Privacy Policy

1. Who we are

FastLegal Technologies Private Limited ("Sanstha ERP", "we", "us") is a legal-technology company registered in India (CIN: U74999RJ2018PTC060472), with its registered office at S-226, Time Square, Central Spine, Vidhyadhar Nagar, Jaipur 302039, Rajasthan, India. We operate the Sanstha ERP software platform for temples, charitable trusts and NGOs at sanstha.fastlegal.in.

We are the Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 (DPDPA) for personal data processed through our platform.

2. Data we collect and why

3. How we store and protect your data

• All data is stored on servers located in India.
• Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access to your institution's data is restricted to authorised personnel only.
• We do not store payment card details — payments are processed by a PCI-DSS compliant payment gateway.
• We maintain audit logs of administrative access to production databases.

4. Who we share data with

We do not sell your data. We share data only with trusted processors required to operate the service:

• Cloud hosting providers (for data storage and compute)
• Email delivery services (for transactional emails)
• Payment gateway (for processing plan subscriptions)
• Analytics tools (usage data only — no personal financial data)

All processors are bound by data processing agreements. We do not share donor PAN numbers or financial records with any third party beyond what is required by Indian law (e.g., CBDT compliance).

5. Data retention

• Active account data is retained for the duration of your subscription plus 12 months after account closure.
• Financial records (receipts, donor data) are retained for 8 years after the financial year of creation, in line with Income Tax Act requirements.
• Demo enquiry data is deleted after 24 months if no account is created.

6. Your rights under DPDPA 2023

As a data principal, you have the right to:

• Access — request a summary of personal data we hold about you
• Correction — request correction of inaccurate data
• Erasure — request deletion of personal data (subject to legal retention obligations)
• Data portability — export your institution's data in CSV or PDF format at any time from the dashboard
• Grievance redressal — raise a complaint with our Data Protection Officer

To exercise any right, email support@fastlegal.in with the subject line "DPDPA Request". We will respond within 30 days.

7. Cookies

We use essential cookies to keep you logged in and session cookies for security. We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser settings; however, the application may not function correctly without session cookies.

8. Changes to this policy

We will notify registered users by email at least 15 days before any material change to this policy. The effective date at the top of this page will be updated accordingly.

9. Contact and grievance redressal

If your grievance is not resolved within 30 days, you may escalate to the Data Protection Board of India once constituted under the DPDPA 2023.