Sagacity PayrollSagacity PayrollSign in →

Privacy Policy

Last updated: 17 April 2026

This Privacy Policy describes how Sagacity Solutions ("Sagacity", "we", "us", or "our") collects, uses, discloses and protects personal information when you use sagacitypayroll.com and the Sagacity Payroll platform (the "Service").

We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and, where applicable, the General Data Protection Regulation (GDPR).

1. Who we are

Data fiduciary / controller: Sagacity Solutions, S2/M, Capital Plaza, DP Road, Malwadi, Hadapsar, Pune 411028, India.
Contact: privacy@sagacitypayroll.com

2. Information we collect

2.1 Information you give us

  • Account data: name, work email, phone, designation, company
  • Authentication data: password hash, 2FA tokens, session tokens
  • Employee records uploaded by your employer (as data processor)
  • Payroll inputs: salary, bank details, PAN, Aadhaar, UAN, PF/ESIC numbers
  • Support tickets and communications with us

2.2 Information collected automatically

  • Device and browser information, IP address
  • Pages visited, clicks, referrer URL, timestamps
  • Cookies (see "Cookies" below)

2.3 Information from third parties

  • Payment processor (Razorpay) — transaction status, not card data
  • Government portals (EPFO, ESIC, TRACES) — filing confirmations only

3. How we use your information

We process personal data only for the purposes listed here:

  • To provide and operate the Service (process payroll, file statutory returns)
  • To authenticate you, secure your account, and detect fraud
  • To comply with Indian statutory obligations (PF, ESIC, TDS, PT, LWF)
  • To communicate service updates, security alerts, and invoicing
  • With your consent, to send marketing communications (you can unsubscribe at any time)
  • To improve the Service through aggregated analytics (no user-level profiling)

4. Legal basis for processing

Under DPDPA and GDPR, we process data on one or more of these bases: contract (to deliver the Service you signed up for), legal obligation (statutory payroll filings), consent (marketing, optional analytics), and legitimate interest (securing the platform, preventing fraud).

5. Sharing your information

We do not sell personal data. We share it only with:

  • Sub-processors — DigitalOcean (hosting, Bengaluru region), AWS S3 (backup), Razorpay (payments), MSG91 (SMS/WhatsApp), Google Workspace (email).
  • Government authorities — only when legally compelled (EPFO, Income Tax, court order).
  • Your employer — if you are a client employee, your employer acts as the data fiduciary for HR data; we process it on their instructions.

Full list of sub-processors available on request to privacy@sagacitypayroll.com.

6. Data storage and international transfers

Your data is primarily stored in our DigitalOcean data centre in Bengaluru, India. Encrypted backups may be stored in Mumbai (ap-south-1). Where any sub-processor processes data outside India, we use the applicable Standard Contractual Clauses and impose equivalent safeguards as required by DPDPA.

7. Data retention

  • Active account data — retained while your subscription is active
  • Payroll records — retained for 8 financial years per Income Tax Act
  • PF/ESIC filings — retained for 10 years per EPF Act
  • Billing records — retained for 7 years per Companies Act, 2013
  • Support tickets and logs — retained for 12 months, then anonymised

8. Your rights

Under DPDPA (India) and GDPR (EU), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Erase your data (subject to statutory retention)
  • Port your data to another provider in a machine-readable format
  • Withdraw consent at any time (for optional processing)
  • Nominate another person to exercise your rights in the event of your death or incapacity (DPDPA §14)
  • Lodge a grievance with our Grievance Officer (see §12)

To exercise any of these, email privacy@sagacitypayroll.com. We respond within 15 working days.

9. Cookies

We classify cookies into three categories:

  • Essential — authentication, CSRF, session (always on; cannot be disabled).
  • Analytics — Google Analytics 4, Microsoft Clarity (opt-in).
  • Marketing — LinkedIn Insight Tag, Meta Pixel (opt-in).

You can change your preferences any time using the "Cookie preferences" banner (clear your cookies to re-trigger it) or by contacting us.

10. Security

We protect data with TLS 1.2+ in transit, AES-256 encryption at rest, bcrypt password hashing, role-based access control, tenant isolation, daily encrypted backups, and annual security reviews. See the Security page for details.

11. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.

12. Grievance Officer

Name: Utpal Pawar
Address: S2/M, Capital Plaza, DP Road, Malwadi, Hadapsar, Pune 411028
Email: grievance@sagacitypayroll.com
Response time: 15 working days (DPDPA §8(10))

13. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email and a banner on the homepage at least 15 days before taking effect.

14. Contact

For any privacy questions: privacy@sagacitypayroll.com