GRCDesk
Free AssessmentTemplatesConsultationBlogAbout
Start Free Assessment

Privacy Policy

Last updated: April 2026

1. Who We Are

GRCDesk ("we", "us", "our") operates the website grcdesk.in. We are committed to protecting your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). Our registered contact email is hello@grcdesk.in.

2. Data We Collect

We collect the following categories of personal data:

  • Information you provide: Name, email address, company name, industry, and employee count (provided during assessment or purchase)
  • Assessment data: Your answers to compliance questions and generated scores
  • Payment information: Processed securely by Razorpay — we do not store your card details, bank account numbers, or UPI IDs on our servers
  • Usage data: Pages visited, time spent on pages, browser type, device type, operating system, referring URL, and IP address — collected via analytics tools
  • Cookie data: Information collected through cookies and similar tracking technologies (see our Cookie Policy for details)

3. How We Use Your Data

  • To generate your compliance assessment report and provide your score
  • To deliver purchased products (templates, reports) via email and download links
  • To send transactional emails (receipts, download links, assessment results)
  • To improve our website, services, and user experience through analytics
  • To display relevant advertisements through third-party ad networks (such as Google AdSense)
  • To respond to your enquiries and provide customer support
  • To comply with legal obligations under applicable Indian law

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate our website, analyse traffic, and serve advertisements. These include:

  • Essential cookies: Required for basic site functionality such as session management and security
  • Analytics cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These collect anonymous usage data including pages visited, time on site, and traffic sources.
  • Advertising cookies: Used by third-party ad networks (such as Google AdSense) to display relevant advertisements based on your browsing behaviour. These third parties may collect data about your online activity across different websites.

You can manage your cookie preferences through your browser settings. For more details, please read our Cookie Policy.

5. Third-Party Services

We do not sell your personal data. We share data only with the following trusted service providers, each bound by data processing agreements:

  • Razorpay: Payment processing — receives your email, name, and payment details to process transactions securely
  • Resend: Email delivery — receives your email address to send transactional emails (receipts, download links)
  • Supabase: Data hosting — stores assessment data, payment records, and account information on secure cloud infrastructure
  • Google: Analytics and advertising — may collect anonymised usage data and serve personalised advertisements via cookies
  • Vercel: Website hosting — processes server requests and may log IP addresses for security purposes

6. Your Rights Under the DPDP Act

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

  • Right to Access: Request a summary of the personal data we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data when it is no longer necessary for the purpose it was collected
  • Right to Withdraw Consent: Withdraw your consent at any time — withdrawal is as easy as giving consent
  • Right to Grievance Redressal: File a complaint if you are not satisfied with our response
  • Right to Nominate: Nominate an individual to exercise your rights in the event of your death or incapacity

To exercise any of these rights, email us at hello@grcdesk.in. We will respond within 30 days.

7. Data Retention

  • Assessment data: Retained for 12 months from the date of submission, then automatically deleted
  • Payment records: Retained for 7 years as required under the Income Tax Act and GST laws
  • Email communication records: Retained for 3 years from the date of last interaction
  • Cookie and analytics data: Retained as per the respective third-party provider's retention policy (typically 14-26 months)

You can request deletion of your data at any time by emailing hello@grcdesk.in, subject to legal retention requirements.

8. Data Security

We implement reasonable security safeguards to protect your personal data, including encryption of data in transit (TLS/HTTPS), secure cloud hosting with access controls, and regular review of our data processing practices. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children's Data

Our services are intended for businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the revised policy.

11. Contact

For any privacy-related queries, data access requests, or complaints, contact us at:

  • Email: hello@grcdesk.in
  • Website: grcdesk.in
  • Response time: Within 30 days of receiving your request

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act, 2023.