Privacy Policy
Last Updated: June 13, 2026
At Vendor NetFlow, we understand that solar operations involve highly sensitive commercial, financial, and personal client data. We are dedicated to maintaining the highest standards of data integrity and protection across India.
1. Information We Collect
To enable the complete feature set of our nationwide Solar CRM, we gather and store the following classes of data:
- Vendor Business Identity: Company names, legal addresses, contact details, GSTIN, and company branding logos.
- Workspace & Team Profiles: Employee names, email addresses, phone contacts, shared task logs, workspace chat records, geolocations, and attendance check-in/out timestamps.
- Consumer & Site Survey Records: Consumer names, billing addresses, utility connection details (CA Numbers/Consumer IDs), monthly electrical load files, shadow assessment details, solar panel layouts, and roof structural dimensions.
- Financial Documentation: Automated Quotation records, Proforma templates, Tax Invoices, E-Way dispatch drafts, and payment transaction IDs processed via Razorpay.
- System Metrics: IP parameters, secure cookies, and system diagnostic logs to ensure dashboard stability and token protection.
2. Specific Data Processing Purposes
We process data strictly to maintain, support, and secure your vendor operational environment:
- Validating corporate identities via automated real-time GSTIN searches.
- Compiling localized DISCOM compliant papers (Annexure 1, 3, and DCR sheets).
- Generating custom commercial proposals, payback profiles, and EMI estimators.
- Tracking installer and sales personnel attendance metrics to facilitate payroll.
- Managing secure token balances, transaction logs, and Razorpay webhook updates.
3. Security & Cloud Safeguards
Your workspace and customer databases are secured behind rigorous modern standards:
- Data Transit: Protected via robust TLS 1.3 / SSL encryption standards to secure active uploads.
- Data at Rest: Encrypted using advanced AES-256 standards.
- Sovereignty: All platform data repositories are hosted in secure Indian data hubs to align with local compliance regulations and minimize network latencies.
4. Third-Party Services
We do not license or sell your proprietary leads or business metrics. Third-party disclosures are strictly limited to necessary functional integrations:
- Payment Processors: Razorpay for managing token transactions.
- GST Lookup API: Verifying business identity coordinates instantly.
- AI Engines: Large Language Models to compile professional dispatch and cover letters. No custom user lead data is used to train these models.
5. DPDP Act 2023 Compliance
Our operational framework strictly adheres to the **Digital Personal Data Protection (DPDP) Act 2023** of India. You and your consumers hold specific statutory rights:
- Right of Access & Correction: Review, amend, or adjust any recorded consumer or installer details at any time.
- Right to Erasure: Request permanent removal of specific consumer leads or employee records.
- Consent Architecture: As the primary Data Fiduciary, the vendor is responsible for obtaining initial consent from consumers before registering their details.
6. Cookies & Tracking Preferences
We utilize cookies to maintain security states and save custom UI modes. You can manage or modify your detailed cookie permissions via our integrated Cookie Consent Banner or inside the footer settings at any time.
7. Amendments
We reserve the right to revise this policy to reflect new modules or evolving legal standards. Any major revisions will be highlighted on the main user dashboard.
Grievance & Privacy Support
For questions regarding the DPDP Act 2023 compliance, data access requests, or privacy concerns, please contact our Data Protection Officer: