Last updated: June 11, 2026

Privacy Policy

1. Who We Are

Shashwat Shukla, an individual carrying on business as a sole proprietor under the trade name 'Adysor' ('Adysor', 'we', 'us', or 'our') operates adysor.com and app.adysor.com ('the Platform'). We are a Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 ('DPDP Act').

Adysor provides technology tools for Chartered Accountants to manage their practice and for individuals and businesses to track their compliance obligations. Adysor does not provide accounting, tax, financial, or legal advice.

Grievance Officer: Shashwat Shukla | Email: support@adysor.com | We respond to all data rights requests within 90 days.

2. Who This Policy Applies To

  • Chartered Accountants and CA firms using Adysor to manage their practice ('CA Users')

  • Individuals and businesses using Adysor to track compliance or connect with a CA ('Client Users')

  • Visitors to adysor.com who do not create accounts

3. What Personal Data We Collect

3.1 Data you provide directly

All users: Name, email address, phone number (optional).

CA Users additionally: ICAI membership number, Certificate of Practice number, areas of practice, city, firm name.

Client Users additionally: Company name, entity type, GST registration number, nature of business.

Through platform use: Documents uploaded to CA workspaces (stored on the CA's linked Google Drive, not on Adysor's servers — see Section 5). Messages sent through in-app messaging. Notices submitted through the notice registry. Tasks assigned within client workspaces.

3.2 Data collected automatically

  • Login timestamps and session metadata

  • Device type, browser, and operating system (for security and compatibility only)

  • Feature usage logs (aggregated, used for product improvement only)

  • IP address (for abuse detection and security monitoring, not shared with other users)

4. How We Use Your Data

We process personal data only for the purposes below. We do not sell your data. We do not share it with advertisers.

PurposeLegal basisProviding the compliance calendar, practice workspace, CA-client matching, and related featuresConsent obtained at signupSending transactional notifications: document alerts, deadline reminders, task updatesConsent + necessary for service deliveryAccount communications: password resets, security alertsNecessary for service deliveryProduct improvement via aggregated usage analyticsConsent obtained at signupDetecting abuse, fraud, or unauthorised accessLegitimate interest in platform securityComplying with legal obligations under Indian lawLegal obligation

We do not use your data for advertising profiling. We do not read the contents of documents uploaded to CA workspaces. We do not share client documents with any third party.

5. Document Storage: How It Works

5.1 For CA Users

When a CA User connects their Google Drive account to Adysor, documents shared through the Platform are stored directly on that CA's Google Drive in a folder created for their Adysor practice. Adysor facilitates the transfer but does not retain a separate copy of documents on its own servers. Adysor staff have no access to the contents of your Google Drive.

5.2 For Client Users

When a client uploads a document through the Platform in response to a CA's request, that document goes to the CA's linked Google Drive. If the client has connected their own Google Drive account, they can access all documents shared with their CA directly through their Google Drive at any time, independently of the Adysor platform.

5.3 Signed URLs and document links

Document links generated within the Platform use time-limited, cryptographically signed URLs. These links expire after a set period and cannot be accessed after expiry. A forwarded or leaked link cannot be used to access documents once it has expired.

Your documents are not stored on Adysor's servers. They are stored on the CA's Google Drive account. Adysor acts as the channel, not the storage.

6. Where Non-Document Data Is Stored

Account data, compliance calendar entries, message text, notice registry records, and task data are stored on Adysor's infrastructure. The application server is hosted on Railway (Singapore region). The primary database is hosted on Google Cloud SQL in the Mumbai region (asia-south1, India). All data is encrypted at rest and in transit using TLS 1.2 or higher.

7. Third-Party Service Providers

We share your data with third-party service providers only to the extent necessary to deliver our services. We do not sell your data.

  • Railway (Singapore region): Application server hosting. Runs the Adysor web application. Receives application logs and metadata. Does not host the primary database.

  • Google Cloud SQL (Mumbai, India — asia-south1): Primary database hosting. Stores account data, compliance calendar entries, message text, notice records, and task data. Governed by Google's Data Processing Terms.

  • Google Cloud Storage (Mumbai, India — asia-south1): Cloud storage infrastructure for document-related operations. Governed by Google's Data Processing Terms.

  • Google (Google Drive integration): Stores documents uploaded through the Platform on the CA's linked Google Drive. Governed by Google's Privacy Policy and the CA User's own Google account terms.

  • Google (OAuth login): Authenticates users who sign in via Google. Adysor receives your name and email address only.

  • Resend: Receives your email address and name for sending transactional notifications such as document alerts, deadline reminders, and task updates. No document contents are shared.

  • Cashfree Payments India Pvt Ltd: Processes subscription payments. Adysor does not store payment card details.

8. Data Retention

  • Account profile data (name, email, phone, credentials): Retained until account deletion, purged within 30 days of deletion request.

  • Compliance calendar data: Retained until account deletion, purged within 30 days of deletion request.

  • Message history (text content): Retained until account deletion, purged within 30 days of deletion request.

  • Notice registry entries: Retained until account deletion, purged within 30 days of deletion request.

  • Documents on linked Google Drive: Governed by the CA User's Google Drive account. Adysor does not control retention of documents stored on Google Drive.

  • Login and session logs: Retained for 90 days from creation, then automatically purged.

  • Deletion audit record: An anonymised record of account creation date, deletion request date, and deletion completion date, retained for 7 years. Contains no personal data.

  • Consent records (signup timestamp and T&C version accepted): Retained for 7 years from consent date, regardless of account deletion.

  • Billing and payment records: Retained for 7 years from transaction date, as required under the GST Act and Income Tax Act 1961.

9. Your Rights as a Data Principal

Under the DPDP Act 2023 you have the following rights. Contact our Grievance Officer at support@adysor.com or use the mechanisms below. We respond within 90 days.

9.1 Right to access

CA Users: Export your client activity log as a CSV from within the Platform at any time. A full account data export is available at Settings > Account > Download My Data.

Client Users: Your documents are accessible directly through your Google Drive account at any time, independently of Adysor. A Download My Data option in Settings > Account provides a structured export of your profile data, compliance calendar, message history, notice submissions, and task data.

9.2 Right to correction

Most profile data can be corrected directly in Settings. For data you cannot self-correct, contact support@adysor.com.

9.3 Right to erasure

Delete your account at any time via Settings > Account > Delete Account. All personal data is purged within 30 days. An anonymised audit record containing no personal data is retained for legal purposes. Consent records and billing records are retained for legally required periods as described in Section 8.

9.4 Right to withdraw consent

Withdraw consent by deleting your account. To withdraw consent for a specific processing activity without deleting your account, contact support@adysor.com.

9.5 Right to grievance redressal

If dissatisfied with our response, contact our Grievance Officer at support@adysor.com or raise a complaint with the Data Protection Board of India.

9.6 Right of nomination

You may nominate another person to exercise your data rights in the event of your death or incapacity. Contact support@adysor.com to register a nomination.

10. Children's Data

Adysor is not directed at persons under 18. We do not knowingly collect data from anyone under 18. Contact support@adysor.com if you believe a minor has created an account.

11. Personal Data Breach Notification

In the event of a breach likely to result in harm to data principals, Adysor will notify the Data Protection Board of India within 72 hours of becoming aware and notify affected users without undue delay, describing what data was affected and what steps are being taken.

12. Changes to This Policy

Material changes will be notified by email and in-app notification at least 7 days before taking effect. The version number and effective date at the top of this page will always reflect the current version. Continued use after the effective date constitutes acceptance.

13. Governing Law

This policy is governed by the laws of India including the DPDP Act 2023 and the Information Technology Act 2000. Disputes are subject to the exclusive jurisdiction of the courts at Bengaluru, Karnataka.

14. Contact and Grievance Officer

Shashwat Shukla, trading as Adysor

177, Ferns Habitat, Doddanekundi, Bengaluru, Karnataka, India

Support: support@adysor.com