Privacy Policy v1.0

1. Who We Are

TidySlot is a software-as-a-service (SaaS) product operated by Tidyslot.com, based in Vadodara, Gujarat, India. TidySlot provides a team scheduling and time-tracking platform for service businesses.

This Privacy Policy applies to our website tidyslot.com and our web application at app.tidyslot.com. By accessing or using TidySlot, you consent to the practices described in this policy.

2. Applicable Indian Laws

This Privacy Policy is drafted in compliance with the following Indian laws and regulations:

• Digital Personal Data Protection Act, 2023 (DPDP Act) — India's primary legislation governing the processing of digital personal data of Indian residents. TidySlot acts as a "Data Fiduciary" under this Act.
• Information Technology Act, 2000 — including Section 43A (compensation for failure to protect data) and Section 72A (punishment for disclosure of information in breach of contract).
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 — defines sensitive personal data and mandates security practices.
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 — requires appointment of a Grievance Officer and disclosure of data handling practices.
• Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020 — governs fair practices in e-commerce transactions.
• Goods and Services Tax (GST) Act, 2017 — requires retention of certain transaction records for statutory periods.

3. Data We Collect

3.1 Account & Profile Data

• Full name, email address, and hashed password (we never store plain-text passwords)
• Organisation name, designation/role within the organisation
• Profile photo (if uploaded)
• Mobile number (if provided)

3.2 Work & Operational Data

• Jobs, tasks, assignments, and calendar events you create or are assigned to
• Time entries — punch-in and punch-out records, hours worked
• Team member schedules, time blocks, and category assignments
• Quick Links, categories, and organisation configuration

3.3 Technical & Device Data

• IP address and approximate geolocation (city/country level)
• Browser type, version, and operating system
• Device type (desktop, mobile, tablet)
• Pages visited, features accessed, and session duration
• Error and crash logs for debugging and service improvement

3.4 Payment & Billing Data

Subscription payments are processed by Razorpay Payment Solutions Private Limited, a RBI-authorised payment aggregator. TidySlot does not store, process, or transmit your card numbers, UPI credentials, net banking details, or any sensitive payment information. We receive only a transaction confirmation and reference ID. Razorpay's Privacy Policy (razorpay.com/privacy) governs payment data.

GST invoices generated for your subscription are retained in accordance with the GST Act, 2017 (minimum 8 years).

3.5 Communications Data

• Support requests, email exchanges, and chat conversations with our team
• Feedback, bug reports, or feature suggestions

4. How We Use Your Data

We use your data only for the following purposes, consistent with the DPDP Act's requirement that data be used for specified, lawful purposes:

• Providing the service: Creating and managing your account, displaying your team's schedule, and recording time entries
• Billing and subscriptions: Processing payments, generating GST invoices, and managing your subscription plan
• Customer support: Responding to your queries and resolving technical issues
• Service improvement: Analysing anonymised usage patterns to improve features and fix bugs
• Security and fraud prevention: Detecting and preventing unauthorised access, abuse, or fraudulent activity
• Legal compliance: Meeting obligations under the DPDP Act 2023, IT Act 2000, GST Act 2017, and other applicable Indian laws
• Communications: Sending transactional emails (account creation, password reset, invoices, subscription alerts)

We do not use your data for advertising, behavioural profiling, or any purpose beyond operating and improving TidySlot.

5. Data Sharing & Disclosure

We do not sell, rent, or trade personal data. Data is shared only in these circumstances:

5.1 Within Your Organisation

Admins and authorised team members of your TidySlot organisation can see scheduling data, time entries, and work progress as a core function of the product. This is data you voluntarily enter into the platform for team coordination purposes.

5.2 Service Providers

We engage trusted third-party service providers only to operate and maintain TidySlot. These include cloud hosting, email delivery, analytics, and payment processing. All such providers are contractually bound to:

• Use data only for the specific service they provide to us
• Maintain confidentiality and security standards consistent with this policy
• Not disclose data to any other party

5.3 Legal Requirements

We may disclose personal data if required to do so by a court order, government authority, or applicable Indian law, including requests under the IT Act 2000, the Code of Criminal Procedure 1973, or orders from CERT-In.

5.4 Business Transfer

In the event of a merger, acquisition, or sale of business assets, user data may be transferred to the acquiring entity. We will notify registered users by email at least 30 days before such transfer and provide the option to delete their account.

6. Data Storage, Retention & Security

6.1 Storage Location

Your data is stored on secure servers.

6.2 Security Measures

We implement reasonable security practices as required under the IT (SPDI) Rules 2011, including:

• HTTPS/TLS encryption for all data in transit
• Encrypted storage for passwords using industry-standard hashing (bcrypt/Argon2)
• Role-based access controls — production data is accessible only to authorised personnel
• Regular automated backups
• Activity logging for audit purposes

6.3 Retention Periods

• Active account data: Retained for the duration of your active subscription
• Deleted account data: Deleted within 30 days of account closure or deletion request, except where law requires longer retention
• GST invoices and billing records: Retained for 8 years as required under the GST Act 2017
• Security logs: Retained for 180 days as recommended under IT Act guidelines
• Support communications: Retained for 2 years for quality and legal purposes

6.4 Data Breach

In the event of a data breach that is likely to result in risk to your rights, we will notify affected users and the relevant authority as required under the DPDP Act 2023, within the prescribed timelines.

7. Cookies & Tracking

TidySlot uses the following types of cookies:

• Essential cookies: Required for the application to function (session management, authentication). Cannot be disabled.
• Preference cookies: Remember your settings and choices within the application.
• Analytics cookies: Help us understand how the product is used (anonymised). You may opt out by contacting us.

We do not use advertising or tracking cookies. You can manage cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

8. Your Rights Under Indian Law

As a Data Principal under the Digital Personal Data Protection Act 2023, you have the following rights:

• Right to access: Obtain a summary of your personal data processed by us and the purposes for which it is processed
• Right to correction: Correct inaccurate, incomplete, or outdated personal data
• Right to erasure: Request deletion of personal data that is no longer necessary (subject to legal retention obligations)
• Right to grievance redressal: Have your complaint reviewed and responded to within the prescribed period
• Right to nominate: Nominate another individual to exercise your data rights in the event of your death or incapacity
• Right to withdraw consent: Withdraw consent for processing where consent was the legal basis, without affecting prior processing

To exercise any right, email our Grievance Officer at support@tidyslot.com. We will acknowledge within 3 business days and respond fully within 30 days.

9. Grievance Officer

As required under the IT (Intermediary Guidelines) Rules 2021 and the DPDP Act 2023, we have appointed a Grievance Officer to address complaints regarding data processing:

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once it is established under the DPDP Act 2023.

10. Children's Privacy

TidySlot is a business productivity tool intended solely for adults (18 years and above). We do not knowingly collect personal data from minors. If you believe a person under 18 has provided us with personal data, please contact our Grievance Officer immediately and we will delete it without delay.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our practices, or the product. When we make material changes, we will:

• Update the version number and "Last updated" date at the top of this page
• Notify registered users by email at least 14 days before changes take effect
• Maintain a version history below so you can review what changed

Continued use of TidySlot after the effective date of an updated policy constitutes acceptance of the revised terms.

12. Contact Us

13. Version History

Version	Date	Summary of Changes	Author
v1.0 (Current)	June 2026	Initial version — covers DPDP Act 2023, IT Act 2000, IT Rules 2011 & 2021, Consumer Protection Rules, GST retention, Grievance Officer, data rights	Tidyslot.com

Previous versions are archived and available on request at support@tidyslot.com.