Terms & Conditions

Legal entity: Saha Software Services (Proprietorship). GSTIN: 19BHVPS0113B1ZE. Last updated: 19 April 2026.

These terms govern your use of MyOwnERP — a multi-tenant ERP platform that helps businesses manage invoicing, payments, KYC verification, GST compliance, bank reconciliation, payouts, and customer communication via WhatsApp, SMS, and email.

1. Acceptance of terms

By signing up or using MyOwnERP, you accept these terms on behalf of yourself and your business.
You confirm you are authorized to bind your business to these terms.
You must be at least 18 years old and legally capable of entering contracts.

2. Your responsibilities

Use the service only for lawful business purposes and provide accurate business, invoice, and customer information.
Obtain and honor customer consent/opt-ins for WhatsApp, SMS, and email messages; respect opt-outs promptly.
Comply with applicable payment, tax, and data protection laws in your jurisdiction (including DPDPA 2023 in India, GDPR in EU/UK, PDPA in Singapore, PDPL in UAE).
Maintain the security of your account credentials and restrict access to authorized staff.
Provide accurate KYC information (PAN, GSTIN, Aadhaar, bank account) when required for verification or compliance.
Ensure your business operates legally in your country of registration and you have the right to process customer data you upload.

3. Country of operation and data residency

During signup, you must accurately specify your business country of operation (India, UAE, Singapore, UK, US, EU, or Other).
Based on your country selection, we provision your isolated database and storage in the appropriate regional Cloudflare jurisdiction.
Your data does not move across regions; cross-region migration requires support intervention and may be subject to fees and legal review.
If you operate in multiple countries, you should create separate tenant accounts per country with isolated data, users, and billing.
For Indian businesses: you must have a valid GSTIN OR be GST-exempt by law. You consent to your data being stored in India per RBI Master Directions and DPDPA 2023.

4. Messaging and communications

We enable messaging through WhatsApp (via Meta Business API), SMS (via SMSCountry), and email (via AWS SES).
You must not use the service for spam, illegal content, harmful content, or content that violates Meta/SMS provider policies.
WhatsApp templates may require pre-approval from Meta; we may throttle or block abuse to protect deliverability.
SMS messages within India must comply with TRAI DLT regulations; sender ID and templates must be pre-registered.
You are responsible for obtaining recipient consent (opt-in) before sending marketing or promotional messages.

5. Payment collection (Razorpay/Cashfree)

Payment processing is performed by gateways you connect (Razorpay, Cashfree, or our partner sub-merchant accounts).
Gateway-specific terms and KYC requirements apply; you must comply with their policies.
For sub-merchants onboarded through MyOwnERP under our partner program: settlement happens directly to your bank account; we earn commission as disclosed.
Payment failures, chargebacks, refunds, and disputes are handled per the gateway's policies; we facilitate but do not adjudicate disputes.
You are responsible for paying all gateway fees, GST, and applicable taxes on transactions.

6. KYC verification (Surepass)

We use Surepass APIs for PAN, Aadhaar (OVSE), GSTIN, DigiLocker, and bank account verification.
Aadhaar verification follows UIDAI's Offline Verification framework; we do NOT store full Aadhaar numbers.
You authorize us to perform identity verification on your behalf for your customers, vendors, and stakeholders.
You are responsible for obtaining customer consent before initiating KYC verification.
KYC results are advisory; final acceptance/rejection decisions remain your responsibility.

7. GST compliance (WhiteBooks)

For Indian businesses, we use WhiteBooks (a licensed GST Suvidha Provider) for e-Invoice IRN generation and GSTR filing.
You must provide accurate GSTIN credentials (API access on the GST portal) to enable filing on your behalf.
You are responsible for the accuracy of all GST filings; we facilitate transmission but do not validate tax positions.
Late filing penalties, interest, or notices from GST authorities are your responsibility.

8. Account Aggregator (bank reconciliation — India only)

The bank reconciliation feature uses the Account Aggregator framework regulated by RBI.
You authorize MyOwnERP to initiate AA consent requests on your behalf, fetch bank statements per the consent terms, and store/process this data for reconciliation.
We are NOT a Financial Information User (FIU) ourselves. We use Setu (a regulated Technical Service Provider) who partners with RBI-licensed Account Aggregators (OneMoney, Finvu, Anumati).
You can revoke AA consent at any time through the AA's official portal, your MyOwnERP dashboard, or by emailing [email protected].
Upon revocation or consent expiry, all AA-fetched bank statement data is deleted within 30 days.
You are responsible for reviewing reconciliation results; the auto-match algorithm is advisory and may have errors.

9. Payouts (RazorpayX/Decentro)

For supplier payments and salary disbursement, we use RazorpayX or Decentro (subject to your selection).
Payouts are debited from your funded virtual account or current account — we do NOT hold or pool customer funds.
You are responsible for ensuring sufficient balance, accurate beneficiary details, and compliance with PMLA/anti-money-laundering regulations.
Failed payouts will be reversed per gateway policies; we facilitate but do not guarantee instant credit.

10. Service availability and changes

We provide the platform on a best-effort basis with target uptime of 99.5% (excluding scheduled maintenance).
We will provide reasonable advance notice for scheduled maintenance windows.
Features, pricing, and terms may change; material updates will be posted here or in-product with at least 30 days' notice.
We may suspend or terminate accounts for violations, fraud, security risk, or legal/regulatory requirements.
Sub-processor APIs (gateways, KYC, AA, etc.) may have their own availability SLAs that affect overall service.

11. Subscription, billing, and refunds

Subscription fees are billed monthly or annually as per your chosen plan.
Per-transaction usage fees (KYC verifications, SMS, WhatsApp, etc.) are billed monthly in arrears.
All fees are exclusive of GST and applicable taxes (added per Indian law for Indian customers).
Refunds are governed by our Refund Policy.
Non-payment may result in service suspension after 15 days' notice.

12. Data ownership, confidentiality, and zero-access architecture

You own 100% of your data. All business data, customer data, financial records, and bank statements uploaded or generated through MyOwnERP remain your sole and exclusive property.
We act strictly as a data processor (per DPDPA/GDPR terminology) for the data you control. We are NOT a data controller of your business data.
Zero-access architecture commitment: Our platform is designed so that data is accessed only through authenticated frontend applications by your authorized users. Backend administrators (including MyOwnERP staff) cannot view your business data in the normal course of operations.
Encryption-at-rest: All sensitive data is encrypted using AES-256-GCM. Bank statement data, KYC details, and credentials are stored in dedicated encrypted vaults.
Customer-managed encryption keys (BYOK): For enterprise customers, we offer Bring-Your-Own-Key (BYOK) encryption where you generate and upload your own encryption keys. With BYOK enabled, even MyOwnERP cannot decrypt your data without your active key. (Available on Enterprise plan.)
Support access: If you raise a support ticket requiring data access, we will request your explicit consent first. All such access is logged in an immutable audit trail visible to you.
Sub-processor access: Sub-processors (Cloudflare, Razorpay, Surepass, etc.) access only the minimum data necessary for their specific function and are bound by data processing agreements.
We will not disclose your data to third parties except as outlined in our Privacy Policy or required by law (in which case we will notify you unless legally prohibited).
Upon account termination, you may export your complete data within 30 days; afterwards we permanently delete it (subject to legal retention requirements such as tax records).

13. Security audits and certifications

We are committed to obtaining the following independent security certifications on the timeline below:
- VAPT (Vulnerability Assessment & Penetration Testing): Annual third-party VAPT report — first audit planned within 6 months of go-live.
- SOC 2 Type I: Targeted within 12 months of reaching 10 enterprise customers.
- SOC 2 Type II: Targeted within 18 months (continuous controls monitoring, 6–12 month observation period).
- ISO 27001:2022: Targeted within 18–24 months (often pursued in parallel with SOC 2 due to ~75% control overlap).
Customers may request the latest VAPT report and SOC 2 attestation under NDA.
We use Cloudflare's underlying infrastructure which is independently certified (SOC 2, ISO 27001, ISO 27018, PCI-DSS, FedRAMP).
For customers requiring immediate certified-platform assurance, we recommend reviewing our underlying Cloudflare certifications at cloudflare.com/trust-hub.
If your organization requires a certified platform before adopting MyOwnERP, you may continue using your existing reconciliation method (manual download/upload) and switch when our certifications are in place.

13. Intellectual property

MyOwnERP platform, logos, trademarks, and software are owned by Saha Software Services.
You receive a non-exclusive, non-transferable, revocable license to use the platform per these terms.
You may not reverse-engineer, copy, or resell the platform without written permission.

14. Liability

The service is provided "as is" without warranties of any kind, express or implied.
To the extent permitted by law, our total aggregate liability is limited to the fees you paid in the 3 months preceding the claim.
We are not liable for: gateway failures, carrier/network outages, KYC/AA provider downtime, government API failures, force majeure, misuse of your account, or indirect/consequential damages (lost profits, lost data, business interruption).
You agree to indemnify us against claims arising from your misuse, illegal activity, or breach of these terms.

15. Termination

You may cancel your subscription anytime via your dashboard or by emailing [email protected].
We may terminate accounts for material breach with 7 days' notice (or immediately for fraud/illegal activity).
Upon termination: outstanding fees become due, your data is exportable for 30 days, then deleted (subject to legal holds).

16. Governing law and dispute resolution

These terms are governed by the laws of India. Disputes shall first be attempted to be resolved through good-faith negotiation. Unresolved disputes shall be referred to arbitration under the Arbitration and Conciliation Act 1996 (India), with the seat of arbitration in Kolkata, West Bengal. Subject to arbitration, the courts of West Bengal shall have exclusive jurisdiction.

For non-Indian customers, parallel jurisdiction in your local courts is acknowledged where mandated by your local consumer protection laws.

17. Contact

General queries: [email protected]
Support: [email protected]
Privacy/data requests: [email protected]
Legal/grievance: [email protected]
Phone/WhatsApp: +91-8942904842
Address: Saha Software Services, Holding No. 742/266, Subashpally, Ward No. 16, Suri, Birbhum, West Bengal — 731101, India