Privacy Policy

1. Introduction and Scope

Micraft Solutions Pvt. Ltd. ("Micraft", "we", "us", "our") respects your privacy and is committed to protecting personal data in accordance with applicable Indian laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA), to the extent in force.

This Privacy Policy applies to:

• Visitors to www.micraft.co.in and all Micraft-operated web properties
• Clients, prospective clients, and users of Micraft software products (Micraft MES, Micraft WMS, PrecisionCAL, DoxCraft, CraftMate, Pure CMS, Courier Aggregator, Mate TMS, Micraft CRM, Reptile Chatbot, Dispatch Packing System)
• Individuals who contact Micraft by any means
• Job applicants and candidates

By using the website or engaging with Micraft, you acknowledge that you have read and understood this Privacy Policy.

2. What Data We Collect

2.1 Data You Provide Directly

• Identification and contact data: Full name, designation, company name, email address, phone number, business address
• Account and access credentials: Usernames and passwords for Micraft products
• Sales and pre-sales data: Industry, company size, current systems, operational requirements shared during discussions, demos, or evaluations
• Payment and billing data: Billing address, GST number, and payment details processed through our authorised payment gateway providers (Micraft does not store full payment card numbers)
• Support data: Technical details, screenshots, and operational information shared when raising support requests
• Recruitment data: Resume, work history, qualifications, references, and other information submitted during a job application

2.2 Data Collected Automatically

When you visit our website, we automatically collect:

• Technical data: IP address, browser type and version, operating system, device type, screen resolution
• Usage data: Pages viewed, time on each page, entry and exit pages, links clicked, referring URL
• Cookie data: As described in Section 6 below

2.3 Data From Third Parties

We may receive data about individuals from:

• Business directory and professional network sources (such as LinkedIn) used for sales outreach
• Referral partners who introduce prospective clients
• Event registration data from industry conferences and exhibitions where Micraft participates

2.4 Client Operational Data

Micraft's software products process operational data on behalf of clients — including production records, inventory data, logistics data, calibration records, employee records, and visitor and gate pass data. This data belongs to the client. Micraft processes it as a data processor under the instructions of the client as data controller. Processing obligations are governed by the client's agreement with Micraft.

3. How We Use Your Data

We do not send unsolicited marketing communications. All marketing communications include an unsubscribe option.

4. Data Sharing and Disclosure

We do not sell personal data to any third party.

We share data only in the following circumstances:

4.1 Service Providers and Sub-Processors

Trusted third-party service providers who process data on our behalf under contractual data processing agreements:

• Cloud infrastructure: Microsoft Azure and/or Amazon Web Services — hosting Micraft products
• Payment processing: Authorised payment gateway (name to be confirmed with legal counsel)
• Email services: Email service provider for transactional and marketing communications
• Analytics: Google Analytics 4 for website usage analytics
• CRM platform: Micraft CRM (own product) for managing client and prospect relationships

4.2 Professional Advisers

Legal counsel, statutory auditors, accountants, and other professional advisers — under strict confidentiality obligations.

4.3 Legal Requirements

When required by law, court order, or government authority — including law enforcement and regulatory bodies with jurisdiction over Micraft's operations.

4.4 Business Transfers

In connection with a merger, acquisition, restructuring, or sale of Micraft's business — subject to the acquirer assuming equivalent data protection obligations.

5. Data Retention

On expiry of the retention period, data is securely deleted or irreversibly anonymised.

6. Cookies

Our website uses cookies for the following purposes:

On your first visit, we will request consent for non-essential cookies. You can change your cookie preferences at any time via the cookie settings link in the website footer. You can also control cookies through your browser settings — disabling all cookies may affect website functionality.

7. Security

Micraft implements appropriate technical and organisational security measures proportionate to the risk, including:

• Encryption at rest: AES-256 encryption for data stored in cloud products
• Encryption in transit: TLS 1.2 or higher for all data in transit
• Access controls: Role-based access controls, strong authentication requirements, and the principle of least privilege
• Security testing: Regular Vulnerability Assessment and Penetration Testing (VAPT) for products handling sensitive data
• Physical security: ISO-certified data centre infrastructure for cloud-hosted products
• Personnel: Data protection training for all Micraft staff with access to personal data

No security measures are absolute. If you suspect that your Micraft account or data has been compromised, contact us immediately at sales@micraft.co.in.

8. International Transfers

Micraft is headquartered in India. Our cloud infrastructure partners (Microsoft Azure, Amazon Web Services) may process data in locations outside India. Where personal data is transferred outside India, Micraft ensures appropriate safeguards are in place consistent with applicable Indian data protection requirements.

PrecisionCAL and CraftMate serve clients in 20+ countries. For international deployments, data processing locations and transfer mechanisms are specified in the relevant product agreements.

9. Your Rights

Individuals may exercise the following rights in relation to their personal data held by Micraft:

• Right to access: Request a copy of personal data we hold about you
• Right to correction: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of personal data, subject to legal retention requirements
• Right to restriction: Request that we limit processing of your data in certain circumstances
• Right to data portability: Request your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for consent-based processing at any time

To exercise your rights, contact us at:

• Email: sales@micraft.co.in
• Post: Data Privacy, Micraft Solutions Pvt. Ltd., 603, White Square, Hinjewadi IT Park, Phase I, Pune — 411057

We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.

10. Children's Data

Micraft's products and services are directed at businesses and individuals aged 18 and above. We do not knowingly collect data from persons under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Third-Party Links

Our website may link to third-party websites. We are not responsible for the privacy practices of those sites. We recommend reading the privacy policy of any third-party site you visit.

12. Changes to This Policy

We will post updated versions of this Privacy Policy on our website with a revised effective date. For material changes, we will provide reasonable advance notice — by email to active clients or by prominent notice on our website.

13. Grievance Officer

In accordance with the Information Technology Act, 2000, and rules thereunder, Micraft has appointed a Grievance Officer:

Grievances will be acknowledged within 48 hours and addressed within 30 days of receipt.