Privacy Policy
Your land data belongs to you. Full stop.
Plotrol is built on verified truth. That same principle applies to how we handle your personal information. This policy explains what we collect, why we collect it, and the controls you hold over it.
Effective: May 26, 2026 · Version 1.0
1. Who We Are
Plotrol Nexus Bhuyog Partners LLP ("Plotrol," "we," "our," "us") is a Limited Liability Partnership registered in India, operating the Plotrol platform — a land-monitoring, evidence-collection, and property-verification service available at www.plotrol.com and via our iOS and Android mobile applications.
We are the Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 (DPDP Act) for all personal data processed through our platform. Our registered address is Bengaluru, Karnataka, India.
References to "Services" in this policy mean all products, features, applications, and on-ground operations offered by Plotrol, including the Guardian patrol network, PlotVault evidence chain, and the Plotrol Resolve Desk.
2. Data We Collect
We collect only what is necessary to deliver our Services securely and effectively. The categories below describe what we process and why.
| Category | Examples | Source |
|---|---|---|
| Identity & Contact | Name, email address, phone number, PAN / Aadhaar reference (for KYC where required) | You provide directly at registration |
| Property Information | Survey number, plot coordinates (lat/long), village/taluk/district, plot area, land-use type, title document details you upload | You provide; supplemented by public land records |
| Transaction & Billing | Subscription tier, payment method tokens (processed by PCI-compliant gateway — Plotrol never stores raw card data), invoice history | Payment gateway & your selections |
| Usage & Device | App version, device model, OS version, IP address, session timestamps, feature usage logs | Automatically from your device |
| Field Evidence Data | Geo-tagged photographs, GPS coordinates at time of visit, Guardian checklist responses (16 checks × 8 categories), drone audit images, time-stamp metadata | Collected by Guardians during on-ground visits |
| Communications | Support tickets, emails, chat messages you send to us, feedback survey responses | You provide when contacting us |
| Institutional Data (B2B) | Portfolio plot data, loan reference identifiers, organisational contact details | Provided by institutional clients under data-processing agreements |
We do not collect biometric data, caste, religion, or political opinions. Guardian visits are assigned through a rotating, anonymised dispatch system — field operators are never shown the owner's personal identity.
3. How We Use Your Data
We process your personal data on one of the following legal bases as applicable under the DPDP Act 2023 and Information Technology Act, 2000:
- Consent — where you have given clear, informed consent (e.g., marketing communications, optional analytics).
- Contractual necessity — to fulfil obligations under your subscription agreement with us.
- Legal obligation — to comply with applicable Indian law (e.g., tax records, court orders).
- Legitimate interests — where we have a compelling and proportionate interest (e.g., fraud prevention, service security).
Specific purposes include:
- Creating and maintaining your account and subscription.
- Dispatching Guardians to your registered plot and delivering verified visit reports.
- Generating, sealing, and storing PlotVault evidence records associated with your property.
- Processing payments and issuing invoices.
- Providing customer support and operating the Resolve Desk.
- Improving the accuracy of our AI-assisted pattern detection and risk-scoring models using aggregated, anonymised field data.
- Sending service notifications, critical alerts about your plot, and (with consent) product updates.
- Meeting regulatory obligations and responding to lawful requests from government authorities or courts.
We do not use your personal data to serve third-party advertisements, and we do not sell your personal data to any third party. Ever.
4. Data Sharing
We share your data only to the extent required to deliver the Services or as required by law. Recipients include:
- Technology sub-processors — cloud infrastructure (AWS / Google Cloud), SMS/notification gateways, payment processors — all operating under written data-processing agreements.
- Resolve Desk vendors — legal, fencing, surveying, and documentation partners on our pre-qualified panel. Only the minimum data necessary (plot coordinates, specific issue description) is shared for scoped engagement.
- Regulatory authorities and courts — where we are legally compelled, including to comply with a valid court order, Section 65B / 63 evidence disclosure requirements, or law-enforcement requests.
- Institutional clients (B2B/B2G) — data is shared with the institutional client only about plots within their contracted portfolio, governed by a separate data-processing agreement.
- Successor entities — in the event of a merger, acquisition, or asset sale, your data may be transferred; we will notify you and provide rights under the DPDP Act.
We never share your identity with the Guardian assigned to your plot. Dispatch is anonymised by design — a structural privacy protection, not a policy choice.
5. Storage, Retention & Security
Storage location: All personal data is stored on servers located within India. PlotVault cryptographic evidence records are stored on AWS infrastructure in the ap-south-1 (Mumbai) region.
Retention periods:
- Account data — retained for the duration of your subscription plus 3 years for dispute resolution and regulatory purposes.
- PlotVault evidence records — retained for 7 years post-creation, or as directed by you (owner-controlled deletion subject to applicable law).
- Financial records — 8 years as required under the Income Tax Act, 1961.
- Support communications — 2 years from the date of the last communication.
- Field evidence (photos, GPS logs) — retained as part of PlotVault; you may request export at any time.
Security measures:
- All data in transit is encrypted with TLS 1.3 or higher.
- PlotVault records are SHA-256 cryptographically hashed at creation and any subsequent read is verified against the original hash.
- Access to production systems is restricted to authorised Plotrol personnel under role-based access controls and multi-factor authentication.
- We undergo periodic security assessments. Penetration testing results are available for review by institutional clients under NDA.
In the event of a data breach that is likely to result in risk to your rights or interests, we will notify you and the Data Protection Board (as and when established under the DPDP Act) within 72 hours of becoming aware.
6. Your Rights
Under the DPDP Act, 2023 and other applicable Indian laws, you have the following rights. Requests can be submitted to privacy@plotrol.com — we respond within 30 days.
- Right to access — obtain a copy of the personal data we hold about you.
- Right to correction — request correction of inaccurate or incomplete personal data.
- Right to erasure — request deletion of your personal data, subject to legal retention obligations and PlotVault record integrity requirements.
- Right to grievance redressal — raise a complaint with our Grievance Officer (details below). If unresolved, you may escalate to the Data Protection Board of India once constituted.
- Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
- Right to data portability — receive your plot data and PlotVault evidence records in a machine-readable format.
- Right to nominate — nominate another person to exercise your rights in the event of your incapacity or death.
We will never charge a fee for exercising your rights. Manifestly unfounded or excessive requests may be refused with written reasoning.
7. Guardian & Field Operator Data
Individuals enrolled as Plotrol Guardians provide personal data (identity documents, bank details, location data during active duty) as part of their engagement. This data is used exclusively to manage Guardian operations, dispatch, compensation, and compliance.
Guardian location is captured only during an active, SOP-bound visit — not continuously. Guardian performance data is used internally for quality control, training, and the anti-collusion audit process. It is not shared with landowners or third parties except as required by law.
Guardians may contact the Grievance Officer to exercise any data right.
8. PlotVault & Evidence Records
PlotVault records — comprising geo-tagged photographs, GPS metadata, visit checklists, and cryptographic hashes — are designed to be owner-controlled. This means:
- You decide whether a PlotVault record is shared with a third party (e.g., a bank, insurer, or court).
- Plotrol does not share PlotVault evidence with any party without your explicit written authorisation, except under a lawful court order or statutory obligation.
- Every PlotVault record carries an auto-generated Section 65B(4) certificate for admissibility in Indian courts — by design, not as an afterthought.
- You may request an export of all your PlotVault records in PDF and raw data formats at any time.
PlotVault records are immutable after sealing. We cannot alter, edit, or delete a sealed record — only you can direct Plotrol to destroy your copy, and even then the cryptographic hash ledger may be retained as a compliance record.
9. Cookies & Tracking
Our website and mobile applications use the following categories of cookies and similar technologies:
- Strictly necessary — session management, authentication tokens, security. These cannot be disabled.
- Functional — remember your language and notification preferences. Disabled by default; enabled only with your consent.
- Analytics — aggregate, anonymised usage statistics to improve the product. We use privacy-preserving analytics that do not track individual users across sessions. Disabled by default; enabled only with consent.
We do not use third-party advertising cookies or cross-site tracking. You may manage cookie preferences via our Cookie Consent banner or by clearing cookies in your browser settings.
10. Children's Privacy
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, please contact our Grievance Officer immediately and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email and/or a prominent notice on the platform at least 14 days before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.
The version history of this policy is available on request. This is Version 1.0, effective May 26, 2026.
12. Contact & Grievances
If you have questions, concerns, or wish to exercise any data right, please contact our Grievance Officer:
Grievance Officer — Plotrol
Plotrol Nexus Bhuyog Partners LLP
Bengaluru, Karnataka, India
Email: privacy@plotrol.com
General: info@plotrol.com
Website: www.plotrol.com
We will acknowledge your request within 5 business days and resolve it within 30 days. For unresolved grievances, you may approach the Data Protection Board of India (once constituted under the DPDP Act, 2023) or seek other legal remedies available under Indian law.