GRCDesk
Free AssessmentTemplatesConsultationBlogAbout
Start Free Assessment

Privacy Policy

Last updated: March 2026

1. Who We Are

GRCDesk ("we", "us", "our") operates the website grcdesk.in. We are committed to protecting your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Data We Collect

  • Name, email address, company name (provided during assessment)
  • Assessment responses (your answers to compliance questions)
  • Payment information (processed by Razorpay — we do not store card details)
  • Usage data (pages visited, browser type — via analytics)

3. How We Use Your Data

  • To generate your compliance assessment report
  • To deliver purchased products (templates, reports)
  • To send transactional emails (receipts, download links)
  • To improve our services

4. Data Sharing

We do not sell your data. We share data only with: Razorpay (payment processing), Resend (email delivery), and Supabase (data hosting). All providers are bound by data processing agreements.

5. Your Rights

Under the DPDP Act, you have the right to: access your data, correct inaccurate data, request erasure of your data, and withdraw consent. To exercise these rights, email us at hello@grcdesk.in.

6. Data Retention

Assessment data is retained for 12 months. Payment records are retained for 7 years (legal requirement). You can request deletion at any time.

7. Contact

For any privacy-related queries, contact us at hello@grcdesk.in.