Privacy Policy
Last updated: 28 January 2026
Data Encryption
Industry-standard encryption for all data
No Data Selling
We never sell your personal data
Your Rights
Access, correct, or delete your data
1. Introduction
Bizalys Infosystems Private Limited ("Bizalys", "we", "us", "our") is committed to protecting personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable Indian laws. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our services.
2. Data Fiduciary Details
Company: Bizalys Infosystems Private Limited
CIN: U72900MH2020PTC342414
Address: 2, Dattasiddhi Apartment, Behind Mahamarg Bus Stand, Gaikwad Nagar, Mumbai Naka, Nashik 422002, Maharashtra, India
Email: support@bizalys.com
Phone: +91 8551 8558 21
3. Role of Bizalys
3.1 Bizalys as Data Fiduciary
Bizalys acts as Data Fiduciary when processing personal data relating to: website visitors; direct users and subscribers; employees, vendors, and contractors; marketing, billing, support, and account management activities. In these cases, Bizalys determines the purpose and means of processing.
3.2 Bizalys as Data Processor (Core SaaS Role)
Bizalys acts as Data Processor when clients upload or manage data on the platform, including client master data, end-client personal data, and financial/compliance/workflow data. In such cases, the client is the Data Fiduciary and Bizalys processes data strictly on documented client instructions, governed by the Data Processing Addendum.
Client Responsibility: Clients represent and warrant that they have all necessary lawful grounds and authority to provide personal data to Bizalys for processing. Bizalys does not verify the legality of client-uploaded data and relies on client representations. Bizalys's independent obligations are strictly as a Data Processor under applicable law.
4. Data We Collect
- Account Data: Name, email, phone, business details, login credentials
- Usage Data: Device information, IP address, browser type, access logs
- Client Data: Data uploaded/processed by you through our Services (processed as Data Processor)
- Payment Data: Transaction records (payment credentials handled by third-party processors)
5. Legal Basis for Processing
We process personal data based on:
- Consent obtained from you
- Performance of contract to provide requested services
- Compliance with law including tax, audit, and regulatory requirements
- Lawful purposes permitted under DPDP Act, necessary for service delivery, security, and fraud prevention
6. How We Use Your Data
We use personal data to:
- Provide, maintain, and improve our Services
- Process transactions and send related information
- Respond to inquiries and provide support
- Send service-related communications
- Ensure security and prevent fraud
- Comply with legal obligations
- Conduct limited internal analytics for service improvement (with opt-out available where required under applicable law)
AI/ML Training: We will NOT train machine learning models on your Client Data without your explicit contractual consent.
7. Data Sharing
We may share data with:
- Service providers who assist our operations (list available at https://bizalys.com/service-providers or upon written request)
- Professional advisors
- Regulatory authorities when required by law
- In connection with business transfers
We do not sell personal data. Third-party processors are bound by appropriate contractual obligations.
8. Data Retention
We retain personal data only as long as necessary for the purposes collected, typically:
- Active accounts: Duration of relationship + 3 years
- Financial records: 8 years per statutory requirements
- Usage logs: Up to 2 years
Retention periods may be extended where required by law, contract, litigation hold, or client-specific data processing agreements.
9. Cross-Border Transfers
Data is primarily stored in India. Where transfers outside India are necessary, they will be made only to jurisdictions permitted under DPDP Act, subject to notifications, directions, or restrictions issued by the Central Government from time to time, with appropriate safeguards in place.
10. Your Rights
Under DPDP Act, you have the right to:
- Access a summary of your personal data and processing activities
- Correct inaccurate or incomplete personal data
- Erase personal data no longer necessary for its purpose
- Withdraw consent at any time
- Receive data in portable format, subject to technical feasibility and statutory scope under DPDP Act
To exercise these rights, contact support@bizalys.com. We will process requests within reasonable time as prescribed under applicable law. For Client Data where Bizalys acts as Data Processor, requests will be routed to and handled by the relevant client (Data Fiduciary).
11. Data Security
We implement reasonable technical and organisational security measures including encryption, access controls, and regular security assessments. Users are responsible for safeguarding their credentials. For operational security details, refer to our Terms of Service and Data Processing Addendum.
12. Cookies
Bizalys uses cookies and similar technologies for essential functionality and limited analytics. Non-essential cookies are activated only after user consent. Users may manage or withdraw cookie preferences at any time. Further details are available in the Cookie Policy, which forms part of this Privacy Policy.
13. Sub-Processors
Bizalys may engage sub-processors for limited support functions, subject to equivalent data protection obligations and oversight. The list of sub-processors is available at https://bizalys.com/service-providers or upon written request.
14. Data Breach Notification
Bizalys maintains procedures to identify, assess, and respond to personal data breaches. Where Bizalys acts as Data Fiduciary and a breach is likely to cause harm, we will notify the Data Protection Board and affected Data Principals as required by law. Where Bizalys acts as Data Processor, we will notify the client (Data Fiduciary) and provide reasonable cooperation; the client remains responsible for regulatory and individual notifications.
15. Children's Data
Bizalys does not knowingly process personal data of individuals under 18 years of age without verifiable parental consent.
16. Grievance Redressal
Grievances relating to personal data processing may be addressed to: support@bizalys.com (Subject: "Privacy Grievance")
Unresolved grievances may be escalated to the Data Protection Board of India, as applicable.
17. Changes to This Policy
This Policy may be updated periodically. Material changes will be communicated where reasonably practicable. Continued use of the Services constitutes acceptance.
18. Governing Law
This Policy is governed by the laws of India. For liability limitations, dispute resolution, indemnification, and related provisions, refer to our Terms of Service as more fully set out therein. Courts at Nashik, Maharashtra shall have exclusive jurisdiction.
Contact Us
If you have questions or comments about this Privacy Policy, please contact us at:
Bizalys Infosystems Private Limited
CIN: U72900MH2020PTC342414
2, Dattasiddhi Apartment,
Behind Mahamarg Bus Stand,
Gaikwad Nagar, Mumbai Naka,
Nashik 422002 Maharashtra
Email: support@bizalys.com
Phone: +91 8551 8558 21