Privacy Policy

1 About This Policy

AlifTech Secure ("we", "us", "our", or the "Company") is committed to protecting the personal data of its customers, website visitors, dealers, and AMC clients. This Privacy Policy describes the kind of information we collect, why we collect it, how it is used and stored, who it is shared with, and the rights you have over it.

This policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and other applicable Indian laws. By using our website, products, or services, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our services.

2 Information We Collect

We collect only the information necessary to deliver our services, fulfil legal obligations, and improve your experience. The data we collect falls under the following categories:

2.1 Personal Information

• Full name, company name (for B2B clients)
• Email address and phone number(s)
• Billing address, shipping address, and installation site address
• GSTIN (for registered businesses claiming input credit)
• PAN or other identification when required by law (large invoices, dealer onboarding)

2.2 Payment & Transaction Information

• UPI ID, transaction reference numbers, payment gateway responses
• Bank account details (only when required for refunds or dealer payouts)
• Card details are not stored by us — they are handled directly by our PCI-DSS compliant payment gateway partners

2.3 Technical & Device Data

• IP address, browser type and version, operating system, device type
• Approximate geographic location (city / region level, derived from IP)
• Referring URL, pages visited, time spent on each page, click behaviour

2.4 Service & Project Data

• Order history, quotation history, AMC contract details
• Site survey reports, BOQs, installation handover documents
• Support tickets, call logs, email and WhatsApp conversations
• Photographs of installation sites (for project documentation, with client consent)

2.5 GPS & Vehicle Data (FleetNow GPS subscribers only)

• Vehicle registration number, IMEI of GPS device, SIM number
• Real-time and historical location, route, speed, ignition status, mileage
• Driver behaviour data (where enabled by the account holder)

2.6 How We Collect It

• Order forms, contact forms, and quotation request forms on our website
• Email, phone calls, WhatsApp messages, and in-person interactions
• Cookies and analytics scripts on our website
• Third-party integrations (Google Analytics, payment gateways, GPS platforms)

3 How We Use Your Information

We process your data only for clearly defined, lawful purposes:

• Order & payment processing — accepting orders, issuing invoices, processing payments, arranging shipping
• Service delivery — site surveys, installation scheduling, AMC visits, support tickets
• Customer communication — order confirmations, shipping updates, AMC reminders, service notifications
• Compliance — GST filings, statutory record-keeping (Income Tax Act, Companies Act), responding to lawful requests from authorities
• Service improvement — analysing website traffic, identifying issues, improving product mix and content
• Marketing — promotional offers, new product launches, newsletters — only with your opt-in consent
• Fraud prevention — detecting and preventing fraudulent orders, chargebacks, or misuse of services

4 Legal Basis & Consent

Under the DPDP Act 2023, we process your personal data on the following lawful bases:

• Consent — when you voluntarily provide your information through forms, sign-ups, or opt-ins
• Contractual necessity — to perform the order, installation, or AMC contract you have entered into with us
• Legal obligation — to comply with GST, tax, and statutory requirements
• Legitimate use — for fraud prevention, security, and core business operations as permitted by law

You may withdraw your consent at any time by writing to info@aliftechsecure.in. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal, and may limit our ability to provide certain services.

5 Data Storage & Security

We implement reasonable and industry-standard security measures to protect your personal data:

• SSL/TLS encryption for all data in transit between your browser and our website
• Secure hosting on Hostinger Business infrastructure with regular backups
• Encrypted storage of sensitive transaction data, where applicable
• Access controls — customer data is restricted to authorised staff on a need-to-know basis
• Strong authentication on internal systems, including admin panels and Zoho Books
• Security plugins and monitoring on our WordPress site to detect and prevent unauthorised access

6 Data Retention Period

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Order & invoice data — retained for a minimum of 8 years as required under the GST Act and Income Tax Act
• AMC contract records — retained for the duration of the contract plus 3 years after expiry
• GPS location data — retained for 90 days by default (extendable on subscription plan)
• Marketing data — retained until you opt out, after which it is deleted within 30 days
• Website analytics — retained for up to 26 months in Google Analytics (anonymised)
• Support tickets & communications — retained for up to 3 years

After the retention period, your personal data is securely deleted or anonymised, unless we are legally required to retain it further.

7 Use of Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience, remember your preferences, and analyse website performance. The cookies we use fall into the following categories:

You can manage or disable non-essential cookies through your browser settings or our cookie consent banner. Disabling certain cookies may affect site functionality.

8 Third-Party Services

We work with trusted third-party service providers to deliver our services. Each of these providers has its own privacy policy. The main categories include:

• Payment Gateways — Razorpay, Paytm, and similar PCI-DSS compliant providers for processing online payments
• Analytics — Google Analytics (GA4) for website usage analytics
• Hosting — Hostinger for website hosting
• Accounting & Invoicing — Zoho Books for invoicing, GST compliance, and customer records
• Communication — Email service providers, WhatsApp Business API (AiSensy or equivalent), SMS gateways
• Shipping & Logistics — Courier partners for product delivery
• GPS Platform Partners — OEM platforms (such as Atlanta Systems, Teltonika, Watsoo) for AIS-140 compliant GPS services

We work only with providers who maintain reasonable security standards. We are not responsible for the privacy practices of third parties beyond our reasonable control.

9 Cross-Border Data Transfer

Most of our data is stored on servers located in India. However, certain third-party services we use (such as Google Analytics, email providers, and some payment partners) may store or process data on servers outside India.

Where data is transferred outside India, we ensure that:

• The transfer is to a jurisdiction permitted under the DPDP Act 2023 and applicable rules
• The third-party provider follows reasonable security and privacy standards
• The transfer is necessary for service delivery, analytics, or legal compliance

10 GPS & Vehicle Location Data

For customers using our FleetNow GPS services, additional privacy considerations apply:

• Vehicle location, route, speed, and ignition data is accessible only to the authorised account holder (the owner or fleet manager) through secure login credentials
• We do not share GPS data with any third party for marketing or commercial purposes
• Data may be disclosed to law enforcement agencies, regulatory bodies, or courts in response to valid legal requests (such as VAHAN portal compliance, court orders, FIR investigations)
• Drivers of vehicles fitted with our GPS devices should be informed by the vehicle owner / employer that the vehicle is being tracked
• VAHAN / Parivahan IMEI registration involves submitting the device IMEI and vehicle details to the government portal — this is a regulatory requirement under AIS-140

11 CCTV Footage & Access

For installation, AMC, and support activities, we may from time to time interact with our customers' CCTV systems:

• We access CCTV systems only with the explicit consent of the site owner or authorised representative
• We do not store, download, or share CCTV footage from customer premises unless specifically requested in writing
• Remote support sessions (for NVR / DVR configuration, firmware updates) are conducted on a need-basis and end immediately after the work is completed
• Any footage shared with us for troubleshooting purposes is deleted within 30 days unless retention is requested by the customer
• Customers are advised to comply with applicable laws (including local signage requirements) when installing CCTV systems at workplaces and public-facing locations

12 WhatsApp, SMS & Marketing Communications

We use WhatsApp, SMS, and email to keep our customers informed. Communications fall into two categories:

• Transactional — order confirmations, shipping updates, AMC reminders, invoice copies. These are sent based on the active order or contract with you and do not require separate opt-in.
• Promotional — offers, newsletters, product launches, festive campaigns. These are sent only with your explicit opt-in.

How to Unsubscribe

• Email — click the unsubscribe link at the bottom of any marketing email
• WhatsApp — reply with the word STOP or UNSUBSCRIBE to any marketing message
• SMS — reply with STOP, or write to us
• You may also email info@aliftechsecure.in with the subject line "Unsubscribe"

13 Your Rights as a Data Principal

Under the DPDP Act 2023, you have the following rights with respect to your personal data:

• Right to Access — request a summary of the personal data we hold about you and how it is being processed
• Right to Correction & Erasure — request correction of inaccurate or incomplete data, or erasure where permitted
• Right to Withdraw Consent — withdraw consent for marketing or other consent-based processing at any time
• Right to Grievance Redressal — raise a complaint with our Grievance Officer (see Section 16)
• Right to Nominate — nominate another individual to exercise your rights in the event of death or incapacity

To exercise any of these rights, write to info@aliftechsecure.in. We will respond to verified requests within a reasonable time, generally not exceeding 30 days.

Please note that certain rights are subject to legal exceptions — for example, we may be required to retain invoice data for 8 years under tax law even after a deletion request.

14 Children's Privacy

Our services are intended for businesses and adult consumers. We do not knowingly collect personal data from individuals under 18 years of age. Under the DPDP Act 2023, processing personal data of children requires verifiable parental or lawful guardian consent.

If we become aware that we have inadvertently collected personal data from a minor without proper consent, we will delete such data promptly. If you believe a minor has provided us with personal data, please contact us immediately.

15 Data Breach Notification

In the event of a personal data breach that is likely to result in risk to your rights or interests, we will:

• Notify the Data Protection Board of India as required under the DPDP Act 2023
• Inform affected Data Principals through email, SMS, or other available means without undue delay
• Take prompt corrective and mitigation actions to limit the impact of the breach
• Conduct a root-cause analysis and update our security practices accordingly

16 Grievance Officer

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address concerns related to your personal data, privacy, or these policies.

Response Time: The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days, in line with applicable law. For escalations under the DPDP Act, you may approach the Data Protection Board of India.

17 Policy Updates

This Privacy Policy may be updated periodically to reflect changes in our practices, services, or applicable laws. The latest version will always be available on our website with a revised "Last Updated" date. For material changes, we will make reasonable efforts to notify registered customers via email or WhatsApp.

We encourage you to review this policy from time to time. Continued use of our services after changes are posted constitutes acceptance of the revised policy.

18 Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

AlifTech Secure
📍 112 Basement, Akbar Ali Complex, Mahatma Gandhi Road,
Below Hotel Kanchan Tilak, Near 56 Dukan, Palasia Square,
New Palasia, Indore, Madhya Pradesh – 452001, India

📞 +91 91091 06826
📧 info@aliftechsecure.in
🌐 www.aliftechsecure.in