Privacy Policy

1. What information do we collect and for what purpose?

A. Information you provide directly

• Account and profile information (such as name, business email, password, company details, and role) to create and administer your account.
• Transactional and billing information (such as billing contact, tax details, and payment metadata) to process subscriptions, invoices, renewals, refunds, and legal accounting requirements.
• Support and communication content (such as messages, attachments, and call notes) to respond to queries, troubleshoot issues, and improve customer success outcomes.
• Product content you choose to store (such as invoice records, customer/vendor details, GST-related data, or documents) to provide core workflow functionality.

B. Information collected automatically

• Usage data (feature usage, clicks, session flow, page paths) to understand adoption, optimize UX, and improve product reliability.
• Device and log data (IP address, browser type, operating system, device identifiers, timestamps, error logs) for security, fraud monitoring, and system diagnostics.
• Cookie and similar technology data for authentication continuity, analytics, and user preferences.

C. Information from third parties

• Integration data from services you connect (subject to your configuration and permissions), to enable workflows you request.
• Service provider data from hosting, payment, communications, and analytics vendors who support delivery of our Services.
• Public or partner sources where lawfully available, to validate business identity, prevent fraud, or keep records accurate.

2. How we use your information

• To provide and maintain the Services you request.
• To authenticate users and secure account access.
• To process subscriptions, payments, tax records, and invoices.
• To send service communications, including transactional notices, security alerts, and support responses.
• To operate, monitor, debug, improve, and develop our Services.
• To detect, investigate, and prevent fraud, abuse, unauthorized access, and other harmful activity.
• To enforce contractual terms and respond to legal claims or regulatory obligations.
• To send product updates or marketing communications where permitted by law and your preferences.

Where required by law, we rely on one or more legal bases such as consent, contractual necessity, legal obligation, and legitimate interest (for example, platform security and service improvement).

3. Sharing of your information

We do not sell your personal information for money. We may disclose personal information in the following situations:

• Service providers and processors: infrastructure hosting, payment processors, customer communication providers, security and analytics vendors acting on our documented instructions.
• Business transfers: in relation to a merger, acquisition, financing, asset sale, or restructuring, subject to appropriate confidentiality and legal controls.
• Legal and regulatory disclosure: where required by law, court order, legal process, or to protect rights, security, and safety of users, Corenzio, or the public.
• With your direction or consent: where you instruct us to share information with integrations, advisors, or other counterparties.

We may also share aggregated or de-identified information that cannot reasonably identify an individual.

4. Third-party tracking and online advertising

We and authorized third-party partners may use cookies, pixels, web beacons, and SDK-like technologies to understand traffic, performance, and campaign effectiveness.

• Essential cookies: required for login, authentication, and security.
• Analytics cookies: used to measure product and website usage trends.
• Advertising cookies: where enabled, may support audience measurement and relevant campaign delivery.

You can control cookies through browser settings and available consent controls. If you disable certain technologies, some features may not function properly.

We do not knowingly permit third-party ad networks to collect sensitive financial records from in-product accounting workflows for behavioral ad targeting.

5. Sensitive data protection mechanisms

We maintain technical and organizational safeguards designed to protect confidentiality, integrity, and availability of personal information:

• Encryption in transit using TLS and encryption at rest for supported data stores.
• Role-based access controls, least-privilege access, and access logging for sensitive systems.
• Security monitoring, vulnerability assessment, and incident response procedures.
• Backups and recovery controls to support resilience and business continuity.
• Contractual controls with processors handling personal data on our behalf.

In the event of a personal data breach, we will assess and notify affected parties and authorities as required by applicable law.

6. Control over your information

Subject to applicable law, you may request one or more of the following:

• Access to the personal information we hold about you.
• Correction or update of inaccurate data.
• Deletion or erasure of personal data.
• Restriction or objection to certain processing activities.
• Data portability in a structured, commonly used format.
• Withdrawal of consent where processing relies on consent.

You may also opt out of non-essential marketing communications using unsubscribe links in such emails. We may still send service-related messages necessary to operate your account.

7. Children’s privacy

Our Services are intended for business users and are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us and we will take reasonable steps to investigate and delete such information where required.

8. Links to other web sites and services

Our Services may contain links to third-party websites, products, or services that are not controlled by Corenzio. We are not responsible for the privacy, security, or content practices of those third parties. We encourage you to review their privacy notices and terms before sharing personal information.

9. Region-specific disclosures

India

We process personal data in line with applicable Indian laws, including principles reflected in the Digital Personal Data Protection Act, 2023. This includes notice, consent (where applicable), purpose limitation, data minimization, safeguards, and grievance contact mechanisms.

European Economic Area / United Kingdom

Where GDPR/UK GDPR applies, you may have rights including access, rectification, erasure, portability, restriction, objection, and the right to lodge a complaint with a supervisory authority.

California and other U.S. states

Where applicable state privacy laws apply, residents may have rights to know, access, delete, correct, and opt out of certain sharing or targeted advertising practices, subject to statutory exceptions.

10. Changes to our privacy policy

We may modify this Privacy Policy periodically to reflect legal, regulatory, operational, or product changes. When we make material updates, we will revise the "Last updated" date and provide notice through appropriate channels (such as in-product notice, website posting, or email where required).

Continued use of the Services after an update becomes effective constitutes acceptance to the extent permitted by law.

11. Contact us

For privacy requests, grievances, or questions, contact: contact@corenzio.com

Legal Entity: CORENZIO TECHNOLOGIES

If required by applicable law, we may verify identity before processing privacy rights requests.