Privacy Policy

Last updated: July 2026

Regno (“we”, “us”) provides compliance and practice management software to professional firms, companies and startups in India. This policy explains what data we collect, why, and the rights you have over it - written to be read, not just published. We practise what our own DPDP module preaches.

1. Data we collect

Account data: your name, email, phone number and firm details when you register or contact us.

Client data you upload: company records (CIN, GSTIN, PAN and similar identifiers), documents, filings, registers and related compliance information your firm manages on the platform. This data belongs to you and your clients - we process it solely to provide the service.

Usage data: log and device information (IP address, browser, pages visited) used for security, debugging and product improvement.

Payment data: processed by Razorpay, our payment provider. We never store card or bank details on our servers.

2. How we use data

To operate the platform: generating compliance calendars, sending reminders you configure (including WhatsApp and email), producing AI drafts you request, and syncing government filing statuses you authorise.

AI features process the specific documents and inputs you submit in order to generate drafts and analyses. We do not use your client data to train AI models.

We send transactional messages (reminders, alerts, receipts) as part of the service, and marketing messages only with your consent - unsubscribable at any time.

3. GST and government data connections

GST data sync uses GSTN's taxpayer-consented API mechanism: access is enabled by the taxpayer from their own GST portal, is time-limited, and is revocable at any time. Regno stores only the session tokens needed to operate the connection you authorised - never portal usernames or passwords.

4. Data isolation and security

Every firm's data is segregated with database row-level security. Staff access is role-restricted; client portal users see only their own company.

Data is encrypted in transit (TLS) and at rest. Documents are stored with per-tenant isolation and accessed via signed, expiring URLs.

Data is hosted on enterprise cloud infrastructure with Indian data residency options as they become available on our providers.

5. Sharing

We do not sell personal data. Period.

We share data only with the processors needed to run the service: cloud hosting, database, payments (Razorpay), messaging (WhatsApp Business API providers, email) and AI processing - each bound by contractual confidentiality and data protection obligations.

We may disclose data if required by law or valid legal process, and will notify affected users where legally permitted.

6. Retention and deletion

Your data remains available for the life of your subscription. On cancellation you can export all client data, documents and registers.

After account closure we delete or anonymise personal data within 90 days, except where law requires longer retention (e.g., invoicing records).

7. Your rights

You may access, correct, export or request deletion of your personal data, and withdraw consents, by writing to hello@regno.in. We respond within the timelines prescribed under applicable Indian law, including the Digital Personal Data Protection Act, 2023.

8. Changes

We will notify account owners of material changes to this policy by email before they take effect.

Questions about this policy? Write to us at hello@regno.in.