Privacy Policy
Effective Date: 1 April 2026
Platform: corpe.io | Data Controller: CORPE BUSINESS SOLUTION PRIVATE LIMITED
Privacy enquiries: info@corpe.io | Support: info@corpe.io
This Privacy Policy explains how CORPE BUSINESS SOLUTION PRIVATE LIMITED (Corpe, we, us, our) collects, uses, stores, shares, and protects your personal data when you use the Corpe platform at corpe.io. Please read this policy carefully. By using the Platform, you consent to the practices described herein.
1. Introduction & Scope
This Privacy Policy applies to:
- All users who visit, browse, or register on the Platform;
- All clients who initiate a company formation Engagement through the Platform;
- All individuals whose personal data is submitted to the Platform as part of an Engagement (including directors, shareholders, and authorised signatories).
This policy covers all personal data collected through the Platform, our mobile applications (if any), our communications channels (email, WhatsApp, SMS), and through any interaction with our support team.
This Privacy Policy is governed by and prepared in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. References to "personal data" and "sensitive personal data" in this policy carry the meanings assigned to them under applicable Indian law.
2. Who We Are — Data Controller
The data controller responsible for your personal data collected through the Platform is:
| Legal Entity | CORPE BUSINESS SOLUTION PRIVATE LIMITED |
| Platform | https://corpe.io |
| Privacy Contact | info@corpe.io |
| Legal / DPO | info@corpe.io |
| Registered City | Ahmedabad, Gujarat, India |
3. Personal Data We Collect
3.1 Data You Provide Directly
When you use the Platform or initiate an Engagement, we collect the following categories of personal data:
| Data Category | What We Collect | Why We Collect It |
|---|---|---|
| Identity Data | Full name, date of birth, nationality, father's name | Account registration, KYC verification, MCA filing |
| Contact Data | Email address, mobile number, WhatsApp number, postal address | Account communication, notifications, document delivery |
| Government ID Data | PAN card number and copy, Aadhaar number, Passport (if applicable), Voter ID | KYC compliance, DIN application, MCA filing requirements |
| Financial Data | Bank account details (for limited verification purposes), payment transaction references | Billing, fee processing, bank account opening support |
| Business Data | Proposed company name, business activity, capital structure, shareholding details, registered address | Company formation filings with MCA/ROC |
| Document Data | Scanned/digital copies of all KYC documents, office proof, NOC, utility bills, MOA/AOA | Preparation and filing of incorporation documents |
| Professional Data | Occupation, directorial experience, existing directorships | DIN application and MCA filing compliance |
| Communications Data | Messages, emails, chat records with Corpe's support team | Service delivery, dispute resolution, record-keeping |
Aadhaar numbers, PAN details, bank account information, and passport data are classified as Sensitive Personal Data or Information (SPDI) under the IT Rules, 2011. We collect this data solely for the purpose of fulfilling MCA/government filing requirements and will handle it with heightened security measures.
3.2 Data Collected Automatically
When you visit or use the Platform, we automatically collect certain technical data:
- IP address and approximate geolocation;
- Browser type, version, and operating system;
- Device identifiers and screen resolution;
- Pages visited, time spent, and navigation patterns on the Platform;
- Referring URLs and search terms used to reach the Platform; and
- Cookie and session data as described in our Cookie Policy.
This data is collected using analytics tools (such as Google Analytics or equivalent) and is used in anonymised or aggregated form to improve Platform performance and user experience. Where this data can identify you, it is treated as personal data.
3.3 Data from Third Parties
We may receive personal data about you from:
- Payment gateway providers confirming transaction status;
- WhatsApp Business API or SMS providers confirming message delivery; and
- Other users or authorised representatives who submit your details as part of a company formation Engagement (e.g., a client submitting director details).
4. How We Use Your Personal Data
We process your personal data only for the following purposes and on the lawful bases described:
| Purpose | Details | Lawful Basis |
|---|---|---|
| Providing the Services | To fulfil company formation Engagements, prepare and file documents, and deliver outputs | Contract performance |
| Account Management | To create and manage your Account, verify your identity, and communicate about your Engagement | Contract performance |
| KYC & Compliance | To verify identity and meet legal obligations under the Companies Act, 2013, PMLA, and MCA requirements | Legal obligation |
| Government Filings | To submit documents and information to MCA, ROC, Income Tax, and other government portals on your behalf | Contract performance / Legal obligation |
| Payment Processing | To process fees through our payment gateway partners and issue receipts | Contract performance |
| Communications | To send you notifications, updates, reminders, and service-related communications via email, WhatsApp, and SMS | Contract performance / Legitimate interest |
| Platform Improvement | To analyse usage patterns (anonymised) and improve Platform functionality and user experience | Legitimate interest |
| Legal & Regulatory Compliance | To comply with court orders, regulatory directives, or law enforcement requests | Legal obligation |
| Fraud Prevention & Security | To detect, prevent, and investigate fraud, security breaches, or misuse of the Platform | Legitimate interest / Legal obligation |
| Dispute Resolution & Records | To maintain records of Engagements, communications, and transactions for dispute resolution purposes | Legitimate interest / Legal obligation |
We do not use your personal data for any purpose that is incompatible with the purposes listed above without your prior consent.
5. Data Storage & Security
5.1 Where Data Is Stored
Your personal data, including KYC documents and Engagement records, is stored on secure cloud infrastructure hosted by reputable providers such as Amazon Web Services (AWS) or Google Cloud Platform (GCP). These providers maintain servers with industry-standard physical and logical security controls.
Corpe stores your personal data on servers located in India or in jurisdictions that provide an adequate level of data protection. Where data is processed outside India, Corpe ensures appropriate safeguards are in place in compliance with applicable law, including the DPDP Act, 2023.
5.2 Security Measures
We implement reasonable technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction, including:
- Encryption of data in transit (TLS/SSL) and at rest;
- Role-based access controls limiting who can access personal data within Corpe;
- Regular security audits and vulnerability assessments;
- Secure document upload and storage infrastructure;
- Two-factor authentication for internal staff accessing sensitive data; and
- Data breach detection and incident response protocols.
While we implement robust security measures, no system is completely impenetrable. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities as required under applicable law.
5.3 Data Retention
We retain your personal data for as long as:
- Your Account remains active;
- An Engagement is ongoing or recently completed;
- Required to comply with legal obligations (for example, document retention obligations under the Companies Act, 2013 and MCA guidelines); or
- Necessary for legitimate business purposes including dispute resolution and fraud prevention.
After the applicable retention period, personal data is securely deleted or anonymised. KYC documents submitted as part of an Engagement are retained for a minimum period as mandated by applicable regulatory requirements.
6. How We Share Your Personal Data
We do not sell your personal data. We share your data only in the following circumstances:
| Recipient | Who They Are | Purpose |
|---|---|---|
| Government Authorities | MCA, ROC, Income Tax Department, and other statutory bodies | Filing of incorporation and regulatory documents on your behalf |
| Payment Gateway Providers | Razorpay, Stripe, or equivalent PCI-DSS compliant providers | Processing of fee payments |
| Cloud Infrastructure | AWS, GCP, or equivalent providers | Secure hosting and storage of Platform data and documents |
| Communication Providers | WhatsApp Business API provider, SMS gateway | Delivering notifications and confirmations to you |
| Analytics Providers | Google Analytics or equivalent (anonymised / aggregated data only) | Platform performance monitoring |
| Legal & Regulatory Bodies | Courts, regulators, law enforcement, or government authorities | Where required by law, court order, or regulatory obligation |
| Professional Advisors | Legal counsel, auditors, or compliance advisors retained by Corpe | Legal advice, audit, and regulatory compliance — under confidentiality obligations |
| Business Transfers | Acquirer or successor entity in a merger, acquisition, or sale of assets | Corporate restructuring — you will be notified of any such transfer |
All third parties with whom we share personal data are required to maintain appropriate security standards and to use your data only for the specified purpose.
7. Your Rights Under the DPDP Act, 2023
Under the Digital Personal Data Protection Act, 2023 and other applicable Indian law, you have the following rights in relation to your personal data:
| Your Right | What It Means |
|---|---|
| Right to Access | You have the right to request confirmation of whether we process your personal data and, if so, to receive a copy of the personal data we hold about you. |
| Right to Correction | You have the right to request correction of any inaccurate or incomplete personal data we hold about you. |
| Right to Erasure | You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations. |
| Right to Grievance Redressal | You have the right to raise a grievance with our designated contact regarding any aspect of our processing of your personal data and to receive a timely response. |
| Right to Nominate | Under the DPDP Act, 2023, you have the right to nominate an individual to exercise your data rights in the event of your death or incapacity. |
| Right to Withdraw Consent | Where our processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. |
To exercise any of the above rights, please contact us at info@corpe.io. We will respond to your request within 30 days. We may require you to verify your identity before processing your request.
Please note that erasure requests may be limited where we are legally required to retain data — for example, under MCA document retention requirements, anti-money laundering regulations, or to defend against legal claims.
8. Cookies & Tracking Technologies
The Platform uses cookies and similar tracking technologies to enhance your experience and gather analytics data. The types of cookies we use include:
- Essential Cookies — Required for the Platform to function properly, including session management and security;
- Analytics Cookies — Used to understand how users navigate and interact with the Platform (anonymised data via Google Analytics or equivalent); and
- Preference Cookies — Used to remember your settings and preferences.
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Platform. We do not use cookies for advertising or tracking you across third-party websites.
9. Children's Data
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18 without appropriate parental or guardian consent, we will take immediate steps to delete such data. If you believe we have inadvertently collected a minor's data, please contact us at info@corpe.io.
10. Third-Party Websites & Links
The Platform may contain links to third-party websites or services (including government portals such as MCA21). Corpe is not responsible for the privacy practices or content of any third-party website. We encourage you to review the privacy policies of any third-party services you visit. Clicking on a third-party link does not constitute endorsement by Corpe.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we offer. Where changes are material, we will:
- Display a prominent notice on the Platform; and/or
- Send a notification to the email address associated with your Account.
The 'Effective Date' at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically. Continued use of the Platform after any update constitutes acceptance of the revised policy.
12. Grievance Officer
In accordance with the Information Technology Act, 2000 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, Corpe has designated a Grievance Officer for the redressal of complaints relating to the processing of personal data.
| Designation | Grievance Officer / Data Protection Contact |
| Organisation | CORPE BUSINESS SOLUTION PRIVATE LIMITED |
| info@corpe.io | |
| Response Time | Within 30 days of receipt of complaint |
| Escalation | info@corpe.io |
You may also raise a complaint with the Data Protection Board of India once it is constituted under the DPDP Act, 2023, if you are unsatisfied with our response to your grievance.
13. Contact Us
For any queries, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact:
| Legal Entity | CORPE BUSINESS SOLUTION PRIVATE LIMITED |
| Platform | https://corpe.io |
| Privacy Enquiries | info@corpe.io |
| Legal / General | info@corpe.io |
| Support | info@corpe.io |
| Jurisdiction | Ahmedabad, Gujarat, India |
| Effective Date | 1 April 2026 |
| Version | 1.0 |
This Privacy Policy has been prepared for general use on the Corpe platform in compliance with applicable Indian law as at the effective date. CORPE BUSINESS SOLUTION PRIVATE LIMITED strongly recommends that this Privacy Policy be reviewed by a qualified legal professional — particularly a data protection specialist — before publication to ensure full compliance with the DPDP Act, 2023 and all other applicable regulations specific to your business.