// legal
Privacy Policy
This Privacy Policy explains how Qenvo ("we", "us", "our") collects, uses, discloses and protects personal data through our website (qenvo.io), our Central Command Dashboard, and our Mobile App used by field workers, across all industry modules. It also explains the different roles Qenvo plays depending on whose data is involved.
1. Who We Are & Scope of This Policy
Qenvo operates a modular SaaS platform for managing remote and mobile workforces, out of Bangalore, Karnataka, India, serving business clients ("Clients") internationally. This policy covers three categories of individuals:
- Website visitors — people browsing qenvo.io or submitting our contact form.
- Client account users — dispatchers, managers and administrators who use the Central Command Dashboard on behalf of a Client business.
- End Users — field workers (riders, technicians, inspectors, site staff) provisioned an account on the Qenvo Mobile App by a Client business, and, in some modules, third parties such as delivery recipients or property tenants whose data is entered by a Client.
For website visitors and Client account users, Qenvo is the data controller. For End User data collected through a Client's use of the platform (e.g. a rider's location during deliveries, a site worker's clock-in records), Qenvo acts as a data processor / service provider on behalf of the Client, who determines what data is collected and why. If you are an End User with questions about your data, we encourage you to first contact the business that provisioned your account, and refer them to Qenvo where necessary.
2. Information We Collect
From website visitors:
- Contact form submissions: name, email, company, active-user estimate, module of interest, and message content
- Standard web usage and technical data: IP address, browser type, device type, pages visited, referring URLs
From Client account users (Dashboard):
- Account information: name, work email, phone number, role, and the business they represent
- Business configuration data entered into the platform: staff records, targets, dispatch rules, forms and reports
- Login and audit activity for security purposes
From End Users (Mobile App), as configured by the Client:
- Identity and contact details provisioned by the Client (name, phone number, employee/rider ID)
- Location data — collected while the app is in active use for dispatch, navigation and live tracking, and, in the Construction & Site Operations module, geofenced location at clock-in/clock-out
- Job and task data: assigned tasks, status updates, timestamps, working and break hours
- Proof-of-work data: photographs and electronic signatures submitted to confirm completed work
- Device information necessary to operate the app (device type, OS version, push-notification token)
We collect only what is necessary to operate the specific module a Client has subscribed to. We do not collect End User location data outside the context of active work sessions unless a Client has separately configured and disclosed continuous tracking to its own workers, which remains the Client's responsibility to disclose lawfully.
3. How We Use Information
- To provide, operate and maintain the Qenvo platform for Clients and their End Users (dispatch, routing, tracking, attendance, proof-of-work, reporting)
- To respond to enquiries submitted through our website or support channels
- To process subscription billing and manage Client accounts
- To monitor, secure and improve platform performance and reliability
- To detect, prevent and investigate fraud, abuse or security incidents
- To comply with legal obligations, including tax, accounting and law-enforcement requests where legally required
We do not use End User location or work data to build advertising profiles, and we do not sell personal data to third parties.
4. Legal Basis for Processing
India (Digital Personal Data Protection Act, 2023): Where the DPDP Act applies, we process personal data on the basis of consent obtained (by us for website/account users, or by the Client for its End Users) or as otherwise permitted for a "legitimate use" under the Act, such as performing a contract or responding to a request initiated by the data principal.
EEA / UK (GDPR): Where our Clients or their End Users are located in the EEA or UK, processing is based on: performance of the contract between Qenvo and the Client (Art. 6(1)(b)); Qenvo's or the Client's legitimate interests in operating the service (Art. 6(1)(f)); consent, where required for specific features (Art. 6(1)(a)); or compliance with a legal obligation (Art. 6(1)(c)). Where Qenvo processes End User data as a processor, the Client remains the controller responsible for the applicable legal basis.
California / US (CCPA/CPRA and similar state laws): We do not sell or "share" personal data as defined under these laws. Where applicable, individuals may have rights to know, delete, correct and limit use of sensitive personal information, exercisable as described in Section 8.
5. Cookies & Tracking on Our Website
- Essential cookies: required for the website to function; cannot be disabled.
- Analytics cookies: help us understand aggregate visitor behaviour (pages viewed, session duration).
- Preference cookies: remember basic settings to improve your browsing experience.
We do not use third-party advertising or cross-site tracking cookies. You can control cookies through your browser settings; disabling some may affect site functionality.
6. Sub-Processors & Third-Party Services
We rely on the following categories of service providers, who are contractually bound to process data only as instructed and to apply appropriate security measures:
- Cloud infrastructure & hosting providers — for application hosting, databases and backups
- Mapping and route-optimization providers — to power live tracking, navigation and distance calculation features
- Push notification and messaging services — to deliver task alerts to the Mobile App
- Payment processors — to process subscription billing
- Email delivery services — to send account, billing and support communications
A current list of sub-processors is available on request at contact@qenvo.io. We do not permit sub-processors to use Client or End User data for their own purposes.
7. Data Retention
- Website contact form submissions: retained up to 24 months, then deleted.
- Client account and configuration data: retained for the duration of the subscription, plus up to 30 days after termination to allow data export, unless a longer period is required by law (e.g. tax records) or agreed with the Client.
- End User location, task and proof-of-work data: retained for the duration the Client's subscription requires it operationally, and thereafter as instructed by the Client, subject to statutory minimums (e.g. records required for labour or tax compliance).
- Server and security logs: retained up to 90 days.
8. Your Rights
Subject to applicable law and, for End User data, subject to the Client's role as controller, you may have the right to:
- Access the personal data we (or, for End Users, the relevant Client) hold about you
- Correct inaccurate or incomplete data
- Request erasure of your data, subject to legal retention requirements
- Restrict or object to certain processing
- Receive a copy of your data in a portable format
- Withdraw consent where processing is based on consent, without affecting processing carried out before withdrawal
- Lodge a complaint with your local data protection authority (e.g. India's Data Protection Board, an EU/EEA supervisory authority, or equivalent)
To exercise these rights, contact us at contact@qenvo.io. If you are an End User, we may direct your request to the Client business that provisioned your account where they are legally responsible for fulfilling it, and will support that business in doing so. We aim to respond within 30 days and may need to verify your identity first.
9. Data Security
We apply technical and organisational safeguards appropriate to the sensitivity of the data we process, including encryption of data in transit (TLS), access controls restricting data access to authorized personnel on a need-to-know basis, and logging of access to sensitive records such as location and proof-of-work data. No system is completely secure, and we cannot guarantee absolute security of information transmitted over the internet.
10. International Data Transfers
Qenvo is based in India, and our primary infrastructure processes data from India. Where we or our sub-processors transfer personal data across borders (for example, to a cloud provider with servers outside a Client's home country), we take steps to ensure an adequate level of protection, including contractual safeguards consistent with the DPDP Act, and, for transfers involving the EEA/UK, mechanisms such as Standard Contractual Clauses where applicable.
11. Children's Data
Our website and platform are intended for business use and are not directed at children. We do not knowingly collect personal data from individuals under 18. The Qenvo Mobile App is intended for use by adult field workers provisioned by a Client business as part of their employment or engagement. If we learn that we have inadvertently collected data from a child, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be notified via our website or, for Client account users, via email or in-platform notice, with an updated "Last updated" date. Continued use of our website or platform after changes take effect constitutes acceptance of the revised policy.
13. Contact & Grievance Officer
For privacy questions, data rights requests, or grievances regarding this policy or our data practices, contact us:
Qenvo
Privacy enquiries: contact@qenvo.io
Support: support@qenvo.io
Location: Bangalore, Karnataka, India