BoSS
Book a Demo

Legal

GDPR Readiness

How we handle GDPR-related requests when BoSS is used in EEA-linked contexts.

Last updated: 14-04-2026Effective: 14-04-2026
Privacy PolicyTerms of UseCookie PolicyData SecurityDPDP ActISO 27001GDPR Policy

1.Overview

BoSS is primarily built for Indian businesses. In some cases, however, a customer, user, employee, vendor, or business contact connected to a BoSS deployment may be located in the European Economic Area ("EEA") or otherwise raise GDPR-related requirements.

Sahayogi One Private Limited has not completed formal GDPR certification, Data Protection Impact Assessments, or appointed an EU representative. We design our practices to align with GDPR principles from day one — so that compliance builds naturally as our operations grow. This page is a readiness statement, not a claim that GDPR-specific documentation or transfer mechanisms are automatically in place for every customer.

2.When This Matters

This page is relevant where:

  • We directly process data about individuals in the EEA
  • A customer uses BoSS for records that include EEA-linked personal data
  • A prospect or partner asks for GDPR-related handling, disclosures, or contract support

3.Processing Posture

Our privacy posture in EEA-linked scenarios is informed by the same principles reflected elsewhere on this site: limit access, secure authentication flows, reduce unnecessary exposure, retain data only as needed, and handle requests through a documented support path.

If a customer requires processor terms, role clarification, or deployment-specific transfer analysis, those items should be handled through the contracting or onboarding process rather than inferred from this page.

4.Data Subject Requests

Requests relating to access, correction, deletion, restriction, objection, portability, or other data-subject rights are currently handled manually through our support process.

We do not state on this page that we have already deployed a dedicated GDPR self-service portal, an appointed EU representative, or a default 30-day workflow for every request type.

5.International Transfers

Because we are India-based, EEA-linked use cases can involve international transfer considerations. We do not publish a blanket promise on this page that specific safeguards such as Standard Contractual Clauses or data processing agreements are automatically in force for every account.

Where a customer needs those safeguards, they should be addressed explicitly in contracting or compliance review for the relevant deployment and use case.

6.Security Measures

The current codebase supports a number of security measures relevant to privacy protection, including:

  • TLS/HTTPS for production traffic
  • Hashed passwords and server-side hashed OTP challenge storage
  • Role-based access checks and workspace scoping
  • Rate limiting and guarded auth flows
  • Structured log redaction and audit logging in critical areas

7.Contact

For GDPR-related questions or requests, contact:

Privacy and Support Contact

Sahayogi One Private Limited

Email: support@sahayogione.com