Privacy Policy

1. Introduction

Ratio is an AI-native bookkeeping, reporting, and compliance platform designed for Indian Micro, Small, and Medium Enterprises (MSMEs). We are committed to protecting the privacy and security of the data entrusted to us by our clients and their employees.

By accessing or using the Ratio platform, you consent to the collection, processing, and storage of information as described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

This policy applies to all users of the Ratio platform, including business clients, their authorised representatives, and employees who interact with Ratio through integrations such as WhatsApp, Slack, or email.

2. Information We Collect

We collect the following categories of information in order to provide our services:

2.1. Business Information. Company name, GST number, PAN, registered address, and business type.

2.2. Financial Data from Integrated Systems. Banking transaction records, payment gateway records (such as Razorpay), marketplace transaction data (such as Amazon, Flipkart, and Shopify), point-of-sale (POS) data, invoices, and expense receipts.

2.3. Employee Expense Data. Expense receipts and related financial documents submitted by client employees via WhatsApp, Slack, or email integrations.

2.4. Contact Information. Name, email address, and phone number of authorised business representatives.

2.5. Website Analytics Data. Information collected via PostHog, including page views, session data, device information, and browsing behaviour on tryratio.io.

2.6. Cookies. We currently use essential cookies necessary for the functioning of our website. We may introduce marketing and retargeting cookies in the future, at which point this policy will be updated accordingly.

2.7. Financial Data as Sensitive Personal Data or Information (SPDI). Financial information collected by Ratio, including bank account details, payment instrument data, and transaction records, is classified as Sensitive Personal Data or Information (SPDI) under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Such data is collected only with your written consent, used strictly for the stated purpose, and protected with security practices compliant with these rules.

3. How We Collect Information

We collect information through the following channels:

3.1. Direct Collection. When you sign up for a demo, create an account, or communicate with our team, we collect the information you provide directly.

3.2. Integrations. When you connect your business systems to Ratio (such as bank accounts, payment gateways, marketplace accounts, and POS systems), we collect financial data through these integrations with your explicit authorisation.

3.3. Expense Collection Bots. Ratio provides expense collection through WhatsApp, Slack, and email integrations. Client employees forward expense receipts through these channels, and Ratio auto-categorises and extracts relevant data from the submitted documents.

3.4. Website. We collect analytics data automatically when you visit tryratio.io through PostHog and essential cookies.

3.5. WhatsApp Business API.Ratio uses the WhatsApp Business API to communicate with clients and collect expense data from client employees. Phone numbers and message metadata may be processed by Meta Platforms, Inc., a US-based entity. Users can opt out of WhatsApp communications at any time by sending "STOP" to the Ratio WhatsApp number. Ratio does not sell or share data obtained via WhatsApp with any third party.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1. Service Delivery. To provide bookkeeping, financial reporting, tax filing, GST compliance, TDS compliance, and other regulatory compliance services.

4.2. Data Processing and Reconciliation. To process, categorise, and reconcile financial transactions from multiple sources.

4.3. Expense Management. To auto-categorise and extract data from expense receipts submitted by client employees.

4.4. Communication. To contact authorised business representatives regarding service updates, account matters, and support.

4.5. Platform Improvement. To analyse website usage patterns and improve the Ratio platform and services.

4.6. Legal Compliance. To comply with applicable laws, regulations, and legal processes.

5. Data Storage and Security

5.1. Server Location.All client data is stored on Amazon Web Services (AWS) servers located in the Mumbai (Asia Pacific) region, India. In compliance with the Reserve Bank of India's directive on storage of payment system data, all financial and payment-related data is stored exclusively on servers located in India (AWS Mumbai, Asia Pacific region).

5.2. Encryption. All data is encrypted both at rest and in transit using industry-standard encryption protocols.

5.3. Per-Client Data Isolation.Client data is logically isolated on a per-client basis. No client's data is accessible to or shared with any other client.

5.4. Security Measures. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

5.5. CERT-In Compliance. In accordance with CERT-In Directions (2022), cybersecurity incidents are reported within 6 hours of detection. System logs are maintained for a rolling period of 180 days within India.

6. AI and Data Processing

6.1. No AI Training on Client Data. Ratio does not use client data to train any AI models. Your financial data is used solely for the purpose of delivering the services you have subscribed to.

6.2. Data Masking. Before any data is processed using AI models, strict encryption and data masking protocols are applied. This ensures that AI model providers do not receive identifiable client data.

6.3. On-Server Processing.All data processing, including AI-assisted processing, happens on Ratio's own servers. Client data is not shared with or transmitted to AI model providers in any identifiable form.

7. Cookies and Analytics

7.1. Essential Cookies. We use essential cookies that are necessary for the proper functioning of our website. These cookies do not track you for advertising purposes.

7.2. PostHog Analytics. We use PostHog to collect website analytics data, including page views, session information, and general usage patterns. This data helps us understand how visitors use our website and improve the user experience.

7.3. Future Cookies. We may introduce marketing and retargeting cookies in the future. If and when we do, this Privacy Policy will be updated, and you will be notified of any changes. Appropriate consent mechanisms will be implemented before any such cookies are deployed.

8. Third-Party Services

We use the following third-party services in the operation of our platform:

8.1. Amazon Web Services (AWS). We use AWS for data storage and infrastructure. Our servers are located in the AWS Mumbai (Asia Pacific) region. AWS is subject to its own privacy and security policies.

8.2. PostHog. We use PostHog for website analytics to understand how visitors interact with our website.

8.3. AI Model Providers. We use AI model providers for data processing assistance. However, strict guardrails are in place: all client data is encrypted and masked before any AI processing, and no client data is shared with or used to train AI models.

9. Data Sharing

9.1. No Third-Party Sharing. Ratio does not sell, rent, or share client data with third parties for their own purposes.

9.2. Service Providers.Data stored on AWS Mumbai servers is subject to AWS's security and privacy policies. However, Ratio maintains full control over client data and does not grant third parties access to it.

9.3. AI Processing Safeguards.Strict encryption and data masking ensures that AI model providers do not receive identifiable client data. All processing occurs on Ratio's own infrastructure.

9.4. Legal Requirements. We may disclose information if required to do so by law, regulation, legal process, or governmental request.

10. Data Retention

10.1. Active Clients. For active clients, data is retained for the duration of the service engagement.

10.2. After Termination. Following termination of services, clients have a period of thirty (30) days to export their data from the Ratio platform. After this 30-day window, all client data is permanently deleted from our servers.

10.3. Special Requests. For any special requirements related to data retention or deletion, please contact us at support@tryratio.io or info@tidalpeaklabs.com.

10.4. Regulatory Data Retention. Notwithstanding the above, certain financial and tax records (including GST returns, TDS certificates, and ITR filings) may be retained for up to 7 years as required under the Income Tax Act, 1961, even after termination of services.

11. Your Rights

As a user of the Ratio platform, you have the following rights regarding your data:

11.1. Right to Access. You may request access to the personal and financial data we hold about you or your business.

11.2. Right to Correction. You may request correction of any inaccurate or incomplete data we hold.

11.3. Right to Data Export. You may request an export of your data at any time during your active engagement with Ratio.

11.4. Right to Deletion. You may request deletion of your data, subject to any legal obligations that may require us to retain certain records.

11.5. Right to Withdraw Consent. Where processing is based on consent, you have the right to withdraw your consent at any time. To exercise any of these rights, please contact us at support@tryratio.io or info@tidalpeaklabs.com.

12. Employee Data

12.1. Scope of Collection. Ratio collects expense-related data from client employees via WhatsApp, Slack, and email integrations. This data collection is limited to expense receipts and related financial documents that employees forward through these channels.

12.2. Purpose. Employee expense data is collected solely for the purpose of expense management, categorisation, and reporting on behalf of the employing business (our client).

12.3. Data Controller. The client (employer) remains the data controller for employee expense data. Ratio acts as a data processor on behalf of the client.

12.4. Employee Rights. Employees of our clients who have questions about how their expense data is processed should contact their employer in the first instance. They may also reach out to us at support@tryratio.io.

13. Children's Privacy

Ratio's services are designed for businesses and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected data from an individual under 18, we will take steps to delete such data promptly.

14. Marketing Communications

14.1. Consent-Based Communication. Ratio only sends marketing communications to individuals who have signed up for a demo or otherwise provided explicit consent to receive such communications.

14.2. No Unsolicited Marketing. We do not send unsolicited marketing emails or messages. You will only receive marketing communications from us if you have voluntarily opted in by requesting a demo or subscribing to our communications.

15. Compliance with Indian Law

15.1. Digital Personal Data Protection Act, 2023. TidalPeak Labs is actively working towards compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act). This Privacy Policy will be updated as compliance measures are implemented and as the regulatory framework evolves.

15.2. Information Technology Act, 2000. We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as applicable to the collection, storage, and processing of personal and financial data.

15.3. Governing Law. This Privacy Policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka, India.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. Material changes will be communicated to active clients via email or through the platform.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was most recently revised.