Last Updated: January 25, 2026

1. Introduction

TallyPorts ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

2. Information We Collect

We collect the following types of personal data:

• Identity Information: First Name, Last Name, Company Name, Company Code
• Contact Information: Email Address, Phone Number, Address
• Financial Information: Opening Balance, Transaction Data, Contract Notes
• Tax Identification: PAN (Permanent Account Number), GSTIN (GST Identification Number)
• Account Information: Username, Password (encrypted), User Role, Client Information
• Usage Data: Login Logs, Access Logs, IP Address, Device Information
• Business Information: Customer Type, Branch, Broker Information, Notes

3. Purpose of Data Collection

We collect and process your personal data for the following purposes:

• To provide and maintain our trading and accounting services
• To process and manage contract notes and transactions
• To generate financial reports and statements
• To integrate with Tally accounting software
• To authenticate users and manage access control
• To comply with legal and regulatory requirements
• To improve our services and user experience
• To communicate with you regarding your account and services

4. Legal Basis for Processing

We process your personal data based on:

• Consent: You have provided explicit consent for data processing
• Contractual Necessity: Processing is necessary to fulfill our service agreement with you
• Legal Obligation: Processing is required to comply with applicable laws and regulations
• Legitimate Interest: Processing is necessary for our legitimate business interests

5. Data Security

We implement robust security measures to protect your personal data:

• Encryption: Sensitive data (Email, PAN, GSTIN, Address, Phone) is encrypted using AES-256 encryption
• Password Security: Passwords are hashed using SHA-256 algorithm
• Data Masking: Sensitive information is masked in user interfaces to prevent accidental exposure
• Access Control: Role-based access control ensures only authorized personnel can access data
• Secure Transmission: Data is transmitted over secure HTTPS connections
• Session Management: Secure session management with automatic timeout
• Audit Logging: All data access and modifications are logged for security monitoring

6. Data Retention

We retain your personal data for the following periods:

• Active Accounts: Data is retained while your account is active and for 7 years after account closure (as required by tax and accounting regulations)
• Financial Records: Transaction and contract note data is retained for 7 years from the date of last transaction
• User Accounts: User account data is retained until account deletion or 7 years after last login, whichever is later
• Audit Logs: Access and security logs are retained for 2 years
• Deleted Accounts: Soft-deleted accounts are permanently purged after 7 years

After the retention period, data is securely deleted or anonymized in accordance with applicable laws.

7. Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third-party service providers who assist in operating our platform (hosting, security, analytics)
• Tally Integration: Data may be exported to Tally accounting software as per your configuration
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Transfers: In case of merger, acquisition, or sale of assets (with prior notice)

We do not sell your personal data to third parties for marketing purposes.

8. Your Rights Under DPDP Act

As a data principal, you have the following rights:

• Right to Access: You can request access to all personal data we hold about you
• Right to Correction: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data (subject to legal retention requirements)
• Right to Data Portability: You can request your data in a machine-readable format
• Right to Withdraw Consent: You can withdraw your consent for data processing at any time
• Right to Grievance Redressal: You can file a complaint with us or the Data Protection Board

To exercise these rights, please contact us using the contact information provided below.

9. Consent Management

By using our services, you consent to the collection and processing of your personal data as described in this Privacy Policy. You can withdraw your consent at any time by contacting us. However, withdrawal of consent may affect your ability to use certain features of our services.

10. Data Breach Notification

In the event of a data breach that may cause harm to you, we will:

• Notify you within 72 hours of becoming aware of the breach
• Notify the Data Protection Board as required by law
• Provide details of the breach and steps taken to mitigate risks
• Recommend actions you can take to protect yourself

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Cross-Border Data Transfer

Your personal data is primarily stored and processed in India. If we transfer data outside India, we ensure adequate safeguards are in place to protect your data in accordance with the DPDP Act.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns to improve our services

You can control cookie settings through your browser, but disabling cookies may affect service functionality.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a notice in the application

The "Last Updated" date at the top indicates when this policy was last revised.

15. Data Privacy Security

If you have questions, concerns, or wish to exercise your rights regarding your personal data, please contact our Data Privacy Security team:

16. Grievance Redressal

If you have any complaints or grievances regarding the processing of your personal data, you can:

• Contact our Data Privacy Security team using the contact information above
• File a complaint with the Data Protection Board of India

17. Contact Us

For general inquiries about this Privacy Policy or our data practices, please contact us: