Privacy Policy

1. Data Controller Information

2. Information We Collect

2.1 Information You Provide Directly

• Franchise Inquiries: Name, email, phone number, city, investment capacity, experience
• Contact Form: Name, email, phone number, message
• Newsletter: Email address (with explicit consent)

2.2 Information Collected Automatically

• Analytics: We use Plausible Analytics (privacy-friendly, EU-hosted, no cookies, no personal data)
• Technical Information: IP address (hashed for privacy), browser type, device type, operating system
• Usage Data: Pages visited, time spent, referral source
• Location Data: City-level geolocation only (no precise location tracking)

2.3 Cookies and Tracking

We use essential cookies for website functionality and analytics cookies with your consent. See our Cookie Policy for details.

3. How We Use Your Information

4. Data Security Measures

We implement industry-standard security measures to protect your personal data:

• Encryption at Rest: AES-256-GCM encryption for all personal data in database
• Encryption in Transit: TLS 1.3 for all data transmission
• Access Controls: Role-based access control (RBAC) for admin users
• Password Security: bcrypt hashing with 12+ character requirement
• IP Hashing: SHA-256 hashing for IP addresses (privacy-compliant tracking)
• Audit Logging: Comprehensive logging of all data access and modifications
• Rate Limiting: Protection against brute force attacks
• Secure Backups: Encrypted database backups with secure storage
• Security Headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
• Regular Updates: Timely security patches and dependency updates

5. Data Sharing and Third Parties

We share your data only with trusted third-party service providers who help us operate our business:

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Retention Policy

We retain personal information only as long as necessary for the purposes outlined in this policy:

• Franchise Applications: 2 years from submission date
• Contact Form Submissions: 1 year from submission date
• Audit Logs: 1 year for security and compliance purposes
• Analytics Data: 2 years (anonymized)
• Marketing Consent: Until consent is withdrawn

You may request earlier deletion of your data by contacting us at enquiries@donergyrosindia.com.

7. International Data Transfers

Your data may be transferred to and processed in countries outside India, including:

• European Union: Supabase (EU data centers), Plausible Analytics (EU-hosted)
• United States: Supabase (US data centers), Cloudinary

We ensure appropriate safeguards through:

• • Standard Contractual Clauses (SCCs) approved by the European Commission
• • Data Processing Agreements (DPAs) with all third-party processors
• • Adequacy decisions where applicable

8. Your Privacy Rights

Under GDPR and Indian data protection laws, you have the following rights:

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at enquiries@donergyrosindia.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• • Update the "Last Updated" date at the top of this page
• • Notify you via email (if you have provided an email address)
• • Display a prominent notice on our website

Continued use of our services after changes indicates acceptance of the updated policy.

11. Contact Information

Related Policies