Logo

www.refleckto.com /Application Name- Refleckto Privacy Policy (India-Aligned) 

Effective Date: [Date of policy go-live, e.g., July 1, 2025] 

Last Updated: [Date of last revision, e.g., July 1, 2025] 

This Privacy Policy (“Policy”) explains how [Dhage industries private Limited/Refleckto] (“we”, “us”, or “our”) collects, uses, stores, shares, and protects your personal data when you use our website at [Your Website URL, e.g., https://refleckto.com] and/or our mobile application [Your App Name] (collectively, the “Services”). 

We are committed to protecting your privacy and handling your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, along with global data protection standards such as the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the California1 Consumer Privacy Act (CCPA/CPRA) for California residents, where applicable. 

By accessing or using our Services, you signify your understanding and explicit consent to the collection, use, and disclosure of your personal data as described in this2 Privacy Policy. If you do not agree with the terms of this Policy,3 please do not use our Services. 

1. Data Fiduciary (Controller) Information 

[Dhage industries private Limited /Refleckto] is a [Legal entity type, e.g., company incorporated under the Companies Act, 2013], having its registered office at: 

 H. NO. 198/4, AT Warkhed, Post Hadgaon, Pathri, Parbhani, Maharashtra, 431506, India. 

Email: Support@refleckto.com 

Website: https://www.refleckto.com 

We act as the Data Fiduciary (as defined in the DPDP Act) for the personal data we collect and process. 

2. Types of Personal Data Collected 

In accordance with Section 4 of the DPDP Act, we collect the following categories of personal data: 

(a) Personal Data Provided by You (Voluntary Data): 

This includes data you directly provide to us when you create an account, use our Services, communicate with us, or participate in surveys/promotions. This may include: 

  • Identity Data: Your full name, date of birth, age, gender. 
  • Contact Data: Email address, mobile phone number, postal address. 
  • Account Data: Username, password (encrypted), and other registration information. 
  • Financial Data: [Specify if applicable, e.g., income range, financial goals, payment method details (note: full payment card details are typically handled by secure payment gateways and not directly stored by you)]. 
  • Profile Data: Information you provide in your user profile, such as interests, preferences, and feedback. 
  • Communication Data: Content of your communications with us (e.g., customer support inquiries, chat messages). 
  • User-Generated Content: Any content you upload, post, or transmit through our Services (e.g., comments, reviews, photos). 
  • Health Data: [If applicable, describe specific health data collected and its purpose, e.g., for fitness apps, diet trackers. Note: This requires explicit consent and may classify you as a ‘Significant Data Fiduciary’]. 

(b) Automatically Collected Data (Technical and Usage Data): 

When you access and use our Services, certain information is automatically collected through technology, including: 

  • Device Information: IP address, device type, operating system, unique device identifiers. 
  • Log Data: Browser type, language settings, access dates and times, pages viewed, features used, crash reports. 
  • Usage Data: Information about how you interact with our Services, including clickstream data, search queries, content interactions, referral URLs, and duration of visits. 
  • Location Data: General geographic location inferred from your IP address or, with your consent, precise geolocation data from your mobile device. 
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see Section 12). 

3. Purposes for Processing Personal Data 

We process your personal data for the following lawful purposes, in accordance with Section 5 of the DPDP Act: 

  • To Provide and Maintain the Services: To create and manage your account, provide access to features, process subscriptions, and deliver the core functionality of our website and application. 
  • To Improve and Personalize Services: To understand usage patterns, conduct analytics, diagnose technical issues, and enhance the functionality, performance, and user experience of our Services. 
  • Customer Support and Communication: To respond to your inquiries, provide technical support, send important service-related notifications, and manage our relationship with you. 
  • Marketing and Promotion (with consent): To send you marketing communications, newsletters, and promotional offers about our Services or third-party products/services that may interest you, where you have provided explicit consent. 
  • Analytics and Research: To perform internal research, statistical analysis, and generate aggregated, anonymized data for business intelligence and product development. 
  • Security and Fraud Prevention: To detect, prevent, and investigate fraudulent, unauthorized, or illegal activities, and to ensure the security and integrity of our Services. 
  • Compliance with Legal Obligations: To comply with applicable Indian laws, regulations, legal processes, government requests, and enforce our terms and conditions. 
  • Personalization and Advertising: To personalize your experience, including content recommendations and displaying tailored advertisements based on your interests and usage, where permitted by law and with your consent. 
  • Business Operations: For internal management, auditing, and other legitimate business purposes. 

4. Lawful Bases for Processing 

Under Indian law (DPDP Act) and in alignment with international standards like GDPR, our legal bases for processing your personal data include: 

  • Consent: We primarily rely on your explicit, free, specific, informed, unconditional, and unambiguous consent for processing your personal data, especially for purposes like marketing communications, processing sensitive personal data (if any), and certain non-essential data collection. You have the right to withdraw your consent at any time (see Section 6). 
  • Legitimate Uses: Processing is necessary for certain “legitimate uses” as permitted under the DPDP Act, which include:  
  • For the performance of any function or fulfilling any obligation under any law by government authorities. 
  • For compliance with any judgment, order, or decree issued under any law. 
  • For responding to a medical emergency involving a threat to the life or immediate threat6 to the health of the Data Principal or any other individual. 
  • For taking measures to provide medical treatment or health service to any individual during an epidemic, outbreak of disease, or any other threat to public health. 
  • For taking measures to ensure the safety of, or provide assistance or services to any individual during any disaster, or any breakdown of public order. 
  • Where you have voluntarily provided your personal data to us and have not indicated that you do not consent to its use. 
  • For employment-related purposes (if this policy also covers employee data). 
  • For public interest purposes. 
  • Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject under Indian law or other applicable laws. 
  • Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (e.g., to provide the Services you have requested). 

5. Disclosure of Personal Data 

We may share your personal data with the following categories of third parties, strictly under lawful contractual terms and for the purposes outlined in this Policy: 

(a) Service Providers: 

We engage trusted third-party service providers who assist us in operating our Services, conducting our business, or serving our users. These providers are bound by strict contractual obligations to protect your data and only process it according to our instructions and applicable laws. Examples include: 

  • Hosting and Infrastructure: [e.g., Microsoft Azure, Amazon Web Services (AWS), Google Cloud] 
  • Analytics and Marketing Tools: [e.g., Google Analytics, Facebook Pixel, Amplitude, Branch Metrics] 
  • Email and Communication Services: [e.g., ActiveCampaign, Mailchimp, FreshDesk] 
  • Payment Processors: [e.g., Razorpay, PayPal, Stripe, SolidGate – Note: We typically do not store full payment card details on our servers; these are handled directly by the payment gateway providers.] 
  • Advertising Partners: [e.g., Google Ads, Facebook Ads, TikTok Ads – for personalized ads where you have consented] 
  • Customer Support Platforms: [e.g., Zendesk, FreshDesk] 

(b) Legal10 and Government Authorities: 

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order, government audit, or legal process) under Indian law or other applicable jurisdictions.11 This includes disclosures necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request. 

(c) Business Transfers/Corporate Transactions: 

In the event of a merger, acquisition, sale of all or a portion of our assets, or other corporate restructuring, your personal data may be transferred to the acquiring entity or successor in interest. We will notify you of any such transfer and ensure that your data remains protected in accordance with this Policy. 

(d) Affiliates: 

We may share your personal data with our parent company, subsidiaries, and affiliates for business and operational purposes, provided they adhere to this Privacy Policy. 

(e) With Your Consent: 

We may share your personal data with other third parties when you have provided us with explicit consent to do so. 

6. User Rights under Indian Law (Data Principal Rights) 

As a Data Principal under the DPDP Act, you have significant rights regarding your personal data. We are committed to facilitating the exercise of these rights: 

  • Right to Access Information: You have the right to request a summary of your personal data we hold and information about our processing activities, including the categories of data collected, the purposes of processing, and the categories of recipients to whom the data has been or will be disclosed. 
  • Right to Correction/Rectification: You have the right to request the correction or update of inaccurate or incomplete personal data we hold about you. 
  • Right to Erasure/Deletion: You have the right to request13 the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw your consent and there is no other lawful basis for processing. This right is subject to legal obligations requiring us to retain data for specific periods (e.g., tax, legal disputes). 
  • Right to Consent Withdrawal: You have the right to withdraw your consent for the processing of your personal data at any time, where consent is the lawful basis for processing. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. 
  • Right to Grievance Redressal: You have the right to file a complaint to our Grievance Officer (detailed below) regarding any alleged breach of your rights or concerns about our data processing practices. If you are not satisfied with our response, you have the right to escalate the matter to the Data Protection Board of India. 

How to Exercise Your Rights: 

To exercise any of these rights, please submit a request to our Grievance Officer via email at: Mayuri.Abdal@Aupersoln.com. We will respond to your request within the legally mandated timeframe. We may need to verify your identity before processing your request to ensure the security of your data. 

7. Age Restriction (Children’s Personal Data) 

Our Services are not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children under 16. 

If we become aware that we have collected personal data from a child under 16 without verifiable parental consent (as will be prescribed by the DPDP Rules), we will take steps to delete that information promptly. 

If you are a parent or guardian and believe your child under 16 has provided us with personal data, please contact us immediately at Support@refleckto.com. We are committed to complying with specific provisions of the DPDP Act related to children’s data, including the prohibition on tracking, behavioral monitoring, or targeted advertising directed at children. 

8. International Data Transfers 

Your personal data may be stored and processed in countries outside India, including the European Economic Area (EEA) or the United States, where our service providers or servers are located. 

When we transfer your personal data outside India, we will ensure that such transfers comply with the DPDP Act and other applicable data protection laws. This includes ensuring that: 

  • The destination country offers an equivalent level of data protection as prescribed by the Indian government (if and when such a list is published). 
  • Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by relevant authorities, or other legally recognized mechanisms, to ensure the protection of your personal data. 
  • Data is transferred only to trusted third parties for lawful purposes and under strict confidentiality17 and security obligations. 

9. Data Retention 

We retain your personal data only18 for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

The retention period for various types of personal data depends on the purpose of collection and our legal obligations. For example: 

  • Account Data: Retained for as long as your account is active and for a reasonable period thereafter to facilitate re-engagement or comply with legal obligations. 
  • Transaction Data: Retained for periods required by tax and accounting laws in India. 
  • Consent Records: Retained to demonstrate our compliance with the DPDP Act. 
  • Analytics Data: Often anonymized or aggregated, but if identifiable, retained only for as long as necessary for analytical purposes. 

Once your personal data is no longer required for the specified purposes, or when you withdraw your consent (unless legal retention is mandated), we will securely delete or anonymize it in a manner that prevents its re-identification.19 

10. Security Measures 

We implement robust, industry-standard technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, loss, or destruction. These measures include: 

  • Encryption: Using end-to-end encryption (e.g., SSL/TLS) for data in transit and encryption at rest for sensitive data where appropriate. 
  • Access Controls: Implementing strict access control policies and role-based permissions to limit access to personal data only to authorized personnel who have a legitimate business need. 
  • Data Minimization: Collecting and processing only the personal data that is necessary for the stated purposes. 
  • Regular Security Audits: Conducting periodic security assessments, vulnerability scanning, and penetration testing to identify and address potential weaknesses. 
  • Incident Response Plan: Maintaining a comprehensive data breach response plan to promptly detect, investigate, and notify relevant authorities and affected Data Principals in the event of a data breach, in accordance with DPDP Act requirements (within 72 hours to the Data Protection Board of India and affected Data Principals). 
  • Employee Training: Providing regular data privacy and security training to our employees to ensure they understand their responsibilities in protecting personal data. 
  • Physical Security: Implementing physical security measures to protect our data centers and infrastructure. 

11. Grievance Redressal Mechanism 

As per the DPDP Act, we have designated a Grievance Officer to address any concerns or complaints you may have regarding the processing of your personal data. 

Grievance Officer Name: Mayuri Abdal 

Email: Mayuri.abdal@supersoln.com  

Response Time: We will acknowledge your grievance and respond to it within seven (7) days from the date of receipt, as mandated by the DPDP Act. We will strive to resolve your complaint promptly and effectively. 

Escalation: If you are not satisfied with our resolution, or if you do not receive a response within the stipulated time, you have the right to file a complaint with the Data Protection Board of India

12. Cookies and Tracking Technologies 

We use cookies and similar tracking technologies (e.g., web beacons, pixels) on our website and application to enhance your user experience, analyze usage patterns, manage preferences, and deliver personalized content and advertisements. 

  • What are Cookies? Cookies are small text files stored on your device that uniquely identify your browser or device. 
  • How We Use Them:  
  • Essential Cookies: Necessary for the operation of our Services (e.g., login authentication, security). 
  • Performance/Analytics Cookies: Help us understand how users interact with our Services, identify popular content, and improve performance (e.g., Google Analytics). 
  • Functionality Cookies: Remember your preferences and choices to provide a more personalized experience. 
  • Advertising Cookies: Used to deliver relevant advertisements to you based on your interests and Browse behavior. 
  • Your Choices: Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies, delete cookies, or be notified when a cookie is set. Please note that disabling certain cookies may affect the functionality and your experience of our Services. 
  • Consent: We will obtain your explicit consent for the use of non-essential cookies through a clear consent banner or pop-up when you first visit our website or use our application. You will have the option to accept or decline cookies, and to manage your preferences. 

13. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Updated” date at the top of this Policy indicates when it was last revised. 

We will notify you of any material changes to this Policy by posting the updated Policy on our website and/or through in-app notifications or email, at least 3 days before the changes become effective. Your continued use of our Services after the effective date of the revised Policy constitutes your acceptance of the updated terms. 

14. Contact Information 

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: 

Dhage Industries Private Limited, 

Registered Address, H. NO. 198/4, AT Warkhed, Post Hadgaon, Pathri, Parbhani, Maharashtra, 431506, India. 

Email: Privacy Contact Email, Support@refleckto.com 

Important Note on Compliance: 

This policy is designed to be compliant with: 

  • India’s Digital Personal Data Protection Act, 2023 (DPDP Act): Addresses core principles, consent, Data Fiduciary and Data Principal rights and obligations, grievance redressal, and cross-border transfers. 
  • EU’s General Data Protection Regulation (GDPR): Includes provisions for lawful bases, data subject rights (e.g., right to access, rectification, erasure), data security, and international data transfers for users in the EEA. 
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): Incorporates principles of transparency, consumer rights (e.g., right to know, delete, opt-out of sale/sharing), and specific disclosures for California residents, where applicable based on the thresholds defined in CCPA/CPRA.