication, balanced against your rights;
• Legal obligation — tax, accounting, and regulatory compliance in India and other applicable jurisdictions.

Under the DPDPA, we process personal data for lawful purposes and implement reasonable security safeguards. Where consent is the basis, you may withdraw it subject to contractual and legal limits.

7. Cookies & Similar Technologies

We use cookies and local storage to:

• Keep you signed in and maintain session security;
• Remember preferences (language, layout);
• Measure site usage and improve performance;
• Support optional analytics or marketing tools where enabled.

You can control cookies through your browser settings. Disabling essential cookies may limit Platform functionality. Where required, we display a cookie consent banner before non-essential cookies are set.

8. Sharing & Disclosure

We do not sell your personal data. We may share information with:

• Service providers — cloud hosting (e.g. AWS, GCP, Azure), email delivery, SMS/WhatsApp gateways, payment processors (Razorpay, Stripe, PayPal), customer support tools, and security vendors, under contracts requiring confidentiality and appropriate security;
• Your organization — workspace administrators can access user and business data within your company account per role permissions;
• Legal & safety — when required by law, regulation, legal process, or to protect rights, safety, and integrity of users and the Platform;
• Business transfers — in connection with merger, acquisition, or asset sale, with notice where practicable.

When you enable third-party integrations (e.g. payment, messaging, Google services), those providers process data under their own privacy policies. Review their terms before connecting.

9. International Transfers

BestERP primarily serves customers in India. Data may be stored or processed in India and, where necessary for redundancy or sub-processors, in other countries with adequate safeguards (standard contractual clauses, vendor certifications, or equivalent mechanisms). By using the Service, you acknowledge such transfers may occur subject to applicable law.

For users in the European Economic Area or UK, we implement appropriate safeguards for cross-border transfers as required by GDPR.

10. Data Retention

We retain personal data for as long as your Account is active or as needed to provide the Service, comply with legal obligations (including tax and audit requirements under Indian law), resolve disputes, and enforce agreements. Customer business data is retained per your Subscription and deleted or anonymized within a reasonable period after account termination, unless you request earlier export/deletion or law requires longer retention.

11. Security Measures

We implement reasonable security practices and procedures consistent with the SPDI Rules and industry standards, including:

• Encryption of data in transit (TLS/HTTPS);
• Access controls and role-based permissions within workspaces;
• Hashed password storage and authentication safeguards;
• Regular backups and monitoring for unauthorized access;
• Employee and contractor confidentiality obligations.

No method of transmission or storage is 100% secure. You are responsible for maintaining strong passwords and controlling access within your organization. Report suspected breaches to hi@besterp.in promptly.

12. Your Rights

Subject to applicable law (including DPDPA and GDPR where relevant), you may have the right to:

• Access personal data we hold about you;
• Request correction of inaccurate or incomplete data;
• Request erasure ("right to be forgotten") where legally applicable;
• Withdraw consent for processing based on consent;
• Object to or restrict certain processing;
• Data portability in a structured, commonly used format where technically feasible;
• Nominate another individual to exercise rights on your behalf in the event of death or incapacity (as permitted under DPDPA).

To exercise rights, email hi@besterp.in with sufficient detail to verify your identity. We will respond within timelines prescribed by applicable law (typically within 30 days). If you are an end-user whose data was entered by a BestERP customer, contact that organization first — they control most business records.

Indian users may also have remedies before the Data Protection Board of India once fully operational under DPDPA, and before consumer forums for qualifying disputes.

13. Children's Privacy

BestERP is intended for business use and is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

14. Third-Party Links

Our website may link to third-party sites (e.g. ascent24.io, partner pages). We are not responsible for their privacy practices. Review their policies before submitting personal data.

15. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. Material updates will be posted on this page with a revised "Last updated" date and, where appropriate, notified via email or in-app notice. Continued use after changes constitutes acceptance.

16. Grievance & Contact

In accordance with the Information Technology Act, 2000 and rules made thereunder, the contact details for grievances relating to data protection are:

We aim to acknowledge grievances within 48 hours and resolve them within one (1) month, or as required by applicable law.

For terms governing use of the Platform, see our Terms and Conditions.