Privacy Policy

Section 01

Introduction

NirmaanTrak ("we", "our", or "us") is committed to protecting the privacy of contractors, site managers, clients, and all users of our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the NirmaanTrak web application and related services (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please discontinue use of the Service.

Jurisdiction: NirmaanTrak is operated by NirmaanTrak Technologies Private Limited, a company incorporated under the laws of India. This policy is governed by the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Section 02

Information We Collect

Account & Profile Information

When you register for an account, we collect:

Full name, email address, and phone number
Business name and GST/PAN number (for contractor accounts)
Profile photo (optional)
Password (stored as a one-way hash — we never store plain-text passwords)

Project & Operational Data

As you use NirmaanTrak to manage your projects, we store:

Project details: name, location, start/end dates, milestones, and budget
Worker records: names, roles, wage rates, and attendance logs
Payment and invoicing records linked to projects
Site update photos and videos uploaded by you or your team
Client communication logs and notes

Usage & Device Data

We automatically collect certain technical information when you use the Service:

IP address, browser type and version, operating system
Pages visited, features accessed, and time spent on each page
Device identifiers and mobile network information (for app users)
Crash reports and performance diagnostics

Payment Information

All payment processing is handled by PCI-DSS compliant third-party payment gateways (Razorpay/Stripe). We do not store full card numbers or banking credentials. We retain only transaction IDs and payment status for record-keeping.

Section 03

How We Use Your Information

We use the information we collect for the following purposes:

To provide the Service: Create and manage your account, enable project management, attendance tracking, payroll, invoicing, and client collaboration features.
To process payments: Facilitate subscription billing and in-platform financial transactions.
To improve the Service: Analyse usage patterns to enhance features, fix bugs, and develop new capabilities.
To communicate with you: Send service-related notifications, product updates, security alerts, and support responses.
To ensure security: Monitor for fraudulent activity, enforce our Terms & Conditions, and protect the integrity of our platform.
To comply with law: Respond to lawful requests from government authorities and fulfil our obligations under applicable Indian law.

We do not sell your personal data to third parties, and we do not use your project or worker data to train AI models without explicit consent.

Section 04

Data Sharing

We share your information only in the following limited circumstances:

Service Providers

We engage trusted third-party vendors to operate our infrastructure, including cloud hosting (AWS/GCP), email delivery (SendGrid), payment processing (Razorpay), and analytics (Google Analytics, Mixpanel). These providers access only the data necessary to perform their functions and are contractually bound to keep it confidential.

Within Your Organisation

Data shared within your NirmaanTrak organisation (e.g., project details visible to your added clients or sub-contractors) is visible based on the role-based permissions you configure. You control who sees what within your account.

Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect our legal rights or prevent imminent harm.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

Section 05

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

Account and profile data is retained for the duration of your subscription plus 90 days after account closure, to allow re-activation.
Project, attendance, and financial records are retained for 7 years to comply with Indian accounting and tax laws.
Uploaded media (photos, videos) are retained while your account is active; you may delete them at any time.
Usage logs and analytics data are retained for up to 24 months.

After the applicable retention period, data is securely deleted or anonymised.

Section 06

Security

We implement industry-standard technical and organisational measures to protect your information:

All data in transit is encrypted using TLS 1.2 or higher
Data at rest is encrypted using AES-256
Passwords are hashed using bcrypt with a per-user salt
Access to production systems is restricted to authorised personnel with multi-factor authentication
We conduct regular security audits and penetration testing

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Section 07

Your Rights

Under applicable Indian law, and as a matter of our policy, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to our legal retention obligations.
Portability: Request your project and account data in a machine-readable format (CSV/JSON).
Withdrawal of Consent: Withdraw consent for marketing communications at any time via account settings or by emailing us.
Grievance Redressal: Lodge a complaint with our designated Grievance Officer (details in the Contact section below).

To exercise any of these rights, please contact us at privacy@nirmaantrak.com. We will respond within 30 days.

Section 08

Cookies

We use cookies and similar tracking technologies to operate the Service and improve your experience. Please refer to our Cookies Policy for a detailed explanation of the types of cookies we use, their purpose, and how to manage your cookie preferences.

Section 09

Children's Privacy

NirmaanTrak is intended for use by business professionals aged 18 and above. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided us with personal data, we will take steps to delete such information promptly. If you believe a minor has used our Service, please contact us immediately at privacy@nirmaantrak.com.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Send an email notification to your registered email address
Display a prominent notice within the NirmaanTrak dashboard for at least 14 days

Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

Section 11

Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy, please contact our Grievance Officer:

Grievance Officer

NirmaanTrak Technologies Private Limited
Email: privacy@nirmaantrak.com
For general queries: Contact Us

We endeavour to respond to all legitimate privacy requests within 30 days of receipt.