Privacy Policy

1. Introduction

Logyfy ("we", "our", or "us") operates the logyfy.in website and the scan.logyfy.in B2B verification platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Services.

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Services.

This policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.

2. Information We Collect

2.1 Account and Company Information

When a company registers on our platform, we collect:

• Company name, registered address, and GST number (if applicable)
• Contact person's name, work email address, and phone number
• Login credentials (email address; passwords are not stored — we use OTP-based authentication)
• Billing and credit transaction history

2.2 Verification Query Data

When you use our verification Services, we collect and process the input data you submit (for example, vehicle registration numbers, chassis numbers, or engine numbers) and the corresponding response data returned by our upstream data providers. This data is logged for billing, audit, and support purposes.

2.3 API Usage and Technical Data

• API request and response logs (including timestamps, endpoints, status codes, and latency)
• IP addresses of API requests
• API key identifiers (not the key secret itself — keys are stored as cryptographic hashes)
• Browser type, device, and operating system information when using the web dashboard
• Session tokens and authentication events

2.4 Communications

If you contact us via email or the contact form on this website, we retain the contents of your communication and your contact details to respond and maintain support records.

2.5 Batch Processing Files

Files you upload for batch verification (CSV or Excel) are stored temporarily on our servers (Amazon S3) to process your request. Input and result files are automatically deleted after 90 days of job completion.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide the Services: Processing verification requests, delivering results, and maintaining your account.
• Billing and invoicing: Tracking credit usage, generating invoices, and processing payments.
• Security and fraud prevention: Detecting and preventing unauthorised access, abuse, or fraudulent use of our platform.
• Customer support: Responding to your queries, troubleshooting issues, and improving our support processes.
• Platform improvement: Analysing aggregated, anonymised usage patterns to improve platform performance and features.
• Legal compliance: Complying with applicable Indian laws, regulatory requirements, and lawful orders from government authorities.
• Communications: Sending transactional emails (OTP, batch job completion, invoices). We do not send unsolicited marketing emails.

4. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

4.1 Upstream Data Providers

Verification queries (for example, a vehicle registration number) are transmitted to our upstream data providers to fulfil your request. These providers process the input data solely to return the requested verification result. They operate under their own data processing agreements and applicable regulations.

4.2 Infrastructure and Service Providers

We use the following sub-processors to operate the platform:

• Amazon Web Services (AWS): Cloud infrastructure and file storage (S3) in India regions where available
• Brevo (formerly Sendinblue): Transactional email delivery

All sub-processors are bound by confidentiality obligations and process data only on our instructions.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by Indian government authorities, courts, or law enforcement agencies.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, customer data may be transferred as part of the business. We will notify affected customers before their data is subject to a different privacy policy.

5. Data Retention

• Account data: Retained for the duration of your account and for 3 years after account closure, as required for legal and tax compliance.
• Verification logs (API logs): Retained for 3 years for billing reconciliation and audit purposes.
• Batch files (input and results): Automatically deleted from storage after 90 days of job completion.
• OTP tokens: Expired and purged within minutes of generation; unused tokens are cleared automatically.
• Contact form submissions: Retained for up to 1 year or until the matter is resolved.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS 1.2+) for all data exchanged with the platform
• API key secrets stored as SHA-256 hashes — we never store the raw key
• Encrypted storage of third-party provider credentials
• Session versioning to enable immediate revocation of sessions on logout or account suspension
• Role-based access controls within the platform
• Regular security reviews

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

7. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights with respect to your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to correction: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data, subject to our legal retention obligations.
• Right to grievance redressal: Lodge a complaint regarding how we handle your personal data.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

To exercise any of these rights, please contact us at privacy@logyfy.in. We will respond within 30 days.

8. Cookies

Our website (logyfy.in) does not use tracking or advertising cookies. We use only essential session cookies on the scan.logyfy.in platform to maintain authenticated sessions. These cookies are required for the platform to function and cannot be opted out of while using the Service.

9. Third-Party Links

Our website may contain links to third-party websites. We have no control over the content or privacy practices of those sites and are not responsible for their privacy policies. We encourage you to review the privacy policy of any third-party site you visit.

10. Children's Privacy

Our Services are intended solely for businesses and their authorised personnel. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before the changes take effect. Continued use of the Services after the effective date constitutes your acceptance of the revised policy. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes arising out of or relating to this policy shall be subject to the exclusive jurisdiction of the courts in India.

13. Contact Us

For privacy-related queries, grievances, or to exercise your rights: