Privacy Policy.

Overview

At HeliosFlow Pvt Ltd, we prioritize your privacy and data security. As a product-focused digital studio, we do not engage in the sale or monetization of user data. Our business model is built entirely on service provision, not data commercialization.

This privacy policy outlines how we collect, use, store, and protect your information. It is written to comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, and the Information Technology Act, 2000 along with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Data Fiduciary: HeliosFlow Pvt Ltd, acting as a Data Fiduciary under the DPDP Act, determines the purpose and means of processing your personal data.

Legal Basis for Processing

Under the DPDP Act, we process your personal data on the legal basis of consent or for legitimate uses specified in the Act. When you submit a contact form or inquiry, you are providing explicit consent for us to process your data for the purpose of responding to your request.

You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, email us at info@heliosflow.in.

Data We Collect

We only collect information that is strictly necessary for project collaboration, communication, and service delivery. This includes:

• Contact Details: Name, email address, phone number, and company information shared through contact forms or direct communication
• Project Information: Business briefs, requirements documentation, technical specifications, and any materials provided during discovery and development phases
• Analytics Data: Usage analytics collected via Google Analytics, including pages visited, time spent, and general browser information (no personally identifiable information)
• Cookies: Only essential cookies for site functionality. We do not use third-party tracking or advertising cookies

How We Use Your Data

Your information is used solely for the purposes stated below:

• Project Collaboration: To understand your project requirements, deliver services, and maintain ongoing communication
• Communication: To respond to inquiries, send proposals, invoices, and project updates via email or direct messaging
• Site Improvement: Analytics data helps us understand how visitors use our website and improve our content and user experience
• Legal Compliance: To comply with applicable laws and regulations in India and Telangana

We never use your data for marketing, selling to third parties, or any purpose beyond what is explicitly stated in this policy.

Third-Party Services

We use select third-party services to deliver and operate our business. These providers are held to strict data protection standards:

• Firebase (Google Cloud): Cloud database and hosting for secure storage of project inquiries and data. Secured with Google's enterprise-grade security infrastructure
• EmailJS: Email delivery service for form submissions and automated email notifications
• Google Analytics: Website usage analytics with IP anonymization enabled. We do not track individual users
• WhatsApp Business: Communication platform for instant messaging with clients

Each third-party service maintains its own privacy policy. We encourage you to review their policies. We do not share sensitive business information with any service beyond what is necessary for their specific function.

Data Retention

• Contact Form Submissions: Retained for 1 year for reference and follow-up purposes
• Project Data: Retained for the duration of the project plus 1 year after completion for record-keeping and dispute resolution
• Analytics Data: Automatically anonymized and aggregated by Google Analytics. Individual tracking data is retained per Google's standard retention policy
• Email Communication: Retained indefinitely for record-keeping and legal compliance unless you request deletion

Upon request, we will delete your personal data within 30 days, except where we are legally required to retain it (e.g., for tax or contractual purposes).

Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you (the Data Principal) have the following rights:

• Right to Access (Section 11): Request a summary of your personal data that we process, the processing activities we undertake, and the identities of any other Data Fiduciaries or Data Processors with whom your data has been shared.
• Right to Correction and Erasure (Section 12): Request correction of inaccurate or misleading data, completion of incomplete data, updating of data, and erasure of data that is no longer necessary for the purpose it was collected.
• Right to Grievance Redressal (Section 13): A readily available means of registering a grievance with our Data Fiduciary. We are obligated to respond within the period prescribed under the Act.
• Right to Nominate (Section 14): Nominate another individual who shall, in the event of your death or incapacity, exercise these rights on your behalf.
• Right to Withdraw Consent: Withdraw consent at any time, as easily as it was given, for any processing based on consent.

To exercise any of these rights, email info@heliosflow.in with your request. We will acknowledge receipt within 48 hours and respond within the timelines prescribed under the DPDP Act and its Rules.

Cross-Border Data Transfer

We use Google Firebase (Firestore, Authentication, Cloud Storage, and Cloud Functions) as our primary data infrastructure. Firebase servers may be located outside India, including in the United States and European Union. By submitting data through our website, you acknowledge and consent to this cross-border transfer for the limited purpose of operating our service.

We will only transfer personal data to countries in accordance with the DPDP Act. We rely on Google's Standard Contractual Clauses and data processing agreements as the transfer mechanism, and Google Cloud maintains SOC 2, ISO 27001, and other compliance certifications.

Children's Data

We do not knowingly collect, process, or store personal data of children under 18 years of age. Our services are not targeted at children, and the website does not direct marketing toward minors. If you believe we have inadvertently collected data relating to a child, please contact us immediately at info@heliosflow.in and we will delete it.

Cookies

Our website uses only essential cookies necessary for basic functionality:

• Functionality Cookies: Enable session management and form functionality
• Analytics Cookies: Google Analytics with IP anonymization. No personal identification occurs

We do not use third-party advertising cookies, tracking pixels, or retargeting services. You can control cookies through your browser settings. Disabling cookies may affect website functionality.

Data Security

We implement industry-standard security measures to protect your data:

• HTTPS Encryption: All data in transit is encrypted using industry-standard TLS/SSL protocols
• Firebase Security: Database access is protected by Firebase security rules. Only authorized services can access project data
• Access Control: Only essential team members have access to project data. All access is logged and monitored
• No Data Selling: We maintain strict commitments against selling, trading, or monetizing any user data

While we maintain robust security practices, no system is completely immune to breaches. In the unlikely event of a data breach, we will notify affected individuals within 30 days.

NDA and Confidentiality

We treat all client information as confidential. We maintain strict non-disclosure agreements for all proprietary business information shared during discovery and development. If a formal NDA is required for your project, we are happy to sign standard agreements before deep discovery discussions begin.

Updates to This Policy

This privacy policy may be updated from time to time to reflect changes in our practices or applicable regulations. We will notify you of material changes by updating the "Last Updated" date below. Continued use of our website after updates constitutes acceptance of the revised policy.

Grievance Officer & Contact

In accordance with Rule 5(9) of the IT Rules, 2011 and Section 13 of the DPDP Act, 2023, we have designated a Grievance Officer to address privacy concerns and data protection grievances:

We will acknowledge all grievances within 48 hours and resolve them within the timelines prescribed under applicable law. If you are unsatisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India once it is constituted and operational under the DPDP Act.