1. Legal Basis and Applicability

This Privacy Policy is governed by:

• Digital Personal Data Protection Act (DPDP Act), 2023
• Information Technology Act, 2000, including Section 43A and SPDI Rules

SafePrint acts as a Data Fiduciary, responsible for determining the purpose and means of processing personal data.

2. Information We Collect

From Users:

• Full Name
• Email Address
• Mobile Number
• Password

From Print Service Providers (PSPs):

• All of the above, plus:
• Shop or Center Name

Document Data:

• Uploaded documents are temporarily stored and auto-compressed to 5 MB if larger.
• Metadata such as file type, size, and timestamp may be collected.

3. Purpose of Data Collection

We collect and process data to:

• Authenticate and manage user accounts
• Facilitate secure document transfer
• Notify PSPs of incoming print jobs
• Improve app functionality and user experience

We do not use personal data for profiling, behavioral monitoring, or advertising.

4. Data Retention and Deletion

• Documents are retained for 1 hour only, after which they are automatically deleted.
• Personal data is retained only as long as necessary to fulfill the purpose or until the user withdraws consent.
• PSPs and processors must delete data once the purpose is served.

5. User Rights

Users have the right to:

• Access and correct their personal data
• Withdraw consent at any time
• Request deletion of their data
• File complaints with the Data Protection Board of India if rights are violated

6. Data Security Measures

6.1 Encryption and Secure Transmission

• All data exchanged between devices and servers is encrypted using TLS
• Documents are encrypted both in transit and at rest

6.2 Secure Storage and Access Controls

• Documents are stored temporarily on secure servers with restricted access
• Each document is timestamped and auto-deleted after 1 hour
• PSPs can only access documents specifically sent to them

6.3 Password Protection and Authentication

• Passwords are stored using strong hashing algorithms
• Future updates may include multi-factor authentication (MFA)

6.4 Role-Based Access Control (RBAC)

• Access to backend systems is restricted based on RBAC
• PSPs have limited access to user data

6.5 Regular Security Audits

• Periodic security audits and vulnerability assessments are conducted
• Systems are continuously monitored for suspicious activity

6.6 Legal Compliance

• We comply with reasonable security practices as required under Section 43A of the IT Act
• In case of a data breach, affected users and the Data Protection Board of India will be notified

6.7 Third-Party Security

• Third-party service providers are vetted for compliance
• Data shared with third parties is governed by strict data processing agreements

7. Consent and Transparency

• Explicit and informed consent is obtained from users and PSPs at sign-up
• Users are informed about:
  • What data is collected
  • Why it is collected
  • How it will be used and stored
• Consent notices are provided in clear, simple language and available in English and other Indian languages

8. Disclosure and Third Parties

We do not sell or rent personal data. Data may be shared:

• With PSPs for service fulfillment
• With trusted service providers under confidentiality agreements
• With authorities, if required by law

9. Children's Privacy

• SafePrint is not intended for children under 13
• We do not knowingly collect data from minors
• For users under 18, parental consent is required

10. Updates to This Policy

• This policy may be updated to reflect legal or operational changes
• Updates will be notified via the app or email

11. Contact Us

For any questions, concerns, or complaints, please contact:

Email: safeprintapp@gmail.com