Privacy Policy

Indian Startup School Private Limited ("Company", "we", "us", "our"), operating the platform File My Books at filemybooks.com, is committed to protecting the privacy and security of your personal data.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have over your data. This Policy applies to all users ("you", "User", "Data Principal") of our Platform and services.

We process your personal data in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"), notified by the Ministry of Electronics and Information Technology, Government of India, on November 13, 2025.

By using our Platform or purchasing any service, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy.

Data Fiduciary:
Indian Startup School Private Limited
5th Floor, Two Horizon Centre, DLF Phase V,
Gurugram, Haryana, India – 122002

Platform: filemybooks.com
Contact: hello@filemybooks.com

As a Data Fiduciary under the DPDP Act, we determine the purpose and means of processing your personal data and are responsible for ensuring it is handled lawfully, fairly, and securely.

In the course of providing our services, we collect the following categories of personal data:

We collect only the minimum data necessary for the delivery of our services and fulfilment of legal obligations. We do not collect data beyond what is required for these stated purposes.

• Directly from you — when you sign up, complete onboarding, upload documents, fill forms, or communicate with us or your assigned professional
• Automatically — through cookies, log files, and analytics tools when you use our Platform
• From third parties — such as your bank or accounting software when you authorise integration with our Platform
• From government portals — such as the GST portal, MCA21, or Income Tax portal, where you authorise us to act on your behalf

We process your personal data solely for the following purposes:

We do not process your data for advertising, profiling, or any purpose unrelated to the services you have subscribed to, without your separate and explicit consent.

1. 6.1Documents such as Aadhaar, PAN, bank statements, financial records, and other KYC materials are stored on our secure servers located in India.
2. 6.2All sensitive data is encrypted at rest and in transit using industry-standard encryption protocols (AES-256 and TLS).
3. 6.3Access to your documents is strictly role-based. Only your assigned professional and authorised personnel of the Company can access your documents, and only to the extent necessary for service delivery.
4. 6.4We maintain detailed access logs and audit trails for all document access events.
5. 6.5Physical and digital security measures including firewalls, intrusion detection systems, and regular vulnerability assessments are in place to protect your data.

We do not sell, rent, trade, or commercially exploit your personal data under any circumstances. Your data may be shared only in the following limited circumstances:

8.1 We retain your personal data only for as long as necessary to fulfil the stated purpose or as required under applicable Indian law, including but not limited to:

• GST Act — 8 years from the relevant financial year
• Income Tax Act, 1961 — 8 years from the end of the relevant assessment year
• Companies Act, 2013 — as prescribed for statutory records

8.2 Data that is no longer required for any legal, regulatory, or contractual purpose will be securely deleted or anonymised.

8.3 Upon termination of your account or subscription, we will retain your data for the minimum period required by law, after which it will be permanently deleted from our systems.

8.4 You may request deletion of your data at any time. We will action your request subject to any overriding legal retention obligations.

Under the DPDP Act, 2023, you have the following rights in respect of your personal data:

To exercise any of these rights, please write to us at hello@filemybooks.com with the subject line "Data Rights Request". We will respond within the timelines prescribed under applicable law.

1. 10.1Our Platform uses cookies and similar tracking technologies to improve your experience, analyse usage patterns, and ensure Platform security.
2. 10.2The types of cookies we use include essential cookies (required for Platform functionality), analytics cookies (to understand how users interact with our Platform), and preference cookies (to remember your settings).
3. 10.3You may disable cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Platform.
4. 10.4We do not use cookies for behavioural advertising or third-party tracking.

1. 11.1In the unlikely event of a personal data breach, we will notify the Data Protection Board of India and all affected users as required under the DPDP Act and DPDP Rules, 2025.
2. 11.2Notifications to affected users will include the nature of the breach, the categories of data affected, the likely consequences, and the measures we are taking to address it.
3. 11.3We maintain an incident response plan and conduct regular security assessments to minimise the risk of data breaches.

In accordance with the DPDP Act, 2023 and the Information Technology Act, 2000, we have appointed a Grievance Officer to address your data-related concerns.

Grievance Officer
Indian Startup School Private Limited
5th Floor, Two Horizon Centre, DLF Phase V,
Gurugram, Haryana, India – 122002
📧 hello@filemybooks.com

We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt, or within such other timelines as may be prescribed under applicable law.

If you are not satisfied with the resolution, you may escalate your complaint to the Data Protection Board of India once the Board becomes fully operational under the DPDP Rules, 2025.

1. 13.1Our services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal data from anyone under the age of 18.
2. 13.2If you are a parent or guardian and believe that your child has provided personal data to us, please contact us immediately at hello@filemybooks.com and we will take steps to delete such data promptly.

1. 14.1We store and process all personal data within the territory of India. We do not transfer your personal data outside India except where required by applicable law or regulatory obligation, and only to countries permitted under the DPDP Act.
2. 14.2Any cross-border transfer, if required, will be carried out in compliance with applicable Indian law and with appropriate contractual safeguards in place.

1. 15.1We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
2. 15.2When we make material changes, we will notify you via email or a prominent notice on the Platform, with an updated effective date at the top of this Policy.
3. 15.3Your continued use of the Platform after such changes constitutes your acceptance of the updated Policy.

This Privacy Policy is governed by the laws of India. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the courts in New Delhi, India.