Privacy Policy

1.Introduction

1.1 Overview

This Privacy Policy ("Policy") is issued by FileSure India Private Limited, a company incorporated under the Companies Act, 2013, bearing Corporate Identification Number (CIN) U62013MH2023PTC411571, with its registered office at Sambhaji Nagar No 2, St. Antony Road, Chembur, Mumbai, Maharashtra 400071, India ("Filesure", "we", "us" or "our").

Filesure respects the importance of safeguarding your privacy and is committed to protecting the confidentiality, integrity, and security of personal data processed in connection with the FileSure API, developer portal, dashboard, documentation, and related services (collectively, the "Services"). This Policy describes how we collect, use, disclose, and safeguard personal data when you access the Services. We may use your contact details to respond to enquiries, provide support, send service and billing communications, and — with your consent where required — send product updates.

1.2 Effective Date

This Policy takes effect on 3 June 2026. Filesure may modify, amend, or update this Policy at any time in accordance with applicable law; changes are effective upon posting the revised Policy on the platform or through other appropriate channels.

1.3 Key Definitions

• Personal Data — any information relating to an identified or identifiable natural person, as defined under the Digital Personal Data Protection Act, 2023, including name, contact details, identification numbers, and IP address.
• Data Fiduciary — FileSure India Private Limited, the entity that determines the purpose and means of processing Personal Data for the Services.
• Data Principal — the individual to whom the Personal Data relates.
• Processing — any operation performed on Personal Data, including collection, storage, use, disclosure, or erasure.
• DPDPA — the Digital Personal Data Protection Act, 2023.
• MCA — the Ministry of Corporate Affairs, including its V2 and V3 portals.
• Director Data — personal and professional details of company directors obtained from MCA portals and other authorized sources.
• Publicly Available Data — Personal Data accessible in the public domain, including from government portals such as the MCA, which may be processed without explicit consent under applicable law.
• User-Provided Data — information you submit when registering for, configuring, or using the Services.

2.Identity and Contact Details

2.1 Data Fiduciary

The Data Fiduciary responsible for the collection, processing, and protection of Personal Data is:

2.2 Contact for Privacy and Data-Protection Queries

For any query, concern, or request relating to this Policy or the processing of your Personal Data, you may contact our designated Data Protection Officer ("DPO"):

We acknowledge receipt of data-protection communications within seven (7) business days and provide a substantive response within thirty (30) calendar days of receipt. Where these timelines cannot be met due to exceptional circumstances, we will inform you and provide an estimated timeframe.

3.Categories of Personal Data Collected

3.1 Types of Personal Data

Filesure collects and processes the following categories of Personal Data in connection with the Services:

• Data from the MCA portals (V2/V3): company master data, director data, charges data, and public statutory filings of companies registered in India.
• Data from the GST portal: where applicable, GST registration and filing data accessed via an authorized GST Suvidha Provider (GSP).
• Publicly available director contact data: contact details such as mobile numbers and email addresses sourced from publicly accessible information, which Filesure processes and may make available through the Services.
• Account and billing data: information you provide when registering and using the Services, including name, work email, organization name, and the billing details and GSTIN you provide for tax invoicing. We do not collect residential addresses.
• API usage and technical data: request logs, endpoint accessed, timestamps, API key identifiers, IP addresses, device and browser information, and similar data collected automatically when you use the API, portal, or dashboard.

3.2 Data Sources

Corporate and director data is obtained primarily from official MCA portals (V2 and V3); GST data, where applicable, from the GST portal via authorized GSPs; additional director contact details from publicly available sources; and account, billing, and usage data directly from you and from your interaction with the Services.

4.Purposes of Data Processing

4.1 Provision of the API

We process MCA and GST data solely for legitimate business purposes — to provide corporate information, director details, charges, filings, and extracted data through the API, supporting due diligence, compliance verification, and research use cases. All MCA data processing is conducted in compliance with the terms governing MCA portals, applicable Indian laws, and regulatory guidelines.

4.2 Director Contact Data

Where Filesure makes director contact details available through the Services, such processing is undertaken in compliance with applicable data-protection laws. Customers are independently responsible for ensuring their own use of any contact data — including any marketing or outreach — complies with applicable consent, anti-spam, and telemarketing laws.

4.3 Account, Authentication and Billing

We process account and billing data to authenticate users and API keys, manage access, operate the prepaid wallet, issue GST invoices, prevent fraud and abuse, and provide customer support.

4.4 Security and Integrity

We process usage and technical data to monitor, secure, and improve the Services, enforce rate limits and these terms, detect abuse, and maintain availability and integrity.

4.5 Compliance and Legal Obligations

We process Personal Data as required to comply with applicable laws, regulations, and lawful governmental requests, and may update our processing purposes consistent with changes in legal or regulatory requirements.

5.Data Accuracy and Update Limitations

Filesure obtains data from external sources, including MCA portals (V2/V3) and other authorized repositories, and makes reasonable, good-faith efforts to keep data accurate and current to the extent technically and legally feasible. Notwithstanding such efforts, Filesure does not warrant that data is at all times accurate, complete, error-free, or up to date.

You acknowledge that our ability to update and synchronize data depends on the availability and reliability of third-party systems over which we have no control. Filesure disclaims liability for errors, omissions, delays, or inaccuracies arising from external technical failures or other circumstances beyond its reasonable control, and you assume responsibility and risk for any reliance on the data. You are advised to verify critical information directly with official MCA portals or other authoritative sources before relying on it for legal, financial, or business decisions.

6.Legal Basis for Data Processing

Filesure processes Personal Data in compliance with the DPDPA, the Information Technology Act, 2000, and other applicable Indian laws, relying on the following legal bases as applicable:

• Publicly available data — lawfully available in the public domain (including via MCA portals and other authorized government sources), processed without requiring explicit consent in accordance with applicable law.
• Consent — where required, we obtain explicit, informed, and unambiguous consent before processing for specific purposes.
• Contractual necessity — processing necessary to provide the Services you have requested or to take pre-contractual steps.
• Legal obligation — processing necessary to comply with legal or regulatory obligations.
• Legitimate interests — processing necessary for our or a third party's lawful interests, balanced against the rights and freedoms of the Data Principal.

Filesure documents its legal bases and maintains records to demonstrate compliance. Users acknowledge that the legal basis varies by data category and purpose, and that not all processing requires explicit consent under applicable law.

7.Data Retention Period

Filesure retains Personal Data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including to comply with legal, regulatory, and contractual obligations. Retention periods vary by data category, the nature of the Services, and applicable statutory requirements. We periodically review stored data and securely delete, anonymize, or render it irrecoverable once no longer necessary, except where retention is required for ongoing legal proceedings, investigations, or disputes. Retention and deletion practices implemented in good faith are designed to comply with applicable law.

8.Data Sharing and Disclosure

8.1 Circumstances for Sharing

Filesure shares Personal Data only in the following circumstances, subject to applicable legal and contractual safeguards:

• With service providers — trusted third parties engaged to perform functions on our behalf, including cloud hosting, IT and security services, payment processing, and customer support, contractually obligated to process data only on our instructions and in accordance with applicable law.
• With business partners — aggregated, anonymized, or de-identified data for research, analytics, or service improvement, where it does not identify any individual.
• As required by law — in response to lawful requests, subpoenas, court orders, or other legal processes, or to protect our legal rights, safety, or property.
• With consent — where the Data Principal has provided explicit consent.

8.2 Restrictions on Data Sales

Filesure shall not sell, rent, or trade Personal Data to unauthorized third parties. We maintain due-diligence procedures to ensure any third party receiving Personal Data implements appropriate technical, organizational, and contractual safeguards. Despite reasonable security measures, Filesure cannot guarantee absolute security of data transmitted to third parties.

9.Data Security Measures

Filesure implements and maintains reasonable technical, administrative, and organizational safeguards to protect Personal Data against unauthorized access, disclosure, alteration, destruction, or loss, including:

• Encryption of Personal Data in transit and, where applicable, at rest;
• Access controls, including role-based permissions and multi-factor authentication;
• Security audits, vulnerability assessments, and testing;
• Employee training on data-privacy and security best practices; and
• Incident-response procedures to detect, investigate, and mitigate security breaches.

We require third-party providers who process Personal Data on our behalf to implement adequate security measures consistent with industry standards. Despite these efforts, Filesure cannot guarantee absolute security and disclaims liability for unauthorized access or breaches resulting from factors beyond its reasonable control.

10.Your Rights Under the DPDPA

In accordance with the DPDPA and other applicable laws, Data Principals are entitled to exercise the following rights with respect to their Personal Data:

• Right to access — confirmation of whether your Personal Data is processed, and access to such data;
• Right to correction — correction or rectification of inaccurate, incomplete, or outdated data;
• Right to erasure — deletion of your Personal Data, subject to legal obligations or legitimate grounds for retention;
• Right to data portability — receipt of your data in a structured, commonly used, machine-readable format;
• Right to withdraw consent — withdrawal at any time, without affecting prior lawful processing;
• Right to object — objection to processing, including for direct marketing; and
• Right to restrict processing — limitation of processing in certain circumstances.

To exercise any of these rights, contact our DPO using the details in Section 2. We respond within the timelines prescribed under applicable law, subject to verification of identity and applicable exemptions. We may refuse or limit requests that are manifestly unfounded, excessive, or repetitive, as permitted by law.

11.Grievance Redressal Mechanism

Filesure is committed to addressing concerns, complaints, or grievances relating to the processing of Personal Data fairly, transparently, and promptly. You may submit a grievance to our DPO using the contact details in Section 2.

Upon receipt, we acknowledge the grievance within seven (7) business days and aim to resolve it within thirty (30) calendar days, subject to its nature and complexity. Where resolution within thirty days is not feasible, we will notify you of the delay, the reasons, and the expected timeframe. If you are dissatisfied with our resolution, you may escalate to the Data Protection Board of India or another competent regulatory authority under the DPDPA. We maintain records of grievances and actions taken. Nothing in this section limits any other legal rights or remedies available to you.

12.International Data Transfers

Filesure may transfer Personal Data to countries outside India for purposes consistent with this Policy and in compliance with applicable data-protection laws, including the DPDPA. Such transfers occur only where adequate safeguards are in place, such as transfer to jurisdictions recognized as providing an adequate level of protection, legally binding contractual safeguards (including Standard Contractual Clauses), or other safeguards approved under applicable law. We ensure that third parties receiving Personal Data abroad uphold confidentiality and security obligations consistent with this Policy and Indian requirements, and implement reasonable measures to protect Personal Data during transfer and storage.

13.Cookies and Tracking Technologies

The FileSure marketing site, developer portal, and dashboard use cookies and similar technologies to operate securely, remember preferences, and analyze usage. The API itself is authenticated by API keys and does not rely on cookies. Cookies used may include essential cookies (necessary for operation and security), functional cookies (to remember preferences), and analytical cookies (to understand usage and improve the Services). You may control or disable cookies through your browser settings, though doing so may affect functionality. We comply with applicable laws governing cookies and online tracking, including obtaining consent where required.

14.Children's Privacy

The Services are not directed to, nor intended for use by, individuals under the age of eighteen (18) ("Children"). Filesure does not knowingly collect or process the Personal Data of Children without verifiable parental or guardian consent. If we become aware that we have inadvertently collected such data, we will take prompt measures to delete or anonymize it. Parents or guardians who believe we have collected a Child's data may contact our DPO (Section 2) to request deletion.

15.Changes to This Policy

Filesure may modify, amend, or update this Policy at any time to reflect changes in legal, regulatory, operational, or technological developments. Material changes will be communicated through prominent notices on the platform, email, or other effective channels prior to taking effect, where feasible. Continued use of the Services following such notice constitutes acceptance of the changes. We encourage you to review this Policy periodically. If you do not agree to an updated Policy, you should discontinue use of the Services and may contact our DPO to address any concerns.

16.Contact Information

For any questions, concerns, or requests regarding this Policy or our data-processing practices, please contact our Data Protection Officer: