Privacy Policy

Inventlix Inventory Management Apps - Privacy Policy

1. Who we are

Inventlix Digital Labs (OPC) Pvt Ltd (\"Inventlix\", \"we\") is the data fiduciary for personal data processed through our inventory management applications—the office hardware inventory product and asset visibility tools (the \"Apps\"). Our registered office is in Noida, Uttar Pradesh, India.

This Policy applies to personal data we process about: (a) users of the Apps (your employees and Authorized Users), (b) visitors to inventlix.com, and (c) prospective customers who contact us.

2. Roles

When an organization uses the Apps to manage its own assets and employees, that organization is the data fiduciary for the personal data of its users, and Inventlix acts as a data processor on its behalf. For our website visitors and direct prospects, Inventlix is the data fiduciary.

3. Information we collect

• Account data: name, work email, role, organization, and password hash for Authorized Users.
• Asset and assignment data: device identifiers, serial numbers, locations, and the names/emails/IDs of the employees an asset is assigned to. This is provided by the customer organization.
• Usage data: pages viewed, actions performed, timestamps, browser type, IP address, and approximate location derived from IP.
• Communications: messages you send via the contact form, support tickets, or email, including any attachments.
• Billing data: company name, billing address, GSTIN, and payment status. We do not store full card numbers; payments are handled by our payment processors.
• Cookies and similar technologies: see Section 8.

4. How we use information

• Provide and maintain the Apps, including authentication, asset tracking, audit logs, and reports.
• Provide customer support and respond to inquiries.
• Bill customers and manage subscriptions.
• Monitor for fraud, abuse, and security incidents.
• Improve the Apps through aggregated analytics; we do not use identifiable Customer Data for product training without instructions from the customer.
• Comply with legal obligations and enforce our Terms.

5. Legal basis for processing

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws, we process personal data based on:

• Consent — for direct marketing communications and optional cookies.
• Legitimate uses — to deliver the Apps you requested, perform contracts, and provide security.
• Legal obligation — to comply with tax, accounting, and regulatory requirements.

6. Sharing and disclosure

We do not sell personal data. We share it only with:

• Sub-processors: cloud hosting, email delivery, contact-form processing (Formspree), analytics, and payment processors—bound by written terms requiring confidentiality and appropriate security.
• Your organization: if you use the Apps through an employer, administrators in your organization may access your account and activity records.
• Authorities: where required by law, court order, or to protect rights, safety, or property.
• Successors: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

7. Data retention

We retain personal data for as long as your account is active or as needed to provide the Apps. After termination, Customer Data is available for export for 30 days and then deleted from active systems; backups follow a rolling deletion schedule typically completed within 90 days. Records required for tax or legal compliance may be kept longer, as mandated by law.

8. Cookies and analytics

We use a small number of cookies and similar technologies to keep you signed in, remember preferences, and understand aggregate usage. You can disable non-essential cookies through your browser; essential cookies are required for the Apps to function.

9. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal data, including encryption in transit, access controls, audit logging, and regular review of vendors. No system is perfectly secure; if we become aware of a personal data breach affecting you, we will notify you and the Data Protection Board of India as required by law.

10. Your rights

Subject to applicable law, you have the right to:

• Access a summary of personal data we process about you.
• Request correction or erasure of inaccurate or unnecessary data.
• Withdraw consent where processing is based on consent.
• Nominate another person to exercise your rights in the event of incapacity or death.
• Lodge a grievance with us (Section 13) or with the Data Protection Board of India.

If you are using the Apps through your employer, please direct access and deletion requests to your employer first—we will support them in responding.

11. International transfers

The Apps are primarily hosted in India. Where personal data is transferred outside India for processing (for example, when using a global sub-processor), we rely on contractual safeguards and only transfer to countries not restricted by the Government of India under the DPDP Act.

12. Children

The Apps are intended for business use and are not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will delete it.

13. Grievance Officer and contact

14. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by email or in-app notice. The effective date at the top of this Policy will reflect the latest revision.