PRIVACY POLICY (Effective Date: May 27th, 2024)
This privacy statement outlines the procedures and rationale behind the collection, storage, utilization, and/or dissemination (‘processing’) of user information by Edbinary Technologies Private Limited (‘we’, ‘us’, or ‘our’) when you interact with our services (‘Services’). Such interactions may include, but are not limited to:
Installation and Utilization of Mobile Applications: Your installation and usage of our mobile application, ‘Mockkit’, or any other application under our purview that refers to this privacy statement, fall within the scope of this privacy policy.
Participation in Associated Activities: Your participation in other associated activities, including sales, marketing endeavors, or events organized by us, is governed by the principles outlined in this privacy statement.
Website and App Interaction: Your interaction with our website, including browsing, accessing content, or submitting inquiries through our online forms, also falls under the purview of this privacy statement.
User Account Creation: The process of creating a user account on our platform, which involves providing personal information for registration purposes, is subject to the terms outlined in this privacy statement.
Feedback Submission: Any feedback or suggestions you provide to us, whether through our mobile application, website, or other communication channels, may be collected and processed in accordance with this privacy statement.
Customer Support Communications: Communications with our customer support team, whether initiated by you or by us in response to your queries or issues, are governed by the principles outlined in this privacy statement.
User Engagement Activities: Your participation in surveys, contests, or other engagement activities organized by us may involve the collection and processing of personal information as described herein.
These provisions ensure transparency and clarity for users regarding the handling of their information by Edbinary Technologies Private Limited across various interactions and activities.
Should you have any queries or reservations regarding your privacy, a thorough perusal of this privacy statement is advised, as it elucidates your privacy entitlements and options.
If you find yourself in disagreement with our policies and procedures, we kindly request abstention from utilizing our Services. For further clarification or assistance, please direct your inquiries or concerns to contact@mockkit.com.
OVERVIEW OF KEY POINTS
This Overview serves as gist of the essential aspects outlined in our privacy notice. For further details on any of these subjects, you may refer to the table of contents.
1. Personal Information Processing:
When utilizing our Services, your interaction and choices may result in the processing of personal information. This processing is contingent upon the manner in which you engage with us and the Services, as well as the specific products and features you utilize.
2. Handling of Sensitive Personal Information:
We uphold a strict policy of not processing sensitive personal information.
3. Third-Party Information Collection:
We do not engage in the collection of information from third-party sources.
4. Information Processing Procedures:
Your information is processed to facilitate, enhance, and administer our Services, as well as to engage in communication with you, ensure security and fraud prevention, and adhere to legal obligations. Additional processing may occur with your explicit consent and is executed only when legally justified.
5. Personal Information Sharing:
We may share information in specified circumstances and with designated third parties.
6. Information Security Measures:
Employing both organizational and technical measures, we maintain processes and procedures to safeguard your personal information. However, it’s important to note that while we strive for comprehensive security, absolute protection against unauthorized access, data breaches, or modifications cannot be guaranteed.
7. Privacy Rights:
Under Indian privacy laws, you have specific rights regarding your personal information. Learn about your privacy entitlements based on your geographical location.
8. Exercising Privacy Rights:
Effortlessly exercise your privacy rights by visiting contact us section in https://mockkit.com or contacting us directly through any of the communication channels provided in the mobile application. We pledge to review and address all requests in compliance with applicable data protection legislation.
9. Comprehensive Privacy Notice:
For a detailed understanding of our data handling practices and the utilization of collected information, we encourage you to peruse the full privacy notice.
TABLE OF CONTENTS
- Information Collection
- Information Processing
- Sharing Personal Information
- Third-Party Websites
- Data Retention
- Information Security
- Privacy Rights
- Do-Not-Track Features
- Notice Updates
- Contact Details
- Data Review and Update
- Jurisdiction and Legal Venue
1. INFORMATION COLLECTION
Personal Information You Disclose to Us
Overview: We gather personal information that you willingly provide to us.
We collect personal information that you voluntarily disclose when you register for our Services, show interest in learning more about us or our offerings, participate in activities on our platform, or otherwise interact with us.
Personal Information Provided by You: The type of personal information we collect depends on your interactions with us and the Services you use. This may include:
- Names
- Phone numbers
- Gender
- City
- State
- Date of birth
- School/College/University
- Country
Sensitive Information: We do not process sensitive personal information.
Application Data: When you use our application(s), we may also collect the following information if you provide us with access or permission:
Push Notifications: We may request permission to send you push notifications related to your account or certain features of the application(s). You can opt out of these communications by adjusting your device settings.
This data is primarily required to ensure the security and functionality of our application(s), for troubleshooting, and for internal analytics and reporting purposes.
It is crucial that all personal information you provide is accurate, complete, and up-to-date. You must notify us of any changes to this information.
Information Automatically Collected
Overview: Some information, such as your IP address and device characteristics, is collected automatically when you use our Services.
We automatically collect certain information when you visit, use, or navigate our Services. This information, which does not reveal your specific identity (e.g., name or contact details), may include:
Device and usage information (e.g., IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location)
Information about how and when you use our Services
Other technical information
This data is primarily necessary to maintain the security and operation of our Services and for internal analytics and reporting purposes.
Data We Collect Includes:
User Inputs: We collect data such as name, mobile number, gender, date of birth (to determine age), city, state, and country (auto-selected for Indian users as we operate in the Indian market). This data is provided voluntarily by users. We do not collect log and usage data, device data, or location data from our users.
2. INFORMATION PROCESSING
Overview: We process your information to provide, enhance, and manage our Services, communicate with you, ensure security and fraud prevention, and comply with legal obligations. Additional processing may occur with your consent.
We process your personal information for various purposes depending on your interaction with our Services, including:
- Account Creation and Management:
We process your information to facilitate account creation, authentication, and maintenance, ensuring effective account management for you.
- Service Delivery:
Your information is utilized to provide and facilitate the delivery of our Services as per your requests.
- User Support:
We process your information to respond to inquiries and address any concerns you may have with our Services, ensuring user support and assistance.
- Administrative Communications:
Your information is processed to send essential details regarding our products, services, policy changes, and other administrative information.
- Service Security:
We process your information to maintain the security and integrity of our Services, including fraud monitoring and prevention.
- Legal Compliance:
Information processing is conducted to comply with legal obligations and respond to legal requests in accordance with applicable laws.
- Marketing and Promotions:
With your consent, we process personal information to send marketing and promotional communications. You can opt out at any time.
- Feedback Requests:
We may process your information to request feedback and follow up on your use of our Services, fostering continuous improvement.
- Targeted Advertising:
Your information is processed to develop and display personalized content and advertisements based on your interests and location.
- Prize Draws and Competitions:
Information may be processed to administer prize draws and competitions, enhancing user engagement.
- Service Evaluation and Improvement:
Your information is used to identify usage trends, evaluate marketing effectiveness, and improve our Services and user experience.
- Usage Trend Analysis:
Information on your usage of our Services is analyzed to gain insights and improve them accordingly.
- Marketing Effectiveness:
We process your information to better understand and enhance the effectiveness of our marketing and promotional campaigns.
3. SHARING PERSONAL INFORMATION
Overview: We may share your information under certain circumstances as outlined below and/or with specified third parties.
We may disclose your personal information in the following situations:
Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or part of our business by another company, we may share or transfer your information.
4. THIRD-PARTY WEBSITES
Overview: We are not responsible for the security of information you share with third parties that advertise on our Services or that we link to but are not affiliated with us.
Our Services may contain links to third-party websites, online services, or mobile applications, and/or include advertisements from third parties not associated with us. We do not guarantee the safety of any data you share with these third parties. Such third parties are responsible for their own data collection and privacy practices, which are not covered by this privacy notice. We disclaim any responsibility for any loss or damage incurred from your use of third-party websites, services, or applications. The presence of a link to a third-party site, service, or application does not constitute our endorsement. We recommend reviewing the privacy policies of these third parties and contacting them directly with any concerns.
5. DATA RETENTION
Overview: We retain your information only for as long as necessary to fulfill the purposes described in this privacy notice unless a longer retention period is mandated by law.
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy notice, unless a longer retention period is required or permitted by law (such as for tax, accounting, or other legal requirements). The duration for which we retain your personal information will not exceed the period during which you have an active account with us.
Once we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion or anonymization is not feasible (for instance, if your information is stored in backup archives), we will securely store your information and isolate it from any further processing until deletion is possible.
6. INFORMATION SECURITY
Overview: We are committed to safeguarding your personal information through a combination of organizational and technical security protocols.
We have instituted a range of appropriate and reasonable technical and organizational security measures aimed at protecting the integrity and confidentiality of any personal information we process. Despite these robust measures and our diligent efforts to secure your data, it is important to understand that no electronic transmission over the Internet or data storage technology can be rendered completely secure. Consequently, we cannot fully guarantee that unauthorized third parties, such as hackers or cybercriminals, will not be able to bypass our security measures and improperly access, steal, or alter your information.
While we are committed to providing the highest level of security for your personal data, the transmission of information to and from our Services is done at your own risk. We advise you to access our Services within a secure environment to enhance the safety of your personal information.
User Data Storage
Location: We utilize a PostgreSQL database hosted on Microsoft Azure Cloud to securely store user data collected during signup. This data encompasses user-provided information such as name, date of birth, gender, city, state, and college affiliation.
Technical Specifications:
- Database: PostgreSQL
- Hosting Platform: Microsoft Azure Cloud
- Storage Format: Structured and stored in normalized tables within the PostgreSQL database.
- Access Control: We implement Role-Based Access Control (RBAC) to restrict database access solely to authorized personnel. Additionally, data is encrypted at rest using Azure’s encryption services.
User-Uploaded Picture Storage
Edbinary leverages Azure Blob Storage, a secure cloud storage solution, to house user-uploaded pictures. Signed URLs (Secure Access Signatures) guarantee secure upload and access to these images.
Technical Details:
- Storage Service: Azure Blob Storage
- Access Mechanism: Secure upload and access are facilitated through Signed URLs (SAS tokens).
- Data Storage: Blob storage with appropriate access tiers is chosen based on usage patterns.
Security Measures
We prioritize user data security and employs a robust security framework encompassing the following measures:
- Database Security:
- Encryption: Data at rest is encrypted using Transparent Data Encryption (TDE) offered by both PostgreSQL and Azure.
- Access Control: Stringent RBAC restricts database access to authorized personnel only.
- Authentication and Authorization:
- Login Mechanism: We leverage a secure password-less login system that utilizes mobile OTP (One-Time Password) for enhanced security.
- API Security: All APIs are secured with OAuth 2.0, an industry-standard authorization framework, to ensure only authorized users can access our services.
- Data Transmission Security:
- Encryption: All data transmitted between the user’s device and our servers is encrypted using TLS (Transport Layer Security) to safeguard against eavesdropping and data tampering.
- Image Storage Security:
- Access Control: Azure Blob Storage utilizes SAS tokens to grant limited-duration access to user-uploaded pictures.
- Encryption: Images are encrypted both in transit and at rest using Azure’s built-in encryption services.
- Monitoring and Logging:
- Activity Monitoring: We continuously monitor access logs and database activity to detect and swiftly respond to any attempts at unauthorized access.
- Audit Logs: Meticulous audit logs are maintained to track modifications and access to sensitive data.
These comprehensive security measures guarantee the protection of user data and uploaded pictures against unauthorized access, upholding user privacy and data security.
7. PRIVACY RIGHTS
Overview: You have the right to review, modify, or terminate your account, subject to the laws of your country, province, or state of residence.
Withdrawing Consent: If we rely on your consent to process your personal information, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing conducted before the withdrawal, nor does it impact processing based on other legal grounds.
Opting Out of Marketing Communications: You can unsubscribe from marketing communications at any time through your account settings or by contacting us. However, we may still send you non-marketing messages necessary for account administration or service-related purposes.
Account Management: You can review, update, or terminate your account by accessing your account settings or contacting us. Upon account termination, we will deactivate or delete your information, subject to retention requirements under applicable law.
Contact: For inquiries about your privacy rights, please email us at contact@mockkit.com.
8. DO-NOT-TRACK FEATURES
Overview: While some browsers offer Do-Not-Track (DNT) settings, we do not currently respond to these signals due to the absence of a universally accepted standard. We will update our practices if such a standard is established in the future.
9. NOTICE UPDATES
Overview: We may update this notice as needed to comply with relevant laws. Material changes will be notified to you through prominent notice or direct communication.
10. CONTACT US
For questions or comments about this notice, you can email us at contact@mockkit.com or reach us by post at:
Edbinary Technologies Private Limited
H.No. 2-11-37, Flat No. 103, Balaji Nivas, Beerappagadda, Uppal,
Hyderabad, Telangana – 500039,
India.
11. DATA REVIEW AND UPDATE
You have the right to access, correct, or delete the personal information we hold about you. To exercise these rights or withdraw consent, visit contact us section in https://mockkit.com or contact us through any of the communication channels provided in the mobile application.
- JURISDICTION AND LEGAL VENUE
In the event of any legal dispute arising out of or relating to this Privacy Policy, including disputes regarding its existence, validity, interpretation, or termination, the courts of Hyderabad, Telangana, India shall have exclusive jurisdiction.