When you use Quicko’s GSP services, you trust us with your data. We’re committed to keeping that trust.
This policy outlines the data we collect through our GST Suvidha Provider (GSP) services, how we use and protect it, and your choices as a user. We encourage you to read this alongside our GSP Terms of Use.
Applicability
This Privacy Policy (“Policy”) applies to your use of GSP services provided by Quicko Infosoft Private Limited (“Quicko”, “we”, “us”, or “our”) in its role as a GST Suvidha Provider (GSP) authorised by the Goods and Services Tax Network (GSTN).
This includes any access to APIs, applications, integrations, or portals developed or facilitated by Quicko to interact with the GST System. It covers all data collected, processed, or transmitted for the purpose of GST compliance and API service delivery.
What information we collect
To provide secure and compliant access to the GST System, we collect specific categories of information depending on how you interact with our services.
API Transaction Metadata:
When a user, third-party application, or integrator calls a GST API through our platform, we collect metadata such as HTTP headers, request and response timestamps, the status of the API call (e.g., success, failure, timeout), the application ID, and license or sub-license key used for access. This data helps us track usage, detect errors, and maintain audit trails.
Taxpayer Data (where applicable):
If you access Quicko’s GSP Application directly (such as to file GST returns or upload invoices), we may collect your GSTIN, PAN, invoice-level data, return filing details, and taxpayer registration information. This data is collected only with your explicit consent, and only for the purpose of facilitating your GST compliance.
System and Access Logs:
In accordance with CERT-In guidelines, we also collect access logs such as device or browser identifiers, IP addresses, login sessions, system activities, and administrative actions. These logs are used for incident response, forensic audits, and compliance reporting.
Quicko does not collect unrelated personal data for advertising, marketing, or profiling purposes within the scope of GSP services.
How we use such information
We use the information we collect only to deliver secure, lawful, and efficient GST services.
To authenticate users and enable secure access to the GST network.
To maintain system performance and ensure service availability
To comply with legal obligations under GSTN and CERT-In regulations
To support audits, forensic analysis, and incident response
We never sell or share your data for commercial use. Your data is processed strictly to provide the services you opt in for, and always in compliance with applicable laws.
How we protect your Information
Protecting your data is central to how we operate. We implement robust, industry-standard security controls at every level.
Certified Infrastructure & Audits
We conduct annual security audits through CERT-In empaneled auditors, in compliance with ISO/IEC 27001:2013 standards. We resolve any findings before deploying or continuing services.
Encryption & Secure Transmission
All data exchanged via GSP APIs is encrypted using secure transmission protocols (e.g., HTTPS, TLS). This ensures privacy and data integrity in transit.
Strict Access Controls
Access to GSP services is authenticated using secure license and sub-license keys. Session tokens are issued and managed based on API type and user role.
Retention as per Regulations
Transactions, Ledgers and API logs are securely stored for seven (7) years, in compliance with GSTN Guidelines.
System and ICT logs are retained for 180 days, as mandated by CERT-In, and stored entirely within Indian jurisdiction.
Real-Time Monitoring
We actively monitor all GSP infrastructure for suspicious or unauthorized activity. Any confirmed security incident is escalated and reported to authorities as required.
We retain certain data to comply with legal obligations, ensure regulatory compliance, and maintain the integrity and security of our services:
To meet GST compliance requirements: We securely retain transactional data, including ledgers and API logs, for seven (7) years, as required by the Goods and Services Tax Network (GSTN) Guidelines.
To ensure system security and auditability: We retain system and ICT (Information and Communication Technology) logs for a period of 180 days, in accordance with the directives of the Indian Computer Emergency Response Team (CERT-In). These logs are stored entirely within India.
All retained data is safeguarded using industry-standard security practices to maintain its confidentiality, integrity, and availability throughout the retention period.
Sharing your Information
We do not share your personal information with any company, organization, or individual outside of Quicko except in the following situations:
With your consent
We share data only when you have explicitly permitted us to do so.
For compliance or legal obligations
We may disclose logs or data to GSTN, CERT-In, or other competent government authorities if required to comply with law, regulations, or enforceable directions.
With service providers under contract
We may engage certified infrastructure partners (e.g., data centers or security vendors) for hosting and monitoring, strictly under data protection and confidentiality obligations.
Modifications
We would like to keep you up to date with our terms, so when we update them, we will alert you by putting the last updated date on this page.
Contact us
If you face any difficulties or require assistance, feel free to contact us via email at gsp@quicko.com.