Legal

Privacy Policy

Last updated: 1 January 2025

ArchCenter Technologies Private Limited ("ArchCenter", "we", "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, and how you can exercise your rights.

1. Information We Collect

1.1 Account & Registration Data

When you register for ArchCenter, we collect: your full name, email address, firm name, firm address, GST registration number (GSTIN), phone number, and a hashed password. This information is necessary to create your account, generate GST-compliant invoices, and provide the Service.

1.2 Usage & Behavioural Data

We automatically collect data about how you interact with the Service, including: pages visited, features used, time spent on pages, browser type and version, operating system, screen resolution, IP address, and referring URL. This data helps us understand usage patterns, improve the platform, and diagnose technical issues. We use server-side logs and may use lightweight analytics tools for this purpose.

1.3 Payment Data

Payment transactions are processed by Razorpay Software Private Limited. ArchCenter does not store your full card numbers, CVV, or bank account details. We receive and store a transaction reference ID, payment status, and masked payment method details (e.g., last 4 digits of card, UPI ID) from Razorpay to maintain your billing history and issue GST invoices.

1.4 User Content

Content you create or upload to the Service — including project details, task notes, client information, invoices, drawing files, contracts, and messages — is stored on our servers. You control this content, and it is used only to provide the Service to you.

1.5 Communications

When you contact our support team via email or the contact form, we retain records of the correspondence to assist with your query and improve support quality.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Authenticating your account, rendering your projects and invoices, processing payments, and delivering platform functionality.
  • Communications: Sending transactional emails (invoice receipts, payment confirmations, account alerts), and with your consent, product updates and feature announcements.
  • Customer support: Responding to your enquiries, troubleshooting issues, and processing refund or billing requests.
  • Invoicing & compliance: Generating GST-compliant invoices for your subscription and maintaining records as required by Indian tax law (typically 8 years).
  • Platform improvement: Analysing aggregate usage data to identify bugs, improve features, and prioritise our product roadmap.
  • Security: Detecting and preventing fraud, abuse, and unauthorised access to accounts.
  • Legal obligations: Complying with applicable Indian laws, regulatory requirements, and lawful requests from governmental authorities.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

3. Data Storage & Security

Location: All personal data and User Content is stored on servers located within India. We do not transfer personal data outside India except where necessary to facilitate integrations you have explicitly enabled (e.g., Google Drive, which stores files per your Google account settings).

Encryption: Data in transit is protected by TLS 1.2 or higher (HTTPS). Data at rest is encrypted using AES-256. Passwords are stored as bcrypt hashes and are never stored in plain text.

Access controls: Access to personal data is restricted to ArchCenter employees and contractors who require it to perform their duties. All personnel with access to personal data are bound by confidentiality obligations.

Backups: We perform automated daily backups of all data. Backups are encrypted and retained for 30 days. In the event of a data loss incident, we will restore from the most recent available backup.

Breach notification: In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of the breach, as required by the DPDPA 2023.

4. Third-Party Services

ArchCenter integrates with the following third-party services to provide certain features. Each service has its own privacy policy governing their use of data:

Razorpay Software Private Limited

Used for payment processing. Razorpay receives your payment details directly. ArchCenter receives transaction confirmations and masked payment data. Privacy policy: razorpay.com/privacy

Google LLC (Google Drive)

If you enable Google Drive integration, ArchCenter connects to your Google account via OAuth 2.0 to sync documents. ArchCenter only accesses the specific Drive folder you designate. Google's privacy policy governs how Google handles your data: policies.google.com/privacy

MSG91 (Walkover Web Solutions)

Used for SMS OTP delivery and transactional SMS notifications. Your phone number is shared with MSG91 only for the purpose of sending SMS messages you have requested or consented to.

WhatsApp Business Cloud API (Meta)

If you enable WhatsApp notifications, your clients' WhatsApp numbers are used to deliver messages they have opted into. Meta's privacy policy governs processing on their platform.

We will never share your data with any third party beyond what is described in this Policy without your explicit consent, except when required by law.

5. Cookies

ArchCenter uses cookies and similar technologies to maintain your session, remember your preferences, and ensure platform security. We use the following types of cookies:

  • Session cookies: Strictly necessary cookies that keep you logged in during your browser session. These are deleted when you close your browser.
  • Persistent cookies: Used to remember your preferences (e.g., dashboard layout, language) across sessions.
  • Security cookies: Used for CSRF protection and to detect fraudulent activity.

We do not use advertising or tracking cookies. You can control cookies through your browser settings, but disabling necessary cookies will prevent you from logging in to the Service.

6. Your Rights

Under the Digital Personal Data Protection Act 2023 (India) and applicable law, you have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to correction: Request that we correct inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to our legal retention obligations.
  • Right to portability: Request your User Content in a structured, machine-readable format (CSV, JSON) for transfer to another service.
  • Right to withdraw consent: Where processing is based on consent (e.g., marketing emails), you may withdraw consent at any time by unsubscribing or contacting us.
  • Right to grievance: Lodge a complaint with our Data Protection Officer or with the Data Protection Board of India.

To exercise any of these rights, contact our Data Protection Officer at privacy@archcenter.in. We will respond within 30 days.

7. Data Retention

We retain your personal data and User Content for as long as your account is active. Upon account deletion, your personal data is purged within 30 days except where we are required to retain it by law (e.g., billing records and GST invoices are retained for 8 years as required by the GST Act).

Data from expired or suspended accounts (where the user has not logged in for more than 12 months) may be deleted after a 90-day notice period. We will notify you via your registered email before deletion.

8. Contact for Privacy Queries

For any questions about this Privacy Policy, to exercise your rights, or to raise a privacy concern, please contact:

Data Protection Officer
ArchCenter Technologies Private Limited
Terms of Service | Refund Policy | Contact Us