Privacy Policy

1. Introduction

Ilmorix Technologies Private Limited ("we", "us", "our"), the operator of Bepaarapp ERP System, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

            ✅ Our Commitment: We implement enterprise-grade security measures including AES-256 encryption, secure file permissions, and automated encrypted backups to protect your data.
        

2. Information We Collect

2.1 Information You Provide

Data Type	Examples	Purpose
Account Information	Name, email, password	Authentication, account management
Company Information	Company name, GSTIN, address, contact details	Business operations, GST compliance
Business Data	Products, customers, suppliers, transactions	ERP functionality, reporting
Financial Data	Sales, purchases, payments, invoices	Accounting, financial reporting
Storefront Data	Customer orders, shipping addresses, payment methods	E-commerce operations

2.2 Automatically Collected Information

Log Data: IP address, browser type, access times
Usage Data: Features used, pages visited
Session Data: Login sessions, database selections
Performance Data: Load times, error logs

2.3 Information We Do NOT Collect

✅ We Do NOT:

Sell your data to third parties
Use your business data for our marketing
Share your data with competitors
Access your data without permission (except for system maintenance)
Store complete credit card numbers (handled by payment gateways)

3. How We Use Your Information

3.1 Primary Uses

Service Delivery: Provide ERP functionality, process transactions
Account Management: Create and maintain your account
Security: Authenticate users, prevent fraud, maintain security
Support: Respond to inquiries, troubleshoot issues
Compliance: Comply with legal obligations, tax laws
Improvement: Analyze usage to improve the Service

3.2 Legal Basis for Processing (GDPR)

We process your data based on:

Contract: Necessary to provide the Service you requested
Consent: You have given explicit consent
Legal Obligation: Required by law (tax records, etc.)
Legitimate Interest: Fraud prevention, system security

4. Data Storage and Security

4.1 Where Your Data is Stored

User Accounts: MySQL database (encrypted connection)
Business Data: SQLite databases (per-user, isolated)
Location: Secure server storage outside public web directory
Path: storage/app/secure/user_{email}/Files/

4.2 Security Measures

            🔒 Enterprise-Grade Security (95/100 Score):
            ✅ Encryption: AES-256 encryption for backups
✅ Access Control: Multi-layer authentication
✅ File Permissions: Secure 0700/0600 permissions
✅ Web Protection: Triple .htaccess protection layers
✅ User Isolation: Separate databases per user
✅ SSL/TLS: Encrypted data transmission (HTTPS)
✅ Automated Backups: Daily encrypted backups
✅ Deletion Protection: Auto-backup before deletion
✅ Activity Logging: Audit trails for security events

        

4.3 Data Backup Policy

Frequency: Daily automated backups at 2 AM
Retention: 7 days (server), longer for critical backups
Format: Encrypted (.enc files)
Location: Separate from live databases
Recovery: Available upon request

⚠️ Important: While we implement robust security measures, no system is 100% secure. We recommend you:

Use strong passwords
Enable two-factor authentication (if available)
Maintain your own offsite backups
Monitor your account for unauthorized access

5. Information Sharing and Disclosure

5.1 We Do NOT Sell Your Data

            ✅ Privacy Guarantee: We do not sell, rent, or trade your personal information or business data to third parties for marketing purposes.
        

5.2 Limited Sharing

We may share your information only in these limited circumstances:

Service Providers: Hosting (Hostinger), CDN (Cloudflare), payment processors (Razorpay)
These providers are contractually obligated to protect your data.
Legal Requirements: If required by law, court order, or government request
Business Transfer: In the event of merger, acquisition, or sale (you will be notified)
With Your Consent: Any other sharing requires your explicit permission

5.3 Third-Party Services

Service	Purpose	Data Shared
Hosting Provider (Hostinger)	Server hosting	All data (encrypted backups)
Payment Gateway (Razorpay)	Process payments	Transaction details, email
CDN (Cloudflare)	Content delivery	IP address, access logs
Email Service	Send notifications	Email address, name

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active or as needed to provide services.

6.2 After Account Closure

0-30 days: Data retained, can be restored upon request
30-90 days: Data archived, restoration possible but may incur fees
90+ days: Data may be permanently deleted
Legal Requirements: Some data retained longer for tax/legal compliance (typically 7 years for financial records in India)

6.3 Backup Retention

Daily Backups: 7 days retention
Deleted Company Backups: Retained indefinitely (for recovery)
Offsite Backups: Your responsibility to manage

7. Your Rights (GDPR Compliance)

Under GDPR and applicable data protection laws, you have the following rights:

7.1 Right to Access

✅ You can request a copy of your personal data. We will provide it within 30 days.

7.2 Right to Rectification

✅ You can update or correct your personal information at any time through your account settings.

7.3 Right to Erasure ("Right to be Forgotten")

✅ You can request deletion of your personal data, subject to legal retention requirements.

7.4 Right to Data Portability

✅ You can export your data in commonly used formats (Excel, CSV, PDF).

7.5 Right to Object

✅ You can object to processing of your data for direct marketing purposes.

7.6 Right to Restrict Processing

✅ You can request limitation of processing in certain circumstances.

📧 Exercise Your Rights: To exercise any of these rights, contact us at:

Email: privacy@bepaarapp.com
Response Time: Within 30 days
Verification: We may require identity verification

8. Cookies and Tracking Technologies

8.1 Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Authentication, session management, security	Session / 30 days
Functional Cookies	Remember preferences, selected company	30 days
Analytics Cookies	Usage statistics, performance monitoring	1 year
Security Cookies	Prevent fraud, protect accounts	Session

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect functionality.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Email notification to registered users
In-app notification
Updating the "Last Updated" date at the top of this page

Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Data Breach Notification

🚨 In the Event of a Data Breach:

We will notify affected users within 72 hours
Notification will include: nature of breach, data affected, steps taken
We will report to relevant authorities as required by law
We will provide guidance on protective measures you should take

13. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

Company: Ilmorix Technologies Private Limited
Product: Bepaarapp ERP System
Data Protection Officer: privacy@bepaarapp.com
General Support: support@bepaarapp.com
Data Breach Notifications: security@bepaarapp.com
Website: www.bepaarapp.com

We will respond to privacy requests within 30 days.

Table of Contents