Privacy Policy

This Privacy Policy explains how Chabil Consulting Services OPC Pvt Ltd ("we", "us", "our") collects, uses, stores, and protects information when you use the Accounting Clarity Index™ ("ACI™") service at aci.chabilconsulting.com. We are committed to handling your data responsibly and in compliance with applicable Indian data protection laws, including the Information Technology Act, 2000 and its associated rules. By using the Service, you consent to the practices described in this Policy.

We collect the following categories of information: Identity & Contact Data • Full name • Email address • Company name, industry, and country • WhatsApp number (optional, provided by you) Assessment Responses • Your answers to the ACI™ questionnaire across all five dimensions • Self-reported scores and practices related to your accounting function Account Data • Authentication credentials managed via our secure login portal (auth.chabilconsulting.com) • Session tokens (JWT, stored as encrypted cookies) Payment Data • Payment status (success/failure) and Razorpay order/payment IDs • We do not receive or store your card number, UPI credentials, or banking details — these are handled exclusively by Razorpay Technical Data • IP address (for rate limiting and fraud prevention) • Browser type and device information • Pages accessed and timestamps

We use your information for the following purposes: • Report generation — to compute your ACI™ score, identify risk flags, generate recommendations, and produce your personalised PDF report. • Account access — to authenticate you and give you access to your purchased report. • Communication — to send you a copy of your report and any follow-up communications you request. • Service improvement — anonymised, aggregated data may be used to improve the assessment methodology and benchmarks (no individually identifiable information is used). • Legal compliance — to comply with applicable laws, respond to lawful requests, and enforce our Terms & Conditions. • Fraud prevention — to detect and prevent fraudulent payments or abuse. We do not use your data for advertising, profiling for third-party marketing, or any purpose not listed above.

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances: Service Providers • Razorpay — payment processing. Razorpay receives order details and processes payment under their own privacy policy. • Microsoft Azure — our infrastructure provider. Your data is stored on Azure-hosted databases in India or the closest Azure region with equivalent data protection. Legal Requirements • If required by a court order, law enforcement, or other legally mandated process, we may disclose information to the extent required by law. Business Transfer • In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections. No other sharing occurs without your explicit consent.

We retain your data as follows: • Assessment data and report — retained for a minimum of 12 months from the date of purchase to allow you to re-access your report within the access period. • Account information — retained while your account is active and for up to 36 months thereafter, unless you request deletion. • Payment records — retained for 7 years to comply with financial record-keeping requirements under Indian law. • Session tokens — expire after 30 days of inactivity. After the applicable retention period, data is securely deleted or anonymised.

We implement reasonable technical and organisational measures to protect your data: • Encrypted data transmission (TLS 1.2+) • JWT session tokens with short expiry periods • Database access restricted to authenticated services via Azure Managed Identity • Secrets managed via Azure Key Vault (no plaintext secrets in code) • Access to production data limited to authorised personnel only No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take all reasonably practicable steps to protect your information.

We use only the following cookies: • Authentication session cookie — a secure, HTTP-only JWT session token required to maintain your login state. This is essential for the Service to function. • No advertising, tracking, or analytics cookies are set. You can disable cookies in your browser, but this will prevent you from accessing authenticated areas of the Service.

You have the right to: • Access — request a copy of the personal data we hold about you. • Correction — request that inaccurate data be corrected. • Deletion — request deletion of your personal data, subject to our legal retention obligations. • Portability — request your assessment data in a machine-readable format. • Withdraw consent — where processing is based on consent, you may withdraw at any time (this does not affect processing already carried out). To exercise any of these rights, contact us at hello@chabilconsulting.com. We will respond within 30 days.

The Service is intended for use by business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data, please contact us immediately.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last Updated" date. For material changes, we will notify registered users by email where practicable.

For privacy-related queries, to exercise your rights, or to raise a concern: Chabil Consulting Services OPC Pvt Ltd Email: hello@chabilconsulting.com Website: www.chabilconsulting.com