BlueprintBooks

Privacy Policy

Version 1.0Last updated: December 25, 2025

Your privacy is paramount. This policy explains how Blueprint Books collects, uses, and protects your personal information in compliance with GDPR and international data protection standards.

Your Privacy, Our Priority

We will never sell your data to third parties. Your information is encrypted, secured, and used solely to provide you with the best task management experience. You have full control over your data at all times.

Regulatory Compliance

Blueprint Books is committed to complying with applicable data protection laws including:

DPDP Act 2023

Digital Personal Data Protection Act, India

IT Act 2000

Information Technology Act, Section 43A

SPDI Rules 2011

Sensitive Personal Data Rules

GDPR

General Data Protection Regulation (EU)

Section 01

Information We Collect

1.1 Personal Information

We collect information necessary to provide and improve our services:

Account Information

  • Name
  • Email address
  • Phone number
  • Professional credentials

Profile Information

  • Professional type (CA/CS/CMA)
  • Institute Membership number
  • Workspace preferences

Business Data

  • Client information
  • Task details
  • Financial records
  • Documents

Technical Data

  • IP address
  • Browser type
  • Device information
  • Cookies

1.2 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can control cookie preferences through our Cookie Policy and Privacy Settings.

1.3 Sensitive Personal Data (SPDI)

As a practice management platform for professionals (CA, CS, CMA), we may process sensitive personal data and information as defined under the SPDI Rules 2011 and DPDP Act 2023:

Client Financial Identifiers

PANPermanent Account Number for tax identification
GSTINGST Identification Number for tax compliance
TANTax Deduction Account Number
CIN/LLPINCompany/LLP Identification Numbers
AadhaarOnly when legally required for specific filings
Bank DetailsFor payment reconciliation purposes

SPDI Protection Measures

  • All SPDI is encrypted using AES-256 encryption at rest and TLS 1.3 in transit
  • Access is restricted to authorized personnel on a need-to-know basis
  • We obtain explicit consent before collecting any SPDI
  • SPDI is never shared with third parties except as required by law
Section 02

How We Use Your Information

Your personal information enables us to deliver and enhance our services:

Service Delivery

Provide and maintain our task management platform

Communication

Send notifications, updates, and support messages

Security

Protect against unauthorized access and fraud

Compliance

Meet legal and regulatory requirements

Improvement

Analyze usage patterns and enhance features

Support

Respond to inquiries and provide assistance

Legal Basis (GDPR)

We process your data based on: Consent, Contractual necessity,Legal obligations, and Legitimate business interests.

Section 03

Your Privacy Rights Under GDPR

You have comprehensive rights regarding your personal data:

Right to Access

Article 15
Request Data Export

Request a copy of all personal data we hold about you.

Right to Rectification

Article 16
Update Profile

Correct any inaccurate or incomplete personal data.

Right to Erasure

Article 17
Request Deletion

Request deletion of your personal data ("right to be forgotten").

Right to Data Portability

Article 20
Download Data

Receive your data in a machine-readable format (JSON, CSV).

Right to Withdraw Consent

Article 7
Manage Consent

Withdraw consent for data processing at any time.

Section 04

Data Security & Protection

We implement industry-leading security measures to protect your information:

🔐

End-to-End Encryption

TLS/SSL for data in transit, AES-256 for data at rest

🛡️

Access Controls

Role-based permissions and multi-factor authentication

🔑

Two-Factor Auth

Optional 2FA/TOTP for enhanced account security

🔍

Regular Audits

Security assessments and penetration testing

☁️

Secure Infrastructure

Hosted on enterprise-grade cloud platforms

📊

Data Retention

Automatic deletion after account closure (with legal exceptions)

Data Breach Protocol

In the unlikely event of a data breach, we will notify affected users within 72 hoursand report to relevant supervisory authorities as required by GDPR.

Section 05

Contact & Complaints

For privacy-related questions or to exercise your rights, contact our Data Protection Officer:

Data Protection Officer

Email: krishnabizsolution@gmail.com

Response Time: Within 30 days (as required by GDPR/DPDP Act)

If your privacy concerns are not adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority or the Data Protection Board of India.

Take Control of Your Privacy

Manage your data preferences, download your information, or request account deletion.