Legal Document
Legal ยท Privacy

Privacy Policy

๐Ÿ“… Effective: May 24, 2025 ๐Ÿ“… Last Updated: May 24, 2025 ๐Ÿ“ Chennai, Tamil Nadu, India
Table of Contents

At egrey, your privacy is a core principle โ€” not an afterthought. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit egrey.in or use any product or service built and operated by egrey.

By accessing our website or any egrey product, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use.

Section 01

Who We Are

egrey is an Indian technology company headquartered in Chennai, Tamil Nadu, India. We are in the business of building intelligent, well-crafted Software-as-a-Service (SaaS) products for modern businesses โ€” starting in India and building for the world.

Our mission is to create simple, powerful, and trustworthy software tools that solve real problems for businesses of all sizes. As we grow, egrey will develop and launch multiple products across categories including workforce management, productivity, HR, and beyond.

Data Controller: egrey is the data controller responsible for personal data collected through egrey.in and any egrey-operated product. For products where we process data on behalf of business customers, egrey also acts as a data processor under applicable agreements.

DetailInformation
Company Nameegrey
Websiteegrey.in
LocationChennai, Tamil Nadu, India
Contact Emailhello@egrey.in
Applicable LawsIT Act 2000  ยท  SPDI Rules 2011  ยท  DPDPA 2023
Section 02

Scope of This Policy

This Privacy Policy applies to:

Each egrey product may have its own supplementary privacy notice that provides product-specific details. Where such a notice exists, it applies in addition to this policy. In case of conflict, the product-specific notice prevails for that product's data practices.

This policy does not apply to third-party websites, platforms, or services that may be linked from our website or products. We encourage you to review their privacy policies independently.

Section 03

Information We Collect

3.1 Information You Provide Directly
3.2 Information We Collect Automatically
3.3 Information Provided by Business Customers

When a business subscribes to an egrey product, the business ("customer") may provide data about their employees or end users to use that product. In such cases, egrey processes this data as a data processor on behalf of the business. The business is responsible for ensuring lawful collection of such data and informing their employees about its use.

3.4 Sensitive Personal Data

Under India's SPDI Rules 2011, certain categories of data (such as financial records, health data, or biometric data) are classified as sensitive. egrey collects sensitive personal data only where strictly necessary for product functionality, with explicit consent, and in compliance with applicable law.

3.5 What We Do NOT Collect
Section 04

How We Collect Information

Collection MethodData Collected
Website contact & enquiry formsName, email, company, message content
Product account registrationProfile details, login credentials, organisation info
Direct email or chat communicationsContent of messages sent to egrey
Product usage (logged automatically)Features used, actions taken, timestamps
Cookies & browser storageSession data, user preferences
Analytics toolsAnonymised traffic and behaviour data
Payment processorsTransaction confirmation (not card credentials)
Business customer administrationEnd-user data entered by the customer's admins
Section 05

How We Use Your Information

5.1 To Deliver and Operate Our Products
5.2 To Improve and Develop Our Products
5.3 To Communicate With You
5.4 For Legal, Security, and Compliance Purposes

We do not sell your personal data. We do not share your data with third parties for their own marketing or advertising purposes. egrey products are ad-free and we do not use your data for targeted advertising.

Section 06

Legal Basis for Processing

Under India's Digital Personal Data Protection Act 2023 (DPDPA) and applicable regulations, all data processing at egrey is grounded in one or more of the following lawful bases:

Legal BasisWhen We Rely On It
ConsentMarketing emails, optional analytics cookies, non-essential data collection
Contractual NecessityDelivering product features and services that you or your organisation have contracted
Legitimate InterestsWebsite analytics, product improvement, fraud prevention, security monitoring
Legal ObligationCompliance with Indian tax, labour, corporate, and regulatory law
Vital InterestsEmergency situations involving the safety of individuals

Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of any processing carried out before withdrawal.

Section 07

Sharing Your Information

egrey does not sell, rent, or trade your personal data. We share data only in the following limited and controlled circumstances:

7.1 Trusted Service Providers (Data Processors)

We work with carefully selected third-party providers to operate our infrastructure and services. These providers are contractually bound to process data only as instructed by egrey and to maintain appropriate security standards:

This list may be updated as egrey's product portfolio grows. We will update this policy to reflect any significant changes to our sub-processors.

7.2 Business Customer Administrators

Where egrey acts as a data processor for a business customer, authorised administrators of that business may access data of their own users within the scope of the product. egrey does not grant business customers access to data of other companies or individuals outside their own account.

7.3 Legal and Regulatory Disclosures

egrey may disclose personal data if required to do so by applicable law, court order, or lawful government or regulatory request under the Information Technology Act 2000, DPDPA 2023, or any other applicable legislation.

7.4 Business Restructuring or Transfer

In the event of a merger, acquisition, restructuring, or sale of egrey's assets, personal data may be transferred to the successor entity. We will provide notice to affected users before data is transferred and becomes subject to a different privacy policy.

Section 08

Data Retention

egrey retains personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.

Data TypeRetention Period
Account and profile dataDuration of active account + 90 days after deletion request
Product usage and activity recordsUp to 3 years, or as required by applicable law
Business operational recordsUp to 7 years (Indian labour and commercial law requirements)
Contact form and enquiry data2 years from the date of submission
Email and support communications3 years
Payment and billing records8 years (Indian tax and accounting law requirements)
Server and access logs90 days
Marketing consent recordsUntil consent is withdrawn, plus 1 year thereafter

Upon expiry of the applicable retention period, data is securely and permanently deleted or irreversibly anonymised so that it can no longer be associated with any individual.

Section 09

Data Security

egrey implements robust technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction.

9.1 Technical Security Measures
9.2 Organisational Security Measures

Data Breach Response: Despite best efforts, no system is completely immune to breach. In the unlikely event of a data breach that poses a risk to your rights, egrey will notify the relevant authorities and affected individuals in accordance with the timeframes mandated under the DPDPA 2023 and the IT Act 2000.

Section 10

Cookies & Tracking Technologies

egrey uses cookies โ€” small data files stored on your device โ€” and similar technologies to operate our website and products effectively.

TypePurposeConsent Required?
EssentialLogin sessions, security tokens, basic functionalityNo โ€” required for service
AnalyticsUnderstanding how users interact with our site (data anonymised)Yes
PreferenceRemembering your language, settings, and UI choicesYes

egrey does not use advertising cookies, cross-site tracking cookies, or any cookies that serve third-party marketing purposes. You may manage cookie settings through your browser at any time. Disabling essential cookies may affect the functionality of our products.

Section 11

Your Rights

Under the Digital Personal Data Protection Act 2023 (DPDPA) and other applicable Indian laws, you have the following rights as a data principal:

RightWhat You Can Do
Right to AccessRequest a summary of the personal data egrey holds about you
Right to CorrectionRequest that inaccurate or incomplete personal data be corrected
Right to ErasureRequest deletion of your personal data, subject to legal retention obligations
Right to Withdraw ConsentWithdraw any previously given consent for optional data processing at any time
Right to Grievance RedressalLodge a complaint with egrey's Grievance Officer (see Section 15)
Right to NominateNominate another individual to exercise your rights in the event of your death or incapacity

To exercise any of these rights, please send an email to hello@egrey.in with the subject line "Privacy Rights Request". We will acknowledge your request within 7 days and respond fully within 30 days. Identity verification may be required. No fee is charged for legitimate requests.

Section 12

Children's Privacy

egrey's website and products are designed for use by adults and business entities only. We do not knowingly collect, process, or store personal data from any individual under the age of 18 years.

If you believe egrey has inadvertently collected personal data from a minor, please contact us immediately at hello@egrey.in. We will promptly investigate and delete any such information without delay.

Under the DPDPA 2023, processing the personal data of a child requires verifiable parental or guardian consent. egrey takes this obligation seriously and has no intention of targeting minors through any of its products or marketing activities.

Section 13

International Data Transfers

egrey is incorporated and operates in India. Our primary data processing and storage infrastructure is located in India or in jurisdictions used by our trusted cloud service providers.

Where data is processed or stored outside India by any of our service providers, egrey ensures that:

egrey regularly reviews its data processing landscape to align with evolving Indian data localisation and transfer regulations. As the DPDPA 2023 framework is further notified by the Government of India, egrey will update its practices accordingly and reflect those changes in this policy.

Section 14

Third-Party Links

Our website and products may contain links to third-party websites, platforms, or services โ€” such as social media channels, partner websites, or external references. These links are provided solely for convenience or informational purposes.

egrey has no control over, and accepts no responsibility for, the content, privacy practices, or data handling of any third-party website or service. We strongly encourage you to review the privacy policies of any third-party services you access via links on our platforms before providing any personal information.

Section 15

Grievance Officer

In accordance with the Information Technology Act 2000, the SPDI Rules 2011, and the DPDPA 2023, egrey has designated a Grievance Officer to receive, investigate, and resolve complaints or concerns related to the processing of personal data.

Grievance Officer โ€” egrey

๐Ÿ“ง Email: hello@egrey.in

๐ŸŒ Website: egrey.in

๐Ÿ“ egrey, Chennai, Tamil Nadu, India

โฑ Response time: Within 30 days of receiving your complaint

If you are dissatisfied with egrey's response to your grievance, you may escalate your complaint to the Data Protection Board of India, once it is formally constituted and operational under the DPDPA 2023.

Section 16

Changes to This Privacy Policy

egrey reserves the right to update or modify this Privacy Policy at any time. We are committed to being transparent about any changes that affect how we handle your data. When material changes are made, we will:

We encourage you to review this policy periodically. Your continued use of egrey's website or products after the effective date of any updated policy constitutes your acceptance of the changes. If you do not agree with the updated terms, you may discontinue use and contact us to exercise your data rights.

Section 17

Contact Us

For any questions, requests, or concerns about this Privacy Policy or how egrey handles your personal data, please reach out to us. We take all privacy-related enquiries seriously and respond with care.

egrey โ€” Privacy

๐Ÿ“ง General enquiries: hello@egrey.in

๐ŸŒ Website: egrey.in

๐Ÿ“ Chennai, Tamil Nadu, India

โฑ We aim to respond to all privacy enquiries within 7 working days

This Privacy Policy has been prepared in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

ยฉ 2025 egrey. All rights reserved.  ยท  Chennai, Tamil Nadu, India