Compliance Statement – Geni POS

At WeGeni IT Services and Consulting (OPC) Private Limited, we recognize the importance of data privacy, security, and legal compliance—especially in the domain of business billing and taxation. Our platform, Geni POS, is designed to align with Indian regulatory requirements and industry best practices.

Although we are not currently certified under global standards such as SOC 2 or ISO/IEC 27001, our internal processes reflect the principles of these frameworks. We are committed to delivering a secure, privacy-conscious, and reliable service environment for all users of Geni POS.

Geni POS is developed and operated in compliance with key Indian laws and rules governing digital services and data protection:

Information Technology Act, 2000: WeGeni adheres to the IT Act's provisions regarding digital communication, legal recognition of electronic records, and data processing.

IT Rules, 2011 – Reasonable Security Practices and Sensitive Personal Data: We implement structured policies and access control measures to safeguard user data in accordance with the IT Rules, including secure storage, consent-based usage, and minimal exposure.

We have implemented robust security protocols across our infrastructure to protect the data collected and processed through the Geni POS platform:

• ✓ SSL/TLS Encryption for all web-based and API data transmissions
• ✓ Role-based login and user authentication mechanisms
• ✓ Cloud-hosted infrastructure with secure backups and high uptime reliability
• ✓ Controlled access to backend systems by authorized WeGeni staff only

We also apply privacy-by-design principles, ensuring that unnecessary data is not collected or retained.

Geni POS collects only the minimum data required for GST-compliant invoicing and business operations, including:

• • Business Name and GSTIN
• • Invoice records and purchase entries
• • Party details (customer/supplier names and contact info)
• • Transaction data, payment status, and reports
• • User access logs and account configurations

We do not collect biometric data, Aadhaar numbers, passwords, or sensitive banking details unless explicitly entered and legally justified by the user.

For more details, refer to our Privacy Policy: 🔗 https://pos.wegeni.com/privacy

Geni POS integrates with reputable third-party tools that also maintain strict security standards:

Razorpay (Payment Gateway): All billing-related payments (e.g., subscription renewals) are processed through Razorpay, a PCI-DSS and ISO 27001-compliant service provider. We do not store any credit card or UPI information. All sensitive data is processed and secured by Razorpay's infrastructure.

Printer and Billing Hardware Integration: We support compatible billing printers and QR displays for generating bills. These accessories are controlled locally and do not transfer data externally through our system.

Please note that Geni POS is not currently certified under:

• ✗ SOC 2 (System and Organization Controls)
• ✗ ISO/IEC 27001 (Information Security Management)
• ✗ GDPR, HIPAA, or CCPA international privacy laws

If your business operates under highly regulated frameworks—such as healthcare, financial services, or government sectors—we recommend conducting an internal risk assessment and obtaining compliance/legal counsel before adoption.

We are actively working to improve our security and compliance readiness, with plans that include:

• • Internal system audits and vulnerability assessments
• • Documented data retention and breach management policies
• • Optional NDAs and custom SLA contracts for enterprise clients
• • Closer alignment with ISO 27001/27017 control frameworks

By using Geni POS, you agree to:

• • Ensure that all data you upload (e.g., invoices, party details, user data) complies with applicable Indian law
• • Use the platform only for legitimate and lawful business operations
• • Protect your account by using strong credentials and managing user access responsibly