This Privacy Policy describes how we (“we”, “us”, “our”) collect, use, disclose, and safeguard your Personal Information and Sensitive Personal Data or Information (SPDI) in accordance with Indian law, specifically for users of our construction management platform. By using this Service, you agree to the collection and use of information as described in this policy.

• Personal Information: Data relating to an individual that can identify them directly or indirectly.
• Sensitive Personal Data or Information (SPDI): Includes passwords, financial information, health data, biometric data, and any related information as defined by Indian law.
• Provider of Information: You, the user who supplies Personal Information or SPDI.

We may collect the following types of information:

• Personal Information: Name, phone number, email, address, company name, and other identifiers you provide during registration or use of the Service.
• SPDI: Passwords (hashed), payment details, safety records, images or biometric data (e.g., for attendance, if you opt-in).
• Project Data: Construction project details, site photos, reports, contractor and labour information, payment and expense records, and other project-related data you upload or enter.
• Usage & Device Data: Device information, IP address, usage statistics, access times, pages viewed, and actions taken.

SPDI is collected only with your explicit written or electronic consent as required by law.

We collect and use your information for the following purposes:

• Account creation and management
• Project collaboration, payroll, and attendance
• Security and fraud prevention
• Regulatory compliance
• Product analytics and improvement
• Marketing communications and offers for added services (with explicit consent)

We do not collect data beyond what is necessary for these purposes.

• We may use your Personal Information to contact you for marketing purposes, including updates about our products, services, promotions, and events.
• With your explicit consent, we may offer you additional services, such as selling construction materials or facilitating access to financial products (e.g., loans) through our partners.
• You may opt out of marketing communications or offers for added services at any time via app settings or by contacting us.
• Withdrawal of consent will not affect your access to core services.
• Information is shared with third-party partners only with your prior permission and as described in this policy. All partners are contractually bound to comply with Indian IT Rules 2011.

• Consent is obtained via electronic checkbox, OTP confirmation, or signed contract.
• You may withdraw consent anytime through in-app settings or by contacting us. Withdrawal may affect service delivery.

You have the right to:

• Access your Personal Information/SPDI
• Correct or update inaccurate data
• Withdraw consent and request deletion (subject to legal retention duties)
• File complaints with our Grievance Officer

Requests are processed within 30 days as per legal requirements.

We retain your data only as long as necessary for the stated purposes or as required by law (e.g., tax, labor, record-keeping). Data is securely deleted or anonymized after this period.

• Service providers (e.g., hosting, SMS): Bound by contract to ensure equal protection and SPDI compliance.
• Legal/regulatory requests: Disclosure only upon written request stating purpose; recipient barred from further disclosure.
• Corporate transactions (e.g., merger): Prior notice and your consent where required.
• Added services (e.g., loans/material sales): Shared only with your explicit consent; partners must comply with IT Rules 2011.

No SPDI is disclosed to third parties without your prior permission except as above.

SPDI may be transferred outside India only if the recipient ensures a comparable level of data protection as per Indian law, and the transfer is necessary for contract performance or you have given explicit consent. All transfers use encryption in transit and at rest.

We maintain a documented information security program that includes:

• Encryption (TLS 1.3 in transit, AES-256 at rest)
• Role-based access controls and multi-factor authentication
• Annual third-party security audits and penetration tests
• Incident response plan aligned with CERT-In guidance

We follow internationally recognized standards (e.g., ISO/IEC 27001) or equivalent best practices, with annual audits as required by law.

We use first-party cookies and local storage to maintain session authentication, remember user preferences, and compile aggregate analytics (with IP masking). No third-party advertising cookies are used without your opt-in consent.

Our service is not directed to children under 18. We do not knowingly collect Personal Information from minors without parental consent. If notified, such data is deleted promptly.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us using the information provided on our website. We are committed to addressing your inquiries promptly and transparently.