Privacy Policy

Effective Date: 17 June 2026 Last Updated: 17 June 2026

This Privacy Policy explains how Srimatadevi Systems LLP ("we", "us", "our") collects, uses, stores, and protects personal data when you use Dhanafaa ("Service"). This Policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 (and rules thereunder).

By using the Service, you consent to the practices described here.


1. Who We Are

Srimatadevi Systems LLP is the Data Fiduciary for personal data processed through Dhanafaa.

2. What Personal Data We Collect

2.1 Information You Provide

When you sign up and use the Service, you provide:

2.2 Information We Receive from Connected Services

When you authorize a marketplace or gateway connection, we may receive:

This data is fetched on your behalf and treated as your business data. We process it solely to provide the Service to you.

2.3 Information Collected Automatically

When you use the Service, we collect:

3. Sensitive Personal Data

We do not collect sensitive personal data such as financial account numbers, biometric data, health data, sexual orientation, religious beliefs, or political opinions through normal use of the Service. Buyer addresses fetched from marketplaces (which may contain identifiable details) are handled as your business data and are not used by us beyond serving you.

4. How We Use Personal Data

We process personal data for the following purposes (lawful grounds in parentheses):

  1. Provide the Service — authenticate you, deliver features, sync data from connected sources (Performance of contract; your consent).
  2. Process payments and manage subscriptions (Performance of contract; legal obligation for tax invoicing).
  3. Customer support — respond to your questions, troubleshoot issues (Performance of contract; legitimate business interest).
  4. Service improvement — analyze usage to fix bugs, improve features (Legitimate business interest; aggregated/anonymized where possible).
  5. Communications — send service announcements, security alerts, billing notifications (Performance of contract; legal obligation).
  6. Marketing communications — send product updates, tips, offers (Your consent; you may opt out at any time).
  7. Legal compliance — comply with tax law, court orders, regulatory requests (Legal obligation).
  8. Fraud prevention and security — detect and prevent abuse, unauthorized access, financial fraud (Legitimate interest; legal obligation).

We do not:

5. Who We Share Personal Data With

We share personal data only as needed to operate the Service:

RecipientPurposeLocation
Supabase (DB & Auth)Storage of account data and operational dataServers in India / region of nearest cluster
Vercel (Hosting)Application hosting and edge deliveryGlobal edge network
RazorpayPayment processingIndia
Resend / Zoho MailTransactional email deliveryIndia / EU
Marketplaces & GatewaysOAuth/API connections you authorizePer provider
Anthropic Claude APIInternal AI features (text summarization, suggestion generation) — only if/when used; no Your Data is used to train modelsUSA
Government authoritiesWhere legally compelled (e.g., tax authority order, court order)India

We require all processors to maintain confidentiality and security obligations consistent with this Policy and applicable law.

6. Cross-Border Transfers

Some processors are located outside India. Where we transfer personal data across borders, we do so only to jurisdictions not restricted under the DPDP Act, and we ensure the processor maintains data protection standards reasonably comparable to Indian standards.

7. Data Retention

We retain personal data only as long as necessary:

You can request earlier deletion (see Section 9).

8. Cookies and Local Storage

We use:

We do not use third-party advertising cookies or cross-site tracking pixels. If we add analytics in future, we will update this Policy and seek consent where required.

9. Your Rights Under the DPDP Act

As a Data Principal, you have the right to:

  1. Access the personal data we hold about you.
  2. Correct inaccurate or incomplete personal data.
  3. Erase your personal data (subject to legal retention requirements).
  4. Withdraw consent for any processing based on consent. Withdrawal does not affect prior processing.
  5. Nominate another person to exercise your rights in the event of your death or incapacity.
  6. Grievance redressal — escalate complaints to our Grievance Officer.

To exercise any right, write to grievance@parasystemsai.com. We will respond within the timelines prescribed by law (currently within 30 days for most requests).

10. Grievance Officer

In compliance with the DPDP Act, 2023 and the IT Act, 2000:

Grievance Officer Srimatadevi Systems LLP 3rd Floor, MVR Estates, #8-2-676/1/B/A/A/1&A, Besides Emerald Mithai, Road No. 13, Banjara Hills, Hyderabad – 500034, Telangana, India Email: grievance@parasystemsai.com

We will acknowledge complaints within 24 hours and aim to resolve within 15 days.

If you are not satisfied with our response, you may escalate to the Data Protection Board of India as constituted under the DPDP Act.

11. Security

We implement reasonable technical and organizational measures, including:

No system is perfectly secure. In the event of a personal data breach that is likely to result in significant harm, we will notify affected users and the Data Protection Board as required under the DPDP Act.

12. Children's Data

The Service is not intended for use by children under 18. We do not knowingly collect personal data of children. If we learn we have collected such data, we will delete it. If you believe we have collected a child's data, contact us at grievance@parasystemsai.com.

13. Third-Party Links

The Service may contain links to third-party websites (marketplaces, partners, blog posts). We are not responsible for their privacy practices. Review their privacy policies before sharing personal data with them.

14. Changes to This Policy

We may update this Policy. When we do, we will update the "Last Updated" date and, for material changes, give you reasonable notice (in-app or email). Your continued use of the Service after the effective date constitutes acceptance.

15. Contact Us

For privacy questions or to exercise your rights:


By using Dhanafaa, you acknowledge that you have read and understood this Privacy Policy.