DPDP Notice

Digital Personal Data Protection Act Compliance

Last updated: January 2026

About This Notice

This notice explains how Jini ("we", "us", or "our") processes your personal data in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act).

Data We Collect

When you use Jini's compliance ledger, we collect and process:

  • Identity data: PAN, GSTIN, CIN, LLP identification numbers
  • Account data: Name, email address, phone number
  • Compliance documents: Filing acknowledgments, payment challans, certificates you upload
  • Proof identifiers: ARN, CIN, SRN, UTR, TOKEN numbers extracted from documents
  • Usage data: Login times, actions taken within the platform

Purpose of Processing

We process your data for these specific purposes:

  • Maintaining your compliance ledger and computing filing status
  • Generating audit packs and compliance reports
  • Sending reminders about upcoming compliance deadlines
  • Allowing authorized team members and CAs to access your workspace
  • Providing customer support

Lawful Basis

We process your personal data based on your consent when you create an account and configure your workspace. For compliance ledger functionality, processing is necessary for the performance of our service agreement with you.

Data Storage & Residency

Primary data storage is in India. Our core infrastructure (database, file storage) is hosted with data centers located in India.

Stored exclusively in India:

  • Your compliance documents (original files)
  • Proof identifiers (ARN, CIN, SRN, UTR, TOKEN)
  • PAN, GSTIN, CIN, and other entity identifiers
  • User account information
  • Compliance ledger and audit trail

Note: If you enable AI features, extracted text content from documents may be processed by AI providers in the United States. See the "Cross-Border Data Transfers" section below for details. Original files always remain in India.

Cross-Border Data Transfers

Certain optional features involve processing by third-party services located outside India. These transfers only occur when you have explicitly enabled AI processing in your workspace settings.

Automatic PII Redaction (SEC-036)

All data undergoes automatic PII redaction before any cross-border transfer.

Before any text is sent to external AI providers, our system automatically detects and replaces personal identifiers with placeholder tokens. For example, "PAN: ABCPK1234A" becomes "PAN: [PAN_REDACTED]". The AI provider sees the semantic content needed for classification but never receives actual personal data.

Redacted identifiers include: PAN, Aadhaar, GSTIN, phone numbers, email addresses, bank account numbers, IFSC codes, CIN, DIN, Voter ID, and passport numbers.

No images are ever sent externally. All image documents are processed locally using OCR to extract text, which is then redacted before classification.

Services in the United States

Service Purpose Data Transferred Safeguards
Groq Document classification, AI chat, email analysis Redacted text only (PII replaced with tokens) Data Processing Agreement + Automatic PII Redaction
Google OAuth authentication, Gmail/Drive sync Authentication tokens (no tax data) Standard Contractual Clauses

AI Processing With Consent

AI features are disabled by default. When you enable AI processing in your workspace settings, the following redacted data may be transferred:

  • Document text: Extracted text with all PII replaced by tokens like [PAN_REDACTED]
  • Chat messages: Messages with any mentioned PII automatically redacted
  • Email content: Subject and body with sender emails, phones, and identifiers redacted

What Is NEVER Transferred (Even With Consent)

  • Any personal identifiers: PAN, Aadhaar, GSTIN, CIN, DIN, Voter ID, Passport
  • Contact information: Phone numbers, email addresses
  • Financial identifiers: Bank account numbers, IFSC codes
  • Original files or images: Documents remain in India; only redacted text is processed
  • Proof identifiers: ARN, SRN, UTR, TOKEN numbers

Your Control

  • You can enable or disable AI features at any time in Settings
  • Disabling AI immediately stops all cross-border data transfers for AI processing
  • Core compliance features (ledger, reminders, document storage) work without AI
  • You can use Jini without ever enabling AI features

Data Retention

We retain your compliance ledger data for as long as your account is active. Compliance records are kept for a minimum of 8 years to align with Indian tax record retention requirements. You may request deletion of your account, but certain records may be retained as required by law.

Your Rights

Under the DPDP Act, you have the right to:

  • Access: Request a summary of your personal data we hold
  • Correction: Request correction of inaccurate data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Grievance redressal: Lodge a complaint about data processing
  • Nomination: Nominate another person to exercise your rights

Data Sharing

We share your data only in these circumstances:

  • With your consent: When you invite team members or CAs to your workspace
  • Service providers: Cloud infrastructure, email delivery (all DPDP-compliant)
  • Legal requirements: When required by law or legal process

We do not sell your data. We do not use your compliance data for advertising.

Security Measures

We protect your data through:

  • Encryption of data at rest and in transit
  • Access controls and role-based permissions
  • Audit logging of all access to compliance data
  • Regular security assessments

Grievance Officer (SEC-016)

In accordance with the DPDP Act 2023, we have designated a Grievance Officer to address your concerns about data processing:

Name: Shashank Bhardwaj
Designation: Grievance Officer & Data Protection Lead
Email: grievance@jini.app
Response Time: We will acknowledge your grievance within 48 hours and provide a resolution within 7 working days.

How to File a Grievance

  1. Send an email to grievance@jini.app with subject "DPDP Grievance"
  2. Include your registered email address and a description of your concern
  3. You will receive an acknowledgment with a reference number
  4. We will investigate and respond within 7 working days
  5. If unsatisfied, you may escalate to the Data Protection Board of India

Postal Address for Written Complaints:
Grievance Officer - Data Protection
Amigo Softcom LLP
Gurugram, Haryana 122002
India

Data Breach Notification (SEC-017)

In the event of a personal data breach that may affect your rights, we commit to:

Our Breach Response Procedure

  1. Detection & Containment: Immediate steps to stop and limit the breach
  2. Assessment: Evaluate the nature, scope, and potential impact of the breach
  3. Notification to Affected Users: If the breach is likely to result in harm to you, we will notify you within 72 hours via email with:
    • Description of the breach
    • Types of data affected
    • Steps we are taking to address it
    • Recommendations for protecting yourself
  4. Regulatory Notification: Report to the Data Protection Board of India as required by law
  5. Remediation: Implement measures to prevent similar incidents

What Constitutes a Reportable Breach

  • Unauthorized access to personal data (including identity documents, PAN, etc.)
  • Accidental disclosure of personal data to unauthorized parties
  • Loss or theft of devices containing unencrypted personal data
  • Ransomware or malware attacks affecting personal data systems

We maintain detailed incident response procedures internally (see our Privacy Policy for security measures).

Contact Us

For any questions about this notice or to exercise your rights:

Email: privacy@jini.app
Address: Amigo Softcom LLP, Gurugram, Haryana 122002

Data Fiduciary Details

Name: Amigo Softcom LLP
LLP Identification: AAY-3370
GSTIN: 06ABWFA0197P1ZN
Registered Address: Gurugram, Haryana, India