Privacy Policy

We collect the following categories of information: A. Personal Information (provided by you): • Full name, email address, phone number • Company or business name • Username, password (stored securely as a hash) • Billing address and GST/tax identifiers • Profile information (bio, photo, social links, skills, resume, portfolio) • Blog post content, service descriptions, team member details B. Usage & Activity Data (automatically collected): • IP address, browser type, operating system, and device type • Pages visited, features used, button clicks, and session duration • Dashboard activity: slides created, playlists built, screens configured, devices paired • Search queries in the Help Center • Notification interaction and support chat messages C. Device & Player Data: • Device model, Android version, and app version of paired Signmitra Player devices • Heartbeat status (online/offline timestamps) • Content download and sync logs • Wi-Fi/Ethernet connection type D. Payment Data (processed by third parties): • Transaction amounts, billing cycles, plan details, and invoice history • We do NOT store credit card numbers, CVVs, or bank account details — these are handled exclusively by payment gateways

We use collected information for the following purposes: • Service Delivery: To provide, operate, and maintain the Signmitra platform including the dashboard, editor, player, scheduling, and screen management • Account Management: To create, authenticate, and manage user accounts and Team Member access • Billing & Payments: To process subscriptions, upgrades, downgrades, renewals, storage purchases, and generate invoices • Communication: To send transactional emails (account verification, password resets, subscription reminders, expiry notices), support responses, and system notifications • SMS & WhatsApp Notifications: To send OTPs, billing alerts, and critical account notifications via MSG91 • Support: To provide technical assistance through tickets, live chat, and Support PIN remote sessions • Improvement: To analyze usage patterns, identify bugs, improve UI/UX, and develop new features • Security: To detect and prevent fraud, unauthorized access, and abuse of the platform • Legal Compliance: To fulfill legal obligations, respond to lawful requests, and protect our rights

Signmitra uses the following trusted payment gateways to process transactions securely: • Razorpay — For Indian users (UPI, cards, net banking, wallets) • Stripe — International card payments • PayPal — International payments via PayPal accounts • Flutterwave — African and emerging market payments • Paytm — Indian wallet and banking payments • MercadoPago — Latin American payments Important: We never store your card numbers, CVVs, or bank credentials on our servers. All sensitive payment data is processed and encrypted directly by the respective payment gateway in compliance with PCI-DSS standards. Each gateway has its own privacy policy and terms of service. We encourage you to review them independently. We store only transaction metadata: order IDs, plan names, amounts, dates, payment status, and invoice references for your billing history and our accounting records.

We use the following services to communicate with you: • MSG91: For transactional SMS, OTP verification, and WhatsApp notifications related to account verification, billing alerts, screen status alerts, and service updates. • SendGrid: For transactional and notification emails including password resets, subscription confirmations, expiry reminders, and system announcements. • PHPMailer: As a fallback email system for certain transactional communications. By using Signmitra, you consent to receiving these communications. These are service-essential messages, not marketing. Marketing communications, if any, will be clearly identified and include an opt-out option. You may manage your notification preferences from the Account Settings page or contact support to adjust communication preferences.

Signmitra uses cookies and similar technologies for the following purposes: • Essential Cookies: Required for login sessions, CSRF protection, and core platform functionality. These cannot be disabled. • Preference Cookies: Remember your settings such as language, dark mode, and sidebar state. • Analytics Cookies: Help us understand how users interact with the platform, which pages are most visited, and where users encounter issues. Cookies we use: • Session cookies — Expire when you close your browser • Persistent cookies — Remain for a set period to remember preferences • CSRF tokens — Protect against cross-site request forgery attacks You can control or delete cookies through your browser settings. Note that disabling essential cookies may prevent the platform from functioning correctly.

When you pair a device running the Signmitra Player app, the following data is collected: • Device Information: Device model, manufacturer, Android version, screen resolution • App Information: Player app version, last update timestamp • Connection Data: Wi-Fi/Ethernet type, IP address (local network) • Heartbeat Data: Online/offline status, timestamp of last communication • Content Sync: Download status, cache size, sync success/failure logs • Pairing Data: Screen Key or QR code pairing event, associated screen ID This data is used to: • Show device status (Online, Offline, Syncing) in your dashboard • Diagnose connectivity and playback issues • Ensure content is delivered and displayed correctly • Monitor app version for update recommendations Player data is associated with your account and is not shared with third parties.

When you generate a Support PIN and a support agent accesses your account: • Data accessed: The agent can view your slides, playlists, screens, devices, and configuration settings • Data NOT accessible: Billing information, payment details, and account deletion are blocked during support sessions • Audit logging: All actions performed during the support session are recorded with timestamps, agent ID, and action description • Session limits: Support sessions are time-limited (typically 30 minutes) and end automatically • PIN security: PINs are single-use, expire after 15 minutes if unused, and cannot be reused Support session logs are retained for 90 days for quality assurance and dispute resolution. You may request a copy of your support session logs by contacting us.

We implement industry-standard security measures to protect your data: • Passwords are stored using strong one-way cryptographic hashing (never in plain text) • CSRF tokens protect against cross-site request forgery • Session management with secure, HTTP-only cookies • File uploads are validated for type, size, and content • Uploaded media files are stored with encrypted filenames • Database access is restricted to authorized application components only • Regular backups are maintained for disaster recovery • Server infrastructure is protected by firewalls and access controls While we take extensive precautions, no internet-based system is 100% secure. We cannot guarantee absolute protection against all forms of unauthorized access, data breaches, or cyberattacks. In the event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by applicable law.

We do NOT sell, rent, or trade your personal data. We may share limited information with third parties only in the following circumstances: • Payment Gateways (Razorpay, Stripe, PayPal, Flutterwave, Paytm, MercadoPago): Transaction data necessary to process payments • Communication Providers (MSG91, SendGrid): Email addresses and phone numbers necessary to deliver notifications • Google Play Store: Player app distribution; Google may collect device data per their policies • Legal Requirements: When required by law, court order, government authority, or to protect the rights, property, or safety of Signmitra, our users, or the public • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity with prior notice All third-party service providers are contractually required to handle your data securely and only for the specified purposes.

Content you upload and create on Signmitra (slides, images, videos, blog posts, profile data) is your property. • We access your Content only to deliver the Services (store, process, cache, transmit to player devices) • We do not view, analyze, or use your Content for advertising, AI training, or any purpose beyond service delivery • Content marked as public (profile pages, blog posts) is visible to anyone on the internet • Content in the editor and media library is private to your account and authorized Team Members • Deleted content is removed from active storage promptly; it may persist in backups for a limited retention period before permanent deletion

When a Team Member is invited to your account: • We collect their name, email address, and assigned role • Team Members create their own login credentials • Activity performed by Team Members is logged under their identity within the account • The account owner can view Team Member activity and revoke access at any time • If a Team Member is removed, their access is revoked immediately but their activity logs are retained with the account for audit purposes

When you use the Help Center: • Search queries are logged to improve article relevance and identify content gaps • Article views and feedback (helpful/not helpful) are recorded to improve documentation quality • Search logs do not capture personally identifiable information — they store only the query text, timestamp, and result count • This data is used internally to improve the Help Center and is not shared with third parties

We retain your data based on the following schedule: • Active account data: Retained for the duration of your active subscription and any applicable grace period • Payment and invoice records: Retained for 7 years as required by Indian tax and accounting regulations • Support tickets and chat history: Retained for 2 years after ticket closure • Support PIN session logs: Retained for 90 days • Help Center search logs: Retained for 12 months, then anonymized • Server and access logs: Retained for 6 months • Backup data: Retained for up to 30 days after deletion from active storage After account deletion or subscription expiry beyond the grace period, we begin the data removal process. Personal data is deleted or anonymized within 90 days, subject to legal retention requirements.

Under applicable Indian law and general data protection principles, you have the following rights: • Right to Access: Request a copy of the personal data we hold about you • Right to Rectification: Request correction of inaccurate or incomplete data • Right to Erasure: Request deletion of your personal data (subject to legal retention obligations) • Right to Data Portability: Request your data in a commonly used, machine-readable format • Right to Withdraw Consent: Withdraw consent for non-essential data processing at any time • Right to Restrict Processing: Request limitation of certain data processing activities • Right to Object: Object to data processing that is not essential for service delivery To exercise any of these rights, contact us at support@signmitra.com. We will respond within 30 days of receiving a verifiable request.

Signmitra is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we discover that we have inadvertently collected data from a person under 18, we will take immediate steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Signmitra is based in India, and your data is primarily stored and processed on servers located in India. If you access the Services from outside India, your data may be transferred to and processed in India. By using the Services, you consent to the transfer of your data to India and acknowledge that data protection laws in India may differ from those in your country. We ensure that appropriate safeguards are in place to protect your data in compliance with applicable laws.

Our platform may contain links to third-party websites, apps, or services (e.g., Google Play Store, payment gateway dashboards, social media platforms). We are not responsible for the privacy practices, content, or security of these external sites. We encourage you to read the privacy policies of any third-party service you interact with through Signmitra. Our inclusion of links does not imply endorsement of their privacy practices.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will: • Notify affected users via email within 72 hours of becoming aware of the breach • Describe the nature of the breach, the data affected, and the likely consequences • Outline the measures taken or proposed to address the breach • Report to relevant data protection authorities as required by applicable law • Provide guidance on steps you can take to protect yourself

You can manage your communication preferences as follows: • Transactional notifications (password resets, subscription alerts, screen status) — these cannot be disabled as they are essential to the service • System notifications (feature updates, help tips) — can be managed from the notification settings • Dark Mode and Language — configurable from the header dropdown; these preferences are stored in your account Note: Even if you limit notifications, we reserve the right to contact you for critical security alerts, legal notices, and billing-related communications.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or platform features. When we make changes: • The "Last Updated" date at the bottom of this page will be revised • For significant changes, we will notify users via email or a prominent dashboard notification • Continued use of the platform after the updated policy is published constitutes acceptance We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (as applicable). Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts located in Meerut, Uttar Pradesh, India.