Privacy Policy

1. Introduction

Welcome to Lekha AI. We are committed to protecting your personal data and ensuring compliance with the Digital Personal Data Protection (DPDP) Act, 2023. This policy explains how we collect, use, and safeguard your information.

2. Data Collection & Processing

We collect information necessary to provide compliance and regulatory services to Indian SMEs. This includes:

• Business details (Name, GSTIN, PAN, turnover).
• Contact information.
• Vendor and invoice data for MSME compliance (Section 43B(h)).

All processing is done on the basis of explicit consent or legal necessity. We employ Zero-PII logging and AES-256 encryption for sensitive fields.

3. Consent Management

Under the DPDP Act, you have the right to provide, review, and withdraw consent at any time. Our Consent Manager UI allows you to manage these preferences. Withdrawal of consent will trigger data purging protocols in accordance with the law.

4. Data Retention & Erasure

We retain financial records (like invoices and vendor records) for 8 years as mandated by the Indian Companies Act. When an account is deleted or consent withdrawn, personal data is irreversibly anonymized (Proof of Erasure workflow) while maintaining financial compliance.

5. Contact Us

If you have questions about your data privacy or wish to exercise your rights, please contact our Data Protection Officer at privacy@lekha-ai.in.