DueDeck – Privacy & Data Protection Policy
Eligo Apptech. Pvt. Ltd.
Updated On: April 23, 2025
1. Introduction
Eligo Apptech Private Limited (“Eligo”, “we”, “us”, or “our”) is committed to protecting your privacy and handling personal data responsibly. This Privacy & Data Protection Policy explains how DueDeck — our CA Practice Management Software — collects, uses, protects and shares personal data of our customers.
This policy aligns with India’s Digital Personal Data Protection (DPDP) Act and follows best practices from international standards such as the General Data Protection Regulation (GDPR).
2. What Data We Collect
We only collect data necessary to deliver and improve our services. This may include:
- Name, email address and phone number
- Firm details and employee information
- Location data (only at the time of attendance marking)
- Bank details (via secure third-party integrations)
- Device, IP address and browser type for security purposes
3. Why We Collect This Data
We use your data to:
- Provide and maintain the DueDeck platform
- Support attendance and payroll functionality
- Communicate updates and product features
- Fulfill legal and regulatory requirements
4. Legal Basis & Consent
- We collect data with your consent, such as during sign-up or attendance marking.
- Consent may be withdrawn at any time, and you may request deletion of your data.
- If the customer provides employee data, they must ensure prior consent is obtained from those individuals.
5. Security Measures
DueDeck applies robust security practices:
- AES-256 encryption for data at rest
- TLS encryption for data in transit
- Role-Based Access Control (RBAC): Only authorized personnel can access client data
- Regular security reviews, internal audits and infrastructure monitoring
6. Use of Third-Party Subprocessors
We work with trusted third-party service providers to help deliver our services. These subprocessors are bound by strict data protection obligations. Key subprocessors include:
| Provider | Purpose | Location | Compliance |
| Let’s Encrypt | SSL/TLS Certificate Authority | San Francisco, California, USA | Operated by ISRG; adheres to industry-standard security practices. |
| DigitalOcean | Cloud Hosting & Storage | Global (including Bangalore, India) | ISO 27001, SOC 2/3, GDPR, EU-U.S. Data Privacy Framework compliant. |
| DigitalOcean Firewall | Network Firewall | Same as above | Inherits compliance certifications from DigitalOcean. |
| MSG91 | SMS Gateway | Indore, Madhya Pradesh, India | GDPR compliant; adheres to fair data protection practices. |
| Razorpay | Payment Processing | Bengaluru, Karnataka, India | PCI-DSS compliant; RBI-authorized Payment Aggregator. |
You may request a complete subprocessors list by contacting us.
Subprocessors have access only to the minimum data necessary for their function.
No subprocessor is authorized to use the data for their own purposes.
7. Data Retention & Deletion
- Data is kept only as long as necessary to fulfill service obligations.
- Upon request or account closure, personal data is securely deleted within 30 days, unless legal obligations require longer retention.
- Non-identifiable data may be retained for product improvement and analytics.
8. Breach Notification & Response Plan
In the event of a data breach:
- We will notify affected customers within 48 hours of detection.
- Details of the breach, impact and remedial actions will be shared.
- We will assist with compliance, reporting and client communication as required.
9. Your Rights as a User or Customer
You have full control over your data. This includes the right to:
- Access and update your personal or firm data
- Download your records from the platform
- Request deletion of your personal information
- Know which third parties may have access to your data
10. Cookies & Tracking Technologies
We use limited cookies to enhance user experience:
- Session cookies for secure login and navigation
- Persistent cookies to remember preferences
- Google Analytics (non-personal data only) for usage metrics
Users can manage cookie preferences through browser settings.
11. Changes to This Policy
We may update this policy from time to time. When significant changes are made, we will notify you via:
- In-app notification
- Website banner or policy update notice
We recommend reviewing this policy periodically.
Contact Us
For questions, feedback, or privacy-related requests, reach us at:
📧 Email: hello@duedeck.com
📍 Address: CTS No. 4727, Aspiro, Office No. 302, Opp Thyssnkrupp Company,
Station Road, Pune – 411018, Maharashtra, India
🌐 Website: www.duedeck.com