Privacy Policy

EnterFirst Technologies Pvt. Ltd. ("EnterFirst", "we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our products, or engage with our services.

By using our website or services, you consent to the data practices described in this policy. If you do not agree, please discontinue use of our services.

1. Information We Collect

1.1 Information You Provide Directly

• Contact information: name, email address, phone number, company name
• Account registration data: username, password (hashed), profile information
• Payment information: billing address, GST number (payment card data is processed by PCI-DSS certified payment processors and not stored by EnterFirst)
• Communication records: emails, support tickets, chat messages
• Demo and quote request information
• Job application data: resume, employment history, references

1.2 Information Collected Automatically

• Device information: IP address, browser type, operating system, device identifiers
• Usage data: pages visited, time spent, clicks, referral URLs
• Log data: server logs, error reports, performance data
• Cookies and similar tracking technologies (see Section 8)

1.3 Information from Third Parties

• Business contact data from LinkedIn and other professional networks
• Analytics data from Google Analytics, Hotjar, and similar tools
• Credit and identity verification data (for fintech product clients, as required by RBI regulations)

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Providing, maintaining, and improving our software products and services
• Account Management: Creating and managing user accounts, authentication, and access control
• Communications: Responding to inquiries, sending product updates, newsletters (with consent), and support communications
• Billing: Processing payments, invoicing, and managing subscriptions
• Security: Detecting and preventing fraud, unauthorized access, and security incidents
• Compliance: Meeting legal obligations under Indian law (IT Act, DPDP Act 2023, RBI regulations)
• Analytics: Understanding usage patterns to improve product experience
• Marketing: Sending promotional communications where you have provided consent (unsubscribe at any time)

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract Performance: Processing necessary to deliver services you have contracted with us
• Legitimate Interest: Security, fraud prevention, service improvement, and business communications
• Consent: Marketing communications, cookies (non-essential), and processing of sensitive data
• Legal Obligation: Compliance with tax laws, RBI regulations, court orders, and law enforcement requests

4. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

• Service Providers: AWS (hosting), Razorpay (payments), SendGrid (email), Intercom (support), Google Analytics � all bound by data processing agreements
• Credit Bureaus: For fintech product clients, as required by RBI for credit underwriting (CIBIL, Experian, Equifax)
• Business Partners: With your explicit consent for joint service delivery
• Legal Authorities: When required by law, court order, or to protect rights and safety
• Corporate Transactions: In merger, acquisition, or asset sale � you will be notified in advance

5. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Active account data: Retained for the duration of your account + 3 years after termination
• Transaction records: 7 years (as required by Indian tax law)
• Support tickets: 3 years from resolution
• Marketing data: Until you withdraw consent or opt out
• Security logs: 12 months from creation

6. Data Security

We implement comprehensive security measures including:

• AES-256 encryption for data at rest; TLS 1.3 for data in transit
• ISO 27001 certified data centers in India
• Role-based access control (RBAC) and multi-factor authentication (MFA)
• Regular penetration testing and security audits
• Employee security training and background verification
• Incident response procedures with 72-hour breach notification

No system is 100% secure. If you believe your data has been compromised, contact us immediately at [email protected].

7. Your Rights

Under the Digital Personal Data Protection Act (DPDP Act) 2023 and applicable laws, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interest or for marketing
• Withdraw Consent: Withdraw consent at any time without affecting prior processing

To exercise these rights, email [email protected] with your request. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies to enhance your experience. Types of cookies used:

• Essential Cookies: Required for the website to function (session management, security). Cannot be disabled.
• Analytics Cookies: Google Analytics, Hotjar � help us understand site usage. Can be disabled.
• Marketing Cookies: Google Ads, Meta Pixel � used for targeted advertising. Requires consent.
• Functional Cookies: Remember your preferences (language, region). Can be disabled.

Manage your cookie preferences via the Cookie Settings link in the footer, or see our full Cookie Policy.

9. International Data Transfers

Your data is stored in India. If data is transferred internationally (e.g., to global SaaS providers), we ensure adequate protection through Standard Contractual Clauses, adequacy decisions, or other approved mechanisms.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us for immediate deletion.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email (for account holders) and a notice on our website at least 30 days before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, requests, or complaints:

• Data Protection Officer: [email protected]
• Privacy Team: [email protected]
• Postal Address: EnterFirst Technologies Pvt. Ltd., [Address], India
• Grievance Redressal: [email protected] (response within 30 days)

If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act 2023.