Data Governance, Privacy & Security Protocols

CITCE Technologies Pvt. Ltd. processes enterprise accounting metadata under the principles of the Digital Personal Data Protection Act, 2023 (India): data minimization, purpose limitation, and auditable consent trails before any structured ledger export leaves the member's controlled environment.

All accounting data ingested via local sync tools undergoes automated, hardware-bound tokenization and field masking before transport. Identifiers such as GSTIN, PAN, phone numbers, and counterparty legal names are redacted or hashed at the edge; only scoped reconciliation keys required for dispute triage traverse encrypted channels.

CITCE Technologies does not own, trade, or monetize transactional ledger history. The data remains the exclusive property of the consenting enterprise. CITCE acts solely as a technical processor and reconciliation utility under member-authorized scope.

• Hardware-bound DPAPI sidecars on Windows bridge deployments protect local credential envelopes and sync state before cloud handoff.
• TLS 1.2+ in transit for all API and Edge Function payloads; secrets never embedded in client bundles.
• Row-level security (RLS) on every multi-tenant Postgres table — chamber-scoped, member-scoped, and sovereign-admin bypass paths are set-based and auditable.
• Sensitive identity metadata (charge registries, bank account names from public records) is isolated in encrypted containers with adjudicator-only controlled reveal pathways.

Enterprises may request erasure workflows aligned with statutory retention minimums. Soft-delete and archival flags support the right to erasure without breaking immutable financial audit chains where law requires retention.

Staff-level and financial mutations write to immutable operations audit trails — masked identifiers only in operator-facing logs.

Direct privacy and DPDP-related requests to support@citcetech.com. Registered office: D-336, Phase VIII, Focal Point, Ludhiana, Punjab 141010.