Privacy Policy

AmanERP is a cloud-based business operations platform built for Indian businesses. We are currently in a pre-launch phase, offering early access through our Founding Member program.

For the purposes of India’s Digital Personal Data Protection Act, 2023 (DPDP Act), we act as the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.

Registered address: Bengaluru, Karnataka, India.

We are transparent about what we collect. As a pre-launch product, our data collection is limited to the following:

Information you provide

• Early access applications — your name, email address, company name, and role, submitted through our application form.
• Contact form submissions — your name, email, and message content when you reach out to us.

Information collected automatically

• Analytics data — we use Plausible Analytics, a privacy-first analytics tool hosted in the EU. Plausible does not use cookies, does not collect personal data, and does not track you across websites. We see aggregate data only — page views, referral sources, and country-level location. No individual visitor profiles are created.
• Bot protection — we use Cloudflare Turnstile on our forms to prevent automated abuse. Turnstile uses session-based tokens (not cookies) and does not track you across sites.

What we do not collect

• We do not collect sensitive personal data as defined under the DPDP Act (financial data, health data, biometric data, etc.).
• We do not purchase data from third-party brokers.
• We do not collect data from minors (see Children’s Data below).

When you use our platform (post-launch), we will collect additional data necessary to provide the service — such as business data you enter, usage logs, and account preferences. This policy will be updated before that happens.

Under the DPDP Act, 2023, we process your personal data based on the following lawful grounds:

• Consent — when you submit an early access application or contact form, you consent to our processing of the data you provide for the stated purpose.
• Legitimate uses — certain processing is necessary for purposes you would reasonably expect, such as responding to your inquiries or providing the service you requested.
• Legal obligation — we may process data where required by applicable Indian law.

You may withdraw your consent at any time by contacting us at hello@amanerp.com. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

We use the data we collect for specific, stated purposes:

• To process your early access application and communicate about your membership status.
• To respond to inquiries you send through our contact form.
• To send product updates and launch announcements (you can opt out at any time).
• To understand how visitors use our website in aggregate so we can improve it.
• To prevent automated abuse of our forms.
• To comply with legal obligations under Indian law.

We do not use your data for automated decision-making or profiling.

Your data is stored on Cloudflare D1, a globally distributed edge database. Cloudflare’s infrastructure is chosen for its strong security posture and compliance certifications.

In accordance with Section 43A of the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures) Rules, 2011, we implement the following security measures:

• Encryption in transit — all connections use TLS 1.3.
• Encryption at rest — stored data is encrypted using industry-standard methods.
• Access controls — only authorized personnel access production data on a strict need-to-know basis.
• Monitoring — access logs are maintained and reviewed.

We review our security practices regularly and will engage independent auditors as required under applicable law.

We retain your data only as long as necessary for the purpose it was collected:

• Early access applications — retained until your relationship with us ends or you request deletion, whichever comes first.
• Contact form messages — retained for as long as needed to resolve your inquiry, then deleted.
• Analytics data — Plausible retains only aggregate, non-personal data. No individual-level data is stored.

You can request deletion of your data at any time. We will process deletion requests within 30 days, as required under the DPDP Act.

We share your data only with the following trusted service providers, each of which processes data on our behalf:

• Cloudflare (San Francisco, USA) — website hosting, D1 edge database, email routing, and Turnstile bot protection. Cloudflare processes data across its global network.
• Plausible Analytics (EU-hosted) — privacy-first website analytics. Plausible does not receive any personal data — it processes only anonymous, aggregate page-view statistics.

We do not sell, rent, or trade your personal data. Each third-party processor is bound by its own privacy policy and data processing obligations.

Because we use Cloudflare’s global network, your data may be processed in locations outside India. Cloudflare operates data centers worldwide and may route and store data across its network to ensure performance and reliability.

Under the DPDP Act, cross-border transfers are permitted except to countries specifically restricted by the Central Government. As of this writing, no such restrictions have been notified. We will update this policy if restrictions are introduced that affect our data processing.

We do not use cookies.

Plausible Analytics is entirely cookieless. Cloudflare Turnstile uses session-based tokens that expire when you close your browser — these are not cookies and do not track you.

Because we do not use cookies, no cookie consent banner is required on our website.

Under India’s Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to access — request a summary of your personal data and how it is being processed.
• Right to correction — request that inaccurate or incomplete data be corrected or updated.
• Right to erasure — request deletion of your personal data. We will process this within 30 days.
• Right to withdraw consent — withdraw your consent at any time. We will stop processing and delete your data unless retention is required by law.
• Right to grievance redressal — you may raise a complaint with our Grievance Officer (see below) or, if unsatisfied, with the Data Protection Board of India.
• Right to nominate — under the DPDP Act, you may nominate another person to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, contact us at hello@amanerp.com. We will respond within 30 days.

AmanERP is a business operations platform and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without verifiable parental consent (as required by the DPDP Act), we will delete that data promptly.

We may update this policy to reflect changes in our practices, technology, or legal requirements. If we make significant changes, we will notify you via email (if you have provided your email address) and update the date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website or service after changes constitutes acceptance of the updated policy.

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have designated a Grievance Officer to address your concerns regarding data processing:

Grievance Officer
AmanERP
Email: hello@amanerp.com
Response time: within 30 days of receiving your complaint.

If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate your complaint to the Data Protection Board of India under the DPDP Act, 2023.