1. Introduction
Advocare Technologies Private Limited ("Company", "we", "our", "us") is a company incorporated under the Companies Act, 2013 and registered in Bangalore, Karnataka, India. We operate POSH360, a PoSH compliance intelligence platform designed to help Indian employers meet their obligations under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013.
This Privacy Policy describes how we collect, use, disclose, and protect information when you use our platform, website, and associated services. It applies to all users of POSH360, including account holders, their employees who receive training, and any individuals who interact with our website.
By using POSH360, you consent to the data practices described in this policy. If you do not agree, please discontinue use of our services.
2. Information We Collect
We collect information that is necessary to provide our compliance services to you. This falls into the following categories:
Contact Information
- Name, email address, and phone number of account holders and authorised users
- Designation and role within your organisation
- Billing and invoicing details
Company Information
- Company name, registration number, and legal entity type
- Headcount, industry sector, and office locations
- Contact details for designated HR and Legal personnel
Usage Data
- Login timestamps, session duration, and features accessed
- Pages visited, documents generated, and actions taken within the platform
- Device type, browser, IP address, and approximate geographic location
Compliance Data
- Internal Complaints Committee (IC) member details and documentation
- PoSH policy documents, training records, and annual report data
- Complaint metadata (number of complaints filed, status, and resolution type)
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To provision your account, generate compliance documents, and administer IC workflows.
- Compliance automation: To track your compliance obligations, generate reminders for annual reports, training deadlines, and IC renewal dates.
- Legal document generation: To populate policy templates, annual reports, and IC constitutions with your company's specific information.
- Communications: To send transactional emails (account alerts, legal update notifications), and, with your consent, compliance newsletters and product updates.
- Platform improvement: To analyse usage patterns and improve the platform's functionality and content. We use aggregated, anonymised data only for this purpose.
- Support: To respond to your queries and provide technical assistance.
We do not use your data for advertising purposes, and we do not build individual user profiles for sale to third parties.
4. Data Sharing
We do not sell your data. We do not share your personal or company information for marketing or advertising purposes. Data is shared only in the following limited circumstances:
External IC Members
When you engage External IC Members through our platform, their access is strictly limited to what is necessary for a specific inquiry, and only with your explicit authorisation. External IC Members are bound by confidentiality obligations and the professional standards of the PoSH Act.
Legal Requirements
We may disclose information if required to do so by Indian law, court order, or government authority. We will notify you of any such requirement unless prohibited from doing so by law.
Cloud Infrastructure
Our platform is hosted on enterprise-grade cloud infrastructure (AWS and/or Azure). All data is stored within India (data residency: India regions). These providers operate under contractual obligations that restrict their use of your data.
Professional Advisors
Our legal counsel and auditors may access data as necessary to fulfil their professional obligations to us. All such access is governed by confidentiality agreements.
5. Data Retention
We retain your data for the following periods:
- Active accounts: Data is retained for as long as your account is active.
- Closed accounts: After account closure, we retain your compliance data for 7 years. This is required under Indian law, as compliance records must be maintained for the period during which legal proceedings could be initiated.
- Training records: Retained for 7 years post-training event, consistent with employment record obligations.
- Complaint records: Retained in accordance with applicable law and as directed by competent authorities.
After the relevant retention period, data is securely deleted from our systems.
6. Security
We take data security seriously. Our security measures include:
- Encryption at rest: All data is encrypted using AES-256 encryption.
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Access controls: Access to customer data is restricted to authorised personnel on a need-to-know basis. All access is logged.
- Multi-factor authentication: Available and strongly recommended for all accounts.
- Annual security audits: We commission independent security audits of our infrastructure and application annually.
- Incident response: We maintain a documented incident response plan. In the event of a data breach affecting your information, we will notify you within 72 hours of discovery.
While we implement robust security measures, no system is completely immune to breaches. We encourage you to use strong passwords and to report any suspected security issues to security@posh360.in immediately.
7. Your Rights
As a user of POSH360, you have the following rights with respect to your personal data:
- Access: You may request a copy of the personal data we hold about you.
- Correction: You may request correction of inaccurate or incomplete information.
- Portability: You may request your data in a structured, machine-readable format.
- Deletion: You may request deletion of your data, subject to our legal retention obligations described in Section 5 above.
- Withdrawal of consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@posh360.in. We will respond to your request within 30 days.
8. Cookies
We use cookies to provide you with a functional and personalised experience on POSH360. Specifically:
- Session cookies: Essential for maintaining your logged-in state and ensuring the platform functions correctly. These are deleted when you close your browser.
- Preference cookies: Used to remember your settings and preferences across sessions.
- Analytics cookies: Used to understand how users interact with our platform so we can improve it. We use privacy-respecting analytics tools. This data is aggregated and anonymous.
We do not use third-party advertising cookies. No advertising networks or social media platforms receive tracking data from your use of POSH360.
You may disable cookies in your browser settings; however, this may impair the functionality of the platform.
9. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. We will notify you of any material changes via email to the address associated with your account at least 14 days before the changes take effect.
We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when this policy was most recently revised. Your continued use of POSH360 after the effective date of any update constitutes your acceptance of the revised policy.
10. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@posh360.in
- Company: Advocare Technologies Private Limited
- Address: Bangalore, Karnataka, India
We take all privacy concerns seriously and will respond within 30 days of receiving your request.