Privacy Policy
This Privacy Policy explains how SKCPL Group(“we”, “us”, the “Data Fiduciary”), which operates the SiteRelay platform (“SiteRelay”, the “Service”), collects, uses, discloses, and protects personal data. We process personal data in accordance with India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable rules.
1. Who we are
The Data Fiduciary is SKCPL Group, based in Meerut, Uttar Pradesh, India. For any privacy questions, contact us at tech@skcplgroup.com.
2. The personal data we collect
- Account & identity data: name, email address, phone number, company, job role, and your role-based permissions.
- Site & field data you submit: daily progress updates, notes, and photographs of construction sites. Photographs may incidentally contain images of workers or other individuals.
- Location data: when you attach a photo, we may capture the device’s geolocation (latitude/longitude and accuracy) at the time of capture, to verify that updates were recorded on site.
- Procurement & financial records: indents, purchase orders, invoices, payments, and related approvals (business data of your organisation).
- Usage & device data: log data, app interactions, and analytics events used to operate and improve the Service.
3. Purposes and lawful basis
We process personal data for the following purposes, relying on your consent and on the legitimate uses permitted under the DPDP Act:
- To create and manage accounts and role-based access.
- To provide core features: recording daily site updates, generating reports, and sharing client timelines.
- To capture photo and location data for the specific purpose of verifying and documenting on-site work. We collect location only as attached to a submitted update; you can decline location permission, though some verification features may be limited.
- To operate the procurement and accounts module for your organisation.
- To secure the Service, prevent misuse, and comply with legal obligations.
- To analyse usage and improve the Service.
4. How we share data and who processes it
We do not sell personal data. We share it with the following processors (Data Processors) strictly to operate the Service, under contractual safeguards:
- Supabase — database, authentication, and file/photo storage.
- Vercel — application hosting and delivery.
- Resend — transactional email delivery.
- PostHog — product analytics.
- Sentry — error monitoring (when enabled).
We may also disclose data where required by law or to protect rights, property, or safety. Within your organisation, data is visible to other users according to their assigned roles (for example, owners and managers can see sites and updates; a client timeline link can be shared publicly by an authorised user).
5. Data location and transfers
Personal data is stored and processed on infrastructure located in India (Mumbai region). We do not transfer your personal data outside India. Should this change in future, we will update this policy and ensure transfers are made only to countries not restricted by the Government of India and with appropriate safeguards.
6. Data retention
We retain account and site data for as long as your account is active. Financial and tax records (procurement, invoices, payments) are retained for 8 years, in line with Indian tax and company-law requirements. Other personal data is deleted or anonymised within 90 days of account closure, unless a longer retention period is required by law.
7. Your rights under the DPDP Act
As a Data Principal, you have the right to:
- Access a summary of the personal data we process about you.
- Request correction or updating of inaccurate or incomplete data.
- Request erasure of your personal data, subject to legal retention requirements.
- Withdraw consent at any time (this will not affect prior lawful processing).
- Nominate another individual to exercise your rights in the event of death or incapacity.
- Grievance redressal (see below).
To exercise any right, contact us at tech@skcplgroup.com.
8. Grievance Officer
In accordance with the DPDP Act, you may contact our Grievance Officer for any concern regarding the processing of your personal data:
- Designation: Grievance Officer, SKCPL Group
- Email: tech@skcplgroup.com
- Postal address: available on request by writing to the email above.
We will acknowledge and respond to grievances within the timelines prescribed under applicable law.
9. Children’s data
SiteRelay is a workplace tool intended for use by adults. We do not knowingly process the personal data of children (individuals under 18) without verifiable parental or guardian consent as required by the DPDP Act. If you believe a child’s data has been provided to us, contact us so we can take appropriate action.
10. Security
We use reasonable technical and organisational safeguards, including role-based access controls, row-level security on the database, encrypted transport (HTTPS), and access restrictions on file storage. No system is perfectly secure; in the event of a personal data breach, we will notify the Data Protection Board and affected Data Principals as required by law.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified within the Service or by email, and the “Effective date” above will be updated.
12. Contact
Questions about this policy or our data practices? Email tech@skcplgroup.com.