🔒
AES-256 Encrypted
Data encrypted at rest · TLS 1.3 in transit
🚫
Never Sold
Your data is never sold or shared for marketing
🇮🇳
India-hosted
AWS ap-south-1 (Mumbai) primary storage
✓
Your Rights
Access, export, or delete your data anytime
01 · Introduction
Scope & Applicability
Pratwi Solutions Private Limited ("NatureXpress", "we", "us") operates the EUDR compliance platform at eudr.naturexpress.in. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and the rights you hold over it.
This policy aligns with India's Digital Personal Data Protection Act 2023 (DPDPA) and the Information Technology Act 2000, and references GDPR principles for EU-based users and their supply-chain data. It applies to all users of the platform.
02 · Data We Collect
What information we process
Account & Business Information
- Company name, registered address, and GSTIN
- Contact person name, email address, and phone number
- Subscription plan and billing history
Farmer Data — Uploaded by You
- Farmer names and village / district / state details
- GPS coordinates (latitude / longitude) and farm plot boundaries
- Land area (hectares), crop type, and survey / plot numbers
- Any additional fields included in your CSV upload
Note: Your responsibility: You must obtain lawful consent from farmers before uploading their personal data. NatureXpress acts as a data processor on your behalf.
Technical & Usage Data
- Login timestamps, session tokens, and IP address (security purposes)
- Features accessed and actions performed (platform improvement)
- Browser type, device, and OS (debugging and compatibility)
Payment Data
- We do not store card or banking credentials — payments processed entirely by Razorpay
- We receive from Razorpay: transaction ID, amount, status, and timestamp only
03 · Data Usage
How we use your data
01
Service Delivery
Satellite verification, DDS generation, TRACES NT XML
02
Account Management
Authentication, plan enforcement, usage metering
03
Communication
Transaction emails, compliance updates, invoices
04
Legal Compliance
GST invoicing, Indian tax records, regulatory obligations
05
Security & Fraud
Detecting unauthorised access, maintaining audit trails
06
Platform Improvement
Anonymised usage analytics to improve features
04 · Sub-processors
Trusted third-party providers
We use the following sub-processors to operate the platform. Each is bound by data processing agreements and independent security certifications.
05 · Data Security
How we protect your data
- TLS 1.3 encryption for all data in transit (HTTPS strictly enforced)
- AES-256 encryption for all data at rest via Supabase
- Row-level security (RLS) — no cross-tenant data access is possible
- Passwords hashed with bcrypt (never stored in plaintext)
- Immutable audit logs for all data access and modifications
- No NatureXpress employee accesses user data without explicit authorisation and logging
06 · Retention
How long we keep your data
Account data
Active account + 30 days post-termination
Farmer & shipment data
7 years (GST & Indian accounting obligation)
Payment records
7 years (Income Tax Act requirement)
Audit logs
3 years (security & compliance)
Usage analytics
Anonymised, retained indefinitely
07 · Your Rights
Control your data
Email privacy@naturexpress.in to exercise any of these rights. We respond within 30 days.
Right to Access
Obtain a complete copy of all data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your data (subject to retention obligations)
Right to Portability
Receive your data in machine-readable format (JSON / CSV)
Right to Restrict
Limit processing while a dispute is under review
Right to Object
Object to processing for legitimate interests or analytics
08 · GDPR & International Transfers
For EU-based operators
NatureXpress processes personal data under the legal basis of contract performance and legitimate interests. International data transfers to Supabase (AWS Mumbai) comply with Standard Contractual Clauses (SCCs) under GDPR Chapter V. A Data Processing Agreement (DPA) is available on request at privacy@naturexpress.in.