Privacy Policy
Effective date: 3 May 2025 · Governing law: India
BatchWise ("we", "us", "our") operates batchwise.ai, a technology-enabled BRSR and ESG assurance platform. This policy explains what data we collect, how we use it, and your rights under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.
1. Data We Collect
Account and contact data
Name, email address, mobile number, and password or OAuth token when you create an account.
Company and regulatory data
Company name, CIN, GSTIN, registered address, and the name of the authorised signatory. This is required to issue assurance reports in the correct legal form.
Operational documents
Files you upload as evidence for an assurance engagement — for example, Tally exports, electricity and fuel bills, water consumption records, payroll registers, and waste disposal records. These are used solely to perform the agreed assurance procedures.
Payment data
Transaction identifiers and payment status from Razorpay. We do not store card numbers or bank account details; those remain with Razorpay under their PCI-DSS controls.
Usage data
IP address, browser type, pages visited, and timestamps — collected automatically to secure the service and diagnose errors.
2. How We Use Your Data
- Deliver the BRSR assurance, CBAM, or ISAE 3410 report you ordered
- Communicate order status, clarification requests, and completed reports
- Issue invoices and maintain payment records
- Improve platform reliability and debug issues
- Comply with applicable Indian laws and regulatory requirements
We do not sell your data. We do not use your operational documents to train machine-learning models.
3. Third-Party Sub-processors
| Provider | Purpose | Data location |
|---|---|---|
| Cloudflare | CDN, DDoS protection, edge hosting | Global CDN; origin on Cloudflare R2 (APAC region) |
| Neon (AWS) | Managed PostgreSQL — account and order records | ap-south-1 (Mumbai) |
| Razorpay | Payment processing | India |
| Resend | Transactional email | EU (compliant with DPDP Act cross-border transfer rules) |
4. Data Retention
Account and order data is retained for the duration of your account and for seven years thereafter, in line with CA Institute record-keeping requirements and the Companies Act, 2013. You may request deletion of your account at any time; statutory records required by law will be retained for the mandatory period before deletion.
5. Your Rights
Under the DPDP Act, 2023, you have the right to:
- Access — obtain a summary of the personal data we hold about you
- Correction — request correction of inaccurate data
- Erasure — request deletion of your data, subject to our legal retention obligations
- Grievance redressal — raise a complaint with our data officer (contact below) and, if unresolved, with the Data Protection Board of India
6. Cookies
We use only strictly necessary session cookies for authentication. No advertising or analytics cookies are set. You cannot opt out of session cookies without losing access to your account.
7. Security
Data in transit is encrypted via TLS 1.3. Data at rest in Neon and R2 is encrypted using AES-256. Access to production systems is restricted to authorised personnel via SSH keys and role-based access controls.
8. Children
BatchWise is a business-to-business platform. We do not knowingly collect data from individuals under 18 years of age.
9. Changes to This Policy
We will notify registered users by email at least 15 days before making material changes to this policy. The effective date at the top of this page will be updated on each revision.
10. Contact
For privacy queries, data access requests, or to raise a grievance, contact our Data Officer:
Email: [email protected]
Subject line: Privacy — [your request type]