1. Introduction

iFleetify Technologies LLP ("we", "us", "our", or "Company"), a Limited Liability Partnership registered in Ahmedabad, Gujarat, India (CIN: ACD-6633), respects your privacy and complies with:

• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Digital Personal Data Protection Act, 2023 (DPDP)

This policy applies to all users of the iLogitix - Built for Modern Logistics (the "Service"), including tenants, administrators, employees, and end users.

By using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, you must not use the Service.

2. Data We Collect

2.1 Personal Data

• Name, email address, phone number
• Login credentials (username, password)
• Role & permissions within the platform
• Profile information and preferences

2.2 Business Data

As a logistics management platform, we process:

• Booking & LR Data: LR (Lorry Receipt) numbers, booking details, consignor/consignee information
• Transaction Data: Invoice amounts, payment records, GST details, billing accounts
• Logistics Data: Origin/destination addresses, pincodes, vehicle numbers, driver information
• Delivery Data: Delivery status, POD (Proof of Delivery), OTP verification records, delivery location
• Customer Data: Customer billing accounts, credit limits, customer contact information

2.3 Technical Data

• IP address and location data
• Browser & device information
• Logs & API activity
• Usage patterns & analytics
• Cookies and tracking technologies

3. Purpose of Processing

We process your data for the following purposes:

3.1 Service Delivery

• Managing booking and LR lifecycle
• Tracking deliveries and generating POD
• OTP verification for secure deliveries
• Route optimization and dispatch management
• Invoice generation with GST compliance
• Payment tracking and reconciliation

3.2 Account Management

• User authentication and authorization
• Role-based access control
• Account administration and support
• Communication regarding service updates

3.3 Financial Operations

• Billing & payment processing
• Invoice generation and GST compliance
• Credit limit management
• Financial reporting and analytics

3.4 Compliance & Security

• GST/E-Invoice compliance and reporting
• Audit trails for logistics transactions
• Security monitoring and fraud prevention
• Regulatory reporting (if required)
• Legal compliance with applicable laws

3.5 Service Improvement

• Analytics and usage patterns
• Platform optimization and enhancements
• Customer support and troubleshooting

4. Data Fiduciary & Processor Roles

You confirm that you have obtained lawful consent from all data principals (your customers, employees, vendors) whose data is processed through the Service, in accordance with applicable data protection laws including the DPDP Act, 2023.

As Data Processor, we process data solely for the purposes specified in this Privacy Policy and as instructed by you (Data Fiduciary).

5. Customer & Third-Party Data (Data Fiduciary Responsibilities)

As a logistics platform, you (Tenant) collect and process data about your customers (consignors, consignees, drivers, etc.). Important responsibilities:

5.1 Your Responsibilities as Data Fiduciary

• Obtain lawful consent from customers before collecting/processing their data
• Inform customers about data processing and purposes
• Handle customer data requests (access, correction, deletion, etc.)
• Comply with DPDP Act requirements for your customers' data
• Respond to customer privacy complaints
• Ensure data accuracy and completeness
• Implement appropriate security measures for data you collect

5.2 Our Role as Data Processor

• Process data only as instructed by you (Data Fiduciary)
• Assist with data subject requests (subject to fees for complex requests)
• Maintain reasonable security measures
• Notify you of data breaches affecting your data
• Comply with data processing agreements

6. Data Security & Breach Response

We implement reasonable technical and organizational safeguards to protect your data, including:

• Encryption in transit (HTTPS/TLS) and at rest
• Access controls & multi-factor authentication
• Regular security audits and assessments
• Secure data centers with physical security
• Backup & disaster recovery procedures
• Network security and firewall protection
• Employee training on data security

6.1 Breach Notification Timeline

• Affected tenants notified within 72 hours of discovery
• Regulatory authorities notified per legal requirements (DPDP Act)
• Data principals (your customers) notified by you (as Data Fiduciary)
• We will provide breach details to assist your notifications

7. Data Sharing

We do NOT sell your data to third parties.

Data may be shared with the following categories of service providers:

7.1 Communication Services

• SMS Providers: Twilio, MSG91, TextLocal, AWS SNS
• WhatsApp Services: Twilio WhatsApp, WhatsApp Business API, Gupshup
• Purpose: Delivery notifications, OTP delivery, customer communications
• Data Shared: Recipient phone numbers, message content

7.2 Financial & Compliance Services

• Payment Gateways: For subscription and transaction processing
• E-Invoice Services: For GST-compliant invoice generation and IRN creation
• Data Shared: Transaction amounts, invoice data, GST details (transactional data only)

7.3 Cloud Infrastructure

• Hosting Providers: AWS, Azure, or other cloud service providers
• Purpose: Data storage, hosting, and infrastructure
• Data Shared: All platform data (subject to data processing agreements)

7.4 Legal & Regulatory

• Legal Authorities: When required by law, court orders, or government requests
• Regulatory Bodies: For compliance with applicable regulations

7.5 Business Transfers

• In case of merger, acquisition, or sale of assets
• Data transfer subject to successor entity's privacy policy (with opt-out rights where applicable)

All third parties are contractually bound to maintain confidentiality and use data only for specified purposes. We require third parties to implement appropriate security measures.

8. Data Retention & Deletion

8.1 Active Accounts

• All transaction data retained while account is active
• Historical LR/booking data: Indefinitely (or as per your subscription plan)
• Invoice/financial data: 7 years minimum (per GST requirements)
• User accounts: Retained while active

8.2 Terminated Accounts

• Booking/LR data: 90 days post-termination
• Invoice/financial data: 7 years (legal requirement for GST compliance)
• User accounts: 30 days
• Audit logs: 90-365 days depending on log type
• Backups: Deleted after 90 days

8.3 Compliance Retention

• GST invoices: 7 years minimum (as per Indian tax laws)
• Financial records: As per Indian tax laws and regulations
• Audit trails: 90-365 days depending on log type
• Security logs: 90-180 days

You are responsible for exporting your data before account termination. We are not obligated to retain data beyond the retention periods stated herein. After retention period expires, data will be permanently deleted and cannot be recovered.

9. Your Rights (DPDP Act, 2023)

As a data principal, you have the following rights:

9.1 Right to Access

Request a copy of your personal data that we process. We will provide data in a structured, commonly used format.

9.2 Right to Correction

Request correction of inaccurate or incomplete personal data. You can update most data through the Service interface.

9.3 Right to Deletion

Request deletion of personal data, subject to legal retention requirements (e.g., GST invoices must be retained for 7 years). Deletion may affect service availability.

9.4 Right to Withdrawal of Consent

Withdraw consent for data processing. Withdrawal may affect service availability as certain data processing is necessary for service delivery.

9.5 Right to Grievance Redressal

File complaints with us or the Data Protection Board (DPB) if you believe your data rights have been violated.

9.6 Exercising Your Rights

To exercise these rights, contact us at info@ilogitix.com or info@ifleetify.com. We will respond within 30 days as required by the DPDP Act, 2023.

Note: For data that you (Tenant) collect about your customers, you (as Data Fiduciary) are responsible for handling their data subject requests. We will assist you as Data Processor.

10. Third-Party Integrations

The Service may integrate with third-party services for enhanced functionality:

• Payment gateways for transaction processing
• SMS/WhatsApp providers for notifications
• E-Invoice services for GST compliance
• Mapping services for location features

We are not responsible for third-party privacy practices. Your use of integrated third-party services is subject to their privacy policies. Please review third-party privacy policies before using integrated services.

Third-party services may collect and process data independently. We recommend reviewing their privacy policies.

11. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Maintain session state & authentication
• Remember preferences & settings
• Analyze usage patterns and improve service
• Ensure security and prevent fraud

You can control cookies through your browser settings, but disabling cookies may affect service functionality (e.g., you may need to log in more frequently).

We do not use cookies for advertising or tracking across other websites.

12. International Data Transfers

Your data may be stored or processed on servers located outside India (e.g., AWS data centers in various regions). We ensure that:

• International data transfers comply with applicable data protection laws
• Adequate safeguards are in place (Standard Contractual Clauses, etc.)
• Data is protected with same security standards regardless of location

You consent to international transfer for service delivery. You have the right to request data localization (subject to feasibility and fees). Third-party integrations (SMS/WhatsApp) may process data internationally.

13. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

14. Data Processing for Logistics Operations

As a logistics management platform, the Service processes data related to logistics operations:

14.1 Shipping & Delivery Data

• Consignor and consignee information (names, addresses, contact details)
• Origin and destination locations
• Shipment contents and values
• Delivery status and tracking information
• POD (Proof of Delivery) and delivery confirmations

14.2 Vehicle & Driver Data

• Vehicle registration numbers
• Driver names and contact information
• Vehicle tracking data (if GPS enabled)

14.3 Financial & Billing Data

• Invoice amounts and payment records
• GST details and tax calculations
• Credit limits and billing accounts
• Payment transaction history

You (Tenant) are responsible for obtaining proper consent from consignors, consignees, drivers, and other parties whose data is processed through the Service.

15. Updates to Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service features. Material changes will be notified via:

• Email to registered email address
• In-service notifications
• Updated policy posted on website with updated "Last Updated" date

Continued use of the Service after changes constitutes acceptance of the updated policy. If you disagree with changes, you must stop using the Service and terminate your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we process your data.

16. Contact Information

For privacy-related inquiries, complaints, or to exercise your rights, contact:

Grievance Officer: For data protection related grievances, contact the Data Protection Officer at the above address or email.