CleanERP
Privacy Policy
A product of Rizzle Technology Private Limited
CIN: U72900AP2019PTC110174 | Madanapalle, Andhra Pradesh, India
Effective Date: June 1,2026
1. Introduction and Scope
Rizzle Technology Private Limited ("Company," "we," "us," or "our"), the developer and owner of CleanERP (accessible at www.cleanerp.com), is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the CleanERP platform.
This Privacy Policy is published in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT SPDI Rules") under the Information Technology Act, 2000, and such other applicable laws of India as may be relevant.
This Privacy Policy applies to:
• visitors to our Website (www.cleanerp.com);
• individuals and entities that register for and use the CleanERP platform;
• employees, sub-users, and authorised representatives of registered businesses;
• students and educational institution staff using the Academic Management Module.
By using the CleanERP platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
2. Data Fiduciary Identity and Contact Details
For the purposes of the DPDP Act, 2023, the Company acts as the Data Fiduciary in respect of Personal Data processed through the CleanERP platform.
Organisation | Rizzle Technology Private Limited |
CIN | U72900AP2019PTC110174 |
Registered Office | Madanapalle, Andhra Pradesh, India |
Grievance Officer | [Designated Grievance Officer], Rizzle Technology Private Limited |
Grievance Email | admin@cleanerp.com |
General Support | admin@cleanerp.com |
Website | www.cleanerp.com |
Grievance Response Time | Within 30 (thirty) days of receipt of complaint |
Any complaints or concerns regarding your Personal Data may be directed to the Grievance Officer at the contact details above. If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India, once constituted under the DPDP Act, 2023.
3. Information We Collect
We collect the following categories of information:
Category | Examples |
Registration & Identity Data | Full name, email address, phone number, business name, designation, profile photograph |
Business & Financial Data | GSTIN, PAN number, company registration details, bank account details (for billing), invoices, financial statements, tax records, salary and payroll information |
Employee Data (HR Module) | Employee name, date of birth, employment ID, department, salary details, attendance records, leave records, emergency contact information |
Inventory & Operations Data | Stock records, product/SKU details, supplier information, purchase orders, sales records |
Academic Data | Student names, roll numbers, class/section, grades, attendance, fee records, parent/guardian contact details (processed by the institution as Customer) |
Usage and Technical Data | IP address, browser type, device identifiers, operating system, pages visited, features used, session duration, error logs |
Communications Data | Content of support queries, feedback, and correspondence with us |
Cookie and Tracking Data | Session cookies, preference cookies, analytics data (see Clause 7 of this Privacy Policy) |
We collect information directly from you when you: (a) register an account; (b) input data into any Software module; (c) contact us for support; (d) respond to surveys or communications. We also collect information automatically when you use the Software (usage and technical data).
4. Sensitive Personal Data
CleanERP, by the nature of its ERP functions, processes data that qualifies as Sensitive Personal Data under the IT SPDI Rules and as data of heightened sensitivity under the DPDP Act, 2023. This includes:
• Financial information: bank account details, payment card details, GSTIN, PAN number, salary and payroll data, financial statements;
• Business credentials: login credentials and authentication tokens;
• Employee records: date of birth, salary, personal address, and in some cases, health-related leave records.
We apply enhanced security measures to Sensitive Personal Data, including encryption at rest and in transit, access controls limited to authorised personnel, and regular security audits.
We do NOT collect Aadhaar numbers or biometric data through the Software. If your organisation collects such data independently and uploads it, you are responsible for compliance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and the DPDP Act, 2023.
5. How We Use Your Information
We use the information we collect for the following purposes and no others:
• Providing and operating the Software and its modules;
• Authenticating users and managing account access, including the multi-profile architecture;
• Processing invoices, billing, and payment transactions (for Premium Services);
• Providing customer support and responding to queries;
• Sending transactional communications: account confirmations, security alerts, software updates, and maintenance notices;
• Improving, developing, and personalising the Software, using anonymised or aggregated data that cannot identify you;
• Detecting, preventing, and investigating fraud, security incidents, and violations of our Terms and Conditions;
• Complying with legal and regulatory obligations under applicable Indian law, including responding to lawful orders from government authorities;
• Administering the Partner Programme (for Partners only).
We do not sell, rent, or trade your Personal Data to third parties. CleanERP is a free platform supported by advertising revenue. Third-party advertising partners may serve advertisements within the platform. Your Personal Data is not sold to advertisers; however, advertising partners may use cookies, web beacons, and similar technologies to serve contextual or interest-based advertisements. Please refer to Clause 8 (Advertising Partners and Third-Party Ad Networks) for full details.
6. Legal Basis for Processing
We process your Personal Data on the following legal bases under the DPDP Act, 2023:
• Consent: For registration, optional features, and where you have expressly agreed to processing (e.g., marketing communications from us). You may withdraw consent at any time (see Clause 10).
• Contractual Necessity: To perform our obligations under the Terms and Conditions, such as providing access to the Software and processing Customer Data.
• Legitimate Interests: For fraud prevention, security monitoring, product improvement (using de-identified data), and defending or establishing legal claims.
• Legal Obligation: To comply with applicable laws, including tax laws, data retention obligations, and orders from competent Indian authorities.
7. Cookies and Tracking Technologies
CleanERP uses cookies and similar tracking technologies on our Website. We use the following types:
Cookie Type | Purpose | Consent Required? |
Strictly Necessary | Session authentication, security, basic functionality | No, essential for service operation |
Functional | Remembering preferences (language, module settings) | Yes,via cookie consent banner |
Analytics | Understanding how users interact with the Software (anonymised) | Yes, via cookie consent banner |
Third-party advertising partners operating on the CleanERP platform may use cookies, JavaScript, and web beacons to serve advertisements and measure their effectiveness. CleanERP does not have direct access to or control over the cookies placed by third-party advertisers. You may manage or withdraw your cookie consent at any time through the cookie settings accessible on our Website. For strictly necessary cookies, disabling them may impair Software functionality.
8. Sharing and Disclosure of Information
We do not sell, rent, or trade your Personal Data. We may share your data only in the following limited circumstances:
• Service Providers and Sub-Processors: With trusted third-party service providers who assist us in operating the Software (e.g., cloud hosting, payment gateways, email delivery). These parties are bound by data processing agreements requiring them to protect your data and use it only as instructed by us.
• Legal Compliance: Where required by applicable law, court order, or government directive from a competent Indian authority. We will endeavour to notify you before disclosure unless prohibited by law.
• Business Transfers: In connection with a merger, acquisition, or sale of all or substantially all of the Company's assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.
• Protection of Rights: To enforce our Terms and Conditions, protect the safety and security of our platform and users, or establish, exercise, or defend legal claims.
• With Your Consent: For any other sharing not listed above, we will obtain your explicit prior consent.
Our current cloud infrastructure and hosting sub-processors include reputable providers operating primarily within India. Any cross-border transfers of data are governed by appropriate contractual safeguards as required by the DPDP Act, 2023.
9. Data Retention
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply:
Data Category | Retention Period |
Account and Registration Data | Duration of account + 90 days after termination for export, then deleted from active systems within 90 further days |
Financial and Tax Records | As required by applicable Indian law (typically 7 years under income tax and GST regulations) |
Employee Data (HR Module) | Duration of account; may be retained longer if required by applicable labour or tax law |
Academic Data | Duration of account, as determined by the educational institution as Customer |
Usage and Log Data | Up to 12 months from collection, unless required longer for security or legal purposes |
Support Communications | Up to 3 years from resolution of the matter |
Upon expiry of applicable retention periods, we will securely delete or anonymise your Personal Data. You may request earlier deletion of your data (subject to overriding legal retention obligations) by contacting privacy@cleanerp.com.
10. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have the following rights as a Data Principal:
• Right to Access: You have the right to obtain a summary of the Personal Data we hold about you and information about how it has been processed.
• Right to Correction and Erasure: You have the right to request that we correct inaccurate or incomplete Personal Data, and to request erasure of your Personal Data where it is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
• Right to Grievance Redressal: You have the right to have your privacy grievances addressed by our Grievance Officer within 30 (thirty) days of submission.
• Right to Nominate: You may nominate an individual to exercise your privacy rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, please submit a written request to privacy@cleanerp.com. We will respond within 30 (thirty) days. We may need to verify your identity before processing your request.
11. Security of Your Information
We implement appropriate technical and organisational security measures to protect your Personal Data against unauthorised access, disclosure, alteration, loss, or destruction. Our security measures include:
• Encryption of data in transit using TLS/SSL protocols;
• Encryption of sensitive data at rest;
• Role-based access controls and principle of least privilege for internal access;
• Regular security assessments and vulnerability testing;
• Secure data backup procedures;
• Employee training on data protection obligations.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee absolute security. The Customer is also responsible for maintaining the security of its own account credentials and access controls.
12. Data Breach Notification
In the event of a personal data breach that is likely to result in risk to the rights of Data Principals, the Company shall:
• Notify the Data Protection Board of India, in the manner and within the timelines prescribed under the DPDP Act, 2023;
• Notify affected Customers and, where applicable, individual Data Principals, in a timely manner consistent with statutory requirements and via reasonable means (email to registered address, or notice on the Website);
• Take immediate steps to contain and mitigate the breach;
• Investigate the cause of the breach and implement corrective measures to prevent recurrence.
If you believe there has been a breach involving your Personal Data, please notify us immediately at privacy@cleanerp.com.
13. Protection of Children's Data
We recognise that the CleanERP Academic Management Module may involve the processing of data relating to children (individuals under 18 years of age). In such cases:
• The educational institution (as the Customer and data controller responsible for student data) is responsible for obtaining Verifiable Parental Consent as required under the DPDP Act, 2023, before the personal data of a child is processed;
• We will implement technical safeguards to ensure that children's data is not used for profiling, behavioural targeting, or any purpose beyond the educational functions of the Software;
• We will not knowingly allow minors to register personal accounts directly without institutional mediation;
• Parents or guardians who believe their child's data is being processed without appropriate consent should contact the educational institution in the first instance, and may also contact us at privacy@cleanerp.com.
14. Log Files and Analytics
CleanERP maintains server log files as part of standard hosting and security operations. Log files record information including IP addresses, browser types, Internet Service Provider (ISP) identifiers, date and time stamps, referring URLs, and pages accessed. This information is used solely for: (a) diagnosing technical problems; (b) analysing security incidents; (c) understanding aggregate usage patterns to improve the Software.
Log data is not linked to individual user identities for marketing or profiling purposes and is retained for up to 12 months.
15. Advertising Partners and Third-Party Ad Networks
CleanERP is a free-of-cost ERP platform for MSMEs. The Company generates revenue through advertising displayed within the platform. By using the CleanERP platform, the Customer acknowledges and agrees that advertisements may be displayed as part of the free service.
Third-party ad servers and advertising networks may serve advertisements on the CleanERP platform using technologies such as cookies, JavaScript, and web beacons. These technologies are used to: (a) deliver advertisements to the Customer’s device; (b) measure the effectiveness of advertising campaigns; and (c) personalise the advertising content displayed. These technologies operate directly from the advertiser’s servers to the Customer’s browser. The Company does not have access to or control over the cookies or technologies used by third-party advertisers.
Each advertising partner operates under its own privacy policy governing data collected through its advertising technologies. Customers are encouraged to review the privacy policies of advertising partners for more information about their data practices and opt-out options.
In accordance with the Digital Personal Data Protection Act, 2023, the Company ensures that the use of Personal Data in connection with advertising is limited to the purposes disclosed in this Privacy Policy. Customers who have provided consent to analytical or preference cookies may withdraw such consent at any time through the cookie settings on the Website without affecting their right to access the Free Tier of the Software. The Company does not sell Personal Data to advertisers.
16. Third-Party Links
The CleanERP Website and Software may contain links to third-party websites, integrations, or services. This Privacy Policy applies solely to the CleanERP platform. We have no responsibility for the privacy practices of third-party websites or services, and we encourage you to review their privacy policies before sharing any Personal Data with them.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Software, or applicable law. When we make material changes, we will: (a) post the updated policy on our Website; (b) update the "Effective Date" at the top of this document; and (c) where required by law or where the changes are significant, notify registered Customers via email.
We encourage you to review this Privacy Policy periodically. Your continued use of the Software after the effective date of any revised Privacy Policy constitutes your acceptance of the revised policy.
18. Governing Law
This Privacy Policy is governed by the laws of India, including the DPDP Act, 2023, the IT Act, 2000, and the IT (SPDI) Rules, 2011. Any disputes arising under or in connection with this Privacy Policy shall be subject to the jurisdiction of the courts at Madanapalle / Tirupati, Andhra Pradesh, India, subject to the arbitration provisions in the Terms and Conditions.
For privacy-related queries, complaints, or rights requests, please contact:
Grievance Officer, Rizzle Technology Private Limited
Email: privacy@cleanerp.com | support@cleanerp.com
Website: www.cleanerp.com/privacy-policy
Response time: Within 30 (thirty) days of receipt