Privacy Policy
Last updated: October 25, 2025
At GoodPath, we take your privacy seriously. This policy explains what information we collect, how we use it, and the choices you have. It applies to our website, web app, PWA/Capacitor app, and related services.
If you have any questions, write to info@goodpath.in.
Information we collect
- Account & Profile: name, email, mobile number, organization, member/family information added by you or your admins.
- Financial entries: income/dues, expenses, receipts, references (e.g., UPI/bank ref), and audit logs that record who did what and when.
- Usage & device: pages visited, basic device/browser data, approximate location inferred from IP (for security and analytics).
- Files & media: images or documents you upload (e.g., profile/receipt images, bills).
- Support: emails or messages you send to us.
How we use information
- Provide and maintain GoodPath services (member management, accounting, events, reports).
- Process transactions, generate receipts, and maintain audit trails.
- Improve reliability, security, and performance; fix bugs and analyze usage trends.
- Communicate about service updates, policy changes, and important notices.
- Comply with legal obligations and enforce terms, including fraud prevention.
Legal Basis & Compliance
GoodPath complies with applicable data-protection laws, including the
Digital Personal Data Protection Act, 2023 (India) and the
General Data Protection Regulation (GDPR – EU/EEA).
Our privacy and security practices are also aligned with the
Data Security Council of India (DSCI) privacy and security frameworks.
We process personal data only where we have a valid legal basis. Depending on your jurisdiction, these may include:
- Consent: when you have given clear consent for us to process your data for a specific purpose.
- Contractual necessity: when processing is required to deliver or support the services you requested from GoodPath.
- Legitimate interests: when processing is needed for the operation, security, or improvement of GoodPath and does not override your privacy rights.
- Legal obligation: when we must comply with applicable laws, taxation, or audit requirements.
Under the DPDP Act 2023, GoodPath acts as a
Data Fiduciary, and you as a user are the Data Principal.
You have rights to access, correct, update, and request deletion of your personal data,
and to withdraw consent at any time. We honor these rights consistent with both the
DPDP Act 2023 and GDPR Articles 12 – 23.
For any privacy-related requests, including exercising your data rights,
please write to info@goodpath.in.
Cookies & app storage
- We use essential cookies/session storage for sign-in and security (e.g., session IDs, CSRF tokens).
- Our PWA/Capacitor app may cache content locally so the app loads faster and works reliably on mobile.
- Optional analytics (if enabled) are privacy-minded and aggregated; we do not sell your personal data.
- You can control cookies in your browser settings. Disabling essential cookies may limit functionality.
Payments
GoodPath can record payment references (e.g., UPI IDs or bank references) for reconciliation and receipts. We do not store full card numbers or sensitive payment credentials on our servers.
Sharing & disclosures
- Within your organization: admins and authorized members can view data based on role permissions.
- Service providers: we may use trusted vendors for hosting, storage, or analytics under confidentiality and data-protection obligations.
- Legal: we may disclose information if required by law or to protect rights, safety, and security.
- No selling: we do not sell your personal data.
Security
- Transport encryption (HTTPS) and secure session handling (HttpOnly, SameSite where supported).
- Role-based access and audit logs for key actions.
- Backups and recovery processes appropriate to our service tier.
- While we work to protect your data, no method is 100% secure; please use strong, unique passwords and keep them confidential.
Data retention
We retain information for as long as your account is active or as needed to provide the service and meet legal, tax, and audit requirements. You may request deletion of certain data; some records (e.g., financial logs) may need to be retained to comply with law.
Your rights
Depending on your region, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at info@goodpath.in. We may ask you to verify your identity before fulfilling a request.
Children’s privacy
GoodPath is intended for organizational use. If we learn that a child’s personal data was provided without appropriate consent, we will take steps to delete it. If you believe this happened, please contact us.
Changes to this policy
We may update this policy from time to time. We will post changes on this page and update the “Last updated” date. Significant changes may also be communicated via email or in-app notice.
