Privacy Policy

    Last updated: 26 February 2026

    This Privacy Policy ("Policy") describes how 360VentureStudios (hereinafter referred to as "Company", "we", "us", or "our"), the parent company operating the brand Udyog360 (accessible at udyog360.com and app.udyog360.com), collects, uses, stores, discloses, and protects the personal data and information of its users ("you", "your", "User"). This Policy is published in compliance with:

    • Section 43A of the Information Technology Act, 2000
    • Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
    • The Digital Personal Data Protection Act, 2023 (DPDPA)
    • All applicable rules, regulations, and amendments thereto

    1. Definitions

    • "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDPA, 2023.
    • "Sensitive Personal Data or Information" (SPDI) includes financial information (bank account, payment instrument details), passwords, biometric data, health data, and any information specified under Rule 3 of the IT Rules, 2011.
    • "Processing" means any operation performed on personal data including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment, combination, restriction, erasure, or destruction.
    • "Platform" means the Udyog360 website, web application, mobile applications, and all associated services.
    • "Data Fiduciary" means the Company, as it determines the purpose and means of processing personal data.

    2. Information We Collect

    2.1 Information You Provide Directly

    • Identity Information: Full legal name, date of birth, gender, father's/mother's name, photographs, signature specimens
    • Government-Issued Identification: PAN (Permanent Account Number), Aadhaar number (collected only with explicit consent and in compliance with the Aadhaar Act, 2016), Voter ID, Passport, Driving Licence
    • Contact Information: Email address, mobile phone number, residential address, business address
    • Business Information: Company name, CIN/LLPIN, GSTIN, business type, industry sector, registered office address, details of directors/partners/designated partners
    • Financial Information: Bank account details, cancelled cheque, payment card details (processed via PCI-DSS compliant payment gateways — we do not store card details), UPI ID, billing address
    • KYC Documents: Proof of identity, proof of address, DSC (Digital Signature Certificate) information, utility bills, rent agreements, NOCs (No Objection Certificates)
    • Communication Data: Messages, emails, chat transcripts, support tickets, feedback, and any other correspondence with us

    2.2 Information Collected Automatically

    • Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution
    • Usage Data: Pages visited, features used, time spent, click patterns, navigation paths, referral URLs
    • Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons, pixel tags, local storage (see Section 9 for Cookie Policy)
    • Log Data: Server logs, error logs, access timestamps, API call records
    • Location Data: Approximate geographic location derived from IP address

    2.3 Information from Third Parties

    • Government databases (MCA, GST Network, Income Tax Department) for verification purposes
    • Payment gateway providers for transaction status
    • KYC verification service providers
    • Analytics and advertising partners

    3. Purpose of Collection and Processing

    We process your personal data for the following lawful purposes:

    • Service Delivery: Company registration, GST filing, compliance management, annual filings, and all services offered on the Platform
    • KYC Compliance: Verification of identity and address as mandated under the Companies Act, 2013, LLP Act, 2008, GST Act, and other applicable laws
    • Government Filings: Submission of forms, applications, and documents to MCA, GST Network, Income Tax Department, EPFO, ESIC, and other regulatory bodies on your behalf
    • Payment Processing: Processing payments for our services via third-party payment gateways
    • Communication: Sending service-related updates, compliance reminders, deadline alerts, transactional emails, and OTPs
    • Platform Improvement: Analytics, feature development, performance monitoring, and user experience enhancement
    • Legal Obligations: Compliance with court orders, regulatory requirements, audit requests, and lawful government directives
    • Fraud Prevention: Detecting, preventing, and addressing fraud, security breaches, and unauthorized access
    • Marketing: With your explicit consent, sending promotional communications about our services (you may opt out at any time)

    4. Legal Basis for Processing

    We process personal data under the following legal bases as permitted under the DPDPA, 2023 and IT Act, 2000:

    • Consent: For processing SPDI, marketing communications, and Aadhaar-related data
    • Contractual Necessity: To perform services you have engaged us for
    • Legal Obligation: To comply with applicable Indian laws and regulations
    • Legitimate Interest: For fraud prevention, platform security, and service improvement

    5. Data Storage and Security

    5.1 Storage

    • All data is stored on servers located in India, in compliance with data localisation requirements under applicable Indian law.
    • We use industry-standard cloud infrastructure providers with SOC 2 Type II compliance.
    • Data is retained for as long as necessary to fulfil the purposes outlined in this Policy, or as required by law.

    5.2 Security Measures

    • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
    • Multi-factor authentication for administrative access
    • Regular security audits and vulnerability assessments
    • Role-based access control (RBAC) for employees
    • Intrusion detection and prevention systems
    • Regular data backups with encrypted storage
    • Employee training on data protection and security best practices

    6. Data Sharing and Disclosure

    We may share your personal data with:

    • Government Authorities: MCA, GST Network, Income Tax Department, EPFO, ESIC, RBI, SEBI — solely for service delivery and statutory compliance
    • Service Providers: Payment gateways, cloud infrastructure providers, KYC verification agencies, DSC providers, email/SMS service providers — bound by confidentiality agreements
    • Professional Partners: Chartered Accountants, Company Secretaries, Advocates — bound by professional ethics and confidentiality obligations
    • Legal Requirements: Courts, tribunals, law enforcement agencies when required by law
    • Business Transfers: In the event of a merger, acquisition, or sale of assets, subject to the same privacy protections

    We do not sell, rent, or trade your personal data to any third party for their marketing purposes.

    7. Your Rights

    Under the DPDPA, 2023 and applicable Indian law, you have the following rights:

    • Right to Access: Request confirmation of whether we process your personal data and obtain a summary thereof
    • Right to Correction: Request correction of inaccurate or incomplete personal data
    • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
    • Right to Withdraw Consent: Withdraw consent for processing at any time
    • Right to Grievance Redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India
    • Right to Nomination: Nominate an individual to exercise your rights in the event of your death or incapacity

    To exercise any of these rights, contact our Grievance Officer at the details provided in Section 12.

    8. Children's Privacy

    Our Platform is not intended for individuals below the age of 18 years. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor without verifiable parental consent, we will take steps to delete such data promptly. In compliance with the DPDPA, 2023, processing of children's data requires verifiable consent from the parent or lawful guardian.

    9. Cookie Policy

    We use the following types of cookies:

    • Essential Cookies: Required for platform functionality (authentication, security, load balancing)
    • Analytics Cookies: Help us understand usage patterns and improve services
    • Preference Cookies: Remember your settings (language, theme, region)
    • Marketing Cookies: Used with your consent to deliver relevant advertisements

    You can manage cookie preferences through your browser settings. Disabling essential cookies may impair platform functionality.

    10. Data Retention

    • Account Data: Retained for the duration of your account and for 8 years thereafter (Companies Act, 2013 & Income Tax Act, 1961)
    • Transaction Records: Minimum 8 years as per income tax and GST record-keeping requirements
    • KYC Documents: As per applicable regulatory requirements (minimum 5 years after termination of business relationship)
    • Communication Records: 3 years from the date of communication
    • Log Data: 1 year for security and troubleshooting purposes

    11. Cross-Border Data Transfer

    We primarily store and process data within India. In the event any data is transferred outside India, such transfer shall be in compliance with the DPDPA, 2023, and shall only be made to countries or territories notified by the Central Government as permissible jurisdictions. Appropriate safeguards will be implemented for any such transfer.

    12. Grievance Officer

    In accordance with Section 5(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDPA, 2023:

    Grievance Officer, 360VentureStudios

    Email: grievance@udyog360.com

    Address: 360VentureStudios, Gurgaon, Haryana, India – 122001

    Response Time: Acknowledgement within 24 hours; resolution within 30 days.

    13. Changes to This Policy

    We reserve the right to modify this Privacy Policy at any time. Changes will be effective upon posting the revised Policy on the Platform with an updated "Last updated" date. For material changes, we will notify you via email or a prominent notice on the Platform. Continued use of the Platform after such changes constitutes your acceptance of the revised Policy.

    14. Governing Law and Jurisdiction

    This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in Gurgaon, Haryana, India.

    15. Contact Us

    For any questions, concerns, or requests regarding this Privacy Policy, please contact us:

    Email: privacy@udyog360.com

    Address: 360VentureStudios, Gurgaon, Haryana, India – 122001