Chat on WhatsApp

Privacy Policy

Last updated: April 2026

Bizeract ("we", "us", "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and the rights you have under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and — where applicable — the EU General Data Protection Regulation (GDPR).

This policy applies to bizeract.com and all subpages, landing pages, and services operated by Bizeract. By using our website or submitting any form on it, you acknowledge that you have read and understood this policy.

1. Data we collect

We collect personal data in two ways: information you give us directly, and information collected automatically when you browse our site.

1.1 Information you provide

  • Contact and booking forms — name, email address, phone number, WhatsApp number (optional), message, and the page you submitted the form from (for routing).
  • Service engagements — when you become a client, we collect business details (GSTIN, PAN, company name, registered address, documents) needed to deliver the service.
  • Support requests — any information you voluntarily share when you email or call us.

1.2 Information collected automatically

  • Usage analytics — page views, time on page, referrer, device type, browser, and approximate location (city level). Collected via PostHog and Google Analytics 4.
  • Advertising pixels — Google Ads conversion tag and Meta (Facebook) Pixel fire on specific pages to measure ad performance. These use first-party cookies and may send hashed identifiers to the advertising networks.
  • Technical logs — standard server logs including IP address, timestamp, and request path, stored for a maximum of 30 days.

2. Purposes for processing

We use the data we collect for the following purposes:

  • Responding to your enquiries and booking requests.
  • Delivering the services you engage us for — GST registration, marketing, analytics, etc.
  • Meeting our own legal and regulatory obligations (tax records, invoicing, compliance filings).
  • Measuring website performance and improving our content.
  • Measuring the performance of our advertising campaigns.
  • Sending you service-related communications (transactional emails, WhatsApp updates, filing reminders). We do not send unsolicited marketing messages.

3. Lawful basis for processing

Under the DPDP Act, we process personal data on the basis of your consent (when you submit a form) and our legitimate use (to respond to your request and fulfil services). For EU residents, GDPR lawful bases are: consent (Art. 6(1)(a)), contract performance (Art. 6(1)(b)), and legitimate interest in running and measuring our website (Art. 6(1)(f)).

4. Data retention

We retain personal data only for as long as needed:

  • Website enquiries — 24 months from last interaction, unless you become a client.
  • Client data — for the duration of our engagement plus 8 years, to comply with Indian tax and company law record-keeping requirements.
  • Technical logs — 30 days.
  • Analytics data — 14 months in Google Analytics, 12 months in PostHog, after which it is aggregated or deleted.

5. Third-party processors

We share data with the following trusted processors. Each is bound by a data-processing agreement (DPA):

  • Vercel — website hosting. Data stored in Vercel's edge network. Privacy policy.
  • Neon — PostgreSQL database for form submissions. Hosted in AWS ap-south-1 (Mumbai) where possible.
  • PostHog — product analytics. Privacy policy.
  • Google (Analytics, Ads, Tag Manager) — website measurement and ads attribution. Privacy policy.
  • Meta (Facebook Pixel) — ads attribution for Meta campaigns. Privacy policy.
  • WhatsApp Business (Meta) — for conversational support when you message us on WhatsApp.

We do not sell, rent, or trade your personal data with any third party for marketing purposes.

6. Cookies and similar technologies

We use cookies and similar technologies for three purposes:

  • Essential cookies — session, CSRF, and preference storage. These cannot be disabled without breaking the site.
  • Analytics cookies — PostHog and Google Analytics 4. Anonymous, used to measure usage.
  • Advertising cookies — Google Ads and Meta Pixel. Used to measure ad conversions.

You can disable non-essential cookies in your browser settings or via browser extensions like uBlock Origin. Doing so will not affect your ability to use our services.

7. International transfers

Some of our processors (e.g. Google, Meta, Vercel) store data outside India. Where such transfers take place, they are governed by contractual safeguards (Standard Contractual Clauses for EU data, and equivalent measures under DPDP).

8. Your rights

Under the DPDP Act, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — correct inaccurate or outdated data.
  • Erasure — request deletion of your personal data, subject to our legal obligations to retain records.
  • Withdraw consent — at any time, for any processing based on consent.
  • Grievance redressal — raise a complaint with our grievance officer (below) or with the Data Protection Board of India.

For EU/UK residents, you additionally have the right to data portability, to object to processing, and to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email info@bizeract.com. We will respond within 30 days.

9. Security

We use industry-standard security measures: HTTPS across the entire site, encrypted database connections, principle-of-least-privilege access controls, and regular security reviews. Payment information is never stored on our servers — all payments are processed via PCI-DSS compliant payment gateways.

Despite our best efforts, no system is perfectly secure. If we become aware of a personal data breach that is likely to cause harm, we will notify the Data Protection Board of India and affected users as required under the DPDP Act.

10. Children's data

Our services are intended for business owners and individuals aged 18 and above. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it.

11. Grievance officer

In accordance with the DPDP Act, 2023, and the Information Technology Rules, 2011, the contact details of our Grievance Officer are:

  • Name: Gautham Mahadevan
  • Designation: Founder & Data Protection Officer
  • Email: info@bizeract.com
  • Address: Bizeract, Chennai, Tamil Nadu, India

Grievances will be acknowledged within 48 hours and resolved within 30 days.

12. Changes to this policy

We may update this policy occasionally to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this page indicates when the most recent change was made. For material changes, we will notify registered users via email.

13. Contact us

For any questions about this Privacy Policy or our data practices, email info@bizeract.com or visit our contact page.