Privacy Policy

Clorvia is a software-as-a-service product operated by EvolvePro Tech Solutions Pvt. Ltd., an Indian private limited company ("EvolvePro", "we", "us", "our"). The service is available at https://clorvia.com with the application at app.clorvia.com.

For the personal data we collect about you as our customer or visitor, EvolvePro is the Data Fiduciary under India’s Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the Data Controller under the EU General Data Protection Regulation ("GDPR"), where the GDPR applies.

• [Registered office: city, State, India]
• General contact: support@clorvia.com
• Privacy and data protection: privacy@clorvia.com

We collect the following categories of personal data:

• Account data: your name, email address, mobile number, password (stored only in hashed form), business name, GSTIN and role within your organisation.
• Business data: details you add to set up your account, such as your firm’s address, place of business, bank account details for invoices, and authorised team members.
• Billing and payment data: your subscription plan, invoices we raise to you, and payment confirmations. Card, UPI and bank details for paying us are collected and processed directly by our payment gateway, Razorpay; we do not store your full card or UPI credentials.
• Usage and device data: log data, IP address, browser and device type, pages visited, feature usage and timestamps.
• Cookies and similar technologies: used to keep you signed in, remember preferences and understand how the service is used. See our Cookie Policy.
• Support data: messages, tickets and attachments you send us when you contact support.

Clorvia lets you store and manage your own business records — for example your customers, suppliers, items, invoices, ledgers and tax data. These records may contain personal data about your own customers and contacts.

For that data, you (our customer) are the Data Fiduciary / Data Controller and we act only as a Data Processor on your behalf. We process this data solely to provide the service, following your instructions and this policy, and we do not use it for our own purposes.

You are responsible for collecting that data lawfully, for having a valid basis to process it, and for responding to the rights requests of the individuals whose data you store. We will assist you, to the extent reasonably possible, in meeting those obligations.

We use your personal data to:

• Create and manage your account and provide the Clorvia service, including billing, invoicing and accounting features.
• Process your subscription payments and send you invoices and renewal reminders.
• Provide customer support and respond to your queries.
• Keep the service secure, prevent fraud and abuse, and maintain availability and backups.
• Comply with our legal obligations, including under GST law, the Companies Act and applicable tax and accounting rules.
• Send you service and transactional messages, and (with your consent, where required) product updates and offers.
• Improve and develop the service using aggregated or de-identified information.

Under the DPDP Act, we process your personal data on the basis of your consent or, where permitted, for the "certain legitimate uses" recognised by the Act (such as a purpose for which you have voluntarily provided data and not objected). You give consent when you sign up and accept this policy and our Terms.

Under the GDPR, where it applies, our lawful bases are: performance of our contract with you (to provide the service and process payments); compliance with a legal obligation (such as tax record-keeping); our legitimate interests (to secure, support and improve the service); and your consent (for non-essential cookies and marketing).

Where we rely on consent, you may withdraw it at any time. Withdrawing consent does not affect processing already carried out, and some features may stop working if the data is essential to them.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you and a summary of how it is processed.
• Correction and updating of inaccurate, incomplete or outdated data.
• Erasure of your personal data where it is no longer needed and we are not legally required to retain it.
• Withdraw consent at any time, where processing is based on consent.
• Grievance redressal — to raise a complaint with our Grievance Officer (see below).
• Nominate another person to exercise your rights in the event of your death or incapacity (DPDP Act).
• Data portability and the right to object or restrict processing, where the GDPR applies.

To exercise any right, write to privacy@clorvia.com. We may need to verify your identity first and will respond within the timelines required by law. If your request concerns business records that another Clorvia customer controls, we will direct you to that customer, who is the controller of that data.

Clorvia is a business tool intended only for users aged 18 and above. Under the Indian Contract Act, 1872 a minor cannot enter into a contract, and the DPDP Act treats anyone under 18 as a child.

We do not knowingly create accounts for, or knowingly collect personal data from, children. We do not carry out tracking, behavioural monitoring or targeted advertising directed at children.

If you believe a child has provided us personal data, contact privacy@clorvia.com and we will delete it promptly.

We do not sell your personal data. We share it only with trusted service providers who help us run Clorvia, and only as needed to provide the service:

• Payment processing: Razorpay (for subscription payments via card, UPI, netbanking and similar methods).
• Cloud hosting and infrastructure: our hosting provider, with data hosted in India.
• Email and communications: our transactional email and messaging providers, to send account, support and billing messages.
• Analytics and security tools: to monitor performance, detect abuse and keep the service safe.

These providers act as our processors (sub-processors for your business records) under contractual confidentiality and security obligations. We may also disclose data where required by law, court order or a valid request from a government or regulatory authority, and to protect our rights, users and the security of the service. A current list of key sub-processors is available on request at privacy@clorvia.com.

We store your data on infrastructure located in India. Some of our service providers may process limited data outside India.

Where personal data is transferred outside India, we do so only to countries not restricted by the Central Government under the DPDP Act, and subject to appropriate safeguards.

Where the GDPR applies and personal data is transferred outside the European Economic Area, we rely on recognised transfer mechanisms such as the European Commission’s Standard Contractual Clauses, together with appropriate technical and organisational safeguards.

We keep your personal data only for as long as your account is active and for as long as needed for the purposes set out in this policy.

After you close your account or withdraw consent, we delete or anonymise your personal data within a reasonable period, except where we must keep it to meet legal obligations. Invoicing, tax and accounting records are typically retained for the period required under GST law, the Companies Act and other applicable laws (generally up to 8 years).

Backups are retained for a limited period on a rolling basis and are then overwritten or deleted. For business records you control, we follow your instructions, including deletion on request, subject to our legal retention duties.

We maintain reasonable security safeguards as required by the DPDP Act and the IT Act, 2000 and the SPDI Rules, 2011. These include:

• Encryption of data in transit (TLS) and protection of stored credentials (passwords are hashed).
• Access controls, role-based permissions and the principle of least privilege for our staff.
• Network protections, monitoring, logging and regular backups.
• Contractual security obligations on our service providers.

No method of transmission or storage is completely secure. If a personal data breach occurs, we will notify the Data Protection Board of India, affected individuals, and (where the GDPR applies) the relevant supervisory authority, in line with the timelines and requirements of applicable law.

If you have any question, request or complaint about your personal data or this policy, please contact us first:

• Email (privacy and data protection): privacy@clorvia.com
• General support: support@clorvia.com

Grievance Officer / Data Protection Officer (as required under the DPDP Act, the IT Act and, where applicable, the GDPR):

• [Grievance Officer: name]
• [Designation]
• Email: privacy@clorvia.com
• [Postal address: registered office, city, State, India]

We aim to acknowledge grievances promptly and resolve them within the timelines prescribed by law. If you are in India and remain unsatisfied, you may approach the Data Protection Board of India. If the GDPR applies to you, you may also lodge a complaint with your local data protection supervisory authority.

We may update this Privacy Policy from time to time to reflect changes in our service, technology or the law.

When we make material changes, we will update the "last updated" date and, where appropriate, notify you by email or through the app.

Your continued use of Clorvia after an update means you accept the revised policy. This policy was last updated in June 2026.