Short version: We collect what we need to run BusinessSetu for you. We store it on Indian servers. We do not sell it. You can export or delete it any time. To exercise any data right, email contact@bighelpers.in.
Who we are
BusinessSetu Pro ("BusinessSetu", "we", "us") is a product of Big Helpers Software and Solutions Private Limited, a company registered in India (CIN U72200MP2008PTC021190, registered office: HIG-2, M.P. Housing Board Colony, Tikuri, Katni 483501, Madhya Pradesh, India). Under the Digital Personal Data Protection Act, 2023 ("DPDP Act") we are the Data Fiduciary for the personal data you give us, and you are the Data Principal.
What we collect
We collect only what helps us run the service:
- Account data: your name, email, phone number, password (stored as a one-way bcrypt hash), preferred language.
- Business data: business name, address, GSTIN, PAN (only when you choose to add them for invoicing), bank details (only when you add them for receiving payouts).
- Customer data you enter: the contacts, leads, quotes, invoices, payments, expenses and notes you create inside the app.
- Operational data: login timestamps, IP address (for security and fraud prevention), browser and device type, the actions you take inside the app (audit log).
- Support data: messages you send us, transcripts of WhatsApp or email conversations with our team.
We do not collect biometric, health, genetic, religious or caste data. We do not knowingly collect data from anyone under 18.
Why we collect it (purposes)
Under DPDP § 5 we must tell you exactly what each piece of data is used for. We use your data only for these specific purposes:
- To run the service: create your account, save your invoices and leads, send your customers the messages you ask us to send.
- To bill you: issue subscription invoices and process payments through our payment partner.
- To keep the service safe: detect fraud, prevent abuse, keep audit logs.
- To support you: reply to your questions on email, WhatsApp or in-app chat.
- To improve the product: understand how features are used in aggregate (counts only, never your business names or customer lists).
- To comply with law: respond to lawful requests from Indian authorities only when we are legally required to.
Lawful basis
- Your consent when you sign up and accept the privacy + terms.
- Legitimate use under DPDP § 7 — to run the service you have asked for, including security alerts and subscription notices.
- Legal obligation — to comply with Indian law.
How long we keep it (retention)
Under DPDP § 8(7) we keep your data only as long as we need it:
- Active account data: for as long as your account is active.
- Business records you create (invoices, payments): at least 7 years from creation, because the Income-tax Act and GST law require it.
- Audit logs: 2 years.
- Support messages: 18 months.
- Marketing email opt-ins: until you unsubscribe.
- After you delete your account: we erase your account data within 30 days, except for business records we are legally required to retain (those become anonymised after 7 years).
Who we share with
We do not sell, rent or trade your data. We share data only with the small set of sub-processors we need to run BusinessSetu. The full list with purposes and locations is on our sub-processors page. Headline list:
- Razorpay — collects subscription payments. PCI-DSS compliant.
- Cloudflare — HTTPS, anti-bot, edge caching.
- MilesWeb — Indian server hosting partner.
- Meta (WhatsApp Business API) — only when you choose to send WhatsApp messages to your customers through BusinessSetu.
- Frankfurter / European Central Bank — anonymous foreign-exchange reference rates (no personal data is sent).
We share only the minimum data each partner needs. We do not allow them to use your data for their own purposes.
Where your data lives
Your data is hosted on Indian servers, in Indian data centres, by our hosting partner. We do not transfer your data outside India.
Security
The full list is on our security page. In short:
- HTTPS / TLS 1.3 for all data in transit.
- Passwords stored as one-way bcrypt hashes — we never see your plain-text password.
- Application and database access controls; only authorised engineers can reach production data, and access is logged.
- Daily backups, retained for 14 days.
- Audit log of every important action inside the app.
- Full disk-level at-rest encryption is on our 2026 roadmap.
Your rights as a Data Principal
The DPDP Act gives you these rights. You can exercise them at any time:
- Right to know (§ 11): what data we hold and how we use it.
- Right to access: a copy of your data in a portable format.
- Right to correct (§ 12): fix inaccurate or outdated data.
- Right to erase (§ 12): ask us to delete your data, subject to retention exceptions above.
- Right to nominate (§ 14): nominate someone to exercise your rights if you die or are incapacitated.
- Right to withdraw consent (§ 6(4)).
- Right to grievance redressal (§ 13).
See our Data Principal Rights page for the exact form to use and the timelines we commit to.
Grievance redressal
If you have a complaint, write to contact@bighelpers.in. We respond within 7 working days. If you are not satisfied, you can escalate to the Data Protection Board of India once it is operational. See our grievance page for the full process.
Cookies
We use only the minimum cookies needed: a session cookie to keep you signed in, and a CSRF cookie to protect forms. We do not use third-party tracking cookies or advertising pixels. Our cookie policy lists every cookie we set.
Children
BusinessSetu is for adults running businesses. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, contact us and we will delete the account.
Changes to this policy
If we update this policy, we post the new version here and update the "last updated" date. For material changes (new data categories, new sub-processors, new purposes), we notify you by email and inside the app, and where DPDP requires we ask for fresh consent.
Contact
For any privacy question, email contact@bighelpers.in or write to: Big Helpers Software and Solutions Private Limited, HIG-2, M.P. Housing Board Colony, Tikuri, Katni 483501, Madhya Pradesh, India.