Back to HomeKordex

Privacy Policy

Last updated: January 16, 2026

At Kordex (“we”, “our”, or “us”), we are committed to protecting your privacy and ensuring the security of your personal and business information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based ERP software and related services (collectively, the “Service”).

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Service:

  • Account Information: Name, email address, password, phone number, company name, and business address
  • Business Information: GSTIN, PAN, TRN (Tax Registration Number), bank account details, and tax registration documents
  • Transaction Data: Invoices, quotations, purchase orders, customer and vendor information, product catalogs, and inventory data
  • Financial Data: Accounting entries, payment records, and financial reports
  • Communications: Support tickets, feedback, and correspondence with our team

1.2 Information Collected Automatically

When you access our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent, and interaction patterns
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Cookies and Tracking: Session cookies, authentication tokens, and analytics data

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our ERP software features
  • Account Management: To create and manage your account, authenticate users, and provide customer support
  • Tax Compliance: To generate GST/VAT compliant invoices and reports as required by Indian and UAE tax authorities
  • Communications: To send service updates, security alerts, and promotional materials (with your consent)
  • Analytics: To understand usage patterns and improve our Service
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

3. Data Sharing and Disclosure

We do not sell your personal or business data. We may share information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in operating our Service (e.g., cloud hosting, payment processing, email delivery)
  • Legal Requirements: When required by law, court order, or government authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

3.1 Third-Party Services

Our Service integrates with the following third-party services:

  • Cloud Infrastructure: We use secure cloud providers (AWS/Google Cloud) for data storage and processing
  • Payment Processing: Payment information is processed by PCI-DSS compliant payment gateways
  • Analytics: We use analytics tools to understand Service usage (data is anonymized where possible)

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access controls and multi-factor authentication
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Data Backup: Automated backups with secure off-site storage
  • Incident Response: Documented procedures for security incident handling

5. Data Retention

We retain your data for as long as your account is active or as needed to provide our Service. Specifically:

  • Account Data: Retained while your account is active and for 90 days after deletion request
  • Transaction Data: Retained for 8 years to comply with Indian and UAE tax regulations
  • Usage Logs: Retained for 12 months for security and analytics purposes

After the retention period, data is securely deleted or anonymized.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Export: Request your data in a portable format
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, please contact us at privacy@kordex.app.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for Service functionality (authentication, security)
  • Analytics Cookies: To understand how users interact with our Service
  • Preference Cookies: To remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect Service functionality.

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Data processing agreements with all service providers
  • Compliance with applicable data protection laws
  • Use of secure data centers with appropriate certifications

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a notice within the Service

Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

12. Jurisdiction-Specific Provisions

For Users in India

We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Your data is primarily stored and processed in India.

For Users in UAE

We comply with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and related regulations. Data may be stored in UAE-based data centers where available.

By using Kordex, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service.

Terms of Service →Contact Us →