1. Scope and Applicability

This policy applies to:

• Users of our website [www.digitathya.com]
• Users of our mobile and web applications (Android/iOS/Web-based)
• Business clients using our dashboards, APIs, and SDKs
• End-consumers using QR scanning features for product authentication
• Any visitor or user interacting with our Services

2. Information We Collect

We collect different types of information depending on how you interact with our Services.

A. Personal Information (B2C App Users)

• Name, mobile number, email address (if provided)
• Location data (GPS or IP-based, for scan validation and fraud detection)
• Device information: model, OS version, app version
• Scan history, QR interactions, product authentication logs
• Camera and sensor capability indicators (such as autofocus support, sensor availability) used only for scan-quality assessment

B. Automatic and Technical Data Collection

• IP address and session logs
• App performance data (crash reports, latency, heat maps)
• App installation source and referrer details
• Event-based telemetry and real-time analytics

C. Device Fingerprinting (Limited and Purpose-Specific)

We may generate a privacy-safe device fingerprint using a combination of non-intrusive technical parameters such as device type, OS version, and app instance identifiers. This is used strictly for:

• Detecting repeated fraudulent scans
• Preventing automated or bot-based attacks
• Improving counterfeit detection accuracy

Device fingerprints are not used for advertising, profiling, or tracking users across other apps or services.

D. Processed QR Scan Image

For QR authentication, the application may capture and securely transmit a single processed image of the QR code along with related technical metadata to DigiTathya’s backend systems.

This is required for verification, fraud detection, and service integrity.

3. How We Use This Information

We process the collected information for the following purposes:

• Product authentication and QR verification
• Counterfeit, duplication, and tampering detection
• Analytics for manufacturers and supply chain partners
• Improving app performance and scan accuracy
• Customer support and issue resolution
• Fraud prevention and security monitoring
• Internal verification and security analysis of QR scans using processed scan images and metadata

Data Retention:

• Scan and device-related data is typically retained for up to 24 months for fraud analysis and system improvement.
• Business and audit-related records may be retained longer as required by contractual or legal obligations.
• Data is periodically reviewed and securely deleted or anonymized when no longer required.

Data Deletion Procedure:

• Users may request deletion of their personal data by contacting us at privacy@digitathya.com.
• Upon verification, data will be deleted or anonymized within a reasonable time, unless retention is required by law.

4. Sharing and Disclosure of Information

We do not sell personal or business data to third parties.

We may share data only with:

• Cloud hosting and infrastructure providers
• Analytics and monitoring service providers
• SMS, email, and notification service providers
• Regulatory or law enforcement authorities when legally required

All third parties are contractually obligated to process data only for specified purposes and to comply with applicable data protection laws.

Third-Party SDKs and Tracking:

Our applications may include third-party SDKs strictly for analytics, crash reporting, and performance monitoring. We do not permit third-party advertising networks to track users across unrelated apps or websites.

Processed QR scan images and verification metadata are not shared with third-party users, advertisers, or data brokers and are processed exclusively within DigiTathya-controlled systems.

5. Data Security Measures

We implement technical and organizational safeguards including:

• Encryption and secure hashing
• Secure QR serialization and validation mechanisms
• Firewalled cloud infrastructure
• Role-based access control (RBAC)
• API authentication and rate limiting
• Anomaly detection and geo-fencing
• Manual and automated security testing

In case of a data breach, we will notify affected users and authorities as required under applicable laws.

6. User Rights Under Indian Law

You have the right to:

• Access your personal data
• Request correction or updates
• Withdraw consent where applicable
• File grievances
• Nominate a representative

Requests can be sent to privacy@digitathya.com with subject: Data Rights Request.

7. Cookies, SDKs and App Technologies

Our Services may use:

• Push notification tokens
• Analytics SDKs
• Crash reporting tools

These are used only for service functionality, reliability, and improvement.

8. Children’s Data and Parental Consent

Our Services are intended for users aged 18 years and above. If users below 18 are permitted in any specific program or deployment, we require verifiable parental or guardian consent before collecting any personal data.

If we discover that data has been collected from a minor without valid consent, such data will be deleted promptly.

9. Cross-Border Data Transfers

Data is primarily stored on servers located in India. In limited cases where international processing is required for cloud redundancy or security services, appropriate contractual and technical safeguards are applied.

10. Updates, Versioning and Policy Changes

Each version of this Privacy Policy is identified by a version number and effective date. Significant changes will be communicated through app notifications or website updates. Continued use of Services indicates acceptance of the revised policy.

11. Contact and Grievance Redressal

For questions, concerns, or complaints related to this policy, please contact:

Grievance Officer
DigiTathya Technologies Pvt Ltd
Email: info@digitathya.com
Address: DIGITATHYA TECHNOLOGIES PRIVATE LIMITED
No. 1005, Satra Plaza, Sector 1, Plot No.19 & 20, Sanpada, Navi Mumbai, Thane - 400703, Maharashtra
Response Time: Within 7 working days