style="" Privacy Policy | Boxinall Softech
HomePrivacy Policy
🔒 Privacy

Privacy Policy

We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it.

Last updated: June 4, 2025· GDPR & DPDP compliant
This Privacy Policy applies to Boxinall Softech Pvt. Ltd. ("Boxinall", "we", "us", "our") and describes how we handle personal information collected through our website (boxinallsoftech.com), contact forms, client portal, and engagement processes. By using our services you consent to this policy.

1. Overview

Boxinall Softech Pvt. Ltd. is committed to protecting the privacy and security of personal data. We are a data controller under the Information Technology Act, 2000 (India), the Digital Personal Data Protection Act, 2023 (DPDP), and act as a processor for personal data handled on behalf of our clients under GDPR and equivalent regulations where applicable.

This policy covers data collected through:

  • Our public website and contact forms
  • Client onboarding and project collaboration processes
  • Email correspondence and video calls
  • Marketing and recruitment activities

It does not cover data processed by our clients within products we build for them — those are governed by each client's own privacy policy and a separate Data Processing Agreement (DPA).

2. Information We Collect

2.1 Information You Provide

  • Contact enquiries: Name, email address, company name, phone number, and project details submitted via our contact form or email.
  • Client onboarding: Business details, billing information, signatory details, and project documentation required to deliver our services.
  • Recruitment: CVs, cover letters, portfolio links, and interview notes for job applicants.
  • Communications: Content of emails, call notes, and meeting recordings where you have consented to recording.

2.2 Information Collected Automatically

  • Usage data: Pages visited, time on site, referring URL, and interaction events (via analytics tools).
  • Device & technical data: IP address, browser type, operating system, screen resolution, and language settings.
  • Cookies: Session and persistent cookies as described in Section 5.

2.3 Information from Third Parties

We may receive information about you from LinkedIn, referral partners, or publicly available sources when evaluating potential partnerships or client relationships.

3. How We Use Your Information

We use personal data only for legitimate purposes. Our lawful bases under GDPR/DPDP include contract performance, legitimate interest, legal obligation, and consent (where collected).

  • Service delivery: Responding to enquiries, managing projects, invoicing, and support.
  • Communication: Project updates, milestone notifications, and account management.
  • Marketing: Sending newsletters, case study updates, and event invitations — only with explicit consent or where we have a legitimate interest (prior client relationships). You may opt out at any time.
  • Analytics: Understanding how our website is used to improve its content and user experience.
  • Legal & compliance: Fulfilling tax, regulatory, and legal obligations including anti-money laundering (AML) checks where required.
  • Security: Detecting and preventing fraudulent or abusive activity.

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Sharing Your Information

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

  • Service providers: Trusted third parties who assist us in operating our business (e.g., cloud hosting, CRM, payment processors, email services). These parties access data only as necessary and under contractual data protection obligations.
  • Professional advisors: Lawyers, accountants, and auditors under professional secrecy obligations.
  • Legal requirements: When required by law, court order, or governmental authority.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
  • Subcontractors: Vetted development partners who may need access to project materials under NDA. We remain accountable for their handling of your data.
We never sell your data to advertisers, data brokers, or any commercial third parties.

5. Cookies & Tracking

Our website uses cookies to improve your browsing experience and analyse site traffic. We use the following categories:

  • Essential cookies: Required for the website to function (session management, CSRF protection). Cannot be disabled.
  • Analytics cookies: Google Analytics / Plausible Analytics to understand aggregate usage patterns. No personally identifiable information is transmitted in analytics data.
  • Functional cookies: Remembering your preferences (e.g., language, cookie consent status).

Non-essential cookies are only set with your consent via our cookie banner. You can withdraw consent or manage preferences at any time through your browser settings or our cookie preference centre.

We do not use third-party advertising or retargeting cookies on our website.

6. Data Retention

We retain personal data only as long as necessary for the purposes stated in this policy or as required by law.

  • Client project data: Retained for 7 years after project completion for accounting and legal compliance purposes.
  • Contact enquiries (non-clients): Retained for 2 years from last contact, then securely deleted.
  • Marketing subscriptions: Retained until you unsubscribe or request deletion.
  • Recruitment data: 6 months for unsuccessful applicants; 2 years for candidates placed in a talent pool with their consent.
  • Website analytics: Aggregated data retained for 26 months; raw log data deleted after 90 days.

Upon expiry of the retention period, data is securely deleted or anonymised.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction:

  • All data in transit is encrypted using TLS 1.3.
  • Data at rest is encrypted using AES-256.
  • Access to personal data is restricted on a need-to-know basis with multi-factor authentication.
  • Regular security audits and penetration testing of our internal systems.
  • Employees are trained on data protection responsibilities.
  • We maintain an incident response plan and will notify affected individuals and relevant authorities of a data breach within 72 hours where required by law.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data where it is no longer necessary or you withdraw consent.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent: Where processing is based on consent, you may withdraw at any time without affecting lawfulness of prior processing.

To exercise any of these rights, email privacy@boxinallsoftech.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request. You also have the right to lodge a complaint with your relevant data protection authority.

9. Children's Privacy

Our services are intended for businesses and professionals aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we hold data about a child, please contact privacy@boxinallsoftech.com immediately.

10. International Data Transfers

Boxinall operates globally with offices in India, the USA, and Australia. Personal data collected may be transferred to and processed in countries outside your home jurisdiction, including India.

When transferring data from the EU/EEA or UK to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) or other appropriate transfer mechanisms to ensure equivalent protection. For transfers from India, we comply with the Digital Personal Data Protection Act, 2023.

By using our services, you consent to such transfers subject to the protections described in this policy.

11. Third-Party Links

Our website may contain links to third-party websites, platforms (e.g., Clutch.co, LinkedIn, GitHub), and resources. These sites operate independently and have their own privacy policies. We are not responsible for the privacy practices of third-party sites and recommend reviewing their policies before providing any personal information.

12. Policy Updates

We may update this Privacy Policy periodically to reflect changes in law, technology, or our practices. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

For material changes, we will notify active clients by email at least 14 days before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

13. Contact & Data Protection Officer

For any privacy-related enquiries, requests to exercise your rights, or concerns about how we handle your data, please contact:

Privacy & Data Queriesprivacy@boxinallsoftech.com
Registered AddressBoxinall Softech Pvt. Ltd.
Gaur City 2, Greater Noida
Uttar Pradesh, India 201009
Phone+91 82796 07423
Also read ourTerms & Conditions →
Chat on WhatsApp