Privacy Policy
EMISafeKey
Last updated: Oct 04, 2025
If you have any questions or requests about this Policy, contact us at info@EMISafeKey.in.
1) Introduction
Welcome to EMISafeKey ("EMISafeKey", "we", "our", or "us"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our mobile applications, websites, APIs, and related services (collectively, the "Services").
By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not access or use the Services.
2) Scope & Definitions
2.1 Scope
This Policy applies to information we process about individuals who use or interact with the Services, including app users, website visitors, and customer representatives.
2.2 Key Terms
- Personal Data: Any data that can identify an individual, directly or indirectly.
- User Keys: Cryptographic keys, license tokens, unlock codes, or similar credentials used within EMISafeKey for authentication, secure device actions, or data protection.
- Processing: Any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
- Controller / Data Fiduciary: The party that determines the purposes and means of Processing Personal Data.
3) Information We Collect
Depending on how you use the Services, we may collect the following categories of information:
3.1 Account & Profile Data
- Full name, username, email address, phone number.
- Business or organization details (if applicable).
- Authentication data (hashed passwords, tokens).
3.2 Device & App Data
- Device identifiers, OS version, app version, language, and region settings.
- Logs and diagnostics (crash reports, performance metrics).
- Network information (IP address, connection type).
3.3 Usage Data
- Features you use, in-app events, and interaction patterns.
- Time and duration of sessions.
3.4 User Keys & Sensitive Credentials
- Public keys, key identifiers, or key metadata necessary for secure operations.
- We do not store private keys in plaintext. Where private keys or unlock codes are required, we use hardware-backed keystores or strong encryption at rest and in transit.
- Temporary secrets (e.g., OTPs) used for verification and then discarded.
3.5 Payment & Transaction Data
- Invoices, order history, and transaction metadata.
- Where applicable, limited payment instrument details processed via trusted Payment Service Providers (PSPs). We do not store full card numbers.
3.6 Content You Provide
- Support requests, attachments, screenshots, and other content you submit.
3.7 Data from Third Parties
- Identity verification providers, payment processors, and analytics services.
- Enterprise customers who provision and manage user accounts on your behalf.
4) How We Use Information
- Provide, operate, and maintain the Services.
- Authenticate users, authorize actions, and protect accounts.
- Generate and manage User Keys and related credentials securely.
- Process transactions, billing, and customer support.
- Monitor performance, troubleshoot issues, and improve features.
- Communicate updates, security notices, and administrative messages.
- Comply with legal obligations and enforce terms.
5) Legal Bases for Processing
We process Personal Data under one or more of the following bases, as applicable:
- Your consent.
- Performance of a contract or to take steps at your request before entering into a contract.
- Legitimate interests (e.g., securing our Services, preventing misuse), balanced against your rights.
- Compliance with legal obligations.
6) User Keys & Security
We take special care to safeguard User Keys and other sensitive credentials:
- Use of OS-level secure enclaves/keystores when available.
- Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent).
- Strict access controls, role-based permissions, and audit logs.
- Key material stored server-side is minimized and, where feasible, replaced by non-reversible derivatives or hardware-backed references.
- Regular rotation of secrets and principle of least privilege.
- No plaintext private keys are retained; ephemeral keys are purged after use.
7) How We Share Information
We do not sell Personal Data. We may share data with:
- Service providers who help us operate the Services (hosting, analytics, support). They are bound by confidentiality and data protection obligations.
- Enterprise administrators (for managed accounts) who may access your profile, usage, and device status to administer the service.
- Legal/Compliance recipients when required by law, regulation, or to protect rights, safety, and security.
- Business transfers in connection with a merger, acquisition, or asset sale, subject to this Policy.
8) International Data Transfers
Where data is transferred across borders, we implement appropriate safeguards consistent with applicable laws (e.g., contractual protections and technical measures).
9) Data Retention
We retain Personal Data only for as long as necessary for the purposes set out in this Policy, to comply with our legal obligations, resolve disputes, and enforce agreements. When retention is no longer required, we securely delete or anonymize the data.
10) Your Rights & Choices
Depending on your jurisdiction and relationship with us, you may have rights to:
- Access, correct, or update your Personal Data.
- Request deletion of your data, subject to legal exceptions.
- Restrict or object to certain processing.
- Withdraw consent where processing is based on consent.
- Request data portability, where technically feasible.
To exercise these rights, contact us at info@EMISafeKey.in. We may need to verify your identity before responding.
11) Children’s Privacy
Our Services are not directed to children under the age required by applicable law. We do not knowingly collect Personal Data from children. If you believe a child has provided us with Personal Data, contact us so we can take appropriate action.
12) Security Measures
- Defense-in-depth: network, application, and data-layer protections.
- Encryption in transit and at rest; secure key management (see Section 6).
- Vulnerability management and regular security reviews.
- Employee training and access control based on least privilege.
- Incident response process for detecting, responding to, and notifying about security events as required by law.
13) Cookies, SDKs & Similar Technologies
We may use cookies on our website and SDKs within our apps to remember settings, measure performance, and improve user experience. You can control cookies through your browser settings and manage app permissions from your device settings. Disabling some technologies may affect certain features.
14) Third-Party Links & Services
The Services may link to third-party websites or integrate third-party services (e.g., sign-in providers, payment processors). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.
15) Permissions & In-App Disclosures
When the app requests access to device features (e.g., camera, storage, phone state), it will do so with a clear in-app prompt. You can revoke permissions at any time via your device settings, which may limit certain functionalities.
16) India-Specific Disclosures
Where the Digital Personal Data Protection Act, 2023 (DPDP Act) or successor rules apply, we act as a Data Fiduciary for Personal Data we process. You may appoint a consent manager recognized under applicable regulations, and you can withdraw consent at any time. For grievances, see Section 20.
17) Additional Global Disclosures
- EEA/UK: Where GDPR/UK GDPR applies, we rely on the legal bases listed in Section 5 and provide rights described in Section 10. You may lodge a complaint with your supervisory authority.
- California: We do not sell or share Personal Information as defined by the CCPA/CPRA. We honor applicable consumer rights described in Section 10.
18) Data Accuracy & Responsibility
You are responsible for ensuring that the information you provide is accurate and up to date. You can update your information via account settings or by contacting us.
19) Do Not Track
Your browser or device may offer a "Do Not Track" setting. Our Services currently do not respond to such signals. We will update this Policy if our practices change.
20) Grievance & Contact Information
If you have any questions, concerns, or complaints about this Policy or our data practices, please contact us:
We will review and address your query within a reasonable time and in accordance with applicable laws.
21) Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date at the top of this page. In case of material changes, we may provide additional notice (e.g., in-app notification).