Data Security Policy

Privacy & Data Security Policy

Last Updated: February 20, 2026

At TheGSTCo ("we", "our", or "us"), operated by Aspera Technologies Private Limited, we are committed to protecting the privacy and security of our users ("you", "your", or "Taxpayers"). As a prospective / authorized GST Suvidha Provider (GSP) under the Goods and Services Tax Network (GSTN), we process your data with the highest standards of confidentiality and strictly in accordance with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

1. Information We Collect

To provide secure and compliant GST and business services, we collect the following categories of information:

  • Business & Identity Data: Name, PAN, GSTIN, business address, and contact details (email and phone number).

  • Financial & Tax Data: Sales registers, purchase registers, invoices, and other transactional data required solely for the preparation, reconciliation, and filing of GST Returns (e.g., GSTR-1, GSTR-2A, GSTR-3B) and e-Invoicing (IRN generation).

  • System & Access Logs: IP addresses, login sessions, browser types, API request/response metadata, and timestamps. This is collected to maintain an audit trail as required by the GSTN and CERT-In guidelines.

2. Strict Limitation on Data Usage (GSP Mandate)

We use your data exclusively to facilitate your GST compliance, API service delivery, and related operational assistance.

Strict Non-Solicitation Clause: In absolute compliance with GSTN guidelines, data exchanged, processed, or sourced from the GST System through our platform shall not be used for selling any financial products or services to taxpayers, either directly or indirectly through subsidiaries or parent companies. We do not monetize, sell, or rent your GST data.

3. Data Storage & Localization

  • Data Localization: All backend infrastructure, including servers, databases, and associated storage handling GST-related data, is based strictly within the physical territory of India.

  • Data Retention: API logs, ledgers, and transactional data are retained for a period of up to seven (7) years to comply with GSTN auditing requirements. System logs are retained for 180 days as mandated by CERT-In.

4. Data Security Measures (IT Act Compliance)

We implement robust, industry-standard security measures to protect your data against unauthorized access, alteration, or destruction:

  • Encryption: All data in transit is encrypted using secure protocols (TLS 1.2/1.3). Data at rest in our databases is encrypted using AES-256 standard encryption.

  • Access Control: Access to our database is strictly limited, role-based, and secured behind enterprise-grade firewalls within a Virtual Private Cloud (VPC).

  • Authentication: Access to the GST System via our APIs utilizes secure token-based authentication and license keys provided by the GSTN.

5. Sharing of Information

We do not share your personal or financial information with any third party, except in the following limited circumstances:

  • GSTN & Government Authorities: To facilitate your tax filings and comply with legal obligations.

  • Legal Mandates: If required to disclose data by court order, subpoena, or authorized government investigatory bodies (e.g., CERT-In) for the prevention or investigation of cyber incidents or fraud.

  • Authorized ASPs: If you access our GSP infrastructure via a third-party Application Service Provider (ASP) that you have explicitly authorized.

6. User Rights & Consent

By using TheGSTCo, you consent to the collection and processing of your data as outlined in this policy. You retain the right to:

  • Review and update your contact information.

  • Revoke API access permissions directly through the government GST portal at any time.

7. Grievance Redressal Mechanism

In accordance with the Information Technology Act, 2000, any complaints, security concerns, or grievances regarding the processing of your data should be addressed to our Grievance Officer:

Grievance Officer: Parth Ramchandra Gada Company: Aspera Technologies Private Limited



Get Started

WhatsApp Support