EaseEmbro — Complete Software Solution Suite
Privacy Policy
This Privacy Policy explains how personal data, factory records, and operational information are collected, used, stored, disclosed, protected, retained, and deleted when authorised users use the EaseEmbro Platform — comprising the EaseEmbro Mobile Application, the EaseEmbro Windows Desktop Application, and the connected cloud infrastructure operated by Sampurna Labs.
Contents
Part I - Core Terms
1 About this Policy
2 Who we are
3 Scope
4 Definitions
Part II - Data Handling
5 Data we collect
6 Data we do not collect
7 How data is collected
8 Purposes and lawful basis
9 Camera and OCR processing
10 Worker data
11 Automated processing
Part III - Sharing and Security
12 Service providers
13 Legal disclosures
14 International transfers
15 Retention and deletion
16 Security
17 Incident response
Part IV - Rights and Notices
18 Your rights
19 Rights request process
20 Device permissions
21 Children's privacy
22 Changes to this Policy
23 Contact
24 Quick reference
Part V - Governance and Legal
25 Grievance Officer
26 Business transfers
27 Privacy by design
28 Vendor due diligence
29 App updates
Important notice
EaseEmbro is a complete software solution suite for embroidery factory management, comprising a Windows Desktop Application, an Android and iOS Mobile Application, and a connected cloud backend. It is used by authorised factory personnel to manage production tracking, machine output, employee attendance, OCR-assisted machine readings, payroll preparation, and factory reporting. The Platform does not contain advertising SDKs, does not sell personal data, and does not collect location, microphone, contacts, call logs, SMS, or mobile biometric data.
EaseEmbro is a complete software solution suite for embroidery factory management, comprising a Windows Desktop Application, an Android and iOS Mobile Application, and a connected cloud backend. It is used by authorised factory personnel to manage production tracking, machine output, employee attendance, OCR-assisted machine readings, payroll preparation, and factory reporting. The Platform does not contain advertising SDKs, does not sell personal data, and does not collect location, microphone, contacts, call logs, SMS, or mobile biometric data.
Part I - Core Terms
1About this Policy
This Privacy Policy is issued by Sampurna Labs and applies to the entire EaseEmbro Platform — comprising the EaseEmbro Mobile Application, the EaseEmbro Windows Desktop Application, and the connected cloud backend infrastructure. It governs how personal data and operational information are collected, processed, stored, shared, protected, retained, and deleted across all components of the Platform, whether accessed individually or in combination.
This Policy should be read with the applicable EaseEmbro commercial terms, subscription documents, and any written service agreement entered into between Sampurna Labs and the subscribing organisation. Where the commercial terms address data handling, this Policy prevails on matters of privacy and data protection.
This Policy is prepared with reference to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and other applicable laws of India.
Nothing in this Policy is intended to limit any statutory right available to a data principal under applicable law.
2Who we are
Sampurna Labs
Type: Sole proprietorship registered under the laws of India
GSTIN: 24ALWPJ6520F2ZZ
Registered address: Plot No. 42-43, GF, Sai Techno Park, Kosad Sayan Road, Nr. Nayara Petrol Pump, Kosad, Surat - 394107, Gujarat, India
Email: support@sampurnalabs.tech
Website: sampurnalabs.tech
Type: Sole proprietorship registered under the laws of India
GSTIN: 24ALWPJ6520F2ZZ
Registered address: Plot No. 42-43, GF, Sai Techno Park, Kosad Sayan Road, Nr. Nayara Petrol Pump, Kosad, Surat - 394107, Gujarat, India
Email: support@sampurnalabs.tech
Website: sampurnalabs.tech
For account data of authorised users, Sampurna Labs determines the purpose and means of processing and acts as a Data Fiduciary under the DPDPA, to the extent applicable.
For employee, worker, production, attendance, salary input, and factory operation records entered by a subscribing organisation, Sampurna Labs processes such information as a service provider and Data Processor on behalf of that subscribing organisation.
The subscribing organisation remains responsible for its employment records, wage decisions, employee notices, and compliance with applicable labour and payroll laws.
3Scope
This Policy applies to all components of the EaseEmbro Platform: the Mobile Application for Android and iOS, the Windows Desktop Application, and the shared cloud backend infrastructure. It applies to all user accounts, data entry workflows, cloud synchronisation, cloud storage, authentication systems, AI and OCR processing workflows, support activity, and related technical operations across the Platform.
This Policy applies whether any Platform component is used online, in a locally cached offline state pending synchronisation, or in a standalone configuration where cloud synchronisation is temporarily unavailable.
Because the Mobile Application and the Desktop Application share a common cloud backend, data practices described in this Policy in relation to the cloud infrastructure apply equally to both components and to any data that flows between them.
This Policy does not govern unrelated websites, services, devices, accounting systems, or employment practices operated independently by the subscribing organisation or any third party.
4Definitions
| Term | Meaning |
|---|---|
| Platform | The EaseEmbro complete software solution suite operated by Sampurna Labs, comprising the Mobile Application, the Desktop Application, and the cloud backend infrastructure, together with all associated services, authentication systems, cloud storage, and synchronisation infrastructure. |
| Mobile Application | The EaseEmbro mobile application available on Google Play Store (Android) and Apple App Store (iOS), used by authorised factory floor personnel for production data entry, OCR-assisted machine capture, and attendance recording. |
| Desktop Application | The EaseEmbro Windows desktop application used by factory owners and administrators for salary computation, reporting, salary slip generation, machine configuration, and factory management. |
| Cloud Backend | The cloud-hosted database, authentication, and storage infrastructure operated by Sampurna Labs's designated third-party cloud provider, shared across the Mobile Application and Desktop Application and serving as the single source of operational truth for the Platform. |
| Authorised User | A factory owner, manager, supervisor, or other person permitted by a subscribing organisation to access and use any component of the Platform. |
| Subscribing Organisation | The embroidery factory or business entity that subscribes to EaseEmbro. |
| Personal Data | Data about an individual who is identifiable by or in relation to such data. |
| Operational Data | Machine output, production entries, attendance records, shift details, salary inputs, advance entries, corrections, generated reports, and related factory records. |
| Camera Images | Photographs of embroidery machine display panels captured by an authorised user for OCR-assisted data entry. |
| Data Principal | The individual to whom personal data relates. |
| Data Fiduciary | An entity that determines the purpose and means of processing personal data. |
| Data Processor | An entity that processes personal data on behalf of a Data Fiduciary. |
| Sensitive Personal Data | Passwords, financial information, biometric data, health data, and all other categories of personal data designated as sensitive under the IT (SPDI) Rules, 2011. |
| Third-Party Service Provider | Any external technology company or service provider whose infrastructure or services the Platform relies upon to function, as identified in Section 12 of this Policy. |
| DSAR | Data Subject Access Request — a formal written request by a Data Principal to exercise one or more rights under applicable data protection law, including those described in Section 18 of this Policy. |
| Breach | Any confirmed or reasonably suspected unauthorised access to, disclosure of, loss of, destruction of, or interference with personal data processed through the Platform. |
Part II - Data Handling
5Data we collect
| Category | Examples | Main use |
|---|---|---|
| Account and identity data | Login identifier, hashed password, assigned role, session token, organisation or tenant association. | Authentication, access control, account administration. |
| Business and organisation data | Factory name, registered address, GSTIN, machine list, salary structure configuration, shift structure, factory settings. | Service configuration and delivery. |
| Operational and production data | Machine-wise stitch and frame counts, worker names, attendance states, shift records, advance pay entries, corrections, generated salary outputs. | Factory management, payroll preparation, reporting, review. |
| Camera images and OCR output | Machine display photographs captured by the user, OCR-extracted values, review and confirmation records. | Production entry assistance and verification. |
| Device and technical data | Device model, operating system, application version, network status, device or installation identifiers used for session integrity — collected from both mobile devices and desktop computers running Platform components. | Security, troubleshooting, compatibility, service reliability. |
| Usage and support data | Feature use, sync status, error reports, crash context, support correspondence. | Support, stability, product maintenance, internal improvement. |
Passwords are not stored in plain text. Authentication credentials are stored using cryptographic protections appropriate to the authentication service in use.
Operational Data may include personal data where it identifies a worker, employee, supervisor, owner, or other individual connected with the subscribing organisation.
6Data we do not collect
Location
The App does not request or collect GPS or geolocation data.Microphone
The App does not access the microphone and does not record audio.Contacts and messages
The App does not access contacts, call logs, SMS, email inboxes, or calendar records.Biometrics
No component of the Platform collects fingerprints, face scans, or device biometric templates through software. Biometric attendance hardware, where deployed, is a separate physical device not within the scope of this Policy.Payment credentials
The App does not collect card numbers, bank credentials, UPI PINs, or wallet credentials.Advertising identifiers
The App does not use advertising SDKs or cross-app behavioural tracking.7How data is collected
Data is provided directly by authorised users when they log in, configure factory information, enter production records, submit attendance, capture machine display images, correct entries, generate salary outputs, or communicate with support — across both the Mobile Application and the Desktop Application.
Technical data is collected automatically when any Platform component authenticates a session, synchronises records with the cloud backend, records an error or crash, checks network status, or performs any communication with cloud services.
Camera images are collected only when an authorised user opens the OCR workflow in the Mobile Application and initiates a capture action. The camera is not used in the background and is not accessed by the Desktop Application.
Data may also be received from the cloud backend when salary rules, machine lists, shift settings, factory configuration, or production records are synchronised to any Platform component.
8Purposes and lawful basis
| Purpose | Data involved | Basis relied upon |
|---|---|---|
| Account access and security | Account, role, session, device, and technical data. | Consent, contractual necessity, legitimate use. |
| Service delivery | Business, operational, production, attendance, and salary configuration data. | Contractual necessity and legitimate use by the subscribing organisation. |
| OCR-assisted entry | Camera images and extracted values. | User action and device permission; service necessity for the selected feature. |
| Payroll preparation | Production, attendance, salary rules, deductions, and review records. | Contractual necessity and legitimate use of the subscribing organisation. |
| Support and maintenance | Account, device, error, crash, sync, and support data. | Legitimate use and service necessity. |
| Legal compliance | Relevant records required to respond to lawful requests or preserve legal rights. | Compliance with law and legitimate interest. |
Sampurna Labs does not use personal data for behavioural advertising, sale to data brokers, credit scoring, recruitment screening, or unrelated profiling.
Where a new processing purpose requires fresh notice or consent under applicable law, Sampurna Labs will provide such notice or obtain such consent before proceeding.
9Camera and OCR processing
The App may use the device camera to photograph embroidery machine display panels. This feature is intended to reduce manual entry errors by extracting visible machine readings.
Captured images may be transmitted to a cloud-based artificial intelligence or OCR service for extraction of numeric values shown on the machine display.
Extracted values are presented to the authorised user for review. The user may confirm or correct the value before submission.
Camera images may be stored in the App's local media folder and in the subscribing organisation's cloud records for verification and audit reference, subject to the retention terms in this Policy and the applicable subscription arrangement.
The intended capture subject is the machine display panel. Users should avoid photographing people, personal documents, or unrelated content.
10Employee and worker data
Factory employee and worker data may be entered by authorised users of the subscribing organisation. This may include names, attendance, machine assignment, production output, salary inputs, deductions, and payroll-related records.
The subscribing organisation is responsible for notifying its employees or workers as required by law and for establishing the lawful basis for processing workforce records in EaseEmbro.
Sampurna Labs does not contact factory employees directly for the purpose of using their operational data and does not share worker-level records with any unrelated third party.
Requests by employees or workers about employer records should ordinarily be addressed to the subscribing organisation. Sampurna Labs may support the subscribing organisation where required.
11Automated processing
The Platform calculates payroll-related outputs by applying salary rules configured for the subscribing organisation to submitted production, attendance, and adjustment data. These calculations are executed by the cloud backend and results are made available through both the Desktop Application and, where applicable, the Mobile Application.
The subscribing organisation remains responsible for reviewing payroll outputs before payment and for ensuring that configured rules comply with applicable employment, wage, and labour laws. Sampurna Labs does not independently validate salary rule configurations against legal standards.
OCR extraction via the Mobile Application is automated, but the extracted value is subject to authorised user review and correction before submission to the cloud backend.
The Platform does not use automated processing to make decisions about credit, employment eligibility, recruitment, insurance, or any matter unrelated to the factory management function for which the Platform is subscribed.
Part III - Sharing and Security
12Service providers
Sampurna Labs uses service providers only where required to operate, secure, host, distribute, support, or improve EaseEmbro. Data shared with such providers is limited to what is reasonably necessary for the relevant service.
Cloud infrastructure providerHosting, database, authentication, storage
Operational records, account data, camera images, configuration data, and support-related technical records may be stored or processed using the cloud backend selected by Sampurna Labs for the Platform.
Google LLCOCR or AI image processing; Android platform services
Machine display photographs may be transmitted for OCR-assisted extraction. Android platform services may also process standard platform information in accordance with Google's applicable policies.Google Privacy Policy: https://policies.google.com/privacy
Apple Inc.iOS distribution and platform services
Standard iOS platform and App Store processes are governed by Apple's own terms and privacy policies.Apple Privacy Policy: https://www.apple.com/legal/privacy/
Unconditional commitment — no sale of personal data
Sampurna Labs does not sell, rent, lease, license, auction, barter, or otherwise transfer any personal data, individually identifiable operational data, or workforce records to any third party for that party's independent commercial purposes — under any circumstances, for any consideration, and in any form. This commitment is unconditional. The only transfers of data to third parties that occur are those strictly necessary to operate the Platform, as described in Section 12 above. Sampurna Labs does not provide data to advertising networks, data brokers, or unrelated commercial platforms.
13Legal disclosures
Sampurna Labs may disclose data where required by applicable law, court order, regulatory direction, lawful government request, or where necessary to protect rights, property, safety, security, or service integrity.
Where legally permitted and reasonably practicable, Sampurna Labs will notify the relevant subscribing organisation before disclosing its operational records in response to a legal request.
Law enforcement, regulatory, and legal requests should be sent in writing to support@sampurnalabs.tech with sufficient detail to verify the authority and scope of the request.
14International transfers
The App and its service providers may process or store data on infrastructure located outside India, depending on the selected cloud region, provider architecture, and OCR or AI processing service used.
Where data is transferred outside India, Sampurna Labs relies on contractual, technical, and organisational safeguards available under the applicable service arrangements and Indian law.
By using the App through a subscribing organisation, authorised users acknowledge that such cross-border processing may occur as part of operating the Platform.
15Retention and deletion
| Data type | Retention approach |
|---|---|
| Operational and production records | Retained for the duration of the active subscription period and for 30 calendar days following expiry, during which the subscribing organisation may export or retrieve its data. After this period, records may be deleted, anonymised, or archived at Sampurna Labs's discretion, subject to legal hold obligations. |
| Camera images | Cloud copies are subject to the same 30-day post-expiry window as operational records. Local copies retained on the device remain the responsibility of the device user and are not subject to Sampurna Labs's retention schedules. |
| Account credentials and session records | Retained while the account is active and for a limited security and audit period, not exceeding 90 days, following account deactivation. |
| Error logs and crash diagnostics | Retained on a rolling basis not exceeding 90 days, used solely for troubleshooting and service reliability. Not linked to individual production or payroll records. |
| Aggregated or anonymised information | May be retained indefinitely where individuals and subscribing organisations are not reasonably identifiable from the retained data. |
| Legal hold data | Retained for as long as required to comply with legal, regulatory, dispute resolution, audit, or enforcement obligations. Legal hold supersedes standard retention schedules. |
Requests for early deletion of cloud-stored data prior to the end of the applicable retention period should be submitted in writing to support@sampurnalabs.tech. Sampurna Labs will use reasonable efforts to accommodate such requests, subject to legal hold obligations, contractual commitments, and security or audit requirements that may require a minimum retention period.
On expiry of the applicable retention period, Sampurna Labs will delete, anonymise, or archive data in a manner designed to render individually identifiable information unrecoverable by standard technical means.
16Security
Encryption in transit
Data exchanged between the App and cloud services is transmitted over encrypted connections.Encryption at rest
Cloud-stored data is protected using the storage encryption controls provided by the cloud infrastructure provider.Access control
Access is limited by role, account status, and operational need.Tenant separation
Factory records are logically separated by subscribing organisation.Server-side computation
Payroll rules and critical processing are handled through controlled backend services.Support access
Internal access to subscriber data is limited to personnel with a legitimate support, engineering, or operational requirement.
Security limitation
No software, device, network, or cloud environment can be guaranteed to be completely secure. Users and subscribing organisations must maintain secure devices, protect credentials, and report suspected misuse promptly.
17Incident response
1
Detect and assessPotential incidents are reviewed to determine affected systems, data categories, scope, and risk.
2
ContainReasonable containment measures may include credential revocation, access restriction, provider coordination, or temporary service limitation.
3
NotifyWhere notification is required by applicable law or contract, Sampurna Labs will notify affected subscribing organisations and regulatory authorities as required.
4
RemediateCorrective actions are taken based on the nature of the incident and the findings of the review.
A notification of a suspected or confirmed incident does not constitute an admission of fault or liability.
Part IV - Rights and Notices
18Your rights
Data principals may have rights under the DPDPA and other applicable laws, including rights to access information, seek correction, request erasure, withdraw consent where processing is consent-based, nominate another person where permitted, and raise grievances.
InformationRequest information about personal data processed and the purposes of processing.
AccessRequest a copy or summary of personal data held by Sampurna Labs, where applicable under the DPDPA 2023.
CorrectionRequest correction of inaccurate or incomplete personal data held about you.
ErasureRequest deletion where data is no longer necessary for the purpose for which it was collected and no overriding legal or contractual retention basis applies.
Withdrawal of consentWithdraw consent where processing is based on consent. Withdrawal does not affect the lawfulness of prior processing. Withdrawal for essential features may affect access to those features.
Grievance redressalRaise concerns with the designated Grievance Officer and receive a response within the timeframes set out in Section 25 of this Policy.
NominationNominate another individual to exercise your data protection rights on your behalf in the event of your death or incapacity, in accordance with the DPDPA 2023.
Complaint to the Data Protection BoardIf dissatisfied with the resolution of a grievance, escalate a complaint to the Data Protection Board of India, once operationalised under the DPDPA 2023, or pursue any other remedy available under applicable Indian law.
Rights relating to employee or worker records controlled by a subscribing organisation should first be directed to that subscribing organisation. Sampurna Labs may support the organisation where required.
19Rights request process
Requests may be submitted by email to support@sampurnalabs.tech. The request should include the requestor's name, registered contact, subscribing organisation, the right being exercised, and sufficient detail to identify the relevant data.
Sampurna Labs may require reasonable identity verification before acting on a request.
Sampurna Labs will acknowledge rights requests within 48 hours and will aim to provide a substantive response within 30 days, subject to applicable law, request complexity, verification, and dependency on the subscribing organisation.
Requests may be declined or limited where they are unlawful, unverifiable, repetitive, excessive, conflict with legal obligations, or affect another person's rights.
20Device permissions
The following device permissions apply specifically to the EaseEmbro Mobile Application. The Desktop Application operates within the Windows application permission model and does not request mobile device permissions.
Camera
Mobile Application — OCRRequired only when the authorised user chooses to capture a machine display image for OCR-assisted entry. Not accessed in the background.
Storage or media access
Mobile Application — image recordsUsed to save machine display photographs within the Mobile Application's permitted storage scope. Scoped to the EaseEmbro folder only and does not access other device files.
Internet or network access
All Platform componentsRequired by all Platform components for authentication, cloud synchronisation, data storage, OCR processing, and software updates.
Permissions not requested
Not usedLocation, microphone, contacts, calendar, call logs, SMS, Bluetooth, NFC, and device biometrics are not required for any current function of the Mobile Application.
Users may revoke permissions through device settings. Revoking a permission may disable the feature that depends on it.
21Children's privacy
EaseEmbro Mobile is intended for business use by adults authorised by subscribing organisations. It is not directed to children or intended for use by persons under 18 years of age.
Sampurna Labs does not knowingly collect personal data from children. If such data is identified, Sampurna Labs will take appropriate steps to delete or restrict the data and notify the relevant subscribing organisation where necessary.
22Changes to this Policy
Sampurna Labs may update this Policy to reflect product changes, new legal requirements, changes to service providers, operational improvements, or clarification of existing practices.
Material changes — including the collection of a new category of personal data, engagement of a new third-party processor, material changes to retention periods, or changes to how camera images are stored or used — will be communicated at least 15 days before they take effect, by email to the subscribing organisation's registered contact and by in-App notice or publication on the Sampurna Labs website. Where a shorter period is required by applicable law or urgent security circumstances, notice will be provided as promptly as practicable.
Non-material changes, including typographical corrections, clarifications that do not alter the substance of the Policy, updated third-party policy links, or administrative restructuring of sections without change to content, may take effect without advance notice.
Continued use of the App following the effective date of any update constitutes acceptance of the revised Policy. Where a material change is not acceptable, the subscribing organisation should cease use and contact Sampurna Labs to arrange account deactivation and data export.
The Document ID and effective date at the top of this Policy identify the operative version. Version history is maintained internally.
23Contact
Sampurna Labs - Privacy and Legal Contact
Email: support@sampurnalabs.tech
Website: sampurnalabs.tech
Address: Plot No. 42-43, GF, Sai Techno Park, Kosad Sayan Road, Nr. Nayara Petrol Pump, Kosad, Surat - 394107, Gujarat, India
GSTIN: 24ALWPJ6520F2ZZ
Availability: Monday to Saturday, 10:00 AM to 6:00 PM IST, excluding public holidays
Email: support@sampurnalabs.tech
Website: sampurnalabs.tech
Address: Plot No. 42-43, GF, Sai Techno Park, Kosad Sayan Road, Nr. Nayara Petrol Pump, Kosad, Surat - 394107, Gujarat, India
GSTIN: 24ALWPJ6520F2ZZ
Availability: Monday to Saturday, 10:00 AM to 6:00 PM IST, excluding public holidays
Privacy requests, grievance communications, rights requests, and general data protection inquiries should be directed to support@sampurnalabs.tech. Law enforcement and regulatory data requests must be submitted in writing to the same address, marked clearly as a legal or law enforcement request, and must include sufficient detail to verify the authority and scope of the request. Informal or unverified requests will not be processed.
This Policy is governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and all rules made thereunder. Subject to the dispute resolution provisions in the applicable commercial terms, disputes arising from this Policy are subject to the jurisdiction of courts in Surat, Gujarat, India.
This Policy is published in English. Where a translation is made available for convenience, the English version prevails in all cases of conflict or ambiguity. If any provision of this Policy is found to be invalid or unenforceable under applicable law, it will be modified to the minimum extent necessary to make it valid, and all remaining provisions will continue in full force and effect.
24Quick reference
| Topic | Position |
|---|---|
| Responsible entity | Sampurna Labs, Surat, Gujarat, India. |
| Primary product purpose | Embroidery factory production tracking, attendance context, payroll preparation, reporting, and review. |
| Advertising | No advertising SDKs and no sale of personal data. |
| Camera | Used only for user-initiated machine display capture for OCR-assisted entry. |
| Location and microphone | Not collected or requested. |
| Third-party providers | Cloud infrastructure provider (database, authentication, storage), AI image analysis services (OCR for the Mobile Application), Google LLC (Android platform services), and Apple Inc. (iOS platform services). |
| Security controls | Encrypted transmission, cloud storage controls, role-based access, logical tenant separation, and restricted support access. |
| Rights contact | support@sampurnalabs.tech. |
Part V - Governance and Legal
25Grievance Officer
In accordance with Section 13 of the Information Technology Act, 2000 and the provisions of the Digital Personal Data Protection Act, 2023, Sampurna Labs designates a Grievance Officer to receive, acknowledge, and resolve complaints and inquiries from data principals relating to the processing of personal data through the Platform. The designation of a Grievance Officer is a statutory obligation and forms part of Sampurna Labs's data protection compliance framework.
Designated Grievance Officer — Sampurna Labs
Name: Om (Proprietor, Sampurna Labs)
Designation: Grievance Officer — Data Protection
Organisation: Sampurna Labs
Address: Plot No. 42-43, GF, Sai Techno Park, Kosad Sayan Road, Nr. Nayara Petrol Pump, Kosad, Surat – 394107, Gujarat, India
Email: support@sampurnalabs.tech
Availability: Monday to Saturday, 10:00 AM to 6:00 PM IST, excluding public holidays
Acknowledgement timeline: Within 48 hours of receipt
Resolution timeline: Within 30 days of receipt, or such other period as may be prescribed under applicable law
Name: Om (Proprietor, Sampurna Labs)
Designation: Grievance Officer — Data Protection
Organisation: Sampurna Labs
Address: Plot No. 42-43, GF, Sai Techno Park, Kosad Sayan Road, Nr. Nayara Petrol Pump, Kosad, Surat – 394107, Gujarat, India
Email: support@sampurnalabs.tech
Availability: Monday to Saturday, 10:00 AM to 6:00 PM IST, excluding public holidays
Acknowledgement timeline: Within 48 hours of receipt
Resolution timeline: Within 30 days of receipt, or such other period as may be prescribed under applicable law
Grievances should be submitted in writing to the email address above and should include the data principal's full name, registered contact information, the associated subscribing organisation, a clear description of the concern or complaint, the specific data or processing activity in question, and the remedy sought. Additional information may be requested where necessary to process the grievance.
Sampurna Labs will not penalise, disadvantage, or restrict access for any data principal who submits a grievance or exercises any right under applicable law.
Where a grievance is not resolved satisfactorily by the Grievance Officer, the data principal may escalate the matter to the Data Protection Board of India, once operationalised under the DPDPA 2023, or pursue any other remedy available under applicable Indian law.
26Business Transfers
In the event of a merger, acquisition, amalgamation, restructuring, sale of all or substantially all assets, or change of control involving Sampurna Labs, subscriber data — including personal data of authorised users and all operational records — may be transferred to the successor or acquiring entity as part of that transaction.
Where such a transfer is proposed, Sampurna Labs will, to the extent legally and commercially practicable: provide written notice to active subscribing organisations via registered email no less than 30 days prior to the effective date of transfer; require the acquiring entity to be contractually bound to honour this Policy or a materially equivalent successor policy governing the same data; and provide affected subscribing organisations with a reasonable opportunity to export their operational data prior to the transfer taking effect.
If the acquiring entity proposes to process personal data in a manner that is materially inconsistent with this Policy, affected data principals will receive fresh notice of the proposed change and a reasonable opportunity to withdraw consent and exit the Platform before the new practices take effect.
In the event of an insolvency or winding-up proceeding involving Sampurna Labs, Sampurna Labs will use reasonable efforts to ensure that subscriber data is handled responsibly, including by facilitating data export for subscribing organisations within the constraints of applicable insolvency law.
27Privacy by Design
Sampurna Labs applies privacy by design as a foundational principle of the Platform. Data protection is built into the architecture, operational design, and development practices of the App and its supporting infrastructure from the outset — not applied as a subsequent layer of controls.
Data minimisation
Each data collection point has been assessed to confirm that only the minimum data necessary to fulfil the stated purpose is collected. No speculative, exploratory, or convenience-based collection occurs.Logical tenant isolation
Each subscribing organisation's data is isolated at the infrastructure level. Cross-tenant access is structurally prevented by design — not solely by policy or configuration.Server-side business logic
Critical payroll computation and processing rules execute exclusively on controlled cloud infrastructure. Client devices do not execute or hold core business logic, reducing the attack surface and preventing client-side manipulation.Purpose limitation
Data flows are scoped to stated purposes at the point of design. No data collected for one purpose is routed to another without explicit review and a fresh lawful basis being established.Least-privilege access
Internal access to subscriber data within Sampurna Labs is granted strictly on operational need, bounded by role, and subject to logging. No personnel hold broader access than their specific function requires.End-to-end encryption
Encryption is applied at every data transit point and at rest across cloud storage, ensuring data is protected throughout its lifecycle and not accessible in unprotected form at any stage.28Vendor Due Diligence
Sampurna Labs conducts due diligence on all third-party service providers before engaging them to process personal data in connection with the Platform. This assessment considers the provider's published privacy and data protection policies and practices; applicable security certifications and industry standards maintained by the provider; the availability of a data processing agreement or equivalent contractual data protection commitment; incident detection and breach notification practices; and the provider's reputation, track record, and standing in the industry.
Sampurna Labs periodically reviews the data protection practices and commitments of active service providers. Where a provider materially reduces its data protection standards or materially alters the terms under which it processes data following engagement, Sampurna Labs will assess whether reconfiguration, migration, or termination of the arrangement is appropriate.
No third-party service provider is engaged to process personal data through the Platform unless that provider has made enforceable commitments to maintain data security and confidentiality, whether through contractual data processing agreements, published data protection addenda, or equivalent binding mechanisms. Sampurna Labs does not engage service providers on the basis of informal or unverified representations alone.
29App Updates and Remote Delivery
Sampurna Labs delivers improvements, security fixes, and feature enhancements to the App through multiple delivery channels. Each channel operates within the scope of this Policy and does not alter the categories of data collected or the permissions held by the App without corresponding notice.
Store updates. Full version updates are delivered through the Google Play Store and the Apple App Store in accordance with each platform's standard update delivery policies. Store updates may require installation action by the authorised user or the subscribing organisation's administrator.
Over-the-air updates. Certain code-level changes, including performance improvements, bug fixes, and compatibility adjustments, may be delivered directly to installed App instances over a network connection without requiring a full store update. Over-the-air updates do not modify the device permissions requested by the App, do not expand the categories of data collected, and do not alter the terms of this Policy.
Configuration and rules synchronisation. Factory configuration, salary rules, machine lists, shift structures, and platform settings may be updated on the cloud backend and synchronised to the App during normal operation. These are data updates within the existing scope of this Policy and do not constitute changes to application code or permissions.
No update or delivery mechanism operated by Sampurna Labs is used to expand the App's data collection scope, add new device permissions, or introduce new data processing practices beyond those described in this Policy, without a corresponding Policy update issued with appropriate advance notice to affected subscribing organisations.