Privacy Policy

Last updated: April 21, 2026

1. Introduction

Quipu Software Solutions ("Quipu", "we", "us", or "our") operates the Quipu AI Accounting platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

By accessing or using Quipu, you agree to this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, mobile number, email address, and business details when you register.
  • Business Data: Company name, GSTIN, invoices, financial transactions, party details, bank statements, and other accounting data you enter or upload.
  • Payment Information: Subscription payment details processed through Razorpay. We do not store your card or bank account details directly.
  • Communications: Messages you send through our contact form, support requests, or feedback.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, and interaction patterns to improve our service.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP address, access times, and referring URLs.

2.3 AI-Processed Data

  • Document Scanning: When you use our AI invoice scanning feature, images or PDFs you upload are processed to extract text and financial data. These documents are processed in real-time and are not retained after extraction is complete.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our accounting and GST compliance services
  • Generate GST returns (GSTR-1, GSTR-3B, GSTR-9) from your transaction data
  • Process AI-powered invoice scanning and data extraction
  • Send important notifications about filing deadlines, compliance alerts, and vendor discrepancies
  • Process subscription payments and manage your account
  • Respond to your support requests and communications
  • Analyse usage patterns to improve our platform (aggregated, non-personal data only)
  • Comply with legal obligations under Indian tax and data protection laws

4. Data Isolation & Security

Your business data is protected through multiple layers of security:

  • Schema-Level Isolation: Each company's data is stored in a completely separate database schema. Your data is never co-mingled with other tenants.
  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256 encryption).
  • Access Controls: Role-based access control (Owner, Admin, Accountant, Viewer) ensures only authorised personnel access your data.
  • Two-Factor Authentication: Optional 2FA adds an extra layer of protection to your account.
  • Regular Backups: Daily automated backups with point-in-time recovery capability.
  • Audit Trail: Complete logging of all actions for accountability and compliance.

5. Data Sharing & Disclosure

We do not sell, trade, or rent your personal or business data to third parties. We may share data only in these circumstances:

  • Payment Processing: Transaction details shared with Razorpay for subscription payments, governed by their privacy policy.
  • GST Portal Integration: When you choose to file returns, data is transmitted to the GSTN portal as required by law.
  • Legal Compliance: When required by law, regulation, court order, or governmental authority.
  • Service Providers: Cloud hosting and infrastructure providers who process data on our behalf under strict data processing agreements.

6. Data Retention

We retain your data as follows:

  • Active Accounts: All data is retained as long as your subscription is active.
  • After Cancellation: Business data is retained for 90 days after subscription cancellation, after which it is permanently deleted.
  • Financial Records: As required by Indian tax law, certain financial records may be retained for up to 8 years.
  • Scanned Documents: Processed in real-time and not stored beyond the extraction session.

7. Your Rights

In accordance with applicable Indian data protection laws (including the Digital Personal Data Protection Act, 2023), you have the right to:

  • Access: Request a copy of your personal data we hold.
  • Correction: Update or correct inaccurate personal data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Data Portability: Export your data in standard formats (Excel, PDF, JSON).
  • Withdraw Consent: Opt out of non-essential data processing at any time.

To exercise these rights, contact us at aiaccounting@quipu.in.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics cookies are used only in aggregated form to improve the platform.

9. Children's Privacy

Quipu is a business accounting platform and is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 30 days before they take effect.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: