Your Privacy Matters to Us

PDM Books ("we", "us", "our") is a cloud-based business management and accounting platform designed for small and medium-sized enterprises. PDM Books is operated by Techni-kali IT, a software services company.

When you register and use PDM Books, you enter into a data controller/processor relationship with us as described in this policy. Your business data remains yours � we process it solely to deliver our services to you.

We collect the following categories of data when you use PDM Books:

We use the data we collect for the following purposes:

• Service delivery: Providing all accounting, finance, inventory, payroll, and HR functionality you have subscribed to.
• Account management: Creating and maintaining your account, enforcing roles and permissions, and scoping data to your business or branch.
• Billing & subscriptions: Managing your subscription plan, processing payments, issuing receipts, and enforcing feature limits per plan.
• Security & fraud prevention: Detecting unauthorized access, logging audit trails, enforcing rate limits, and investigating abuse.
• Communications: Sending transactional emails (e.g. invoice delivery to your customers on your behalf, password resets, system notifications). We do not send unsolicited marketing emails.
• Support: Responding to your support requests and improving our service based on your feedback.
• Legal compliance: Meeting our obligations under applicable law, including responding to lawful requests from authorities.
• Platform improvement: Using aggregated, anonymized analytics to improve product features and performance. We do not sell your individual data.

Where data protection law requires a legal basis for processing, we rely on the following:

• Contract performance: Processing your account and business data is necessary to provide the services you have contracted with us for.
• Legitimate interests: Security monitoring, fraud prevention, audit logging, and platform analytics � balanced against your privacy rights.
• Legal obligation: Retaining certain financial records to comply with applicable accounting, tax, and financial reporting laws.
• Consent: Where you have explicitly opted in (e.g. optional marketing communications, if offered).

We do not sell your personal or business data. We may share data with trusted third parties only as follows:

• Cloud infrastructure & hosting: Your data is hosted on reputable cloud providers who are contractually bound to process data only on our instructions and maintain appropriate security standards.
• Email delivery services: Transactional emails are sent via trusted email service providers who act as data processors.
• Payment processors: If you pay for a subscription via our platform, payment is handled by a PCI-DSS compliant processor. We do not store full card numbers.
• Legal authorities: Where required by law, court order, or regulatory obligation, we may disclose data to competent authorities. We will notify you where legally permitted.
• Business transfers: In the event of a merger or acquisition, your data may transfer as part of that transaction. You will be notified before your data is subject to a different privacy policy.

• Active accounts: All data is retained for the lifetime of your subscription.
• Financial records: Retained for a minimum of 7 years in line with tax and financial reporting requirements.
• HR & payroll records: Retained for a minimum of 5 years after the employment relationship ends, or as required by applicable labour law.
• Audit logs: Retained for a minimum of 2 years.
• After cancellation: Data is retained for 90 days to allow account recovery or export requests. After this period, data is deleted or anonymized except where legally required otherwise.
• Support communications: Retained for 3 years after resolution.

• Encryption in transit: All communication uses TLS 1.2+ (HTTPS).
• Encryption at rest: Sensitive data fields are encrypted at the database level where applicable.
• Access control: Role-based permissions ensure users can only access data they are authorized for.
• Two-factor authentication (2FA): Available for all user accounts and strongly recommended.
• Audit trails: System activity logs record who did what and when.
• Regular backups: Your data is backed up regularly to protect against loss.
• Vulnerability management: We conduct periodic security reviews and apply security patches promptly.

PDM Books uses a minimal set of cookies necessary to operate the application:

• Session cookies: Required to keep you logged in. Deleted when you log out or close your browser.
• CSRF tokens: Protect forms from cross-site request forgery attacks. These are security-essential.
• Remember-me cookies: Optional persistent cookie if you choose "remember me" on login. Deleteable at any time via browser settings.

We do not use advertising cookies, third-party tracking pixels, or behavioural profiling technologies.

Subject to applicable data protection law, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate data. Most account data can be updated via your profile settings.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
• Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.

PDM Books is a business platform intended exclusively for adults (18+) in a commercial or professional context. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently done so, please contact us and we will delete it promptly.

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or new product features. When we make material changes:

• We will update the "Last updated" date at the top of this page.
• We will notify active users via email or in-app notification at least 14 days before the change takes effect.
• For significant changes, we may require re-acknowledgement before continuing to use the service.

Continued use of PDM Books after the effective date constitutes acceptance of the updated policy.

For any privacy-related questions, data requests, or concerns: