Privacy Policy

Effective Date: 01 Jan 2018
Last Updated: 16 Sep 2025

1. Introduction
Perennial Systems Pvt. Ltd. (operating under the brand GSTHero) is committed to protecting your privacy and ensuring that your personal data is handled securely and transparently. This Privacy Policy explains how we collect, process, store, and protect your data.

2. Scope
This Policy applies to GSTHero websites, platforms, and services provided by Perennial Systems Pvt. Ltd.

3. Data We Collect
            - Contact Information: Name, email, phone, job title, company.
            - Account Information: User IDs, credentials, payment details (if applicable).
            - Technical Information: IP address, device/browser data, operating system.
            - Usage Information: Logs, timestamps, activity.
            - Tax Return Information: Details provided by users for filing purposes.

4. How We Use Your Data
           - Provide and maintain services.
           - Communicate with you.
           - Fulfil legal and regulatory obligations.
           - Prevent fraud, breaches, and misuse.
           - Analytics and improvements.

5. Retention of Data
Audit and transaction logs, including request and response metadata, are retained for 7 years in compliance with GSTN guidelines. Other personal data is retained only as long as required for legal, contractual, or business purposes.

6. Data Localization
All GST transaction data, audit logs, and associated metadata are stored within India jurisdiction. GSTHero does not transfer end-customer data outside India except where required by law or by explicit regulatory mandate.

7. Legal Basis for Processing
            - Consent
            - Contractual necessity
            - Legitimate interest
            - Legal obligations

8. Your Rights
           - Right to access, correct, delete, or restrict your data.
           - Right to portability and to object to processing.
           - To exercise rights, contact: infosec@perennialsys.com.

9. Data Sharing and Disclosure
We do not sell, rent, or share personal data with third parties. Data may be disclosed only:
          - To regulators when required by law.
          - To service providers engaged strictly for operational support, under binding confidentiality and data security obligations.

10. Security Measures
         - Encryption of sensitive data.
         - Access control and authentication.
         - Regular security audits.
         - Monitoring and incident response protocols.

11. Data Breaches
In case of a breach:
          - Users and authorities will be notified in line with CERT-In requirements (within 6 hours for reportable incidents).
          - Root Cause Analysis will be conducted for critical incidents.

12. Children’s Privacy
GSTHero services are not intended for individuals under 13 years of age. Any such data identified will be deleted immediately.

13. Changes to This Policy
This Policy may be updated from time to time. The latest version will always be published on the GSTHero website. Effective Date and Last Updated details will be displayed clearly.