Legal

Privacy Policy

Last updated: April 26, 2026

1. Who we are

BizPulse AI ("BizPulse", "we", "our", "us") operates the platform at bizpulseanalytics.com. We are an India-based technology company providing AI-powered business health monitoring and failure prediction services for small and medium businesses.

This Privacy Policy is governed by the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and the Digital Personal Data Protection Act, 2023 (DPDP Act).

Contact: support@bizpulseanalytics.com

2. What data we collect

Account data: Name, email address, password (hashed with bcrypt, never stored in plaintext). This constitutes personal data under the DPDP Act 2023.

Business data: Business name, industry, size, and the financial or operational metrics you enter or sync via integrations. Financial metrics are treated as Sensitive Personal Data or Information (SPDI) under IT Rules 2011.

Integration data: When you connect Plaid, QuickBooks, or Stripe, we store encrypted OAuth tokens. We use read-only scopes — we can never move money or modify your accounts.

Usage data: Login timestamps, page views, feature usage. We do not use third-party analytics trackers.

3. Lawful basis for processing

Under the DPDP Act 2023, we process your personal data on the following bases:

  • Consent: You provide explicit consent at account creation. You may withdraw consent at any time by emailing us or deleting your account.
  • Contract performance: Processing necessary to provide the service you subscribed to.
  • Legitimate uses: Fraud prevention, security monitoring, and improving our platform using anonymised and aggregated data.
  • Legal obligation: Retaining records required under Indian tax law and financial regulations (e.g., GST records for 7 years).

4. How we use your data

  • To calculate and display your business health score
  • To generate AI-powered action plans and insights using Anthropic's Claude API
  • To send transactional emails (welcome, alerts, billing) via Resend
  • To process payments via Razorpay (we never see your card or UPI details)
  • To detect and prevent fraud and abuse
  • To improve our signal models and prediction accuracy (anonymised, aggregated only)

We never sell your data. We never use your data for advertising. We never share your business financials with third parties except as required to provide the service.

5. Third-party processors

We share data with the following processors under binding agreements:

  • Supabase — PostgreSQL database hosting (your data is stored here)
  • Anthropic (Claude API) — AI analysis of your business signals; only anonymised signal values are sent, never personal identifiers
  • Vercel — Application hosting and CDN
  • Resend — Transactional email delivery
  • Razorpay — Payment processing (RBI-regulated; we never see your card or UPI details)
  • Plaid / QuickBooks / Stripe — Financial data integrations (only when you explicitly connect them)

Cross-border data transfers to processors outside India are conducted under contractual safeguards in accordance with the DPDP Act 2023 and applicable RBI guidelines.

6. Data retention

We retain your personal data for as long as your account is active. On account deletion or cancellation:

  • Account and business data: deleted within 30 days
  • Payment records: retained for 7 years as required under Indian accounting and GST law
  • Anonymised analytics: retained indefinitely (not linked to you)

7. Security

We implement reasonable security practices as required under Rule 8 of the SPDI Rules 2011. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Passwords are hashed using bcrypt (cost factor 12). OAuth tokens are stored encrypted and never logged in plaintext.

See our Security page for full technical details.

8. Your rights (DPDP Act 2023)

As a Data Principal under the DPDP Act 2023, you have the following rights:

  • Right to access: Request a summary of your personal data and how it is being processed.
  • Right to correction and erasure: Request correction of inaccurate data or erasure of data no longer required for the stated purpose.
  • Right to grievance redressal: Raise a complaint with us; we will respond within 30 days.
  • Right to nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right to withdraw consent: Withdraw consent at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal.

To exercise any right, email support@bizpulseanalytics.com with subject line: Data Rights Request – [your request type]. See our DPDP Compliance page for full details.

9. Cookies

We use session cookies required for authentication (NextAuth). We do not use advertising cookies or third-party tracking cookies. You can clear cookies at any time via your browser settings.

10. Grievance Officer

In accordance with the IT Act 2000 and SPDI Rules 2011, we have designated a Grievance Officer for data-related complaints:

Grievance Officer: BizPulse AI Team
Email: support@bizpulseanalytics.com
Response time: Within 30 days of receipt of complaint

11. Governing law

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of courts in India. If you have unresolved concerns, you may approach the Data Protection Board of India once constituted under the DPDP Act 2023.

12. Changes to this policy

We will notify you by email and display a notice on the platform at least 7 days before any material changes to this policy take effect. Continued use after the effective date constitutes acceptance.

13. Contact

Support: support@bizpulseanalytics.com