This Privacy Policy describes how GrowSpeak Education Services LLP ("Company", "we", "us", or "our"), operating the Scan2Connect platform at scan2connect.in, collects, uses, stores, and protects your personal data.
We are committed to safeguarding the privacy of our users — vehicle owners who use our QR stickers ("Owners") and individuals who scan those stickers ("Scanners"). This policy applies to all interactions with our website, mobile interface, QR sticker scanning pages, and related services.
By using our services, you consent to the collection, processing, and use of your information as described in this policy. If you do not agree, please discontinue use of our services.
When you register an account, place an order, or use our services, we collect: your name, email address, phone number, vehicle registration number and type, shipping address and PIN code. If you sign in using Google OAuth, we receive your name, email, and profile picture from Google.
When someone scans a Scan2Connect QR sticker, we collect: the scanner's IP address, the category of the scan (parking alert, emergency, etc.), a message if provided, and the timestamp. We do not require scanners to create an account or provide their name.
Payments are processed by Razorpay, a PCI-DSS compliant payment gateway. We do not store your credit card number, debit card number, or UPI PIN on our servers. We only retain the Razorpay transaction ID and order ID for reference and invoice generation.
We automatically collect certain technical data when you visit our website: your IP address, browser type and version, device type, pages visited, and timestamps. This is used for security, analytics, and rate limiting to prevent abuse.
We use the information we collect for the following purposes:
Service delivery: To create your account, generate and assign QR stickers, process orders, deliver stickers to your shipping address, and send WhatsApp alerts when someone scans your sticker.
Communication: To send order confirmations, shipping updates, invoice PDFs, and scan notifications via WhatsApp using the Meta Business API.
Privacy protection: To operate our call masking service, which allows scanners to contact vehicle owners without revealing either party's actual phone number.
Security and abuse prevention: To enforce rate limiting on scan alerts, detect fraudulent activity, prevent repeated harassment via scans, and maintain audit logs.
Payment processing: To process your payment, generate invoices, and maintain transaction records as required by Indian tax law.
Improvement: To analyse usage patterns (in aggregate), identify issues, and improve our service. We do not sell or rent your personal data to third parties.
We take the security of your data seriously and have implemented the following technical and organisational measures:
Phone number encryption: All phone numbers stored in our database are encrypted using AES-256-CBC encryption with HMAC-SHA256 integrity verification. Your phone number is never stored in plain text and is never displayed to scanners on the scan page.
Secure connections: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
Payment security: Payment data is handled exclusively by Razorpay, which is PCI-DSS Level 1 compliant. Razorpay payment signatures are verified using HMAC-SHA256 before any order is marked as paid.
Access control: Access to personal data within our organisation is restricted to authorised personnel on a need-to-know basis. Administrative actions are logged with audit trails.
Rate limiting: Our scan alert system is rate-limited per IP address and per QR code to prevent abuse and harassment.
We share your data only in the following limited circumstances:
Service providers: We share necessary data with Razorpay (payment processing), Meta/WhatsApp Business API (notifications), and our hosting provider. These providers are bound by their own privacy policies and data protection obligations.
Legal requirements: We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that such disclosure is necessary to comply with legal obligations, protect our rights, or ensure the safety of our users.
We do not: Sell, rent, trade, or otherwise share your personal data with third parties for their marketing purposes. We do not display your phone number to scanners. We do not use your data for advertising or profiling.
We retain your personal data for as long as your account is active or as needed to provide our services. Order records and invoices are retained for a minimum of 8 years as required under Indian tax and accounting regulations (Income Tax Act, 1961 and GST Act, 2017).
Scan logs (IP address, timestamp, message) are retained for 12 months for security and abuse prevention, after which they are anonymised or deleted.
If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.
Under the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000, you have the following rights:
Right to access: You may request a summary of the personal data we hold about you.
Right to correction: You may update or correct your personal data through your account dashboard or by contacting us.
Right to erasure: You may request deletion of your account and associated personal data, subject to our legal retention obligations.
Right to withdraw consent: You may withdraw your consent for data processing at any time. This may result in the inability to use certain features of our service.
Right to nominate: As per the DPDPA, you have the right to nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, please contact us at support@scan2connect.in. We will respond within 30 days.
We use essential cookies required for the functioning of our website, including session cookies for authentication and CSRF protection tokens. We do not use third-party advertising or tracking cookies.
Razorpay's payment gateway may set its own cookies during the checkout process, governed by Razorpay's Privacy Policy.
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verifiable parental consent, we will take steps to delete that information promptly.
Our service integrates with the following third-party services, each governed by their own privacy policies: Google (for OAuth sign-in), Razorpay (for payment processing), and Meta/WhatsApp (for notifications). We encourage you to review their respective privacy policies.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting a prominent notice on our website and updating the "Last updated" date above. Continued use of our services after such changes constitutes your acceptance of the updated policy.
In accordance with the Information Technology Act, 2000 and the rules made thereunder, the contact details of the Grievance Officer are:
GrowSpeak Education Services LLP
Bengaluru, Karnataka, India
Email: support@scan2connect.in
If you have any questions, concerns, or complaints about how your data is handled, please write to us at the email above. We will acknowledge your complaint within 48 hours and endeavour to resolve it within 30 days.
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka.