ERPSense.ai
Book a demo
Legal

Privacy Policy

Effective 7 May 2026

This Privacy Policy describes how ERPSense AI Private Limited(“ERPSense”, “we”, “us”, “our”) collects, uses, stores and protects information when you use the ERPSense.ai platform (the “Service”) at https://erpsense.ai, https://app.erpsense.ai, and any associated mobile or desktop applications.

ERPSense is a multi-tenant SaaS platform that helps small and medium businesses in India run their books, GST filings, inventory and customer/supplier operations on top of an open-source ERP core. We process two distinct categories of personal data: data about you, the user of ERPSense (“User Data”), and data about your business’s customers, suppliers, employees, and other third parties whose details you choose to enter into ERPSense (“Tenant Content”). For Tenant Content, you are the data controller and we are a processor.

What we collect

From you (Users)

  • Name, email, phone, role, language preference
  • Authentication credentials (we store password hashes only, never the password itself)
  • GSTIN, PAN and registered business details, where you provide them
  • Device, browser and IP information needed for security and support
  • Usage telemetry — pages visited, errors encountered, feature interactions

From your business (Tenant Content)

  • Customer, supplier, employee, item, and account master records
  • Transactional records — invoices, payments, journal entries, stock entries
  • Documents and attachments you upload (e.g., bank statements, cheque images)
  • Configuration data — chart of accounts, tax structures, business rules

How we use it

  • To deliver the Service you signed up for
  • To prevent fraud, abuse and unauthorised access
  • To send service-related notifications (billing, outages, security alerts)
  • To improve the product, in aggregate and with personal identifiers removed
  • To meet our legal and tax obligations in India

We do not sell your data, do not use Tenant Content to train AI models that we ship to other tenants, and do not share with advertisers.

Where it lives

All Tenant Content is stored in Google Cloud Platform’s asia-south1 (Mumbai) region. Encryption is enforced both in transit (TLS 1.3) and at rest (AES-256). Sensitive credentials such as ERP API keys and OAuth tokens are encrypted with Fernet using keys held in Google Secret Manager.

Who we share with

We share data only with sub-processors that are essential to running the Service:

  • Google Cloud Platform — infrastructure (compute, storage, secrets)
  • Google Cloud (Gemini API) — large language model inference for the Genie assistant. Prompts are processed in-region; outputs are not retained by Google for training under our enterprise agreement.
  • SendGrid / Postmark — transactional email delivery
  • Razorpay — payment processing for subscription billing
  • Meta WhatsApp Business Platform — WhatsApp message delivery (see below)

WhatsApp Business Messages

ERPSense.ai uses Meta’s WhatsApp Business Platform to deliver notifications on behalf of our customer businesses (“Tenants”). When a Tenant connects their WhatsApp Business Account through ERPSense.ai:

  • We act as a Tech Providerunder Meta’s WhatsApp Business Solution program. The Tenant remains the data controller for all WhatsApp messages sent under their brand.
  • We store an encrypted access token issued by Meta, scoped to the Tenant’s WhatsApp Business Account, used solely to send messages and read delivery status on behalf of that Tenant.
  • We submit message templates to Meta on behalf of the Tenant. Templates are pre-approved by Meta before any send.
  • We log message metadata (recipient phone number, message ID, delivery status, timestamp) in our notification ledger for operational, audit, and billing purposes. Message content is logged only when explicitly opted into by the Tenant for compliance review.
  • We do not sell WhatsApp data, do not use it for advertising, and do not share it with third parties except (a) Meta itself, as required to deliver messages, and (b) where compelled by law.

Recipient opt-in

You must explicitly opt in to receive WhatsApp messages from any business using ERPSense.ai. Opt-in is captured on the business’s website, app, or signup form. You can opt out at any time by replying STOP to any WhatsApp message you receive — your opt-out is recorded immediately and no further messages will be sent.

Data retention

WhatsApp message metadata is retained for the duration of the Tenant’s account plus 90 days, after which it is anonymised. Recipient opt-in / opt-out records are retained for 7 years for audit purposes.

Contact

Questions about WhatsApp data handling: privacy@erpsense.ai

Your rights

Under India’s Digital Personal Data Protection Act, 2023 you may request access, correction, erasure or transfer of your personal data, and may withdraw consent for any non-essential processing. Email privacy@erpsense.ai with a written request; we will respond within thirty (30) days.

Retention

Tenant Content is retained for the life of the subscription. After cancellation, your data is preserved for 30 days (in case you reactivate) and then permanently deleted. Backups roll off within an additional 30 days.

Children

ERPSense is a B2B service. We do not knowingly collect personal data from children under 18.

Changes to this policy

Material changes are notified by email at least 30 days before they take effect. The current version is always at this URL.

Contact

ERPSense AI Private Limited
16th Floor, Flat No 1602, Wing D, Old No 100-102, Chennai, Tamil Nadu 600008
Email: privacy@erpsense.ai