Introduction & Scope
RollsNice Technologies Pvt. Ltd. ("RollsNice", "we", "our", or "us") operates the RollsNice Enterprise Manufacturing Execution System, a garment factory Enterprise Resource Planning (ERP) application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, web dashboard, and associated services (collectively, the "Service").
This policy applies to all users including factory owners (Boss), managers, supervisors, staff, home workers, and any person accessing the Service through client or vendor portals.
Information We Collect
2.1 Personal Information
- Account Information: Full name, email address, phone/mobile number, company/factory name, user role, and password (encrypted using bcrypt hashing).
- Profile Data: Profile photographs, preferred language, and notification preferences.
2.2 Business & Operational Data
- Production records (cutting, stitching, homework, QC, godown, dispatch)
- Material purchases, inventory, and stock data
- Order details, client information, and supplier data
- Quality control reports and defect tracking
- Financial records including invoices, challans, and payment data
2.3 Staff & Workforce Data
- Attendance records and work schedules
- Salary information and payroll data
- Performance metrics and productivity scores
- Work assignments, team leader designations, and role permissions
2.4 Device & Technical Data
- Device type, model, operating system, and version
- IP address and approximate location (city/region level)
- Browser type and app version
- Network connectivity information
2.5 Usage & Analytics Data
- Activity logs and comprehensive audit trails
- Feature usage patterns and session data
- Error logs for troubleshooting and stability
- AI-powered anomaly detection data for fraud prevention
Legal Basis for Processing
We process your information based on the following legal grounds:
- Contractual Necessity: Processing required to deliver the ERP Service under our agreement with your organization.
- Legitimate Interest: Analytics, security monitoring, fraud detection, and service improvement.
- Consent: Marketing communications, optional features, and non-essential cookies.
- Legal Obligation: Tax records, financial compliance, labor law requirements, and regulatory reporting.
How We Use Your Information
- Provide, operate, and maintain the ERP Service
- Manage user accounts, roles, and role-based access permissions (RBAC)
- Process and track end-to-end production workflows
- Generate reports, analytics, and business insights
- Process payroll, manage attendance, and track staff operations
- AI-powered productivity tracking and anomaly detection
- Ensure data integrity, security, and fraud prevention
- Send critical notifications about system updates, approvals, and account activity
- Daily summary emails and production reports
- Improve and optimize the Service through usage analytics
Data Sharing & Third Parties
We may share information only in the following limited circumstances:
- Within Your Organization: Data is shared among authorized users within the same factory/company as configured by the administrator (Boss).
- Cloud Infrastructure: Data is hosted on secure cloud infrastructure providers with enterprise-grade security certifications.
- Client/Vendor Portals: Limited information shared with clients and vendors through controlled portal access as configured by the Boss.
- Email Services: Transactional email providers for notifications, OTPs, and daily summaries.
- Legal Requirements: When required by law, regulation, court order, or legal process.
- Service Protection: To protect the rights, property, or safety of RollsNice, our users, or the public.
Data Storage & Security
Your data is stored securely on cloud-hosted enterprise databases. We implement enterprise-grade security measures including:
- Encryption: AES-256 encryption at rest, SSL/TLS encryption in transit
- Authentication: Bcrypt password hashing, JWT token management, two-factor authentication (2FA) for Boss accounts
- Access Control: Granular role-based access control (RBAC) with multi-tenant data isolation
- Security Headers: Rate limiting, CORS policies, and security headers (Helmet)
- Audit Logging: Comprehensive, immutable audit trails for all data modifications
- Anti-Fraud: Quantity locking, anomaly detection, and fake entry prevention
- Backup: Regular automated backups with point-in-time recovery
- Incident Response: Defined incident response procedures with breach notification within 72 hours
Data Retention
We follow a no-delete policy (soft deletion) to maintain data integrity and audit trails. Retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Account Data | Active period + 30 days after deactivation |
| Financial Records | 7 years (as per IT Act requirements) |
| Production Records | 3 years after creation |
| Audit Logs | 5 years (immutable) |
| Session & Usage Data | 90 days |
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to Access: Request a copy of data we hold about you
- Right to Rectification: Request correction of inaccurate information
- Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
- Right to Data Portability: Export your data in standard formats (CSV, JSON, PDF, XLSX)
- Right to Restrict Processing: Request limitation of data processing
- Right to Object: Object to certain data processing activities
- Right to Withdraw Consent: Withdraw previously given consent at any time
- Right to Lodge Complaint: File a complaint with the relevant data protection authority
To exercise these rights, contact the system administrator (Boss) or reach out to us directly at privacy@rollsnice.com.
Multi-Tenant Data Isolation
RollsNice implements strict data isolation between different companies and factories. Each organization's data is completely separated through our multi-tenant architecture, ensuring that no cross-tenant data access is possible. All API requests are scoped to the authenticated user's organization.
Cookies & Tracking
- Session Cookies: Essential for authentication and session management
- Analytics: Anonymous usage patterns for service improvement
- Preferences: Language selection, theme preferences, and notification settings
Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a minor has provided us with personal data, please contact us immediately and we will take steps to delete such information.
International Data Transfers
Your data is primarily stored and processed in India. If data is transferred to servers outside India, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) where applicable.
Regulatory Compliance
RollsNice is committed to compliance with applicable data protection laws including the Information Technology Act (2000), IT Rules (2011), Digital Personal Data Protection Act (2023), GDPR (where applicable), and PCI DSS standards for payment data.
Grievance Officer
In accordance with the Information Technology Act, 2000 and rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:
Grievance Officer
RollsNice Technologies Pvt. Ltd.
Email: privacy@rollsnice.com
All grievances will be acknowledged within 48 hours and resolved within 30 days of receipt.
Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be notified via in-app notifications and email to registered users. We will update the "Effective Date" and version number at the top of this policy. Continued use of the Service after changes constitutes acceptance of the revised policy.
Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices:
Governed by the Laws of India