Skip to content
KB

Pick a PIN to unlock the app on this device.

Enter your PIN again to confirm.

Welcome back to Ketpy Book.

🔒

Too many wrong attempts. Try again in seconds.

KB
Ketpy Book
Legal & Trust

The fine print, in plain English.

Every legal document we publish, with a one-paragraph summary up top — so you know what you're signing before you scroll the formal version.

🇮🇳
Hosted in India
DPDP
2023 compliant
TLS 1.3
In transit
AES-256
At rest
Documents

Every legal page in one place.

📜
Terms of Service

The agreement between you and Ketpy Book when you use the platform.

What you can and can't do, our liability limits, governing law (Gurugram).
Read full document →
🔒
Privacy Policy

What data we collect, why, how long, and your rights.

We collect what we need to deliver the service. We never sell or share data. India-hosted.
Read full document →
🇮🇳
DPDP / Data Protection

How we comply with the Digital Personal Data Protection Act 2023.

Your rights as a Data Principal — access, correction, erasure — and our role as Data Fiduciary.
Read full document →
💳
Refund Policy

When, how, and how much you can get refunded.

30-day no-questions refund. After that, pro-rata for unused months on annual plans.
Read full document →
Cancellation Policy

How to cancel, and what happens after.

One-click cancel anytime. Data retained for 90 days, then permanently deleted.
Read full document →
🍪
Cookies Policy

What cookies we set and why.

Essential session + CSRF cookies only. No third-party trackers, no ad cookies.
Read full document →

All documents last updated 08 May 2026. We notify customers in-app + by email at least 14 days before any material change.

Trust

How we protect your data & books.

🇮🇳

India-hosted

AWS Mumbai region (ap-south-1). Your data never leaves India unless we explicitly tell you (e.g. for an integration partner you opt into).

🔐

Encrypted everywhere

TLS 1.3 in transit, AES-256 at rest, encrypted backups. Database snapshots taken every 24 hours, retained 30 days.

👤

Tenant isolation

Multi-tenant by design — every query is scoped to your tenant's ID. Audited monthly to prevent cross-tenant leaks.

🛡

OTP + 2FA

6-digit email OTP on signup. Optional TOTP 2FA on Pro. Suspicious login alerts to your registered email.

📤

Export anytime

One-click export of your full books to Excel + JSON, anytime. No held data, no held hostage.

🧯

Audit logs

Every change in your tenant — who, when, what. Pro tier retains 24 months; Lite retains 90 days.

🚨

Breach disclosure

If a security incident affects your data, we will notify you within 72 hours per DPDP Act 2023.

💼

GDPR-aware

Even though our customers are India-only, we follow GDPR-grade engineering practice for data subjects.

🔍

SOC 2 Type II

Audit underway. Target completion Q4 2026. Penetration test report available under NDA today.

Compliance

Where we stand today.

DPDP Act 2023
Compliant
GST Suvidha (e-Invoice)
IRP-integrated
PCI-DSS
Razorpay (we don't store card data)
🟡
SOC 2 Type II
Audit in progress
🟡
ISO 27001
Q2 2027 target
CERT-In
Reporting partner since 2026
India data residency
AWS Mumbai (ap-south-1)
Aadhaar KYC partner
Optional, opt-in only
Data requests & disclosures

One inbox handles it all.

For DPDP / privacy-related requests, security disclosures, grievance redressal, or any legal question — one email handles all of it. Replies usually come within 1 working day; DPDP requests honoured within the statutory 30 days.

Write to
team@ketpy.com

Mention "DPDP", "Security", or "Grievance" in the subject so we route it to the right specialist on day one.

Common legal questions

The kind of thing you'd normally need to email a lawyer to ask.

Where is my data stored? +
AWS Mumbai region (ap-south-1) — physical servers in Mumbai, India. Data never leaves the country unless you explicitly opt into an international integration partner.
Who owns the data in my tenant? +
You do, fully. We are a Data Processor on your behalf (you are the Data Fiduciary under DPDP). One-click export to Excel + JSON anytime — see Privacy Policy section 5.
Can I get a Data Processing Agreement (DPA)? +
Yes. Email team@ketpy.com with your company GST + signing authority — we send a pre-filled DPA the same business day. No separate fee for any plan tier.
How long do you keep my data after I cancel? +
90 days in cold backup, then permanently deleted. You can request immediate deletion via email; we'll process within 7 working days and confirm in writing.
Do you share data with the GST department? +
Only when you explicitly trigger it — e.g. uploading GSTR-1, generating IRN. The submission goes to NIC / GSTN over the official APIs. We do not push data proactively.
What law governs disputes? +
Indian law. Jurisdiction is the courts of Gurugram, Haryana — see Terms of Service section 12. We will always attempt to resolve disputes amicably first.
Are you SOC 2 / ISO 27001 certified? +
SOC 2 Type II audit is underway (target: Q4 2026). ISO 27001 is on the roadmap for FY 2027. We can share our current penetration-test report under NDA on request.
How do I report a security vulnerability? +
Email team@ketpy.com. We respond within 24 hours. We have a private bug-bounty programme for serious findings — ranges from ₹5K to ₹2L depending on severity.

Questions we haven't covered?

Write to team@ketpy.com or use the contact form — usually a same-day reply during IST hours.

Contact us → Read Privacy Policy
📱

About the Ketpy Book App

A lightweight installable app for tenant access. Works on Android, iOS, Windows, macOS and Linux.

🔒 Safe by design: a PWA cannot read other apps' data or run code outside your browser sandbox. There are no security violations.
⏱ Heads up: install can take up to 30 seconds. Don't panic — the Ketpy Book icon will appear in your app drawer / home screen within 30 seconds of confirming.

Installing Ketpy Book…

Confirm the prompt on your device.

⏱ This can take up to 30 seconds. The icon will appear in your app drawer / home screen shortly — don't panic.