01. Information We Collect

We collect only the information necessary to provide our products and services. This includes:

Information you provide directly

• Identity & contact data: full name, phone number, email address, postal address, location/district, organisation name (for business enquiries).
• Enquiry details: product interest, quantity, custom requirements, project details you share with us.
• Transaction data: billing address, GST number (for B2B), and payment confirmation references. We do not store full card or bank account details.
• Mobile app account data: if you register in our app, login credentials (email/phone and encrypted password) and any profile information you choose to add.

Information collected automatically

• Device & technical data: IP address, browser type, operating system, device model, app version, language preference.
• Usage data: pages visited, links clicked, time spent, referring URL, in-app navigation patterns.
• Cookies and similar technologies: session, analytics, and preference cookies.
• Approximate location: derived from IP address, used to display region-relevant content.

Mobile app permissions (all optional)

• Camera: only when you choose to upload a photo, for example a site image for a biogas installation quote.
• Photos / Storage: only when you attach files to an enquiry.
• Precise Location: only when you tap "Use my location" for a site visit or delivery.
• Push Notifications: only with your explicit opt-in, used for order updates and service reminders.

You can revoke any of these permissions at any time through your device settings.

What we do NOT collect

We do not knowingly collect Aadhaar, PAN, or passport numbers (unless required for a specific B2B contract), biometric data, financial account credentials, health information, contacts list, SMS or call logs, or any sensitive personal data of children under 18.

02. How We Use Your Information

Your information is used strictly for legitimate business purposes:

• Responding to enquiries — sending product details, quotations, and technical specifications.
• Order fulfilment — processing orders, coordinating manufacturing, scheduling delivery and installation.
• Customer support — handling warranty claims, service requests, and after-sales support.
• Account management — operating your mobile app account, authenticating logins, restoring sessions.
• Communication — sending transactional emails, SMS, and push notifications (order confirmations, installation schedules, service reminders).
• Service improvement — analysing aggregated, anonymised usage data to improve our website, app, and product offerings.
• Legal compliance — meeting tax, accounting, ISO, Suchitwa Mission, ANERT, and other regulatory obligations.
• Fraud prevention — detecting and preventing fraudulent enquiries, fake orders, and abuse of our services.

We do not use your data for automated decision-making, profiling for advertising, or selling to data brokers.

03. Legal Basis for Processing

We process your personal data under the following legal grounds in accordance with the Digital Personal Data Protection Act, 2023 and other applicable laws:

• Consent — when you submit an enquiry, create an account, or opt into marketing communications.
• Performance of contract — processing necessary to fulfil an order, deliver a product, or honour a warranty.
• Legitimate interest — improving our services, securing our systems, preventing fraud — always balanced against your rights.
• Legal obligation — tax records, GST filings, ISO audit records, and compliance with regulatory authorities.

You may withdraw consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

04. Sharing & Disclosure

We do not sell, rent, or trade your personal information. We share data only in limited circumstances:

• Service providers: hosting providers, email and SMS gateways, analytics tools (such as Google Analytics), payment processors (such as Razorpay or Cashfree), and logistics partners — all bound by confidentiality obligations.
• Regulatory bodies: Suchitwa Mission Kerala, ANERT, and ISO certifying bodies, where disclosure is required for project verification or compliance.
• Government & law enforcement: when required by law, court order, or to protect our legal rights.
• Business transfers: in the event of a merger, acquisition, or sale of business assets — you will be notified in advance.

Third-party services we use

• Google Analytics — website and app usage analytics.
• Google Firebase (where applicable) — crash reporting and push notifications.
• Razorpay / Cashfree — payment processing. Your card details are handled by the payment gateway and never reach our servers.
• WhatsApp Business — direct customer communication.

Each of these providers has its own privacy policy that governs how they handle data.

05. Data Retention

We retain personal data only for as long as necessary:

• Enquiry data: 24 months from the last interaction, unless converted to an order.
• Order and invoice data: 8 years, as required under Indian tax and accounting laws.
• Warranty records: for the full duration of the applicable warranty period (typically 1–10 years depending on the product).
• Mobile app account data: until you request deletion, or 36 months of inactivity, whichever is earlier.
• Marketing consent records: until you opt out.
• Analytics and log data: 14 months in identifiable form, then anonymised.

After the retention period, data is securely deleted or irreversibly anonymised.

06. Data Security

We implement reasonable physical, administrative, and technical safeguards:

• HTTPS/TLS encryption for all data in transit.
• Encrypted password storage using industry-standard hashing (bcrypt).
• Access controls limiting employee access to data on a need-to-know basis.
• Regular security updates to our website, app, and server infrastructure.
• Secure off-site backups with restricted access.
• Staff training on data protection and confidentiality.

However, no system is completely secure. While we take strong measures, we cannot guarantee absolute security. You are responsible for keeping your app login credentials confidential. In the event of a data breach affecting your personal information, we will notify you and the relevant authorities within 72 hours of discovery, as required by Indian law.

07. Your Rights

You have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you.
• Right to correction — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your data (subject to legal retention requirements).
• Right to withdraw consent — withdraw consent for processing where consent is the legal basis.
• Right to portability — receive your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing for direct marketing purposes.
• Right to grievance redressal — file a complaint with our Grievance Officer.

To exercise any of these rights, contact us using the details below. We will respond within 30 days. For account and data deletion (mobile app or website), see our Data Deletion Policy.

08. Cookies & Tracking

Our website uses cookies and similar technologies to provide essential functionality and improve your experience:

• Strictly necessary cookies — required for navigation, form submission, and security. Cannot be disabled.
• Analytics cookies — help us understand how visitors use our site (Google Analytics).
• Preference cookies — remember your language and display settings.

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality. Our mobile app uses similar tracking via Firebase Analytics and Crashlytics for performance monitoring and crash diagnostics. These can be controlled through your device settings.

09. Children's Privacy

Our services are intended for users aged 18 years and above. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it promptly. Our mobile app is rated for general audiences on both Google Play and the Apple App Store.

10. International Data Transfers

Your data is primarily stored on servers located in India. However, some of our third-party service providers (such as Google Analytics and Firebase) may process data on servers outside India. In such cases, we ensure these providers maintain data protection standards comparable to Indian law through standard contractual clauses or equivalent safeguards.

11. Grievance Officer & Contact

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the contact details of our Grievance Officer are:

Grievance Officer
Emerald Enterprises
Door No: 16/1435, VAT Road, Edakochi, Kochi, Kerala – 682010, India
Phone: +91 8714704086
Email: emeraldfrp2013@gmail.com

We aim to acknowledge complaints within 48 hours and resolve them within 30 days.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page, post a prominent notice on our website and within our mobile app, and, where required by law, obtain your renewed consent.

We encourage you to review this page periodically. Continued use of our services after changes constitutes acceptance of the updated policy.