Privacy Policy

1) Scope

This Policy applies to personal data we process about (i) website visitors, (ii) customers or end users of our products and services, and (iii) business contacts and vendors. If you access our services under an agreement between Sunpro and your organization, your organization’s privacy policy may also apply.

2) Personal Data we collect

• Identity & Contact: name, company, designation, email, phone, address.
• Account & Usage: account identifiers, login timestamps, feature usage, support history.
• Device & Technical: IP address, browser/OS, device IDs, pages viewed, referral URLs, cookies.
• Transactional: order details, invoicing data, payment method metadata (processed via PCI-DSS compliant payment gateways — we do not store full card data).
• Support Content: messages, attachments, tickets, call notes.
• Marketing Preferences: subscriptions, campaign interactions.
• Sensitive Personal Data: collected only if strictly necessary and with consent or as permitted by law.

3) How we collect data

• Directly from you: forms, sign-ups, contracts, support.
• Automatically: cookies, SDKs, analytics tags on our sites and apps.
• From third parties: service providers, channel partners, public sources, or your organization.

4) Why we use your data (Purposes & legal bases)

• Provide services: set up accounts, deliver features, maintain and secure our platforms.
• Support & communication: respond to enquiries, send service notices, notify changes.
• Billing & compliance: invoicing, tax/GST, fraud prevention, legal obligations.
• Improve & secure: diagnostics, analytics, testing, monitoring, information security.
• Marketing: send newsletters, invites, and product updates with your consent or as permitted.
• Business operations: audits, mergers/acquisitions, enforcing contracts, protecting rights.

5) Cookies & similar technologies

We use essential cookies for core functionality and, with consent where required, analytics/advertising cookies to understand usage and improve experiences. You can manage preferences via your browser settings and any consent banner shown on our sites.

6) Sharing your data

We do not sell your personal data. We may share limited data with:

• Service providers (hosting, analytics, customer support, communications, payments) under contracts with confidentiality and security obligations.
• Business partners and resellers to deliver our services to you.
• Authorities when required by applicable law or to protect our legal rights, users, or the public.
• Corporate transactions (merger, acquisition, restructuring), where data may transfer subject to this Policy.

7) International transfers

Your data may be processed in India or other countries where our service providers operate. We implement reasonable contractual and technical safeguards to protect data during such transfers.

8) Data retention

We keep personal data only as long as needed for the purposes set out in this Policy, to comply with legal, accounting, or reporting obligations, or to resolve disputes. Where feasible, we de-identify or aggregate data.

9) Security

We apply reasonable technical and organizational measures aligned to industry practices (e.g., access controls, encryption in transit where applicable, network segmentation, logging, and regular reviews). No method of transmission or storage is 100% secure; we continuously improve our safeguards.

10) Your rights

Subject to applicable law, you can:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Erase data, or request restriction of processing in certain cases.
• Withdraw consent where processing is based on your consent.
• Grievance & complaints: Contact us using the details below. You may also escalate to the Data Protection Board of India under the DPDP Act if applicable.

To exercise rights, email us from your registered email with enough information to verify your identity. We may request additional details to protect your account.

11) Children’s data

We do not knowingly collect personal data from children. Under the DPDP Act, a child is under 18 years. If you believe a child has provided us data without appropriate consent, please contact us for prompt deletion.

12) Third-party links

Our websites may contain links to third-party sites or services. Their privacy practices are governed by their own policies; please review them independently.

13) Changes to this Policy

We may update this Policy to reflect changes in our practices or applicable laws. We will post updates with a new “Last updated” date. Material changes may be notified via email or a prominent notice on our website.

14) Contact & Grievance Officer