Privacy Policy
Plain-English summary
- Your factory data is yours. We do not sell it, share it, or use it to serve ads.
- Each role sees only what they need workers see their tasks, supervisors see their section, owners see everything.
- All data is encrypted in transit and at rest using 256-bit AES encryption, and stored in India.
- We may use anonymised, aggregated data (never identifiable) for industry benchmarks — only with your consent.
- We comply with India's Digital Personal Data Protection (DPDP) Act, 2023.
01Who we are
factol is a mobile-first factory management platform built for small and medium manufacturing businesses (MSMEs) in India. We are operated by the factol team, based in Kerala, India.
This policy explains what personal and operational data we collect when you use the factol app, why we collect it, how we protect it, and what rights you have over it.
02What data we collect
We collect only what is needed to run your factory operations effectively.
| Category | Examples | Why we need it |
|---|---|---|
| Account information | Owner name, phone number, email, factory name | To create and manage your account |
| Employee records | Worker name, photo (optional), section, wage rate, employment status | For task assignment and attendance tracking |
| Attendance data | Check-in / check-out times, shift details, overtime hours | To calculate labour productivity and costs |
| Production data | Orders, tasks, quantities completed, section-wise progress | To track production flow and identify delays |
| Material data | Raw material names, quantities used, wastage recorded | For inventory management and wastage detection |
| Device information | Device type, OS version, push notification token | To send alerts and enable offline sync |
| Usage data | App interactions, feature usage frequency | To improve the product experience |
03How we use your data
We use your data to provide the factol platform, which includes: running production dashboards, calculating labour and material costs, generating shift reports, sending real-time alerts, and delivering AI-powered efficiency insights.
We do not use your data to serve advertisements. We do not sell your data to any third party. We do not profile your workers for purposes outside your factory's operations.
We may use anonymised, aggregated data — where no individual or factory can be identified — to compute industry benchmarks (for example, average wastage rates by sector). This is opt-in and clearly disclosed in the app before enabling.
04Who sees what — role-based access
Access to data is strictly role-based. factol enforces the principle of minimum necessary access. Factory owners control who is added to the workspace and what role they are assigned. factol staff do not access your factory's data except when explicitly requested for technical support.
| Feature / data | Owner / Admin | Supervisor | Worker |
|---|---|---|---|
| Full production dashboard | Yes | — | — |
| All section data | Yes | Own section only | — |
| Labour cost reports | Yes | — | — |
| AI-powered insights | Yes | — | — |
| Employee records | All records | Own team only | — |
| Wastage analytics | Yes | Own section only | — |
| Assign tasks to workers | Yes | Yes | — |
| View & update task progress | Yes | Yes | Own tasks only |
| Attendance (check-in / out) | All records | Own team only | Own record only |
05How we protect your data
Data security is built into factol's architecture, not added as an afterthought.
06Third-party services
factol uses a small number of trusted third-party services to operate the platform. These are limited to infrastructure and delivery — they are not data brokers or advertisers.
| Service | Purpose |
|---|---|
| AWS / Firebase (cloud hosting) | Secure server infrastructure and real-time database |
| FCM / APNs (push notifications) | Delivering alerts to Android and iOS devices |
| WhatsApp Business API | Sending order and production alerts via WhatsApp (opt-in only) |
We do not share identifiable personal data with these services beyond what is technically necessary (for example, a device token to send a push notification).
07Your rights under the DPDP Act, 2023
As a data principal under India's Digital Personal Data Protection Act, 2023, you have the following rights. To exercise any of them, contact us at the address at the end of this document. We do not require a reason for access or erasure requests.
| Right | What it means |
|---|---|
| Right to access | Request a copy of all personal data we hold about you or your factory. |
| Right to correction | Request that inaccurate or incomplete data is corrected promptly. |
| Right to erasure | Request deletion of your data when it is no longer needed for the purpose it was collected. |
| Right to withdraw consent | Withdraw consent for optional data uses (such as benchmarking) at any time through app settings. |
| Right to grievance redressal | Raise a complaint directly with us. We will acknowledge within 24 hours and resolve within 48 hours. |
| Right to data portability | Export your production and operational data in CSV or PDF format at any time from within the app. |
08Data retention and deletion
We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow data export, after which it is permanently deleted from our servers.
Attendance and production records may be retained for up to 3 years for operational continuity unless you request earlier deletion. Worker personal data (name, phone) is deleted within 30 days of account closure.
09Changes to this policy
If we make material changes to this privacy policy, we will notify you via in-app notification and email at least 14 days before the changes take effect. Continued use of factol after the effective date means you accept the updated policy.
Questions about your data?
Reach out any time — we'll acknowledge grievance requests within 24 hours and resolve them within 48.
WhatsApp usNote: This is a working draft. Have a legal counsel admitted to practice in India review and finalise this document before publishing — particularly for DPDP Act compliance obligations, consent notice requirements, and grievance officer appointment.