Privacy Policy — InESS Solutions

← Back to Home

Your Privacy Matters. At InESS Solutions, we are committed to being transparent about how we collect, use, store, and protect your personal data. This Privacy Policy applies to all users of the InESS Supply Chain Management Platform — including ProcurePilot, PPV, CBOM, and related modules — regardless of where you are located in the world.

Contents

Who We Are
Scope of This Policy
Data We Collect
How We Collect Your Data
How We Use Your Data
Legal Basis for Processing
Data Sharing & Third-Party Processors
International Data Transfers
Data Retention
Your Data Rights
Cookies & Tracking Technologies
Data Security
Children's Privacy
Marketing & Communications
Automated Decision-Making
Third-Party Links & Integrations
Changes to This Policy
Grievance Officer & Supervisory Authorities
Contact Us

1. Who We Are

The data controller responsible for your personal data is:

Company	InESS Solutions Pvt. Ltd.
Registered Office	174, 1st Floor, 19th Main Rd, Sector 4, HSR Layout, Bengaluru, Karnataka 560102, India
Platform	InESS Supply Chain Management Platform (ProcurePilot, PPV, CBOM)
Privacy Contact	servicedesk@inessconsulting.com
Grievance Officer (India)	servicedesk@inessconsulting.com
EU Representative	[INSERT EU REPRESENTATIVE NAME, ADDRESS & EMAIL — required under GDPR Art. 27 if processing EU personal data without an EU establishment]

For users in the European Union or United Kingdom, InESS Solutions acts as a Data Controller for account and billing data and as a Data Processor for supply chain data you upload to the Platform. A Data Processing Agreement (DPA) is available on request for B2B users subject to GDPR.

2. Scope of This Policy

This Privacy Policy applies to:

All users of the InESS Platform, whether on the Demo, Basic, Standard, Premium, or Enterprise plan.
Both Business Users (B2B) and Consumer Users (B2C) accessing the Platform from any country.
Data collected via our website, Platform, APIs, mobile applications, and any communications with our team.

This Policy does not apply to third-party websites, services, or integrations that you may access through the Platform. We encourage you to review the privacy policies of those third parties separately.

Children: The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly. Contact servicedesk@inessconsulting.com if you have concerns.

3. Data We Collect

We collect only the data necessary to provide and improve our services:

Category	Data Collected	Purpose
Account & Identity	Name, email, job title, company name, phone number	Account creation, authentication, communication
Billing & Payment	Billing address, invoice details (card data held by Stripe)	Payment processing, tax compliance
Platform Usage	Feature interactions, module access logs, session data, search queries	Service delivery, performance monitoring, product improvement
Technical & Device	IP address, browser type, OS, device ID, cookies, log files	Security, fraud prevention, analytics
Supply Chain Data	Procurement records, BOM data, supplier details, PPV inputs entered by you	Core platform functionality
Communications	Support tickets, emails, chat transcripts	Customer support, legal records
Marketing (optional)	Email opt-ins, campaign interaction data	Product updates, newsletters (with consent only)

What We Do NOT Collect: We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. We do not knowingly collect data from individuals under the age of 18.

4. How We Collect Your Data

4.1 Data You Provide Directly

When you register for an account or subscribe to a plan.
When you upload or enter supply chain data into the Platform.
When you contact our support, sales, or legal team.
When you respond to surveys or provide feedback.

4.2 Data Collected Automatically

Usage data — pages visited, features used, time spent, errors encountered.
Technical data — IP address, browser, device type, operating system, session tokens.
Cookies and similar tracking technologies (see Section 11 and our Cookie Policy for full details).

4.3 Data From Third Parties

Payment data from Stripe (we receive transaction confirmations, not your full card number).
Single Sign-On (SSO) providers such as Google or Microsoft, if you choose to use them.
ERP, logistics, or supplier systems that you integrate with the Platform via our APIs.

5. How We Use Your Data

We use your data for the following purposes:

Service Delivery — To provide, maintain, and improve the Platform and all its modules.
Account Management — To create and manage your account, process your subscription, and communicate plan changes.
Billing & Payments — To process payments through Stripe, issue invoices, and manage tax compliance obligations.
Customer Support — To respond to your queries, troubleshoot issues, and maintain support records.
Security & Fraud Prevention — To monitor for unauthorised access, detect abuse, and protect the Platform.
Product Improvement — To analyse anonymised usage patterns and improve Platform features and performance.
Legal Compliance — To comply with applicable laws, respond to lawful requests, and enforce our Terms.
Marketing Communications — To send product updates, newsletters, or promotional content, only with your explicit prior consent. You may opt out at any time.

We Do Not Sell Your Data: InESS Solutions does not sell, rent, or trade your personal data or supply chain data to any third party for commercial purposes. Your data is yours.

6. Legal Basis for Processing (GDPR & UK GDPR)

For users in the European Union and United Kingdom, we process your personal data on the following legal bases:

Legal Basis	When We Rely On It
Contract Performance	Processing your data to deliver the Platform services you subscribed to.
Legitimate Interests	Improving our services, fraud prevention, security monitoring, internal analytics.
Legal Obligation	Complying with tax, financial, or regulatory requirements.
Consent	Sending marketing emails, using non-essential cookies, analytics where consent is required.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal. Contact servicedesk@inessconsulting.com to withdraw consent.

7. Data Sharing & Third-Party Processors

We share your data only with trusted service providers who are contractually bound to protect it. We do not share your data with third parties for their own marketing purposes.

7.1 Current Sub-Processors

Sub-Processor	Service	Data Processed	Location	Privacy
Stripe, Inc.	Payment processing (PCI DSS Level 1 compliant)	Payment session data, fraud signals	US / EU	stripe.com/privacy
Cloud Host (AWS / GCP / Azure)	Secure cloud infrastructure for data storage and processing	All platform data	Global	Per provider
Email Service (e.g. SendGrid)	Transactional and support emails	Email address, message content	US	Per provider
SSO Providers (Google, Microsoft)	Login authentication (only if you use SSO)	Email, name, authentication token	US	Per provider
Helpdesk Platform	Customer support ticketing	Support request content, contact details	US / EU	Per provider
Google LLC	Google Translate widget (language preference only — no personal data)	Language preference string	US	policies.google.com/privacy

Note on Previously Listed Sub-Processors: Google Analytics (GA4) and Drift (live chat) have been removed from the live platform and are no longer active sub-processors. If either service is re-introduced, this policy will be updated and (where required) your consent will be obtained before activation.

We will notify Business Users of any new sub-processors or material changes to existing sub-processors with reasonable advance notice. Enterprise customers may request a full sub-processor register from servicedesk@inessconsulting.com.

7.2 Legal Disclosures

We may disclose your data if required by applicable law, court order, or regulatory authority, or to protect the rights, property, or safety of InESS Solutions, our users, or the public.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of InESS Solutions' assets, your data may be transferred to the acquiring entity. We will notify you via email and/or a prominent in-platform notice before your data becomes subject to a different privacy policy.

8. International Data Transfers

As a globally deployed platform, your data may be processed or stored in countries other than your own. We ensure all cross-border transfers comply with applicable laws:

Region	Key Law(s)	How We Comply
EU / EEA	GDPR (EU) 2016/679	Lawful basis, DPA on request, SCCs for transfers, data subject rights
United Kingdom	UK GDPR + DPA 2018	UK ICO compliance, UK SCCs for international transfers
United States	CCPA / CPRA + state laws	Do-not-sell opt-out, deletion rights, privacy notice at collection
Canada	PIPEDA + provincial laws	Consent-based collection, breach notification within 72 hours
India	IT Act 2000 + DPDPA 2023	Data fiduciary obligations, Grievance Officer appointed
Japan	APPI	Third-party transfer consent, anonymisation where applicable
China	PIPL + Cybersecurity Law	Explicit consent for cross-border transfers, local storage where required
Taiwan	PDPA	Purpose-limited collection, data subject rights honoured
Middle East (UAE/KSA/Qatar)	National data protection laws	Localisation requirements reviewed per country
Russia	Federal Law No. 152-FZ	Russian citizen data stored on servers in Russia where mandated

For EU/UK to non-adequate-country transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Copies of applicable SCCs are available on request from servicedesk@inessconsulting.com.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Policy, or as required by applicable law:

Data Type	Retention Period
Active Account Data	Duration of subscription plus 30 days post-cancellation (for data export)
Billing & Invoice Records	7 years (tax and financial compliance)
Support Communications	3 years from last interaction
Security & Access Logs	12 months rolling
Marketing Data	Until you withdraw consent or unsubscribe
Trial / Demo Account Data	30 days after trial expiry unless upgraded to paid plan
Anonymised Analytics	Indefinitely (no personal identifiers retained)

After the applicable retention period, your data is securely deleted or anonymised. You may request early deletion subject to legal retention obligations (see Section 10).

10. Your Data Rights

Depending on your jurisdiction, you may have some or all of the following rights. We honour these rights for all users globally:

Your Right	What It Means
Access	Request a copy of the personal data we hold about you.
Rectification	Ask us to correct inaccurate or incomplete data.
Erasure (Right to be Forgotten)	Request deletion of your personal data (subject to legal retention obligations).
Data Portability	Receive your data in a structured, machine-readable format.
Restriction of Processing	Ask us to limit how we use your data in certain circumstances.
Object to Processing	Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent	Withdraw previously given consent at any time without penalty.
Opt Out of Sale / Sharing	California users: opt out of any sale or sharing of personal data (we do not sell data).
Automated Decision-Making	Not be subject to decisions made solely by automated means with significant legal or similar effects, and to request human review.
Lodge a Complaint	File a complaint with your local data protection supervisory authority.
Grievance (India)	Raise a grievance with our Grievance Officer under DPDPA 2023 at servicedesk@inessconsulting.com.

How to Exercise Your Rights: Submit your request to servicedesk@inessconsulting.com. We will acknowledge within 72 hours and respond fully within 30 days (or within the shorter period required by applicable law). We may need to verify your identity before processing your request.
Subject line format: Privacy Request — [Your Name / Company]

11. Cookies & Tracking Technologies

We operate a minimal cookie footprint. We use cookies only where strictly necessary for platform security and authentication, or — with your explicit consent — to remember language preferences. We do not use advertising or retargeting cookies.

11.1 Active Cookie Categories

Strictly Necessary: Session security (csrftoken), authentication (saas_sessionid), and Stripe payment processing cookies (__stripe_mid, __stripe_sid). These cannot be disabled.
Functional (Consent Required): Google Translate language preference cookies (googtrans). Only loaded after your explicit consent.
Analytics: Currently not active. Google Analytics (GA4) has been removed. If re-introduced, analytics cookies will only load after your explicit opt-in consent.
Marketing: Not active. We do not use advertising or retargeting cookies.

11.2 Managing Cookies

When you first access the Platform, a Cookie Consent Banner allows you to accept or decline non-essential cookies. You can manage or withdraw your cookie preferences at any time via the 'Cookie Settings' link in the footer of every page.

11.3 Full Cookie Policy

For a complete inventory of every cookie we use, their purpose, duration, and consent requirements, please refer to our Cookie Policy available on our website. The Cookie Policy forms part of this Privacy Policy and is incorporated by reference.

12. Data Security

We implement industry-standard technical and organisational measures to protect your data:

Encryption in Transit: All data transmitted to and from the Platform is encrypted using TLS 1.2 or higher.
Encryption at Rest: Data stored on our servers is encrypted using AES-256 or equivalent standards.
Access Controls: Role-based access controls (RBAC) ensure only authorised personnel can access your data.
Security Audits: We conduct periodic vulnerability assessments and penetration tests.
Incident Response: We maintain a formal data breach response plan to detect, contain, and notify within legally required timeframes.
Stripe Security: Payment data is processed and stored by Stripe under PCI DSS Level 1 compliance. InESS Solutions does not store full payment card details.

Data Breach Notification: In the event of a personal data breach posing a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR and other applicable laws) and will notify affected users without undue delay.

13. Children's Privacy

The InESS Platform is intended for use by individuals who are at least 18 years of age or the age of majority in their jurisdiction. We do not knowingly collect or process personal data from children under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete that data. If you believe we have collected data from a minor, please contact us at servicedesk@inessconsulting.com.

14. Marketing & Communications

We will only send you marketing emails, product updates, or newsletters if you have explicitly opted in via an unchecked consent checkbox at signup or through your account settings.
You can opt out at any time by clicking the 'Unsubscribe' link in any marketing email or by contacting servicedesk@inessconsulting.com.
Marketing consent is always collected separately from acceptance of these Terms — they are never bundled.
Transactional emails (invoices, account alerts, security notifications, support responses) are not marketing communications and cannot be opted out of while your account is active.
We do not share your email or contact details with third-party marketers.

15. Automated Decision-Making

InESS Solutions does not make decisions that produce significant legal or similarly significant effects on you solely through automated means without human review. If we introduce any automated profiling or decision-making processes in the future, we will update this Policy and comply with all applicable legal requirements, including GDPR Article 22 for EU/UK users.

16. Third-Party Links & Integrations

The Platform may contain links to, or allow integration with, third-party websites, ERP systems, logistics tools, supplier portals, or payment services. InESS Solutions is not responsible for the privacy practices or content of those third parties. We encourage you to read their privacy policies before sharing any personal data with them.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Notify you via email to your registered address at least 14 days before the changes take effect.
Display a prominent notice within the Platform.
Update the 'Last Updated' date at the top of this document.
Seek your renewed consent where required by law for significant changes affecting how we use your data.

18. Grievance Officer & Supervisory Authorities

18.1 India — Grievance Officer (DPDPA 2023)

In accordance with the Digital Personal Data Protection Act, 2023, InESS Solutions has appointed a Grievance Officer to address privacy complaints from Indian users:

Grievance Officer	To be designated — servicedesk@inessconsulting.com
Response Time	Within 30 days of receiving a complaint

18.2 EU / EEA — Supervisory Authorities

If you are in the EU/EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu.

18.3 UK — Information Commissioner's Office (ICO)

UK users may lodge a complaint with the Information Commissioner's Office at ico.org.uk. We would appreciate the opportunity to address your concerns before you approach the ICO.

18.4 Other Jurisdictions

Users in other jurisdictions may contact us at servicedesk@inessconsulting.com, and we will direct you to the appropriate local authority or handle your request in accordance with applicable law.

19. Contact Us

InESS Solutions Pvt. Ltd.

Company	InESS Solutions Pvt. Ltd.
Registered Office	174, 1st Floor, 19th Main Rd, Sector 4, HSR Layout, Bengaluru, Karnataka 560102, India
General Contact	servicedesk@inessconsulting.com

We aim to acknowledge all privacy-related enquiries within 72 hours and resolve them within 30 days.