Effective Date: May 2022

Aasaan Tech Private Limited (“we”, “us”, “our”) is committed to protecting the privacy of users of its Pocket Construction Manager cloud-based ERP solution. This policy explains what data we collect, how we use it, with whom we share it, and how you can control or delete your data. It is designed to comply with Indian law and international best practices, as well as platform policies (e.g. Meta’s and Google’s) that require clear disclosures about data collection, usage, and user rights. By using our Service, you agree to this policy.

1. Data We Collect

We collect the following categories of information only as needed to provide our Service:

• Contact Information: Email address, contact (phone) number. These identify your account and allow us to communicate important information or support.
• Account Credentials: Usernames and passwords (securely stored) to control access.
• Project Data: Any construction project information you enter into the system (e.g. project names, schedules, financials, documents, drawings). This is your data and is used solely to operate your projects in the ERP.
• Usage Logs: System usage and activity logs (e.g. login times, pages accessed, actions taken). These help us monitor the system, troubleshoot issues, and analyze feature usage.

All data you enter or generate in the Service is considered Customer Data, which you own. As stated in our Subscription Agreement, “Customer Data is owned by you, and you grant Aasaan Tech… a license to host and use any Customer Data… to the extent necessary to provide the Service”. We do not sell or otherwise monetize your data.

2. How We Use Your Data

We use the collected data exclusively to provide and improve the Pocket Construction Manager Service and to help you run your construction business efficiently. In particular, data is used for the following purposes:

• Service Delivery: To run the ERP functions (e.g. account authentication, managing your projects, generating reports and dashboards). Your project data enables real-time data insights and decision-making, as intended by the Service’s core purpose.
• Improvement & Analytics: To analyze usage patterns (via logs) and system performance, so we can improve features, fix bugs, and enhance security. For example, usage logs help us identify common workflows or issues to streamline construction management.
• Customer Support: To diagnose and resolve issues when you request help. Access to your account data (with your permission) allows us to assist you effectively.
• Compliance & Integration: To fulfill legal and regulatory obligations (e.g. tax filings). For example, with your consent we may share data with the GST India system for tax compliance.
• Communications: We use your email or phone number to send service-related notifications (e.g. password resets, account changes, important updates), and only for Service purposes.

At all times we process your data lawfully and transparently. As noted in our Subscription Agreement, “we will process all Customer Data, including your personal data… pursuant to [our] Data Processing Addendum”. This means we follow strict data protection rules and only use your data as agreed.

3. Data Retention

We retain personal and project data only as long as needed for service and legal purposes. Specifically:

• Active Accounts: Your data remains active while your subscription is in effect. You may export or retrieve your data at any time during subscription (per Section 10.5 of our Agreement).
• Account Deletion: If you request account deletion (see Section 6), we will erase your data from our live systems within 3 hours of the request. This includes all personal and project data.
• Expired Subscriptions: When a subscription expires or is canceled, we retain your data for up to 3 months (to allow reactivation or final exports). After this period, we permanently delete the data unless you have already requested deletion. (For reference, our agreement permits retaining data up to 30 days after termination; our policy extends retention to 3 months in case you wish to resume.)

In short: upon request, we promptly delete your data; otherwise, data is removed within a few months after you stop using the Service.

4. Data Sharing and Third-Party Integrations

We do not share or disclose your data except as follows:

• Integration Partners: With your explicit prior written consent, we share data via secure, encrypted APIs with certain integration partners to enhance the Service. For example:
  • GST India: Project and accounting data may be sent to GST for tax return filing integration.
  • Tally: Financial data can be synchronized with Tally accounting software if you enable this integration.
  • Google: (E.g. for map or location services in the app, or Google Workspace integration if used.)
• Legal Requirements: We may disclose data if required by law or a valid court order (and will notify you beforehand if permitted, per Section 8.4 of our Agreement).
• Service Providers: We currently have no other subprocessors for Customer Data besides AWS (our cloud host). We do not rent, sell, or trade your data to marketers or unaffiliated third parties.

We restrict any data recipients to those under obligations of confidentiality. Our Subscription Agreement’s confidentiality clause ensures we protect your data with “no less than commercially reasonable care” and disclose it only to staff or service providers who need access and are bound by confidentiality.

5. Security of Your Data

Protecting your data is paramount. We employ industry-standard security measures, including:

• Secure Cloud Infrastructure: We host the Service on Amazon Web Services (AWS) and leverage AWS’s advanced protections. As AWS states, customers “control how [their] data is secured… by using identity and access management, encryption, and logging features,” and AWS does not use customer data for any purpose other than processing under the customer’s instructions. In effect, AWS ensures your data is encrypted in transit and at rest, and is isolated per your account.
• Access Controls: Access to your account is protected by secure login (HTTPS encryption and strong password policies). Only you and authorized users can access your account. Internally, we use role-based access: Administrators can manage accounts and data, while our support personnel see only what is needed to assist you. Consultants or support staff use restricted “training” accounts with limited privileges (no live data access).
• Encryption: All data in transit is encrypted (SSL/TLS). Sensitive data (e.g. passwords) are hashed or encrypted at rest.
• Administrative Safeguards: We maintain strict internal policies: employees and contractors must undergo data security training, and are contractually bound to confidentiality. We log and audit access to systems to detect any unauthorized activity.
• Vulnerability Management: We apply security patches and updates promptly, and conduct regular security reviews to protect against threats.

Overall, we adhere to best practices (as recommended by AWS and international standards) to prevent unauthorized collection or processing of personal data.

6. Your Rights (Data Subject Rights)

You have rights over your personal data under applicable laws (e.g. India’s Digital Personal Data Protection Act 2023). These include:

• Right to Information: You can ask what data we hold about you and why.
• Right to Access: You may request a copy of your personal data.
• Right to Correction: You can ask us to correct any inaccuracies in your data.
• Right to Erasure: You can request that we delete your personal data (for example, if it is no longer needed or you withdraw consent).
• Right to Portability/Transfer: You may request your data in a common format to transfer to another service.
• Right to Object: You can object to certain processing (e.g. direct marketing) at any time.

How to exercise these rights: Email us at care@aasaan.co or info@aasaan.co with your request (please include your account details for verification). We will respond promptly as required by law. In particular, for deletion requests we will remove your data within 3 hours of verification. (If we cannot act on a request, we will explain why.)

These practices align with the DPDP Act’s assurances that data principals can request correction or deletion of their data. If you are not satisfied with our response, you may seek recourse with the Data Protection Board of India as per law.

7. Third-Party APIs and Services

Our application may connect to authorized third-party APIs to provide integrated features. When you enable an integration (e.g. GST e-filing, Google Maps, Tally sync), any data sent through those APIs is subject to your consent and to the third-party’s own privacy policies. We do not automatically share data with social networks or advertisers.

As explained in our Service Agreement (Section 4), we do not endorse or control third-party services. Any use of such services is at your option, and you must agree to their terms. If a third-party integration accesses your data, it is between you and that provider, and you authorize us to send data as needed. We disclaim any liability for how third-parties handle your data beyond our system.

8. Data Summary Table

Data Collected	Purpose	Retention
Email, Contact Number	Account creation, authentication, communication with you.	Until your account is deleted (we erase within 3 hours of request). Up to 3 months after subscription expiry.
Project/Business Data	Running your projects, reports, analytics, and compliance (e.g. GST filings).	Same as above (deleted upon request; up to 3 months post-expiry if not requested).
Usage Logs (Analytics)	Security monitoring, usage analytics, and service improvement.	Up to 3 months (or shorter if system is reset), and erased upon account deletion request.
Authentication Data	Securely logging you into the Service.	Stored until you change it or delete account (then removed from all systems).
Integration Data	Transmitted to approved partners (with consent) to enable features (e.g. tax filing, accounting sync, maps).	Only as needed for integration; follows same deletion rules once no longer needed or upon request.

This table summarizes what we collect, why, and how long it is kept. (Note: these retention practices may exceed legal minimums to ensure data availability, but we delete data as soon as practical.)

9. Legal Compliance and Policy Updates

We adhere to Indian legal requirements and international standards for data privacy. Our policy is crafted to meet the disclosures required under India’s IT Act and forthcoming DPDP Act (e.g. listing data categories, purposes, sharing, security measures, and user rights). We also follow guidance from Google and Meta for clear, user-friendly privacy disclosures.

If our practices change, we will update this Privacy Policy and notify you. The “Last Updated” date above will indicate the effective date. By continuing to use the Service after changes, you accept the revised policy.

10. Contact Us

If you have questions about this policy or want to exercise your data rights, please contact us at care@aasaan.co or info@aasaan.co. Our operations are based in India, and we are subject to Indian jurisdiction.

Aasaan Tech is committed to keeping your data secure and respecting your privacy. We take any privacy concerns seriously and will work with you to resolve them.

Citations: Our practices are described in our Pocket Construction Manager Cloud Subscription Agreement and in accordance with applicable privacy guidelines.