BoSS
Book a Demo

Legal

Privacy Policy

How we process account, platform, and support data in the BoSS platform.

Last updated: 14-04-2026Effective: 14-04-2026
Privacy PolicyTerms of UseCookie PolicyData SecurityDPDP ActISO 27001GDPR Policy

1.Introduction

This Privacy Policy describes how Sahayogi One Private Limited ("Company", "we", "us", or "our") processes personal information in connection with the BoSS platform ("Platform"), the BoSS website, and related support, onboarding, and communication workflows.

This page is intended to describe our current data-handling practices. It is not a certification, legal opinion, or promise of controls that are not yet implemented.

2.Information We Collect

We may process the following categories of information:

a. Account and workspace information

  • Name, email address, mobile number, company or workspace details
  • User role, login method, and access configuration
  • Information submitted during demos, onboarding, support, or implementation

b. Business and operational data

  • Records, documents, ledgers, transactions, and master data entered by customers in the Platform
  • Organisation identifiers such as GSTIN, PAN, TAN, or related statutory fields where the product requires them

c. Technical and security data

  • Session and authentication data used to sign in and secure access
  • IP address, request timestamps, device or browser details, and security logs
  • Cookie-based preference data such as workspace or report-scope selections

d. Communications data

  • Email, WhatsApp, or support conversations with our team
  • OTP delivery events and verification records used for login or lead verification

3.How We Use Your Information

We use information to operate and secure the Platform, including to:

  • Create and administer user accounts and workspaces
  • Authenticate users and prevent unauthorised access
  • Deliver the product features the customer has enabled or subscribed to
  • Provide support, implementation, and service communications
  • Investigate misuse, security incidents, fraud, or operational failures
  • Meet statutory, audit, tax, accounting, or contractual obligations
  • Improve the Platform based on operational feedback and product usage patterns

4.Information Sharing

We do not sell personal information. We may share information only where reasonably necessary, including with:

  • Service providers that support hosting, messaging, email delivery, storage, or similar infrastructure
  • Payment or billing partners where a customer purchases a paid plan or add-on
  • Government, tax, or compliance systems when a customer explicitly uses a connected filing or statutory workflow
  • Professional advisers, auditors, or authorities when required by law or to protect legal rights
  • A successor entity in connection with a restructuring, financing, merger, or sale of business assets
Where customers use BoSS to store or process data about their own employees, vendors, or customers, the customer remains responsible for having the necessary permissions, notices, and lawful basis for that data.

5.Data Security

Our current implementation includes a number of practical security controls, such as:

  • Encrypted transport over HTTPS/TLS in production environments
  • Hashed passwords and server-side hashed OTP verification data
  • Role-based access controls and workspace-scoped access checks
  • Rate limiting on authentication and other sensitive routes
  • Structured application logging with redaction for secrets and sensitive fields
  • Audit logging for critical product operations in key flows

Security controls evolve over time, and this page should be read as a current-state summary rather than an absolute guarantee that every control applies uniformly to every deployment, module, or integration.

6.Data Retention

We retain information for as long as needed for the relevant service purpose, support need, security review, or legal retention requirement. Some data entered into the Platform may need to be preserved for statutory, tax, accounting, fraud-prevention, or audit reasons even after an account is closed or access is disabled.

Retention periods can therefore vary by data type. Requests for deletion or cleanup are reviewed in light of those obligations and the product's current retention mechanics.

7.Your Rights

Depending on the law that applies to the request, you may be able to ask us for access, correction, deletion, objection, restriction, export, or withdrawal of consent for certain data processing activities.

Some requests may be limited where we must retain records for legal, tax, accounting, security, or dispute resolution purposes, or where the data is held by us on behalf of a customer that controls the underlying use.

Privacy and data-rights requests are currently handled manually through our support channel rather than a self-service portal.

To make a request, contact us at support@sahayogione.com.

8.Cookies

We use cookies and similar storage mechanisms primarily for authentication, session continuity, short-lived verification flows, and product preferences. More detail is available in our Cookie Policy.

9.Third-Party Services

The Platform may rely on third-party infrastructure or communication providers. Those providers may process limited information as part of delivering their service to us. Their own policies and contractual terms apply to the parts of processing they control.

10.Children's Privacy

BoSS is intended for business use. It is not designed for children, and we do not intentionally build the service for use by minors. If we discover personal information was submitted inappropriately, we will review and handle it in line with applicable law and our operational obligations.

11.Changes to This Policy

We may update this Privacy Policy as our product, legal obligations, or data flows change. The latest version will be posted on this page with an updated revision date.

12.Contact

For privacy questions or rights requests, contact:

Privacy Contact

Sahayogi One Private Limited

Email: support@sahayogione.com