adigrity

Privacy policy

Last updated: 16 May 2026

For Adigrity team: this policy is a starting template tailored to the platform's actual data practices. Have it reviewed by an Indian corporate lawyer for full DPDPA compliance, accurate disclosure of vendors, and final wording before publishing. Verify retention windows and response timelines match operational reality.

1. Introduction

Adigrity ("Adigrity", "we", "us", or "our") is an operating platform for India's manufacturing firms, owned and operated by Handommerce Services LLP, a limited liability partnership registered in Bangalore, Karnataka, India.

This Privacy Policy describes how we collect, use, store, share, and protect personal data when you visit our website at adigrity.com, create an Adigrity account, use the Adigrity platform, or otherwise interact with us. It applies to all users — firm administrators, team members, buyers browsing the directory, and visitors.

We follow the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and applicable rules made thereunder. Under the DPDPA, we act as a "Data Fiduciary" with respect to the personal data we process about you, and you are a "Data Principal" with the rights described in Section 8 below.

2. Who we are

Handommerce Services LLP
Registered office: Bangalore, Karnataka, India
Email: privacy@adigrity.com

For privacy-related questions, exercising your rights under this policy, or any data protection concern, contact our Data Protection Officer at the email above. We respond to verified requests within the timelines required by applicable law.

3. Information we collect

We collect personal data in the following categories:

3.1 Information you give us

  • Account information: name, work email, phone, role, and password (stored as a one-way hash).
  • Firm information: firm name, address, GSTIN, certifications, legal entity type, established year, employee count, overview, and contact details you choose to publish.
  • Production data: machines, inspection instruments, parts, drawings, technical documents, work orders, and any files you upload.
  • Team membership: the firm users you invite and their roles within the firm.
  • Billing information: for paid plans — billing name, GSTIN, payment method details (processed by our payment partner; we do not store full card numbers), and invoice history.
  • Communications: messages you send through our contact form, support tickets, or email.

3.2 Information collected automatically

  • Usage data: pages visited, features used, actions taken, timestamps, errors encountered.
  • Device and network: IP address, browser type and version, operating system, device identifiers, referring URLs.
  • Cookies: as described in Section 9 below.

3.3 Information from third parties

  • If you sign in via a third-party identity provider, we receive the basic profile information that provider shares with us, subject to your authorization.
  • We do not purchase personal data from data brokers.

4. How we use information

We use personal data for the following purposes:

  • To provide the service: create and maintain accounts, render firm profiles, store and version drawings, run work orders, send notifications, and process payments.
  • To improve the service: understand how the platform is used, fix bugs, develop new features, and optimize performance.
  • To communicate with you: respond to inquiries, send service-related emails (security alerts, billing receipts, policy updates), and — only with your consent — marketing communications you can unsubscribe from at any time.
  • To prevent abuse: detect and prevent fraud, unauthorized access, and violations of our Terms of Service.
  • To comply with law: meet legal, regulatory, accounting, and tax obligations.

We do not sell personal data. We do not run third-party advertising on the platform. We do not allow third parties to target ads to you based on your activity on Adigrity.

6. Sharing of information

6.1 What stays private

Technical drawings, work orders, parts, internal documents, billing details, and audit logs are strictly private to the firm that owns them and the people that firm has explicitly granted access to. We do not share them publicly, with other firms, or with third parties except as described below.

6.2 What is public by design

Firm profile information — firm name, location, established year, capabilities, machines, inspection instruments, and certifications — is public on the platform when a firm has chosen to publish its profile. Firms control this visibility through their profile settings.

6.3 Service providers

We share data only as needed with carefully selected service providers who help us run the platform. As of 16 May 2026, these include:

  • DigitalOcean — file and database hosting (Bangalore region for files, India region for managed Postgres).
  • Payment partner — for processing subscription payments (e.g., Razorpay or equivalent). Card details are handled directly by the payment partner; we receive only transaction metadata.
  • Email delivery — for transactional and notification emails.
  • Customer support tooling — for managing inquiries and support tickets.

Each provider is contractually bound to use your data only for the purposes we instruct, with confidentiality and security obligations consistent with this policy.

6.4 Legal disclosure

We may disclose personal data to comply with applicable law, a valid legal process (court order, summons), to enforce our Terms of Service, or to protect the rights, property, or safety of Adigrity, our users, or the public. We resist overbroad requests and notify affected users where lawfully permitted.

6.5 Business transfers

If we are involved in a merger, acquisition, asset sale, or insolvency, personal data may be transferred as part of the transaction. We will notify users in advance and the recipient will be bound by this policy or a successor with materially similar protections.

7. Data storage, location, and retention

7.1 Where data is stored

All user files (drawings, documents, photos) are stored on DigitalOcean Spaces in the Bangalore region. Database records are stored on managed Postgres infrastructure within India. We do not transfer personal data outside India in the ordinary course of operations.

7.2 How long we keep it

We retain personal data only for as long as needed for the purposes described in this policy:

  • Active accounts: for the life of the account.
  • Cancelled accounts: data is available for export for 30 days after cancellation. After 30 days, the firm profile is removed from search and active systems; encrypted backups are retained for 90 days for compliance and disaster recovery, after which the data is permanently deleted.
  • Billing and tax records: retained for the duration required by applicable tax and accounting law (typically 8 years in India under the Companies Act and the Income Tax Act).
  • Audit logs: retained for at least 12 months, longer for accounts under investigation or where required by law.

You can request immediate deletion at any time per Section 8 below. Some records may be retained for legal, regulatory, or security reasons even after a deletion request.

8. Your rights as a Data Principal

Under the DPDPA, you have the following rights regarding your personal data:

  • Right to access — request a summary of the personal data we process about you and how we use it.
  • Right to correction — request that inaccurate or incomplete data be corrected.
  • Right to erasure — request deletion of your personal data, subject to legal retention requirements.
  • Right to grievance redressal — raise complaints regarding our processing with our Data Protection Officer.
  • Right to nominate — designate another individual who may exercise rights on your behalf in the event of your death or incapacity.
  • Right to withdraw consent — withdraw any consent you previously provided.

To exercise any of these rights, email privacy@adigrity.com. We will verify your identity before acting on the request. We respond within the timeline required by law (currently 90 days for most requests under the DPDPA Rules; sooner where possible).

If you are unsatisfied with our response, you may also raise the matter with the Data Protection Board of India once it is constituted.

9. Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the platform, and understand aggregate usage. We use the following categories:

  • Strictly necessary — session, CSRF protection, login state. These cannot be disabled.
  • Functional — remember UI preferences such as the firm switcher selection and sidebar state.
  • Analytics — aggregate usage analytics that help us improve the product. These are first-party where possible.

We do not use third-party advertising cookies. You can control cookies through your browser settings; disabling strictly necessary cookies will prevent the platform from functioning.

10. Security

We apply reasonable technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Practices include encryption in transit (TLS), password hashing, role-based access control, daily encrypted backups, comprehensive audit logging on file access, and vendor management. Our security practices are described in more detail at adigrity.com/security.

No security measure is perfect. In the unlikely event of a personal data breach that is likely to result in a risk to the rights of Data Principals, we will notify the Data Protection Board of India and affected users without undue delay, in line with applicable law.

11. Children's data

Adigrity is a B2B platform intended for adults acting in a professional capacity. We do not knowingly collect personal data from children under 18. If we learn that we have collected data from a child without verified parental consent, we will delete it promptly. If you believe we have inadvertently collected such data, please contact us at privacy@adigrity.com.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, or the law. The "Last updated" date at the top reflects the latest revision. For material changes, we will notify users by email and in-app banner at least 30 days before the change takes effect, where feasible. Your continued use of Adigrity after a change takes effect constitutes acceptance.

13. Contact us

For any privacy-related question, complaint, or to exercise a right described above:

Handommerce Services LLP
Bangalore, Karnataka, India
Email: privacy@adigrity.com