Privacy Policy

How we collect, use, and protect your data

Last updated: February 17, 2026

📋 Privacy at a Glance

🔒
Secure Storage
All data encrypted at rest and in transit
🚫
No Data Selling
We never sell your data to third parties
Your Rights
Access, export, or delete your data anytime

1. Introduction

NatureXpress ("we", "us", or "our") operates the EUDR compliance platform at naturexpress.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring the security of your personal and business data. This policy complies with India's Information Technology Act 2000, IT (Amendment) Act 2008, and references GDPR principles for our EU-based users.

2. Data We Collect

📊 Account Information

  • Company name and registration details
  • Email address (used as login)
  • Phone number
  • Company address and GSTIN
  • Contact person name
  • Company logo (optional)

👨‍🌾 Farmer Data (Uploaded by You)

  • Farmer names and contact information
  • Village, district, and state details
  • GPS coordinates (latitude/longitude)
  • Land area in hectares
  • Plot and survey numbers
  • Crop type information

⚠️ You are responsible for obtaining consent from farmers whose data you upload. NatureXpress processes this data on your behalf.

💳 Payment Information

Payment processing is handled entirely by Razorpay. We do not store any credit card, debit card, or banking information. We only receive transaction confirmation, payment ID, and amount from Razorpay.

📱 Usage Data

  • Login timestamps and session data
  • Features accessed and actions taken
  • Browser type and device information
  • IP address (for security purposes)

3. How We Use Your Data

We use your data solely for:

🛰️
Satellite Verification
Running GPS coordinates through satellite deforestation detection
📄
Document Generation
Creating compliance PDFs and TRACES XML exports
📧
Email Notifications
Sending shipment updates, invoices, and alerts
💰
Payment Processing
Processing payments through Razorpay and generating invoices
🔧
Service Improvement
Analyzing usage patterns to improve platform features
⚖️
Legal Compliance
Meeting Indian tax, GST, and regulatory requirements

4. Third-Party Services

We use the following trusted third-party services to operate our platform:

Supabase

GDPR compliant

Purpose: Database and file storage

Data shared: All platform data

Razorpay

PCI DSS Level 1 certified

Purpose: Payment processing

Data shared: Payment transaction data

Resend

GDPR compliant

Purpose: Transactional email delivery

Data shared: Email addresses and content

Vercel

SOC 2 Type II

Purpose: Platform hosting and CDN

Data shared: Server logs and performance metrics

5. Data Security Measures

🔒All data is encrypted in transit using TLS 1.3 (HTTPS)
🔒Data at rest is encrypted using AES-256 encryption via Supabase
🔒Row-level security (RLS) ensures users only access their own data
🔒Passwords are hashed using bcrypt with salt rounds
🔒Regular security audits and vulnerability assessments
🔒Access logs maintained for all data operations
🔒No employee has direct access to user data without authorization

6. Your Rights

You have the following rights regarding your data:

Right to Access
Request a copy of all data we hold about you
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your data ("right to be forgotten")
Right to Portability
Export your data in machine-readable format
Right to Restrict Processing
Limit how we process your data
Right to Object
Object to processing of your data

To exercise any of these rights, contact us at privacy@naturexpress.com. We will respond within 30 days.

7. Cookies

We use minimal cookies to provide our Service:

Essential CookiesAuthentication tokens to keep you logged in. Cannot be disabled.
Functional CookiesRemember your preferences and settings.
Analytics CookiesAnonymous usage data to improve our platform. Can be disabled.

8. GDPR Compliance

For users in the European Union, we comply with GDPR (General Data Protection Regulation):

  • Legal basis for processing: Contract performance and legitimate interests
  • Data Processing Agreement (DPA) available on request
  • International data transfers comply with Standard Contractual Clauses (SCCs)
  • Data retention: Shipment data retained for 7 years (Indian accounting requirements)
  • DPO contact: dpo@naturexpress.com

9. Privacy Contact

For privacy-related questions or to exercise your rights:

📧 Privacy Email: privacy@naturexpress.com

📞 Phone: +91 98765 43210

🏢 Data Controller: NatureXpress, Bengaluru, Karnataka, India