iOmSoft
Legal

Privacy Policy

Last updated: May 19, 2026

We take your privacy seriously. This policy explains what we collect, why we collect it, and the choices you have. We try to keep it short and readable — if anything is unclear, email us at privacy@iomsoft.com.

1. Scope

This Privacy Policy applies to the iOmSoft website (iomsoft.com), our customer portal, and the consulting services we deliver. It covers visitors, prospects, customers, and anyone who emails or messages us. It does not cover third-party websites we link to — those have their own policies.

In short: we collect the minimum we need to run our business and serve you well, we don't sell your data, and you can ask us to delete it.

2. Information We Collect

We collect information in four buckets:

  • Account information — name, email, company, phone, billing address, and the password hash you set when you sign up.
  • Project information — the briefs, files, URLs, and feedback you share with us so we can deliver the work you hired us for.
  • Technical data— IP address, browser type, device, pages viewed, referrers, and timestamps. We use this to keep the site secure and measure what's working.
  • Cookies & similar technologies — see our Cookie Policy for details. You can opt out at any time.

We also receive limited data from third parties — for example, when you sign in with Google or pay via Razorpay, we get the bare minimum (verified email, transaction ID) needed to complete that action.

3. How We Use Information

  • To deliver the services you hired us for and provide customer support.
  • To send transactional emails — invoices, project updates, login alerts.
  • To send occasional product news, only if you opted in. You can unsubscribe with one click.
  • To debug issues, prevent fraud and abuse, and keep our infrastructure secure.
  • To analyse usage in aggregate so we can improve the product and the website.
  • To meet legal, tax, and accounting obligations.

We do not use your data to train external AI models, and we do not sell or rent your personal information to advertisers.

4. Sharing

We share data only with parties that help us run the business, and only under contract:

  • Service providers — hosting (Vercel, AWS, Cloudflare), payment processing (Razorpay, Stripe), email delivery (Postmark, Resend), analytics (Plausible, Google Analytics), and customer support tooling.
  • Legal requirements — when we're required to disclose by law, court order, or a regulator with proper authority. We push back on overly broad requests.
  • Business transfers — if iOmSoft is acquired or merges with another company, your data may transfer to the new entity under the same protections.

5. Retention

We keep account and project data for as long as you have an active account, plus a reasonable period afterward (typically up to 24 months) for support, dispute resolution, and our own legal records. Tax and invoice records are retained for the period required by Indian law (typically 8 years). You can request earlier deletion at any time, subject to those legal hold periods.

6. Security

We protect your data with encryption in transit (TLS 1.2+), encryption at rest for databases and backups, hashed and salted passwords (Argon2), least-privilege access controls, mandatory 2FA for our team, and routine vulnerability scanning. No system is perfect — if we ever discover a breach affecting you, we will notify you and the relevant regulator within 72 hours, as required by law.

7. Your Rights

Depending on where you live, you have rights over the personal data we hold about you. We honour these rights for all customers, not just those in regulated regions:

  • Access — get a copy of what we hold about you.
  • Correction— fix data that's wrong or outdated.
  • Deletion — ask us to remove your data, subject to legal retention rules.
  • Portability — export your data in a machine-readable format.
  • Objection & restriction — opt out of marketing or limit how we process your data.
  • Withdraw consent — where processing relies on consent (e.g. marketing emails, analytics cookies).

These rights are codified by the EU/UK GDPR and India's Digital Personal Data Protection (DPDP) Act, 2023. To exercise any of them, email privacy@iomsoft.com from the address on file. We'll respond within 30 days.

8. International Transfers

iOmSoft is based in India, and our infrastructure spans regions in India, the EU, and the US (depending on the product and your location). When personal data leaves its origin region, we use Standard Contractual Clauses, equivalent transfer mechanisms, or your explicit consent to keep it protected.

9. Children

Our services are not directed at children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us data, please contact us and we'll delete it.

10. Changes

We may update this policy as our services evolve or laws change. The “Last updated” date at the top will always reflect the current version. For material changes — say, a new category of data or a new processor — we'll email account holders at least 14 days in advance so you can review and decide.

11. Contact

Questions, requests, or complaints? Email privacy@iomsoft.com or write to iOmSoft Technologies Pvt Ltd, Bengaluru, Karnataka, India. You can also lodge a complaint with your local data protection authority, but we'd rather you give us a chance to make it right first.

Questions? Contact us.

We answer privacy and data questions within one business day. Reach out and a real human will get back to you.

Contact iOmSoft