Privacy Policy

1. Introduction

Symplichain Technologies Private Limited ("Company", "Symplichain", "we", "our" or "us"), a company incorporated under the laws of India, respects your privacy and is committed to protecting your personal information.

This Privacy Policy ("Policy") explains how we collect, use, store, share, disclose, transfer, and protect personal information about users of our services, whether accessed through:

• Our website at www.symplichain.com ("Website")
• Our supply chain operating system platforms including SymFlow, SymAI, and SymMirror (collectively, "Platforms")
• Our mobile application "Symflow Driver" ("Driver App" or "App")
• Any other digital interfaces, software, or services provided by Symplichain (together with the above, "Services")

The terms "User", "Users", "you", "your", "yours" refer to any person who accesses our Website, uses our Platforms or Driver App, or otherwise engages with our Services. This includes:

• Website Visitors: Individuals browsing our Website or submitting inquiries
• Platform Users: Businesses and their authorized personnel using SymFlow, SymAI, or SymMirror for supply chain management
• Drivers: Individuals using the Driver App to fulfill delivery assignments
• Enterprise Customers: Organizations using our Services for their business operations

2. Compliance & Legal Framework

This Privacy Policy is published in compliance with:

• Section 43A of the Information Technology Act, 2000 ("IT Act")
• Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
• Other applicable laws and regulations of India

This Policy constitutes an electronic record under the IT Act and has been generated by a computer system and does not require any physical or digital signatures.

2.1 Definitions

"Personal Information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available, is capable of identifying such person.

"Sensitive Personal Data or Information" (SPDI) consists of Personal Information relating to:

• Passwords
• Financial information (bank account, credit/debit card, payment instrument details)
• Physical, physiological, and mental health condition
• Sexual orientation
• Medical records and history
• Biometric information
• Any detail relating to the above as provided for providing services
• Any information received, stored, or processed under lawful contract

Information freely available in the public domain or furnished under the Right to Information Act, 2005 shall not be regarded as SPDI.

3. Scope & Application

3.1 Services Covered

This Policy applies to:

A. Website (www.symplichain.com)

• Marketing and informational content
• Contact forms and inquiry submissions
• Newsletter subscriptions
• Demo requests and partnership inquiries
• Press and media contacts

B. Platforms (SymFlow, SymAI, SymMirror)

• SymFlow: Supply chain orchestration and logistics management platform
• SymAI: AI-native intelligence layer with agentic tools for automation
• SymMirror: Digital twin technology for supply chain simulation (planned)

C. Driver App (Symflow Driver)

• Mobile application for Android devices
• Real-time shipment tracking and delivery management
• Driver verification and assignment systems

3.2 Contractual Priority

Where you have entered into a separate written agreement with Symplichain (such as a Master Services Agreement, Enterprise License Agreement, or similar contract), and that agreement contains privacy or data protection terms that differ from or conflict with this Policy, the terms of that written agreement shall take precedence with respect to the subject matter covered by such agreement.

3.3 Consent & Agreement to Terms

BY ACCESSING OUR WEBSITE, CREATING AN ACCOUNT, LOGGING INTO OUR PLATFORMS, USING OUR DRIVER APP, OR OTHERWISE ENGAGING WITH OUR SERVICES, YOU:

1. ACKNOWLEDGE that you have read, understood, and agree to be bound by:

• This Privacy Policy in its entirety
• Our Terms of Use (available at www.symplichain.com/terms)
• Any additional terms applicable to specific features or services

2. EXPRESSLY CONSENT to:

• Collection, use, storage, processing, and disclosure of your Personal Information as described in this Policy
• Transfer of your data to third-party service providers as specified in Section 6
• Integration with government systems including ULIP (Unified Logistics Interface Platform) as described in Section 4.2(F)
• Use of cookies and tracking technologies as described in Section 9
• Processing of your data for AI model training and improvement as described in Section 4.2(G)
• Real-time location tracking if you use the Driver App as described in Section 4.3(B)

3. GRANT EXPLICIT PERMISSION for:

• ULIP Integration: Transmission of vehicle registration numbers, driver license numbers, FASTag identifiers, and verification data to ULIP systems operated by the Government of India
• Google Maps Integration: Sharing of location data with Google Maps API for routing and navigation services
• AWS Cloud Services: Storage and processing of your data on Amazon Web Services infrastructure
• Analytics Services: Transmission of anonymized usage data to Mixpanel and Google Analytics

4. REPRESENT AND WARRANT that:

• You are at least 18 years of age
• You have the legal capacity to enter into binding agreements
• If providing information about vehicles, drivers, or employees, you have the legal authority and explicit permission to share such information
• All information you provide is accurate, current, and complete

5. UNDERSTAND that:

• Certain features require specific consents which will be requested separately
• You can withdraw consent or request deletion subject to legal retention requirements
• Continued use of Services after Policy updates constitutes acceptance of revised terms

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR OUR TERMS OF USE, YOU MUST:

• Immediately cease accessing our Website
• Not create an account or log into our Platforms
• Uninstall the Driver App
• Not provide us with any personal information
• Contact us at compliance@symplichain.com to delete any existing data

If you provide information on behalf of another individual (such as an employee, contractor, driver, or family member) or an entity, you represent and warrant that you are authorized by such individual or entity to:

• Accept this Privacy Policy and our Terms of Use on their behalf
• Provide their information to us
• Grant the consents and permissions described above
• Ensure they have read and understood these terms

4. Information We Collect

We collect information that you provide directly to us, information collected automatically through your use of our Services, and information from third-party sources.

4.1 Website Visitors

When you visit our Website or submit inquiries, we may collect:

A. Contact & Inquiry Information

• Full name
• Company name and designation
• Email address
• Phone number
• Message content in inquiry forms
• Nature of inquiry (demo request, partnership, press, general inquiry)

B. Newsletter Subscription Data

• Email address
• Subscription preferences
• Opt-in/opt-out status

C. Automatically Collected Website Data

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and time spent
• Referring website/source
• Click stream data
• Cookies and similar tracking technologies (see Section 8)

4.2 Platform Users (SymFlow, SymAI, SymMirror)

A. Account & Profile Information

• Full name
• Email address and phone number
• Company name and designation
• User ID and password
• Profile preferences and settings
• Time zone and language preferences

B. Business & Company Information

• Company GST number (Goods and Services Tax identification)
• Company CIN (Corporate Identity Number)
• Business addresses (registered office, branch offices, warehouses)
• Industry sector and business type
• Company size and operational details

C. Shipment & Logistics Data

• Shipment details (origin, destination, consignee information)
• Product/goods descriptions and quantities
• Delivery instructions and special requirements
• Proof of Delivery (POD) records
• E-way bill numbers and compliance documentation
• Invoice details and payment terms

D. Vehicle Information

• Vehicle registration numbers
• Vehicle type, make, and model
• Vehicle fitness certificates
• Insurance details (policy number, validity, coverage)
• Pollution Under Control (PUC) certificates
• FASTag details for electronic toll collection
• Permit details and validity

E. Driver/Personnel Information

• Driver names and contact details
• Driver's license numbers and validity
• Age and date of birth (for eligibility verification)
• Address and identification proof
• Medical fitness certificates
• Background verification status (where permitted by law)

F. ULIP Integration Data

The Unified Logistics Interface Platform (ULIP) is a government initiative for logistics data standardization managed by the Ministry of Road Transport and Highways, Government of India.

BY USING SYMFLOW FEATURES THAT INTEGRATE WITH ULIP, YOU EXPLICITLY:

1. CONSENT to Symplichain transmitting the following data to ULIP systems:

• Vehicle registration numbers
• Driver license numbers
• FASTag identifiers
• Vehicle fitness and insurance verification data
• Real-time location data (if location tracking is enabled)
• Shipment and consignment details

2. ATTEST that you have:

• The legal right and authority to share this vehicle and driver information
• Obtained necessary permissions from vehicle owners and drivers
• Authority to bind your organization to ULIP's data sharing practices

3. CONFIRM that:

• The information provided is accurate and belongs to your business operations
• You have reviewed ULIP's data policies available at https://ulip.gov.in
• You understand ULIP data sharing is necessary for vehicle verification, driver verification, FASTag tracking, and compliance features

4. ACKNOWLEDGE that:

• ULIP is a third-party government system governed by its own privacy policies
• Symplichain acts as a data intermediary for ULIP integration
• ULIP may use your data in accordance with applicable government regulations
• Vehicle and driver verification features will not function without ULIP integration

YOU CANNOT USE ULIP-DEPENDENT FEATURES IF YOU DO NOT PROVIDE THIS CONSENT.

G. AI Training & Usage Data (SymAI)

When you use SymAI features, we collect:

• User interactions with AI agents and tools
• Query patterns and command history
• Feedback on AI-generated responses
• Usage analytics for AI feature improvement
• Business workflow patterns
• Document processing patterns

BY USING SYMAI FEATURES, YOU EXPLICITLY CONSENT TO:

1. Your operational data being used to:

• Train and improve AI models specifically for supply chain use cases
• Develop and enhance AI agent capabilities
• Create aggregated insights for product development

2. Aggregated and anonymized usage patterns being:

• Analyzed for product improvement
• Used to benchmark performance metrics
• Shared in anonymized form with research partners (with your prior approval)

3. Your feedback being:

• Incorporated into model refinement processes
• Used to improve agent accuracy and reliability
• Analyzed to enhance user experience

WE GUARANTEE THAT:

• Your specific business data will NOT be sold to third parties without your explicit prior written consent
• AI training uses aggregated and anonymized data wherever possible
• Your proprietary information remains confidential and protected
• Customer names, specific financial figures, and trade secrets are excluded from AI training datasets
• You can request exclusion from certain AI training processes by emailing compliance@symplichain.com (note: this may limit AI functionality)

YOU UNDERSTAND THAT:

• AI-generated outputs may occasionally contain errors or inaccuracies
• You are responsible for reviewing and validating all AI-generated recommendations before acting on them
• AI agents provide decision support, not final decisions
• Critical business decisions should include human oversight

H. Usage & Analytics Data

• Feature usage statistics and patterns
• Session duration and frequency
• Error logs and crash reports
• Performance metrics
• Navigation patterns within the Platform

I. Payment & Billing Information

• Payment method details (last 4 digits only)
• Billing address
• GST details for invoicing
• Transaction history
• Subscription tier and plan details

Note: Full payment card details are processed by our PCI-DSS compliant payment processor (Razorpay/Stripe). We do not store complete card numbers.

4.3 Driver App Users (Symflow Driver)

A. Driver Account Information

• Full name
• Mobile phone number (for SMS OTP authentication)
• Email address (optional)
• Driver's license number
• Date of birth (for age verification - must be 18+)
• Profile photo (optional)

B. Real-Time Location Data

BY USING THE DRIVER APP, YOU EXPLICITLY CONSENT TO:

1. Continuous GPS tracking while you are:

• Logged into the app
• On active duty / assigned to deliveries
• En route to pickup or delivery locations

2. Location data collection for:

• Real-time shipment tracking visible to dispatchers and customers
• Route optimization and navigation
• Delivery confirmation and proof of delivery
• Performance monitoring and SLA compliance
• Safety and security purposes

3. Transmission of location data to:

• Symplichain's AWS servers
• Google Maps API for routing services
• ULIP systems for compliance verification (if enabled)
• Your employer/dispatcher organization

LOCATION TRACKING DETAILS:

• Frequency: GPS data transmitted every 30 seconds while on active delivery
• Background tracking: Continues when app is in background if delivery is active
• Accuracy: Uses device GPS, WiFi, and cellular triangulation
• Retention: Location data retained for 90 days after delivery completion

YOU CAN CONTROL LOCATION TRACKING BY:

• Logging out of the app when off duty
• Disabling location permissions in device settings (will prevent app functionality)
• Requesting location data deletion after 90 days (email compliance@symplichain.com)

YOU UNDERSTAND THAT:

• Location tracking is essential for app functionality
• Disabling location services will prevent you from using the Driver App
• Your dispatcher/employer will have access to your real-time location during deliveries
• Location data may be shared with customers for shipment tracking purposes

C. Delivery & Performance Data

• Assigned shipment details
• Delivery status updates (accepted, in-transit, delivered, failed)
• Proof of Delivery (POD) captures: photos of delivered goods, customer signatures, timestamp and geolocation, delivery notes
• Performance metrics: on-time delivery rate, average delivery time, number of deliveries completed, customer ratings/feedback, incident reports

D. Device & Technical Information

• Device model and manufacturer
• Operating system version (Android)
• App version
• Device unique identifiers (IMEI, Android ID)
• IP address
• Mobile network information
• Crash logs and error reports
• Battery status (to prevent tracking during low battery)

E. Communication Data

• In-app messages with dispatchers
• Support chat history
• Push notification interaction history

5. How We Use Your Information

5.1 Service Provision & Operations

We use your Personal Information to:

A. Website

• Respond to inquiries and contact requests
• Send product updates and newsletters (with consent)
• Improve website functionality and user experience
• Analyze traffic patterns and optimize content

B. Platforms (SymFlow, SymAI, SymMirror)

• Create and manage user accounts
• Provide access to supply chain management features
• Process and track shipments
• Verify vehicle and driver credentials via ULIP
• Generate invoices and billing statements
• Provide AI-powered automation and insights
• Calculate carbon emissions and compliance reports
• Monitor E-way bill and document expiry
• Facilitate communication between users, vendors, and drivers
• Provide customer support and technical assistance

C. Driver App

• Authenticate driver login via SMS OTP
• Assign shipments and deliveries
• Track real-time location and delivery progress
• Capture and store proof of delivery
• Calculate performance metrics
• Facilitate communication with dispatchers
• Provide navigation and route optimization

5.2 Business Operations

• Send transactional communications (shipment updates, delivery confirmations, account notifications)
• Process payments and maintain billing records
• Maintain accurate business records and audit trails
• Comply with tax, GST, and financial reporting obligations
• Verify identity and prevent fraud
• Enforce our Terms of Use and policies
• Protect against security threats and unauthorized access

5.3 Product Development & AI Improvement

• Analyze usage patterns to improve Services
• Develop new features and capabilities
• Train and refine AI models for better predictions
• Conduct research and development
• Test new functionalities
• Benchmark performance and reliability

5.4 Marketing & Communications (with consent)

• Send promotional emails about new features
• Share industry insights and best practices
• Conduct surveys and gather feedback
• Invite to webinars and events
• Provide relevant product recommendations

You can opt out of marketing communications at any time (see Section 11.3).

5.5 Legal & Compliance

• Comply with legal obligations under Indian law
• Respond to government requests and legal processes
• Enforce contracts and resolve disputes
• Protect rights, privacy, safety, and property of Symplichain, users, and the public
• Prevent and detect fraud, security breaches, or illegal activities
• Maintain records required by GST, tax, and corporate laws

6. How We Share Your Information

We do not sell your Personal Information to third parties. We share your information only in the following circumstances:

6.1 Service Providers & Business Partners

We share information with third-party service providers who perform services on our behalf under strict confidentiality agreements:

A. Cloud Infrastructure

• Amazon Web Services (AWS): Hosting, data storage, and computing services. Servers located in India (Mumbai region) and USA. Data encrypted in transit and at rest. Compliant with ISO 27001, SOC 2, and other security standards.

B. Government Systems

• ULIP (Unified Logistics Interface Platform): Vehicle and driver verification, FASTag tracking. Managed by Ministry of Road Transport & Highways, Government of India. Data shared: Vehicle registration, driver license, FASTag, insurance, fitness certificates. Purpose: Compliance verification and logistics standardization.

C. Mapping & Location Services

• Google Maps Platform: Navigation, geocoding, route optimization. Data shared: Addresses, location coordinates, route information. Used for shipment tracking, driver navigation, distance calculation.

D. Payment Processing

• Razorpay / Stripe: Payment gateway and billing services. PCI-DSS Level 1 compliant. We do NOT store full card details on our servers.

E. Analytics & Monitoring

• Mixpanel: Product analytics and usage tracking. Data shared: Anonymized user actions, feature usage patterns.
• Google Analytics: Website traffic analysis. Data shared: Anonymized website visitor data, page views, demographics.

F. Communication Services

• SMS Gateway Providers (e.g., Twilio, MSG91): OTP delivery for driver authentication.
• Email Service Providers (e.g., SendGrid, AWS SES): Transactional and marketing emails.

G. Customer Support

• Support Ticket Systems: Customer inquiry management. Data shared: Name, email, support request details.

6.2 Within Your Organization

For Platform Users: Your data is accessible to authorized users within your organization, administrators, and employees assigned to specific shipments or workflows.

For Driver App Users: Your data is accessible to your employer/dispatcher organization, fleet managers and supervisors, and other drivers in your organization (limited to name and availability).

You acknowledge that sharing within your organization is governed by your internal policies, and Symplichain is not responsible for how your organization manages access controls.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, or bankruptcy, your Personal Information may be transferred to the successor entity. We will notify you via email and prominent website notice. The successor will be bound by this Privacy Policy unless you consent to changes.

6.4 Legal Requirements & Protection

We may disclose your information when required to:

• Comply with legal obligations (court orders, subpoenas, warrants)
• Respond to lawful requests from government authorities
• Enforce our Terms of Use or other agreements
• Protect the rights, property, or safety of Symplichain, users, or the public
• Prevent fraud, security breaches, or illegal activities
• Investigate potential violations of our policies

6.5 With Your Consent

We may share information with other third parties when you provide explicit consent, such as:

• Integration with third-party ERP systems (SAP, Zoho)
• Sharing anonymized data with research partners
• Participation in joint marketing initiatives

7. Data Security

7.1 Security Measures

We implement industry-standard technical and organizational measures to protect your Personal Information:

A. Technical Safeguards

• Encryption: AES-256 for data at rest, TLS 1.2+ for data in transit, end-to-end encryption for sensitive communications
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), least privilege principle, regular access reviews
• Network Security: Firewall protection, intrusion detection and prevention, DDoS mitigation, regular security scans
• Application Security: Secure coding practices, input validation and sanitization, SQL injection and XSS prevention, regular security updates

B. Organizational Safeguards

• All employees sign NDAs
• Background verification of personnel with data access
• Regular training on data protection best practices
• Documented incident response plan for breach detection and response
• Due diligence on third-party service providers
• Comprehensive audit trails of data access

C. Infrastructure Security (AWS)

• ISO 27001, SOC 2 Type II certified
• Regular backups and disaster recovery procedures
• Geographic redundancy across multiple availability zones
• Physical security at data centers

7.2 Your Responsibility

You are responsible for:

• Maintaining confidentiality of your account credentials
• Using strong, unique passwords
• Not sharing your login information with others
• Logging out after each session on shared devices
• Reporting suspected unauthorized access immediately
• Keeping your Driver App updated to the latest version
• Protecting your device with screen locks and encryption

7.3 Limitations

No system is 100% secure. Despite our efforts, transmission over the internet carries inherent risks. Unauthorized access, hardware failure, or human error may occur. We cannot guarantee absolute security.

In the event of a data breach affecting your Personal Information, we will:

• Notify you within 72 hours via email
• Inform relevant authorities as required by law
• Take immediate steps to contain and remediate the breach
• Provide guidance on protective measures you can take

8. Cookies & Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device that enable websites to recognize you and remember preferences.

8.2 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for website and platform functionality. Session-based. Cannot be disabled.
• Performance & Analytics Cookies: Understand how visitors use our Services (Google Analytics, Mixpanel). Persistent up to 2 years. Can be disabled.
• Functionality Cookies: Remember your preferences and settings. Persistent up to 1 year. Can be disabled.
• Marketing Cookies: Deliver relevant advertisements and measure campaign effectiveness. Persistent up to 1 year. Can be disabled.

8.3 Managing Cookies

Browser Controls:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies

Cookie Consent Banner: On your first visit, you can accept or reject non-essential cookies.

8.4 Mobile App Tracking

The Driver App uses device identifiers (Android Advertising ID), GPS tracking, and app analytics (Firebase Analytics, Mixpanel).

You can limit tracking via Android Settings > Google > Ads > Opt out of Ads Personalization.

8.5 Do Not Track (DNT)

We do not currently respond to Do Not Track browser signals. If industry standards emerge, we will update this Policy accordingly.

9. Data Retention

9.1 Retention Periods

We retain Personal Information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

9.2 Account Deletion

You can request deletion of your account at any time:

How to Request:

1. Email compliance@symplichain.com with subject "Account Deletion Request"
2. Include your registered email address/phone number and account type
3. Provide verification information (for security purposes)

Processing Time: 30 days from verified request

What Gets Deleted: Profile information, account credentials, shipment history (subject to legal retention), voluntary data.

What We Retain (for legal/regulatory compliance): Transaction records for GST/tax/financial audits, billing and payment records, data related to active legal disputes, security incident logs, anonymized analytics data.

Impact of Deletion: Permanent and irreversible. You will lose access to all Services immediately. Outstanding payments or disputes must be resolved first.

10. Data Deletion Requests (Android App Compliance)

For Android users of the Symflow Driver app, we provide a straightforward process to request deletion of your data and account in compliance with Google Play Store policies.

10.1 How to Request Data Deletion

Option 1: Email Request (Recommended)

Send an email to compliance@symplichain.com with subject line "Data Deletion Request - Symflow Driver". Include your full name, registered mobile phone number, Driver ID (if known), and type of deletion (Full Account Deletion or Specific Data Deletion).

Option 2: In-App Request (Coming Soon)

Expected availability: May 2026.

10.2 Deletion Request URL

For Android app compliance and easy access, you can also submit requests via our web form at www.symplichain.com/data-deletion.

10.3 What Happens After You Request Deletion?

1. Acknowledgment (Within 48 hours): Confirmation email or SMS sent.
2. Identity Verification (1-3 days): Verified via OTP, security questions, or employer confirmation.
3. Processing (Within 30 days): Data permanently deleted as requested.
4. Confirmation: Final confirmation that deletion is complete.

10.4 What Data Gets Deleted?

Full Account Deletion removes: account information, login credentials, delivery history, location data, performance metrics, proof of delivery, communication history, and device data.

Specific Data Deletion lets you choose categories: location history only, delivery photos and signatures, performance ratings, or communication history.

10.5 Data We Must Retain (Legal Requirements)

Even after deletion, we are legally required to retain certain data for compliance with Indian laws:

• Transaction records linked to invoices and payments (7-10 years under GST and Companies Act)
• Financial audit trails
• Records related to ongoing disputes or investigations
• Security incident logs and fraud prevention records

This retained data is stored securely and separately, not used for operational or marketing purposes, and will be deleted after the required retention period.

10.6 Consequences of Data Deletion

Data deletion is permanent and irreversible. After deletion, you will:

• Lose access to your Symflow Driver account immediately
• Cannot recover any historical delivery data, ratings, or earnings history
• Cannot re-register using the same phone number for 90 days
• Forfeit pending payments unless settled before deletion
• Lose connection to any fleet or employer account

10.7 Alternatives to Full Deletion

• Account Deactivation (Temporary): Account hidden but data retained. Can be reactivated later.
• Selective Data Deletion: Delete only specific data types while keeping your account active.
• Limit Data Collection: Opt out of optional tracking and analytics. Restrict location access when not on active delivery.

10.8 Questions or Issues?

Contact compliance@symplichain.com with subject "Data Deletion Support - Symflow Driver". We will respond within 48 hours. If unsatisfied, contact our Grievance Officer (see Section 15).

11. Your Rights & Choices

11.1 Access & Correction

You have the right to:

• Access: Request a copy of your Personal Information we hold
• Correction: Request correction of inaccurate or outdated data
• Explanation: Understand how your data is being used

Email compliance@symplichain.com with subject "Data Access Request". We will respond within 30 days.

11.2 Deletion & Restriction

You can request permanent deletion of your account and data (see Section 10), or limitation of data processing for specific purposes. We may retain data where required by law.

11.3 Objection & Opt-Out

Marketing Communications:

• Email: Click "Unsubscribe" at the bottom of any marketing email
• SMS: Reply "STOP" to marketing SMS messages
• Push Notifications: Disable in app settings or device settings

Data Sharing:

• ULIP sharing: Email compliance@symplichain.com (will disable vehicle verification features)
• AI training: Email compliance@symplichain.com (may limit AI functionality)
• Analytics: Use cookie controls (see Section 8.3)

11.4 Data Portability

You can request your data in a portable, machine-readable format (CSV or JSON). Email compliance@symplichain.com with subject "Data Portability Request". Delivery within 30 days via secure download link.

11.5 Automated Decision-Making

We use AI and automated systems for driver assignment, ETA predictions, route optimization, and fraud detection. You have the right to request human review, object to automated decision-making, and understand the logic behind automated decisions.

11.6 Withdraw Consent

You can withdraw consent for specific data processing activities (ULIP integration, AI training, marketing communications, location tracking). Email compliance@symplichain.com. Withdrawal does not affect lawfulness of processing before withdrawal. Some features may become unavailable.

12. International Data Transfers (GDPR Compliance)

This section applies to users in the European Economic Area (EEA), United Kingdom (UK), or Switzerland.

12.1 GDPR Rights

In addition to Section 11, EU users have:

• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Erasure ("Right to be Forgotten"): Request deletion when data is no longer necessary
• Right to Data Portability: Receive data in structured, machine-readable format
• Right Not to Be Subject to Automated Decision-Making: Request human intervention
• Right to Lodge Complaint: File complaint with your local Data Protection Authority

12.2 International Data Transfers

Your data may be transferred to India (AWS Mumbai - primary) and United States (AWS backup). We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by European Commission
• Adequacy Decisions where available
• Additional safeguards: encryption, access controls, regular audits
• Your explicit consent for certain transfers

12.3 Data Protection Officer (for EU users)

Email: dpo@symplichain.com. The DPO oversees GDPR compliance, handles EU user inquiries, and coordinates with DPAs.

13. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect Personal Information from anyone under 18. Driver App requires users to be 18+. Platform accounts are for business use by adults.

If we discover that we have inadvertently collected data from a child under 18, we will promptly delete the account and all associated data, and notify the parent/guardian if contact information is available.

Parents/Guardians: If you believe your child has provided information to us without your consent, contact us immediately at compliance@symplichain.com with subject "Child Privacy Concern". We will delete the data within 48 hours of verification.

14. Updates to This Privacy Policy

We may update this Policy from time to time to reflect changes in business practices, legal requirements, technological advancements, or user feedback.

14.1 How We Notify You

For Material Changes:

• Email notification to registered users at least 30 days before effective date
• Prominent notice on Website homepage and app login screen
• In-app notification for Driver App users
• Update the "Last Updated" date

For Minor Changes: Update the "Last Updated" date only.

14.2 Your Choices After Updates

Continued use of our Services after the effective date constitutes acceptance. If you do not agree, stop using our Services and request account deletion within 30 days of notification.

15. Grievance Redressal

In accordance with the Information Technology Act, 2000 and SPDI Rules, 2011, we have appointed a Grievance Officer to address your privacy concerns.

15.1 Grievance Officer

15.2 How to File a Complaint

Submit a written complaint including your information (name, contact, account details), complaint details (description, date/time, supporting documentation), and desired resolution.

Email (Preferred): compliance@symplichain.com or grievance@symplichain.com with subject "Privacy Complaint - [Your Name]".

15.3 Response Process

1. Acknowledgment within 48 hours with complaint reference number
2. Investigation within 15 days
3. Response within 30 days from receipt with findings and actions taken
4. Resolution immediate to 60 days with corrective action for valid complaints

15.4 Escalation

Internal Escalation: Email founders@symplichain.com with subject "Escalated Privacy Complaint - Ref# [Number]". Review within 15 days.

External Escalation: If still unsatisfied, you may approach:

• Ministry of Electronics and Information Technology (MeitY)
• Cyber Crime Cell (https://cybercrime.gov.in/)
• Consumer Forum (National/State/District Consumer Dispute Redressal Commission)
• Data Protection Authority (when established)

15.5 No Retaliation

We will not take any adverse action against you for filing a complaint in good faith. Your access to Services will not be affected by the filing of a privacy complaint.

16. Contact Information

17. Acknowledgment & Consent

BY USING SYMPLICHAIN'S SERVICES (WEBSITE, PLATFORMS, DRIVER APP), YOU ACKNOWLEDGE AND AGREE THAT:

1. You have read and understood this Privacy Policy in its entirety
2. You consent to collection, use, storage, processing, and disclosure of your Personal Information as described
3. You explicitly grant permission for ULIP Integration, Google Maps Integration, AWS Cloud Services, and Analytics Services
4. You are at least 18 years of age and have the legal capacity to enter into binding agreements
5. You understand that certain features require specific consents and that data deletion is permanent and irreversible
6. You have also read and agree to our Terms of Use

For information provided on behalf of others: If you provide information about employees, drivers, contractors, or any other individuals, you confirm you have obtained their explicit consent, made them aware of this Policy, and are authorized to accept these terms on their behalf.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR OUR TERMS OF USE, DO NOT ACCESS OUR WEBSITE, CREATE AN ACCOUNT, OR USE OUR SERVICES. Contact us at compliance@symplichain.com to delete any existing data.