Privacy Policy

Gullaron ('Gullaron', 'we', 'our', or 'us') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at gullaron.com, use any of our software products, or interact with our services.

This policy applies to all information collected through our website, software-as-a-service products (ESG Enterprise, Restaurant POS, AI Service Center, Hospital Suite), mobile applications, and any related services, sales, marketing, or events.

This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act).

By using our services, you consent to the collection, use, and processing of your data as described in this Privacy Policy. If you do not agree, please do not access our site or use our services.

We collect information that you provide directly to us, information we collect automatically when you use our services, and information we receive from third parties.

Personal Data You Provide: When you register for an account, request a demo, contact us, subscribe to our newsletter, or otherwise interact with us, you may provide us with information such as your name, email address, phone number, company name, job title, billing and payment information, and any other information you choose to provide.

Sensitive Personal Data: We may collect sensitive personal data such as financial information (payment details) only where necessary for billing and with your explicit consent, in accordance with the IT Rules, 2011.

Usage Data We Collect Automatically: When you access or use our services, we automatically collect certain information, including: log data (IP address, browser type, pages visited, time and date of visits, links clicked), device information (hardware model, operating system, unique device identifiers), cookie data and similar tracking technologies, and performance data related to your use of our platform.

Information from Third Parties: We may receive information about you from third parties such as analytics providers, business partners, and social media platforms where you have authorized us to access your data.

We use the information we collect for the following lawful purposes:

Service Delivery: To provide, maintain, operate, and improve our software products and services; to process transactions and send related information including purchase confirmations and invoices; to send technical notices, updates, security alerts, and support messages.

Communication: To respond to your comments, questions, and requests; to send marketing communications where you have provided consent; to notify you about changes to our services.

Analytics and Improvement: To monitor and analyze usage patterns and trends; to improve our website, products, and services; to personalize your experience; to develop new features and functionality.

Legal and Safety: To comply with applicable Indian laws and regulations; to enforce our terms and policies; to protect the rights, property, and safety of Gullaron, our users, and the public.

Legal Basis: Under the DPDP Act, 2023, we process your personal data based on your consent or for legitimate uses as permitted under the Act, including performance of a contract, compliance with legal obligations, and responding to medical or safety emergencies.

We do not sell your personal data to third parties. We may share your information in the following circumstances:

Service Providers (Data Processors): We share information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, cloud hosting, customer service, and marketing assistance. These providers are contractually bound to process your data only on our instructions and in accordance with this Privacy Policy.

Business Transfers: If Gullaron is involved in a merger, acquisition, or sale of company assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website prior to such a transfer.

Legal Requirements: We may disclose your information if required to do so by law, court order, or order from a competent governmental authority in India, or in good faith belief that such disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

Aggregated and Anonymized Data: We may share aggregated or anonymized data that cannot reasonably be used to identify you, for industry research, benchmarking reports, and marketing purposes.

We use cookies, web beacons, and similar tracking technologies to collect and store information about your interactions with our services. These technologies help us authenticate users, remember preferences, analyze traffic, and understand user behavior.

Types of Cookies We Use: Essential cookies (required for core functionality and security), functional cookies (remember your preferences and settings), and analytics cookies (help us understand how users interact with our services).

Cookie Management: Most browsers allow you to manage your cookie preferences through browser settings. You can set your browser to refuse cookies, delete existing cookies, or alert you when cookies are being set. Note that disabling cookies may affect the functionality of our services.

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable Indian law.

For active customer accounts, we retain data for the duration of the subscription and for a period thereafter as required for legal and accounting purposes under the Companies Act, 2013 and the Income Tax Act, 1961.

For marketing and communication data, we retain information until you withdraw consent or request deletion.

When personal data is no longer needed, we securely delete or anonymize it in accordance with our data destruction procedures.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights as a Data Principal:

Right to Access: You have the right to obtain a summary of your personal data being processed and the processing activities undertaken.

Right to Correction and Erasure: You have the right to request correction of inaccurate or incomplete personal data, and to request erasure of personal data that is no longer necessary for the purpose it was collected.

Right to Grievance Redressal: You have the right to have your grievances addressed by our Grievance Officer. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India.

Right to Nominate: You have the right to nominate another individual to exercise your rights in the event of your death or incapacity.

To Exercise Your Rights: Submit a request by emailing contact@gullaron.com or by writing to our Grievance Officer at: Gullaron, Vishari Asthan, Choudhary Tola, Kahalgaon, Bhagalpur, Bihar 813203, India. We will respond to requests within 30 days.

We implement reasonable security practices and procedures as required under Section 43A of the Information Technology Act, 2000 and the IT Rules, 2011 to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction.

Our security measures include: AES-256 encryption for data at rest; TLS 1.3 encryption for data in transit; multi-factor authentication for system access; regular security assessments and vulnerability testing; comprehensive employee security training; and strict access controls based on the principle of least privilege.

While we maintain robust security practices, no system is completely secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at contact@gullaron.com.

In the event of a data breach that affects your personal data, we will notify you and the relevant authorities (including the Data Protection Board of India and CERT-In) as required by applicable law.

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have designated a Grievance Officer to address any grievances or concerns regarding the processing of your personal data.

Grievance Officer: Deepak Kumar

Email: contact@gullaron.com

Address: Gullaron, Vishari Asthan, Choudhary Tola, Kahalgaon, Bhagalpur, Bihar 813203, India

The Grievance Officer shall acknowledge your grievance within 24 hours and resolve it within 15 days from the date of receipt.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. Under the DPDP Act, 2023, processing of personal data of children requires verifiable consent from a parent or lawful guardian.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at contact@gullaron.com.

We may update this Privacy Policy from time to time in response to changing legal, regulatory, or operational requirements. We will notify you of any material changes by posting the updated Privacy Policy on this page with a new effective date, and where appropriate, by sending you an email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@gullaron.com

Address: Gullaron, Vishari Asthan, Choudhary Tola, Kahalgaon, Bhagalpur, Bihar 813203, India

Phone: +91 9142723924

You also have the right to lodge a complaint with the Data Protection Board of India if you believe we have not addressed your concerns adequately.