Privacy Policy

1. Company Information

Plooran (OPC) Private Limited is a company incorporated under the Companies Act, 2013, registered in India as a One Person Company (OPC) Private Limited entity.

• Registered Name: Plooran (OPC) Private Limited
• Type: One Person Company (OPC) — Private Limited
• Country of Incorporation: India
• Website: https://plooran.com
• Data Controller Email: privacy@plooran.com

2. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" / "Personal Information" means any data about an individual that identifies or can identify that individual, directly or indirectly, including name, email address, phone number, IP address, or any combination of data.
• "Data Fiduciary" means the person who, alone or in conjunction with others, determines the purpose and means of processing personal data (Plooran in this context), as defined under the Digital Personal Data Protection Act, 2023 (DPDP Act).
• "Data Principal" means the natural person to whom personal data relates (you, the user).
• "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• "Services" means the website, platform, products, and related digital services provided by Plooran.
• "Consent" means free, specific, informed, unconditional, and unambiguous indication of agreement by a Data Principal.
• "Third Party" means any entity other than you, Plooran, and its affiliates.

3. Information We Collect

We collect personal information in the following ways:

3.1 Information You Provide Directly

When you create an account, contact us, or use our services, you may provide:

• Identity Data: First name, last name, username, or similar identifier
• Contact Data: Email address, telephone number, postal address
• Account Credentials: Password (stored in encrypted form) and authentication tokens
• Profile Information: Profile picture, professional designation, organisation details
• Communications: Messages, enquiries, feedback, and correspondence you send us
• Transaction Data: Details about payments to and from you, and details of services you have purchased (where applicable)

3.2 Automatically Collected Information

When you access our website or services, we may automatically collect:

• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website, products, and services, including pages visited, time spent, links clicked, and referring URLs
• Device Data: Device type, device identifiers, and mobile network information
• Cookie Data: Data collected through cookies and similar tracking technologies (see Section 10)

3.3 Information from Third Parties

We may receive personal information about you from the following third-party sources:

• Google OAuth / Google Sign-In: If you choose to register or log in using your Google account, we receive your name, email address, and profile picture from Google in accordance with your Google account privacy settings and Google's Privacy Policy. We use this information solely for authentication and to populate your Plooran profile.
• Business Partners: Companies we work with to provide services may share information about you with us in limited circumstances with appropriate safeguards.
• Publicly Available Sources: We may supplement your information with data from publicly available sources.

4. Legal Basis for Processing

We process your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws. The legal bases on which we rely to process your personal data are:

• Consent: Where you have given us your explicit consent to process your personal data for specific purposes, such as registration, marketing communications, or use of Google Sign-In.
• Contractual Necessity: Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request, such as account management and service delivery.
• Legal Obligation: Where processing is necessary to comply with applicable laws, regulations, court orders, or lawful requests from governmental authorities under Indian law, including the IT Act, 2000 and the DPDP Act, 2023.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms, such as fraud prevention, network security, and improving our services.
• Vital Interests: Where processing is necessary to protect your vital interests or those of another person.

For users in the European Economic Area (EEA), the United Kingdom, or other regions with applicable data protection laws, we rely on equivalent legal bases under the General Data Protection Regulation (GDPR) or applicable local law.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery and Account Management

• Creating and managing your user account
• Authenticating your identity when you log in
• Providing, operating, and maintaining our services
• Processing your enquiries, requests, and transactions
• Sending you service-related notices, updates, and support messages

5.2 Communication

• Responding to your enquiries, comments, and feedback
• Sending you administrative information such as changes to our terms, conditions, and policies
• Providing technical notices, security alerts, and support messages
• Sending you marketing and promotional communications (only where you have given consent, and you may opt out at any time)

5.3 Improvement and Analytics

• Monitoring and analysing usage trends, patterns, and activity on our platform
• Understanding how our services are used to improve user experience
• Conducting internal research and analytics
• Developing new features, products, and services

5.4 Security and Legal Compliance

• Detecting, investigating, and preventing fraudulent transactions, abuse, and other illegal activities
• Protecting the security and integrity of our platform
• Complying with applicable laws, regulations, legal processes, and enforceable governmental requests
• Enforcing our Terms of Service and other agreements
• Exercising or defending legal claims

6. Information Sharing and Disclosure

We do not sell your personal information to third parties. We share your personal information only in the following limited circumstances:

6.1 Service Providers and Data Processors

We engage carefully selected third-party companies and individuals ("Data Processors") to facilitate our services on our behalf. These entities have access to your personal information only to the extent necessary to perform their functions and are contractually obligated not to disclose or use it for any other purpose. Such service providers may include:

• Cloud infrastructure providers (for hosting and storage)
• Authentication service providers (Google OAuth)
• Email delivery services
• Analytics services
• Payment processors (where applicable)

6.2 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid legal processes, including:

• Compliance with orders from courts of competent jurisdiction or governmental authorities in India or other applicable jurisdictions
• Compliance with requirements under the Information Technology Act, 2000 and rules made thereunder
• Compliance with requirements under the Digital Personal Data Protection Act, 2023
• Responding to lawful requests by law enforcement or regulatory bodies

6.3 Protection of Rights and Safety

We may share information where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Plooran, our users, or others, including to investigate and prevent fraudulent activity or violations of our Terms of Service.

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or other business transition, your personal information may be transferred as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

6.5 With Your Consent

We may share your personal information with third parties for purposes not covered in this policy when we have obtained your explicit prior consent to do so.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specifically:

• Account Data: Retained for the duration of your account and for up to maximum of 1 month after account closure, unless a longer period is required by law.
• Communication Records: Enquiries, support tickets, and correspondence are retained for up to 3 years from the date of last interaction.
• Usage and Technical Data: Retained for up to 3 months from collection, after which it is aggregated or deleted.
• Legal and Compliance Records: Retained for the minimum period required by applicable law, which may be up to 7 years or as otherwise mandated.

When personal information is no longer required, we delete or anonymise it in a manner that prevents it from being linked back to any individual. In cases where immediate deletion is not technically feasible (for example, due to data stored in backup systems), we will securely isolate the data and protect it from further processing until deletion is possible.

8. Data Security

We are committed to protecting your personal information and have implemented appropriate technical and organisational security measures designed to prevent unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encryption: Personal data is encrypted in transit using TLS (Transport Layer Security) and at rest using industry-standard encryption protocols.
• Access Controls: Access to personal data is restricted on a strict need-to-know basis. We implement role-based access controls and the principle of least privilege.
• Authentication: We support secure authentication mechanisms including strong password requirements and third-party OAuth authentication.
• Security Monitoring: We conduct ongoing monitoring of our systems for potential vulnerabilities and attacks.
• Data Minimisation: We only collect personal data that is necessary for the specified purposes.
• Employee Training: All employees and contractors with access to personal data undergo security and privacy training and are bound by confidentiality obligations.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in risk to the rights and freedoms of individuals, we will notify affected users and applicable regulatory authorities in accordance with our legal obligations under the DPDP Act, 2023 and other applicable law.

9. Your Rights

9.1 Rights Under the Digital Personal Data Protection Act, 2023 (India)

As a Data Principal under the DPDP Act, 2023, you have the following rights with respect to your personal data:

• Right to Access: You have the right to obtain confirmation of whether we are processing your personal data and to receive a summary of the personal data we hold about you, as well as information about the processing activities.
• Right to Correction and Erasure: You have the right to request correction of inaccurate or misleading personal data and to request erasure of personal data where the purpose for which it was collected has been served or you withdraw consent (where consent is the legal basis), subject to applicable legal retention requirements.
• Right to Grievance Redressal: You have the right to have your grievances addressed by contacting us at privacy@plooran.com and, thereafter, by the Data Protection Board of India as established under the DPDP Act.
• Right to Nominate: In the event of your death or incapacity, you have the right to nominate another individual to exercise your rights in accordance with the DPDP Act.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

9.2 Rights Under GDPR (For EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including:

• Right of Access (Article 15 GDPR): Obtain a copy of your personal data and information about how it is processed.
• Right to Rectification (Article 16 GDPR): Request correction of inaccurate personal data.
• Right to Erasure (Article 17 GDPR): Request deletion of your personal data under certain circumstances ("right to be forgotten").
• Right to Restriction of Processing (Article 18 GDPR): Request that we restrict the processing of your personal data under certain circumstances.
• Right to Data Portability (Article 20 GDPR): Receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21 GDPR): Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection supervisory authority.

9.3 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to privacy@plooran.com. We will acknowledge your request within 7 working days and endeavour to respond within 30 days (or such period as required by applicable law). We may ask you to verify your identity before processing your request. Where we are unable to fully comply with your request, we will explain the reasons.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information when you use our website. A cookie is a small text file placed on your device when you visit our website.

10.1 Types of Cookies We Use

• Strictly Necessary Cookies: These are essential for the operation of our website and cannot be switched off. They include cookies that enable session management, authentication state, and security.
• Functional Cookies: These allow our website to remember choices you make (such as your username or language preferences) and provide enhanced, personalised features.
• Analytics and Performance Cookies: These allow us to count visits, understand how visitors interact with the website, and measure the effectiveness of our pages. All information collected is aggregated and anonymous.

10.2 Third-Party Cookies

We may permit third parties, including Google (for authentication via Google Sign-In), to set cookies on our website. These third parties have their own privacy policies, which we encourage you to review.

10.3 Cookie Management

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

10.4 Local Storage

We may use browser local storage to store non-sensitive session information such as user authentication tokens and preferences to maintain your logged-in state and provide a seamless experience. This data is stored only on your device and is not transmitted to third parties.

11. Children's Privacy

Our services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18. If you are under 18, please do not use our services or provide any personal information to us.

Under the Digital Personal Data Protection Act, 2023, we do not process personal data of children (defined as individuals under 18 years of age) without verifiable parental consent. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such information from our systems.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@plooran.com.

12. Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, and services, including our affiliated products at seawidth.com and seawidth.ai. These third-party sites have their own independent privacy policies, and we have no responsibility or liability for their content or activities.

We encourage you to review the privacy policies of any third-party sites you visit. A link to a third-party website does not imply our endorsement of that site or its privacy practices.

Our integration with Google OAuth requires sharing certain data with Google. Your interaction with Google's services is governed by Google's Privacy Policy and Terms of Service.

13. International Data Transfers

Plooran is incorporated and primarily operates in India. Your personal information is processed and stored on servers located in India. If you access our services from outside India, please be aware that your information may be transferred to, stored, and processed in India, where data protection laws may differ from those in your country of residence.

When we transfer personal data internationally (including to cloud services with infrastructure outside India), we ensure that appropriate safeguards are in place in accordance with applicable law, including:

• Ensuring transfers occur only to countries or entities approved by the Government of India under the DPDP Act, 2023
• Implementing Standard Contractual Clauses (SCCs) or equivalent mechanisms where required under GDPR for transfers to or from the EEA or UK
• Ensuring data processors comply with our contractual data protection obligations

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. We will notify you of material changes by:

• Posting the updated Privacy Policy on this page with a revised "Last Updated" date
• Sending a notification to your registered email address (for registered users)
• Displaying a prominent notice on our website or within our services

Your continued use of our services following the posting of changes constitutes your acceptance of the revised Privacy Policy. We encourage you to periodically review this page to stay informed about how we are protecting your information. If you do not agree to the updated Privacy Policy, please discontinue use of our services and delete your account.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

For related legal documents, see our Terms of Service.