Skip to main content
Evaaluate
Book a Demo

Last updated: March 28, 2026 | Version 1.0

Privacy Policy

ORIS Intelligence Pvt. Ltd. ("Data Fiduciary", "we") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect data when you use Evaaluate ("Service"), aligned with the Digital Personal Data Protection Act, 2023 (DPDP Act) and GDPR best practices.

1. Data Controller

ORIS Intelligence Pvt. Ltd., Bengaluru, Karnataka, India. Data Protection Officer: dpo@evaaluate.com

2. Categories of Personal Data

  • Account Information: Name, email, phone, professional designation, registration number, firm name
  • Usage Data: Login timestamps, engagement activity, feature usage, IP address
  • Uploaded Documents: Financial statements, company filings, supporting documents uploaded for valuation engagements
  • Payment Data: Processed by Razorpay; we store only transaction IDs and receipt numbers, never card/bank details

3. Purposes of Processing

  • Service Delivery: Operating the valuation pipeline, generating reports, maintaining your account
  • Compliance: Regulatory compliance, audit trails, DPDP Act obligations
  • Improvement: Anonymized aggregate analytics to improve the platform (never individual client data)
  • Communication: Service notifications, engagement status updates, billing

4. Legal Basis for Processing

Consent (DPDP Act Section 6), contractual necessity, and legitimate interest for platform security and improvement.

5. Data Retention

  • Account data: Retained while account is active + 30 days after deletion request
  • Engagement data: 7 years (statutory requirement for valuation records)
  • Usage analytics: 24 months, anonymized
  • Payment records: 8 years (GST/IT Act requirements)

6. Data Subject Rights

Under the DPDP Act and GDPR, you have the right to: access your personal data, correct inaccurate data, request erasure (subject to statutory retention), data portability, and withdraw consent. Exercise your rights by contacting dpo@evaaluate.com.

7. Data Security

  • Encryption at rest: AES-256
  • Encryption in transit: TLS 1.3
  • Data residency: All data stored in AWS Mumbai (ap-south-1)
  • Tenant isolation: Firm-level row-level security
  • Financial figures are processed locally and never sent verbatim to third-party AI providers

8. Sub-processors

We use: AWS (infrastructure), Razorpay (payments), Resend (transactional emails). Full sub-processor list available on request.

9. Cross-Border Transfers

All primary data processing occurs within India. If data is transferred outside India, it will comply with DPDP Act Section 16 requirements.

10. Breach Notification

In the event of a personal data breach, we will notify the Data Protection Board and affected data principals within 72 hours of becoming aware of the breach.

11. Contact

Data Protection Officer: dpo@evaaluate.com