Privacy Policy

1. Introduction

NilamFlow ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our service. It is governed by the laws of India, in particular the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000, and the rules made thereunder. By using the service, you acknowledge that you have read and understood this Policy.

2. Information We Collect

We collect the following categories of information:

• Account data — name, email address, password (hashed)
• Farm & business data — farm details, employee records, harvest data, payroll and inventory information you enter
• Payment data — billing details processed by Razorpay (we do not store full card numbers)
• Usage data — log-in times, features used, IP address, browser and device information
• Communications — messages you send to support

3. Legal Basis for Processing

We process your personal data under the following legal bases, consistent with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 (India):

• Consent — you have given explicit consent by accepting these terms at registration
• Contract performance — processing is necessary to provide the service you subscribed to
• Legitimate uses — improving the platform, ensuring security, and preventing fraud
• Legal obligation — when required by applicable Indian law or a court/government order

You may withdraw consent at any time by contacting us, subject to any legal obligation requiring continued retention.

4. How We Use Your Information

• Provide and improve the NilamFlow service
• Process payments and manage subscriptions
• Send service-related communications (receipts, alerts, updates)
• Respond to support requests
• Ensure platform security and prevent fraud
• Comply with legal obligations

5. Data Sharing

We do not sell, rent, or trade your personal data. We may share data with:

• Payment processors (Razorpay) — to process subscription payments securely
• Infrastructure providers — hosting and email delivery providers under strict data processing agreements
• Legal authorities — when required by law, court order, or to protect rights and safety

Any third parties we engage are bound by confidentiality obligations and may only use your data to perform services on our behalf.

6. International Data Transfers

Your data is primarily stored and processed in India. Where data is transferred to servers or service providers outside India (for example, cloud infrastructure or payment processors), such transfers are made only to countries notified as permissible under the DPDP Act, 2023, or under contractual safeguards that ensure an equivalent level of protection. Razorpay, our payment processor, processes payment data in India and may transfer data to other jurisdictions under their own published data transfer mechanisms and applicable Indian regulations.

7. Data Storage & Security

Your data is stored on secure servers with industry-standard protections including encryption in transit (HTTPS/TLS), encryption at rest, access controls, and regular security reviews. Each farm's data is logically isolated — users can only access data belonging to farms they are authorised for. In the event of a personal data breach, we will notify affected users and report to the Data Protection Board of India within the timelines prescribed under the DPDP Act, 2023, and to CERT-In as required under the IT Act, 2000.

8. Cookies

We use session cookies essential for authentication and platform functionality. We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may affect your ability to use the service.

9. Your Rights (Data Principal Rights)

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights as a Data Principal:

• Right to access — request a summary of the personal data we process and the purposes of processing
• Right to correction and erasure — request correction of inaccurate or incomplete data, or deletion of data we no longer have a lawful basis to retain
• Right to grievance redressal — raise a complaint with us; if unsatisfied, escalate to the Data Protection Board of India
• Right to withdraw consent — withdraw your consent to processing at any time (this will not affect the lawfulness of prior processing)
• Right to nominate — nominate another individual to exercise your rights in the event of death or incapacity
• Data portability — receive your farm data in a machine-readable format via the in-app export tool

To exercise any of these rights, contact us at support@nilamflow.com . We will respond within 72 hours and resolve within 30 days as required under the DPDP Act.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Upon account deletion, we remove your personal data within 30 days, except where retention is required by applicable law (e.g. financial records).

11. Children's Privacy

NilamFlow is not intended for individuals under 18 years of age. Under the DPDP Act, 2023, we are required to obtain verifiable parental consent before processing personal data of children (persons under 18). We do not knowingly collect personal data from minors without such consent. If you believe a minor has provided us with personal data without appropriate consent, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes take effect constitutes acceptance.

13. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in India.

14. Contact & Grievance Officer

For privacy-related questions, complaints, or to exercise your rights, contact our Grievance Officer at:

Shaz Web Solutions
Operating NilamFlow
Email: support@nilamflow.com

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once it is constituted under the DPDP Act, 2023.