DPDP Act Compliance

1. Introduction

SureFilings proudly follows highly responsible data handling practices precisely aligned with India's pioneering Digital Personal Data Protection Act (DPDPA).

We fundamentally view data privacy not just as a legal mandate, but as an essential element of modern trust. Protecting the highly sensitive business and personal client information trusted to our compliance platform remains our absolute top operational priority.

2. Types of Data Processed

To effectively facilitate your mandatory governmental filings, our systems process several distinct categories of data:

• Personal Identification Information: Primary names, contact details, Aadhaar credentials, and PAN details.
• Business Registration Information: Legal trading names, physical jurisdiction addresses, entity incorporation documents, and GSTINs.
• Financial & Compliance Documents: Core invoices, monthly bank statements, and sensitive tax calculation proofs required strictly for legal attachments.

3. Purpose of Data Processing

We maintain absolute transparency regarding data utilization. The processed data is aggressively limited to the following explicit purposes:

• Executing official state and central regulatory filings accurately.
• Providing requested advisory and recurring compliance services.
• Secure structural communication with clients regarding workflow progress.
• Definitive satisfaction of our underlying statutory and legal obligations.

4. Consent

Crucial to the DPDPA framework, active users provide explicit and clear digital consent when initially submitting their core information through the SureFilings platform interface or verified WhatsApp channels.

Users possess the definitive right to actively withdraw this consent where technically and legally applicable, though doing so naturally interrupts ongoing filing workflows relying on that specific data.

5. Data Security Measures

To prevent data breaches and safeguard principals' information, SureFilings natively utilizes:

• Secure architectural document storage environments.
• Aggressively encrypted transit and at-rest digital communication pipelines.
• Granularly controlled, role-based internal access systems ensuring only assigned compliance agents can view corresponding client data.

6. Data Access and Rights

In rigorous alignment with DPDPA provisions, primary users may officially request full digital access to their aggregated data profile, and importantly, request necessary structural corrections where verified data is found outdated or formally inaccurate.

7. Data Retention

User data is securely retained only for periods explicitly mandated by overlapping Indian financial regulatory requirements (such as minimum record-keeping clauses under the Companies Act or GST framework). Once these statutory retention limits expire, isolated data is purged.

8. Compliance Commitment

SureFilings continuously monitors external regulatory shifts and proactively improves our internal technological processes to vigorously maintain the highest modern data protection standards available within the cloud software ecosystem.