Legal · Compliance

Compliance & Certifications

SaathiX operates as a technology intermediary and SaaS provider under Indian law. This page summarises the regulatory frameworks we comply with and the certifications we hold.

Last updated 1 July 2026 8 sections compliance@saathix.com
1

GST & tax compliance

  • Registered under CGST Act 2017 · GSTIN 09KAQPK7972F1ZS (Uttar Pradesh).
  • Invoice format aligned with Rule 46 of the CGST Rules 2017.
  • E-invoice (IRN/QR) generation compatible with the NIC IRP schema for eligible taxpayers.
  • GSTR-1 and GSTR-3B report generation aligned with the current GSTN return formats.
  • Invoice retention for 8 years as required under Section 36 of the CGST Act.
2

Data protection (DPDP Act 2023)

  • Designated Data Protection Officer: dpo@saathix.com.
  • Consent-based processing with granular, withdrawable consent.
  • Data localisation: all Indian Data Principal data stored in India.
  • Breach notification within 72 hours to the Data Protection Board of India.
  • Data-principal rights (access, correction, erasure, grievance) supported via in-app requests.
3

IT Act 2000 & IT Rules 2021

  • Registered as an Intermediary under Section 2(1)(w) of the IT Act 2000.
  • Grievance Officer appointed and contactable at grievance@saathix.com.
  • Grievance acknowledgement within 24 hours; resolution within 15 days.
  • Compliance report published as required for Significant Social Media Intermediaries — not applicable at current scale, disclosed for transparency.
4

Consumer Protection Act 2019

SaathiX complies with the Consumer Protection (E-Commerce) Rules 2020 where applicable, including transparent pricing, return/refund disclosure, and grievance redressal within the mandated timelines. See our Refund Policy for specifics.

5

MSME disclosure

SaathiX Technologies is a registered Micro/Small Enterprise under the MSMED Act 2006. In line with Section 43B(h) of the Income Tax Act, we settle valid vendor invoices within 45 days.

6

Security & industry standards

  • ISO/IEC 27001:2022 aligned (certification in progress).
  • SOC 2 Type I readiness (targeted FY 2026-27).
  • Quarterly VAPT by a CERT-In empanelled auditor.
  • Payment integrations use PCI-DSS certified partners (Razorpay, PhonePe). SaathiX does not store card data.
7

Accessibility

The SaathiX web and mobile interfaces target WCAG 2.1 Level AA. We are progressively improving keyboard navigation, colour contrast, and screen-reader support. Report accessibility issues to accessibility@saathix.com.

8

Intellectual property & trademarks

'SaathiX', the SaathiX logo, and 'SaathiX ERP' are trademarks of SaathiX Technologies. Unauthorised use is prohibited. Third-party marks (Razorpay, PhonePe, WhatsApp, Zomato, Swiggy, Amazon, etc.) belong to their respective owners and are used solely for identification.

Questions on this policy?

Reach the SaathiX legal and privacy desk at compliance@saathix.com. We respond within 2 working days.