Privacy Policy

1) Scope & Who This Applies To

• Visitors to our website and landing pages.
• Leads/Clients who contact us for proposals or use our IT & SaaS services.
• End Users who use our clients' apps or sites built/hosted by us (where we act as a processor on behalf of a client/controller).

This policy covers personal data we process as controller (our own website, marketing, billing) and as processor (client project data handled under contract).

2) Key Definitions

Personal Data / Personal Information:

Any data that identifies or can reasonably identify a person.

Controller / Data Fiduciary (India):

Entity deciding the purposes and means of processing (e.g., you as our client for your customer data).

Processor / Data Processor:

Entity processing data on behalf of a controller (e.g., Fragmasoft when handling your customer data for development or hosting).

Sensitive Personal Data:

As defined by applicable laws (e.g., financial, health, biometric).

Applicable Law:

India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), Indian IT Act & Rules, and where relevant, GDPR and other local laws based on your location.

3) What We Collect

We may collect the following categories (depending on your interaction with us):

A. Directly from you

• Identity & contact: name, email, phone, company, role, address.
• Project data: product documents, images, copy, credentials you provide for integration/testing (we recommend limited, revocable test credentials).
• Billing: GST details, billing address, partial payment info (we use external payment processors; we don't store full card details).
• Communications: emails, WhatsApp/business messages, support tickets, call summaries.

B. Automatically (when you visit our website or apps)

• Device & usage: IP address, device identifiers, browser type, pages visited, timestamps, referrers.
• Cookies/SDKs: explained in §9.

C. From third parties

• Analytics and advertising partners (aggregated metrics).
• Identity or OAuth providers if you sign in via SSO/social login.
• Public sources (business listings) for lead qualification.

Children: Our services are intended for adults/businesses. We do not knowingly collect data from children under the age required by law. If you believe a child provided data, contact us immediately (§16).

4) Why We Process Data (Purposes) & Legal Bases

A. As Controller (our website & operations)

• Respond to inquiries, proposals, and demos.
• Deliver services and support; invoicing and accounting.
• Improve our website, security, and user experience.
• Communicate service updates, legal notices, and (with consent where required) marketing.

Legal bases: Consent; performance of contract; legitimate interests (service quality, security); compliance with legal obligations.

B. As Processor (for client projects/SaaS)

• Build, host, maintain, and support client websites/apps.
• Process end-user data strictly under client instructions (including storage, logs, troubleshooting).

Legal bases: We act on the controller/client's instruction; the client is responsible for obtaining lawful basis and user notices/consents.

5) Temporary Project Storage & Deletion

For project engagements, we operate on a minimum data, temporary storage principle:

• We collect only what's necessary to deliver the agreed scope.
• Upon project completion, we retain project data for [X] days for support/defect fixes (default: 30–90 days) unless otherwise agreed.
• Data deletion: On client request or after retention lapses, we securely delete or return the data and purge backups as contractually specified.

6) Data Sharing & Transfers

We do not sell personal data. We may share with:

• Service providers/sub-processors: hosting (e.g., AWS, Vercel), storage/CDN (e.g., S3/CloudFront), email/SMS/WhatsApp gateways, analytics (e.g., Google Analytics), CI/CD and error monitoring tools, payment processors (e.g., Razorpay/Stripe).
• Professional advisors: auditors, accountants, legal counsel.
• Authorities: when required by law, court orders, or to protect rights/safety.
• Corporate transactions: during mergers, acquisitions, or asset transfers (with continued protections).

Cross-border transfers: Some providers may process data outside India (e.g., EU/US). We implement reasonable safeguards (contractual clauses, DPAs, technical controls) and follow applicable law for international transfers.

7) Security

We use administrative, technical, and physical safeguards (e.g., access controls, encryption in transit/at rest where feasible, key management, role-based access, logging, least-privilege, MFA for admin accounts). No method is 100% secure; we commit to continuous improvement and industry-typical practices.

8) Data Retention

• Website/lead data: kept as long as necessary to fulfill the purposes or as required by law (e.g., tax/contract records).
• Project data: temporary (§5) unless longer retention is contractually required.
• We regularly review and de-identify or delete data no longer needed.

9) Cookies & Similar Technologies

We use cookies/SDKs to:

• Operate essential site functions (session, security).
• Measure usage (analytics) and improve performance.
• (Optional) Personalize content/ads where applicable and consented.

You can control cookies in browser settings. Where required, we display a cookie banner and honor your preferences.

Typical cookies used:

• Strictly necessary: session, CSRF.
• Analytics: Google Analytics (anonymized IP, aggregated stats).
• Functional: language/theme preferences.
• (Optional) Marketing: remarketing pixels—disabled by default in India unless consented.

10) Payment Processing

All payments are processed by third-party payment gateways. We do not store full card details on Fragmasoft servers. The processor's privacy policy governs your payment data.

11) WhatsApp, Email & Call Communications

If you contact us via WhatsApp Business, email, web forms, or phone, we process that content to respond and provide services. WhatsApp communications are subject to WhatsApp's own terms and privacy practices.

12) Your Rights

Under the DPDP Act (India) and, where applicable, GDPR/other laws, you may have rights to:

• Access: know what we hold about you.
• Correction/Updation: fix inaccurate data.
• Erasure/Deletion: request deletion where applicable.
• Consent withdrawal: for processing that relies on consent.
• Grievance redressal: lodge a complaint with our Grievance Officer.

To exercise rights, see §16.

For processor activities: please contact the controller (our client) first; we will support them to fulfill your request.

13) Our Role with Clients (DPA / SCCs)

Where we act as a processor for clients, we offer a Data Processing Addendum (DPA) describing roles, security, sub-processors, and deletion assistance. On request, we can share a list of current sub-processors and notify clients of material changes as agreed.

14) Data Breach Handling

We maintain an incident response process. If a breach likely affects your rights/freedoms, we will notify the relevant client/controller and cooperate with legal notification duties under applicable law.

15) Third-Party Sites & Services

Our website or deliverables may link to third-party sites or embed third-party services. We are not responsible for their privacy practices. Review their policies before sharing data.

16) Contact, Grievance & DPO

Company:

Fragmasoft Solutions (OPC) Private Limited

CIN:

U62013KA2025OPC208543

Registered Address:

Bannerghatta, Bangalore 560083

Email (privacy/support):

info@fragmasoft.com

Phone:

+91-9663950575

We aim to respond to verified requests within the legally required timelines.

17) Changes to This Policy

We may update this Policy from time to time. Updates will be posted here with a new Effective Date. For material changes, we may provide additional notice (e.g., banner or email).

18) Jurisdiction & Governing Law

This Policy is governed by the laws of India. Disputes will be subject to the courts of [City/State], India, unless your service contract specifies otherwise.