Bhowra Technologies Private Limited (“Bhowra”, “we”, “us”) provides a cloud-based HRMS that helps organisations manage their human resources, and operates the website at bhowra.com. This Privacy Policy explains how we collect, use, share and protect personal information.
A user may be a Customer (an organisation that has agreed to use our Services) or an end user (for example, a Customer’s employee), and also a visitor to our website (together, “you”). For personal data we process on behalf of a Customer inside their HRMS account, the Customer is the data controller and Bhowra is the processor — please refer to that Customer’s own privacy policy and direct access/deletion requests to them. For data we collect directly on our website for marketing and communication, Bhowra is the controller. This policy does not cover Third Party Services you access through the Platform.
HRMS data. When a Customer uses the Platform, we process the personal information they and their end users provide, which may include name, contact details, date of birth, gender, nationality, job title, department, employee ID, address, family and dependent details, bank account and salary details, statutory identifiers and tax information, emergency contacts, and employment dates. We process this to provide the Services under our contract with the Customer.
Attendance logs. Where a Customer enables time & attendance, we process attendance records (including biometric device logs — employee/attendance ID and punch timestamps) to calculate attendance and payroll using the Customer’s configured rules.
Contact information. When you ask us about the Services, we may collect your name, email and phone number to respond to you. The basis for this is our legitimate interest in communicating with you.
As a processor, Bhowra collects and uses Customer data only per the Customer’s instructions, our agreement with the Customer, and applicable law. The Customer controls their account and its data; questions about specific settings or processing should be directed to the Customer’s administrator.
Service providers and sub-processors. We share personal information with vendors who perform services on our behalf, only as needed and under contract. They may not use the information for their own purposes. Our current sub-processors include:
| Sub-processor | Purpose |
|---|---|
| Microsoft Azure | Cloud hosting of the Bhowra platform |
| Microsoft (Graph / 365) | Transactional email from our website |
| Cloudflare | Bot protection (Turnstile) and security for our web forms |
We will add payment processing (e.g. Razorpay) when paid plans launch; during the free alpha we do not process payments. This list is kept current; for the latest version contact info@bhowra.com.
Business transfers. If Bhowra is involved in a merger, acquisition or sale of assets, your information may be transferred; you will be notified of any change in control or use of your personal information.
Legal disclosure. We may disclose personal information where required by law or to protect rights, safety, and the security of our systems. We require third parties to protect personal information and process it only on our instructions.
We retain data we process for Customers only as long as needed to provide the Services and to meet our legal obligations, resolve disputes and enforce our agreements. Backups are retained for up to 30 days. After a Customer terminates the Services, an automated process permanently deletes their data in the next deletion cycle; this cannot be reversed. We may retain anonymised and aggregated data, and contracts/billing records (at least 5 years), as permitted by law.
Data is hosted on Microsoft Azure, primarily in the Central India region. As we serve customers in other regions, we may use additional Azure regions; where personal data is transferred outside its region of origin (including outside the EEA), we apply appropriate safeguards, such as a recognised legal transfer mechanism, consistent with applicable law including the EU GDPR.
We implement and maintain security policies and access controls to protect personal information against unauthorised access, loss or disclosure, and limit access to personnel who need it and are bound by confidentiality. We will notify the relevant Customer without undue delay of any personal-data breach affecting data we process on their behalf, and cooperate in remediation.
Subject to applicable law, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to lodge a complaint with a data protection authority. To exercise these rights, contact info@bhowra.com. Where we process data on behalf of a Customer (your employer), please direct your request to that Customer.
Right to nominate (India / DPDP Act 2023). You may nominate another individual to exercise your rights in the event of your death or incapacity. We may verify such nominations before acting on them.
We may update this Privacy Policy from time to time. The current version is always posted at bhowra.com/privacy.html. We will provide notice of material changes via the website and, where applicable, by email; such changes take effect seven (7) days after notice.
Bhowra Technologies Private Limited
General: support@bhowra.com
Privacy / Grievances: info@bhowra.com