KivoDesk
Get started
Legal

Privacy Policy

Last updated:

KivoDesk ("we," "our," or "us") is committed to protecting the privacy of your organization and its members. This Privacy Policy describes how we collect, use, store, and disclose information when you use our back-office platform at kivodesk.com and any associated APIs or services (collectively, the "Service").

Contents

  1. 1. Information We Collect
  2. 2. How We Use Information
  3. 3. Sharing and Disclosure
  4. 4. Data Retention
  5. 5. Security
  6. 6. Cookies and Tracking
  7. 7. Your Rights (DPDP Act)
  8. 8. Children's Privacy
  9. 9. Changes to This Policy
  10. 10. Contact Us

1. Information We Collect

Account and Organization Information

When you register, we collect your name, business email address, organization name, GSTIN (if applicable), and a password. Administrators may additionally provide a company logo, business address, PAN, and bank details for invoicing purposes.

Employee and HR Data

KivoDesk processes personal data on behalf of your organization for workforce management. This may include:

  • Full name, date of birth, gender, and contact details of employees
  • PAN and Aadhaar numbers (for statutory compliance only)
  • Bank account details for salary disbursement
  • Attendance records, shift logs, and leave history
  • Salary structures, EPF UAN, ESI IP numbers, and deduction history

You act as the data fiduciary for employee data and you are responsible for obtaining valid consent from employees prior to uploading their information to KivoDesk.

Financial and Billing Data

We store invoices, quotations, payment records, expense entries, and associated client details (name, GSTIN, billing address) that you create within the Service.

Usage Data

We automatically collect server logs, IP addresses, browser type, pages visited, session duration, and feature interaction data to operate, secure, and improve the Service.

Communications

If you contact us via email or in-app support, we retain a record of that correspondence.

2. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process payroll and generate GST-compliant invoices on your behalf
  • Compute statutory deductions (EPF, ESI, PT, TDS) accurately
  • Send transactional emails (invoice links, payslips, account notifications)
  • Authenticate users and enforce session security
  • Detect, investigate, and prevent fraud or unauthorized access
  • Comply with applicable Indian law (GST Act, EPF Act, ESI Act, IT Act 2000, DPDP Act 2023)
  • Improve features based on aggregated, anonymized usage analytics

We do not sell your personal data or employee data to third parties. We do not use employee data for our own marketing purposes.

3. Sharing and Disclosure

Service Providers

We engage trusted third-party service providers to operate the Service, including cloud hosting (database servers), transactional email services, payment gateways, and PDF generation utilities. These providers process data only on our instructions and are contractually bound to maintain confidentiality.

Within Your Organization

Admins and members within your KivoDesk workspace may access data according to the permissions you configure. You are responsible for managing member access roles appropriately.

Legal Requirements

We may disclose information if required to do so by law, court order, or a lawful request from a government authority under the Information Technology Act, 2000 or any successor legislation.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity, subject to the same privacy commitments set out in this policy.

4. Data Retention

We retain your organization's data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your data within 90 days, except where we are required by law to retain it for longer (for example, GST records may be required to be retained for 6 years under the CGST Act).

Employee payroll records may be retained in anonymized form to support compliance audits unless you request deletion within the legally permissible period.

5. Security

We implement industry-standard security measures to protect your data:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Bcrypt password hashing — we never store plain-text passwords
  • Role-based access control (RBAC) with scoped permissions
  • Periodic security reviews and dependency audits

No method of transmission over the internet is 100% secure. If you become aware of any breach or unauthorized use of your account, please notify us immediately at hello@kivodesk.com.

6. Cookies and Tracking

KivoDesk uses strictly necessary cookies to maintain your authenticated session (HTTP-only, Secure, SameSite cookies). We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies that share data with advertisers.

The landing page at kivodesk.com uses Google Fonts, which may set performance-related browser caches. No personal data is shared with Google through this integration.

7. Your Rights under the DPDP Act, 2023

India's Digital Personal Data Protection Act, 2023 ("DPDP Act") grants you the following rights with respect to your personal data:

  • Right to access — you can request a summary of the personal data we process about you.
  • Right to correction — you can ask us to correct inaccurate or incomplete personal data.
  • Right to erasure — you can request deletion of your personal data, subject to retention obligations under applicable law.
  • Right to grievance redressal — you can contact our Grievance Officer (details below) to raise a complaint, which we will acknowledge within 48 hours and resolve within 30 days.
  • Right to nominate — you may nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, email us at hello@kivodesk.com with the subject line "DPDP Rights Request." We will verify your identity before processing any request.

Grievance Officer: KivoDesk Support Team, hello@kivodesk.com

8. Children's Privacy

The Service is intended for use by businesses and is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (sent to the address registered with your account) and update the "Last updated" date at the top of this page. Continued use of the Service after such notice constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

We aim to respond to all privacy-related enquiries within 5 business days.