Legal
Effective date: 1 July 2025 · Last updated: 1 July 2026
Karva Technologies is committed to protecting your privacy. This policy explains what data we collect, how we use it, and the rights you have over your information.
Quick summary
Karva Technologies ("we", "us", "our") operates the growERP Eco-System platform, accessible at growsme.karvatechnologies.com. We are the data controller for personal data collected through this platform and the connected applications: HRMS, Digital Marketing, Digital Signage, and CRM. Registered office: G-14, Ground Floor, COXBIT, TNAU Campus, Coimbatore – 641 003, Tamil Nadu, India. Contact: admin@karvatechnologies.com
We collect the following categories of personal and business data: Account information • Full name, email address, phone number • Company name, company address, GST number Subscription and billing information • Selected subscription plan and billing history • Razorpay payment identifiers (we do not store card numbers or CVVs — these are handled by Razorpay) • GST tax invoices generated for your account Technical data • IP address, browser type, device information • Session and authentication tokens (stored as secure HttpOnly cookies) • Access logs (date, time, pages visited) Usage data within connected applications • Each product (HRMS, Digital Marketing, Digital Signage) stores its own application-specific data in its own database. That data is governed by this same policy.
We use collected data for the following purposes: • Account creation and authentication — to verify your identity across all products in the suite • Service delivery — to provide access to HRMS, Digital Marketing, Digital Signage and CRM based on your subscription entitlements • Billing and invoicing — to process payments, generate GST tax invoices, and manage your subscription • Email communications — to send verification emails, password reset links, and subscription-related notices • Security — to detect and prevent fraud, unauthorised access, and abuse • Product improvement — to analyse usage patterns and improve the platform (using aggregated, anonymised data) • Legal compliance — to fulfil obligations under Indian law including GST reporting We do not use your data for third-party advertising or sell it to any external parties.
We process your personal data on the following legal bases: • Contractual necessity — data required to deliver the Service you have registered for and paid for • Legal obligation — data required for GST compliance, tax records, and other regulatory requirements under Indian law • Legitimate interests — security monitoring, fraud prevention, and platform improvement • Consent — where you have provided explicit consent (e.g. marketing communications, if opted in)
We share your data only in the following circumstances: Razorpay — Payment processing. Your name, email, and phone are shared with Razorpay to facilitate payment. Razorpay is PCI-DSS compliant and governed by its own Privacy Policy. Connected applications — Your growERP account credentials and entitlements are shared with the HRMS, Digital Marketing, Digital Signage, and CRM systems operated by Karva Technologies to authenticate you across the suite. Legal obligations — We may disclose your data to government or regulatory authorities when required by Indian law, a court order, or to protect the rights and safety of Karva Technologies and its users. We do not share, sell, rent, or trade your personal data with any other third parties.
We retain your personal data for as long as your account is active and for a period thereafter as required: • Account data — retained for the duration of your account and for 3 years after account closure (for legal and billing dispute purposes) • Invoice and payment records — retained for 7 years as required by the GST Act and Income Tax Act • Session tokens — expire after 7 days of inactivity • Email verification tokens — expire after 24 hours • Password reset tokens — expire after 1 hour You may request deletion of your account and personal data at any time by emailing admin@karvatechnologies.com. Note that we may retain certain data as required by law even after account deletion.
growERP uses the following cookies: growerp_session — An HttpOnly, secure session cookie containing a signed JWT token. This is essential for authentication and cannot be disabled while using the platform. It expires after 7 days. We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify you individually. We may use aggregated, anonymous analytics in the future and will update this policy if we do.
We take appropriate technical and organisational measures to protect your data: • Passwords are hashed using bcrypt (cost factor 12) — we never store plaintext passwords • Session tokens are signed JWTs verified on every request • All data in transit is encrypted using TLS 1.2 or higher • Our MongoDB database is hosted on MongoDB Atlas with network access controls and encryption at rest • Rate limiting is applied to all authentication endpoints (login, registration, password reset) to prevent brute-force attacks • API keys issued to connected applications are stored securely and scoped to specific operations Despite these measures, no system is completely secure. We encourage you to use a strong, unique password for your growERP account.
Under applicable data protection principles, you have the following rights: • Right of access — request a copy of the personal data we hold about you • Right to rectification — correct inaccurate or incomplete data • Right to erasure — request deletion of your personal data (subject to legal retention requirements) • Right to data portability — receive your data in a structured, machine-readable format • Right to object — object to processing based on legitimate interests To exercise any of these rights, email admin@karvatechnologies.com with your registered email address. We will respond within 30 days.
The growERP Eco-System is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at admin@karvatechnologies.com and we will delete it promptly.
The growERP platform may contain links to third-party websites or services (e.g. the connected application portals at separate domains). This Privacy Policy applies only to the growERP Eco-System portal. We encourage you to review the privacy policies of any third-party services you access.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email to your registered address and update the "Last updated" date at the top of this page. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.
For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact: Data Grievance Officer Karva Technologies G-14, Ground Floor, COXBIT, TNAU Campus Coimbatore – 641 003, Tamil Nadu, India Email: admin@karvatechnologies.com We aim to respond to all privacy-related enquiries within 30 days.