Varanasi, Uttar Pradesh, India
info@accountsup.in +919355511935, +918860755755

Data Protection & GDPR Policy

Learn about our data protection practices, security measures, and compliance with GDPR and DPDP Act.

Last Updated: June 2, 2026

Introduction

AccountsUp is committed to protecting your personal data and respecting your privacy rights. This Data Protection Policy explains how we collect, process, store, and protect your personal data in compliance with applicable data protection laws, including:

  • Information Technology Act, 2000: Indian legislation governing electronic records and digital transactions.
  • IT Rules, 2011: Rules regarding reasonable security practices for sensitive personal data.
  • Digital Personal Data Protection Act, 2023 (DPDP Act): India's comprehensive data protection law.
  • General Data Protection Regulation (GDPR): If you are in the EU/EEA, we comply with GDPR requirements.

This policy should be read alongside our Privacy Policy and Terms of Service.

Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Name, PAN, Aadhaar, date of birth, gender, photographs.
  • Contact Data: Email address, phone number, postal address, WhatsApp number.
  • Business Data: Company name, GST number, business type, financial statements, tax documents.
  • Financial Data: Bank account details, payment information, transaction history, invoices.
  • Technical Data: IP address, browser type, device information, cookies, usage data.
  • Communication Data: Emails, messages, support tickets, feedback, inquiries.

Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent: You have given explicit consent for processing your personal data for specific purposes.
  • Contract Performance: Processing is necessary to fulfill our contractual obligations to you.
  • Legal Obligation: We must process your data to comply with tax laws, GST regulations, ROC filings, and other statutory requirements.
  • Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement).

Data Security Measures

We implement robust technical and organizational security measures to protect your data:

  • Encryption: Data in transit is protected using SSL/TLS encryption; sensitive data at rest is encrypted.
  • Access Controls: Role-based access controls ensure only authorized personnel can access your data.
  • Authentication: Multi-factor authentication (MFA) for admin and user accounts.
  • Firewalls & Monitoring: Network firewalls, intrusion detection systems, and 24/7 monitoring.
  • Regular Audits: Security audits, vulnerability assessments, and penetration testing.
  • Data Backups: Regular encrypted backups stored securely in multiple locations.
  • Employee Training: Staff trained on data protection, confidentiality, and security best practices.

Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy or as required by law:

  • Active Clients: Data retained throughout the duration of our professional relationship.
  • Inactive Clients: Data retained for 7 years after service completion (as per Indian tax and accounting regulations).
  • Marketing Data: Retained until you unsubscribe or withdraw consent.
  • Legal Requirements: Data may be retained longer if required by law, regulatory authorities, or pending legal proceedings.

After the retention period expires, we securely delete or anonymize your data.

Your Data Protection Rights

Under the DPDP Act and GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements).
  • Right to Restriction: Request limitation on how we process your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes.
  • Right to Withdraw Consent: Withdraw consent for processing at any time.
  • Right to Lodge a Complaint: File a complaint with the Data Protection Board of India or relevant supervisory authority.

To exercise your rights, contact us at hello@accountsup.in. We will respond within 30 days.

Data Transfers

Your data is primarily stored and processed in India. If we transfer data internationally, we ensure adequate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws.
  • Standard Contractual Clauses: Use of EU-approved contractual clauses for data transfers.
  • Data Processing Agreements: Contracts with third-party processors ensuring GDPR/DPDP compliance.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the Data Protection Board of India within 72 hours of becoming aware of the breach (as required by DPDP Act).
  • We will notify affected individuals without undue delay if the breach poses a high risk.
  • Notification will include the nature of the breach, potential consequences, and measures taken to address it.

Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data immediately. Parents/guardians who believe we have collected data from a child should contact us immediately.

Third-Party Data Processors

We may share data with trusted third-party processors who assist us in providing services. All processors are bound by data processing agreements and must:

  • Process data only on our instructions.
  • Implement appropriate security measures.
  • Not use data for their own purposes.
  • Delete or return data upon termination of services.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Any automated processing (e.g., fraud detection algorithms) is subject to human oversight and you have the right to contest decisions.

Policy Updates

We may update this policy to reflect changes in legal requirements or our practices. Updates will be posted with a revised "Last Updated" date. Continued use of our services constitutes acceptance of changes.

Contact & Data Protection Officer

For data protection inquiries or to exercise your rights, contact us:

  • Email: hello@accountsup.in
  • Phone: +91 9123456780
  • Address: Varanasi, Uttar Pradesh, India
  • Data Protection Officer: dpo@accountsup.in