Privacy Policy

Privacy Notice

This notice applies across all websites that we own and operate and all services we provide, including our online and mobile accounting and financial services products, and any other apps or services we may offer (our "services").

When we say "personal data", we mean information that can identify you, such as your name, email address, postal address, telephone number, bank account details, payment information and similar information. The same applies to information that could identify other users in your teams that is shared with TranZact.

If you cannot be identified (for example, where personal data has been aggregated or anonymised so that it can no longer be linked to you), that information is not considered personal data under this notice.

We may update this notice from time to time. When a significant change is made, we will let you know in a reasonable manner (for example, via email, in-app notification or an update on our website).

Compliance with Digital Personal Data Protection Act, 2023 (DPDPA)

For users located in India, FCB Technologies Pvt. Ltd. acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023. This Privacy Notice is designed to be in compliance with the DPDPA 2023, and we endeavour to follow all rules and regulations notified under the Act as applicable to our services.

In this notice, individuals whose personal data we process are referred to as "you" or "Data Principals", where relevant.

Clause 1: Who are "we"?

When we refer to "we" (or "our" or "us"), we mean FCB Technologies Pvt. Ltd. and all its wholly owned subsidiaries, including the primary operating entity, FCB Technologies Pvt. Ltd.

Our headquarters are in Mumbai, India, and we may operate or have offices in other locations. Our current communication address is available on our "Contact Us" page on our website.

For the purposes of the DPDPA 2023, we are the Data Fiduciary in relation to personal data collected and processed through our services.

Clause 2: Our Principles of Data Protection

Our approach to data protection is built around three key principles:

2.1 Transparency: We aim to be open, honest and transparent about how we collect and use personal data. You can always contact us if you have questions about this notice.

2.2 Enablement: We use personal data in a responsible way to provide and improve our services, enhance productivity and help you connect the information you have with the insights you need.

2.3 Security: We adopt industry-standard and appropriate technical and organisational measures to protect the personal data entrusted to us.

We collect and process your personal data only:

  • - where you have given your consent for one or more specified purposes;

  • - where such processing is necessary for performance of a contract or to take steps at your request prior to entering into a contract;

  • - where processing is required to comply with applicable law, orders of courts/authorities or other legal obligations; or

  • - where processing is permitted as a "legitimate use" under the DPDPA 2023 (for example, certain employment-related purposes, prevention and detection of fraud or offences, or other situations specified under the Act).

3.1 Personal data for which we seek consent: When we seek your consent, we clearly explain what personal data we collect and for what purpose. In the ordinary course of providing our services, the core personal data we collect from you includes, for example:

  • - Name

  • - Email ID

  • - Phone number

We collect and use this personal data only for business purposes, such as:

  • - creating and managing your user account;

  • - communicating with you about the services;

  • - providing support; and

  • - improving how we deliver our services to you and your organisation.

We provide consent notices in a clear and simple manner at the time of collection. These notices specify the personal data being collected, the purposes of processing, and how you can exercise your rights, including:

  • - withdrawing consent (see Clause 11.5) and

  • - raising complaints or grievances (see Clause 12).

Where we rely on consent, you may withdraw your consent at any time by emailing us at contact@letstranzact.com, as further described in Clause 11.5. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal, but it may affect our ability to provide some or all of the services to you.

Clause 4: How we collect your data

When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised as follows:

4.1 Information you submit in order to use our product: When you use our product, we may ask you to provide personal data. For example, we may ask for your information and/or your colleagues' information to create an employee or stakeholder database for accounting, operational or other business purposes within the product. If you choose not to provide certain personal data, you may not be able to use some parts of our product.

4.2 Information you provide to us directly: When you visit or use some parts of our websites or services, we may ask you to provide personal data. For example, we ask for your contact information when you:

  • - sign up for a free trial;

  • - fill out forms on our website;

  • - join us on social media or communities we manage;

  • - take part in training, events or webinars;

  • - contact us with questions; or

  • - request support.

If you do not provide personal data where it is required, certain parts of our websites or services may not be available to you.

4.3 Information we collect automatically: We collect some information automatically when you visit our websites or use our services, such as your IP address, device type, browser type, and operating system. We also collect information about how you navigate and interact with our websites and services, including pages viewed, links clicked, and time spent.

We use this information to understand how our websites and services are used so we can improve them (for example, by personalising content or improving performance). Some of this information is collected using cookies or similar technologies.

4.4 Information we receive from third parties: Most of the information we collect is provided directly by you. Sometimes we may receive personal data about you from other sources, such as:

  • - publicly available sources (e.g., websites, public directories);

  • - marketing, research or event partners; or

  • - other third parties you have authorised to share information with us.

We use such information to supplement the personal data we already have, to better personalise and improve our services, and to verify the information you provide.

If you are someone who does not have a direct relationship with us but believe that a TranZact subscriber has entered your personal data into our services, you should contact that TranZact subscriber directly for any requests relating to your personal data (including access, correction or deletion).

Clause 5: How we use your data

First and foremost, we use your personal data to operate our websites, provide you with the services you have requested, and manage our relationship with you. We may also use your personal data for the following purposes:

5.1 To communicate with you: This may include:

  • - providing information you have requested from us (such as training or educational materials) or information we are required to send;

  • - operational communications, such as changes to our websites or services, security updates, service notifications or support communications;

  • - marketing communications (about TranZact or other products or services we think may be relevant to you) in accordance with your marketing preferences;

  • - asking you for feedback or to participate in surveys or research (which may be handled by a trusted third party on our behalf).

5.2 To enable sharing and statutory submissions: We may use your personal data to help you share information with those you choose (for example, other users within your organisation) and to assist you in making statutory submissions where our product supports such features.

5.3 To support you: We may use personal data to provide support and resolve technical or other issues relating to our websites or services, whether by email, in-app support, phone or other channels.

5.4 To enhance our websites and services and develop new ones: We may use usage and technical data to:

  • - track and monitor how our websites and services are used;

  • - carry out technical analysis to optimise performance and user experience;

  • - develop new features, functions and services.

5.5 To protect our services and users: We may use personal data to detect and prevent fraud, abuse, security incidents and other harmful or illegal activity, and to ensure that our websites and services are used in line with our terms of use and applicable law.

5.6 To market to you: In addition to direct marketing communications, we may use personal data to display targeted advertising to you on our websites or on third-party sites and platforms, in accordance with applicable law and your preferences.

5.7 To analyse, aggregate and report: We may use personal data we collect (directly or from third parties) to create aggregated or anonymised analytics, reports and industry insights. Once anonymised or aggregated so that it no longer identifies you, such information is not personal data and may be shared publicly or with third parties.

Clause 6: How we can share your data

There will be times when we need to share your personal data (such as name, email address, contact number) with third parties. Where required by law or good practice, we will seek your consent before sharing personal data beyond what is necessary to provide our services.

We may disclose your personal data to:

  • - other companies in the TranZact group of companies, for purposes consistent with this notice;

  • - third-party service providers and sub-processors who help us deliver our websites and services (for example, cloud hosting providers, email and SMS gateways, analytics tools, customer support tools, payment processors and other technical or operational partners);

  • - regulators, law-enforcement bodies, government agencies, courts or other third parties where we believe it is necessary to comply with applicable law or regulation, to respond to valid legal process, or to exercise, establish or defend our legal rights;

  • - other persons where you have provided your consent or requested such sharing.

Where we engage third-party service providers or sub-processors to process personal data on our behalf, we do so under written contracts that require them to:

  • - implement appropriate security and confidentiality measures; and

  • - process personal data only on our documented instructions and for the purposes we specify, in a manner consistent with the DPDPA 2023 and this Privacy Notice.

We remain responsible under the DPDPA, to the extent required by law, for ensuring that our service providers protect your personal data appropriately when they process it on our behalf.

Our websites and services may contain links to third-party websites or services that we do not control. We are not responsible for the privacy practices of such third-party websites or services you choose to access independently, and we encourage you to review their privacy notices separately.

Notwithstanding anything contained in this Privacy Policy or elsewhere, TranZact shall not be liable for any loss, damage or misuse of personal data arising from events beyond our reasonable control, subject always to applicable law.

Clause 7: International Data Transfers

7.1 Transfers outside your country: We may store and process your personal data in India or in other countries where we or our service providers maintain facilities. These countries may have data-protection laws that are different from those in your country.

When we transfer personal data outside India, we do so in accordance with the DPDPA 2023 and any rules or government notifications issued under it, including any restrictions on transfers to certain countries (if and when notified).

7.2 How we protect your data in cross-border transfers: Where personal data is transferred outside India to our service providers:

  • - we limit such transfers to what is necessary for the purposes described in this notice; and

  • - we ensure that the recipients are subject to contractual obligations to protect personal data at a standard comparable to that required under the DPDPA 2023.

By using our services or submitting your personal data to us, you understand that your personal data may be transferred, stored and processed outside your country in the manner described in this clause.

Clause 8: Security

Security is a priority for us when it comes to your personal data. We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration or destruction, having regard to the nature of the personal data and the risks involved.

8.1 Personal Data Breaches and Notification: If we become aware of a personal data breach that is likely to cause harm to you or otherwise requires notification under the DPDPA 2023 and the applicable rules:

  • - we will take reasonable steps to contain and remediate the breach;

  • - we will notify the Data Protection Board of India by submitting a report within 72 (seventy-two) hours of becoming aware of such personal data breach, where required by law; and

  • - we will notify affected Data Principals without undue delay, using reasonable means such as email or in-service notifications, in accordance with applicable law.

Where feasible, we will provide information about the nature of the breach, the categories of data affected and the steps you can take to mitigate potential adverse effects.

Clause 9: Retention

9.1 Retention periods: The length of time we retain your personal data depends on:

  • - the type of personal data;

  • - the purposes for which it is processed; and

  • - any legal, regulatory, contractual or business requirements to retain it.

9.2 Purpose-based retention: We will not retain personal data for longer than is reasonably necessary for the purposes for which it was collected or for which it may lawfully be further processed, or as required to comply with legal obligations (for example, tax, accounting or regulatory requirements).

When we no longer have a lawful purpose or legal obligation to retain personal data, we will take reasonable steps to delete or anonymise it.

9.3 Your requests for erasure: Where you request deletion of your personal data in accordance with your rights under the DPDPA 2023, we will erase or anonymise your personal data, unless we are required or permitted by law to retain it for a longer period (for example, for legal claims, audits or compliance).

Even if deletion is requested, we may retain certain personal data and associated logs for at least one (1) year, where required by law, before such data is finally deleted or anonymised.

9.4 Anonymised data: In some cases, we may anonymise your personal data (so that it can no longer be associated with you) for research, analytics or statistical purposes. Once anonymised, we may use this information indefinitely without further notice to you.

Clause 10: Business Transitions

In the event we undergo a business transition, such as a merger, acquisition by another organisation, corporate reorganisation, or sale of all or a portion of our assets, your personal data may be among the assets transferred to the new entity, subject to this Privacy Notice and applicable law.

Where required by law, we will notify you of any such change in ownership or control of your personal data.

Clause 11: Your Rights

It is your personal data, and you have certain rights in relation to it under the DPDPA 2023, including the rights to access, correction, erasure, grievance redressal, withdrawal of consent and nomination, which we recognise and implement as follows.

11.1 Right to access and confirmation: You have the right to obtain confirmation of whether we are processing your personal data and to request a summary of the personal data we hold about you.

11.2 Right to correction and updating: You have the right to request correction, completion or updating of any personal data that is inaccurate or incomplete.

11.3 Right to erasure: You have the right to request that we delete your personal data when:

  • - it is no longer necessary for the purposes for which it was collected or processed;

  • - you have withdrawn consent and there is no other lawful basis for processing; or

  • - processing is otherwise not in accordance with applicable law,

subject to our need to retain data where required or permitted by law, including the retention obligations described in Clause 9.

11.4 Right to restrict or object to processing: You may request that we restrict certain processing or object to specific types of processing, particularly where it relates to marketing or profiling (if any).

11.5 Right to withdraw consent: Where we rely on your consent to process personal data, you may withdraw your consent at any time. To do so, you can email us at contact@letstranzact.com with sufficient details to identify you and your request.

Withdrawal of consent will not affect prior processing but may affect your ability to use some features or services.

11.6 Right to nominate: In accordance with the DPDPA 2023, you have the right to nominate another individual who can exercise your rights under the Act in the event of your death or incapacity.

You may submit or update your nomination by emailing us at contact@letstranzact.com with appropriate identification and nomination details, following any process we may reasonably specify to verify such nominations.

11.7 Right to grievance redressal: If you are not satisfied with how we are processing your personal data or responding to your requests, you have the right to raise a grievance with us. Details of our grievance mechanism and escalation to the Data Protection Board of India are set out in Clause 12.

11.8 Marketing communications: For marketing communications, you can opt out at any time by:

  • - clicking the unsubscribe link in any marketing email we send; or

  • - emailing us at contact@letstranzact.com with your request.

11.9 How to exercise your rights: You can exercise any of the above rights by emailing us at contact@letstranzact.com. We may need to verify your identity before acting on your request, to protect you and others from unauthorized access or changes.

We will respond to your requests within a reasonable time and in accordance with the timelines prescribed under the DPDPA 2023 and applicable rules.

Clause 12: Grievance Redressal and Data Protection Officer

12.1 Grievance redressal mechanism: We have a grievance redressal mechanism to address any concerns you may have about our processing of your personal data.

If you have a grievance, complaint or concern relating to your personal data or this Privacy Notice, you may contact our Grievance Officer / Data Protection Officer (DPO) at:

We will acknowledge and attempt to resolve your grievance within a reasonable timeframe, in accordance with the DPDPA 2023 and applicable rules.

12.2 Escalation to the Data Protection Board of India: If:

  • - you do not receive a response to your grievance within the time prescribed under applicable rules; or

  • - you are not satisfied with our response,

you may escalate your complaint to the Data Protection Board of India in accordance with the procedures laid down under the DPDPA 2023 and any associated rules or regulations.

Clause 13: Children's Data

Our services are designed and intended for use by businesses and adult professionals. We do not knowingly collect personal data of individuals under the age of 18 years in the context of providing our core B2B services.

  • - We assume that our customers and users are adults or are authorised representatives of organisations.

  • - We do not intentionally offer services directly to children or target children with our services.

If you believe that we have inadvertently collected personal data about a child under 18 through our services, please contact us promptly at contact@letstranzact.com. We will review the information and, where appropriate, delete or anonymise such personal data in accordance with applicable law.

Clause 14: Duties of Data Principals

In line with the DPDPA 2023, you, as a Data Principal, also have certain duties when using our services, including but not limited to:

  • - providing personal data that is accurate and not misleading;

  • - not impersonating another person or misrepresenting your identity;

  • - complying with applicable laws when using our services; and

  • - not suppressing material information or providing false information while exercising rights under this Privacy Notice or the DPDPA 2023.

We may, where permitted by law, decline or limit the exercise of certain rights if requests are manifestly unfounded, excessive, or infringe the rights of others.

Clause 15: How to Contact Us

15.1 General questions and requests: If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your rights (including access, correction, erasure, consent withdrawal or nomination), you can contact us at:

15.2 Grievances and DPO contact: For grievances or complaints relating specifically to your personal data under the DPDPA 2023, please contact our Grievance Officer / DPO at:

We encourage you to contact us first so we can try to resolve your concerns directly. If you remain unsatisfied, you may approach the Data Protection Board of India as described in Clause 12.2.

For FAQ refer this page

For Data Backup Policy refer this page

For Cookie Policy refer this page

TranZact

TranZact is a team of IIT & IIM graduates who have developed a GST compliant, cloud-based, inventory management software for SME manufacturers. It digitizes your entire business operations, right from customer inquiry to dispatch. This also streamlines your Inventory, Purchase, Sales & Quotation management processes in a hassle-free user-friendly manner. The software is free to signup and gets implemented within a week.