Legal

Privacy Policy

Last Updated: July 2, 2025

MonoRo is a B2B operations management platform. This policy describes how we collect, use, and protect information in connection with providing the Platform to businesses ("Customers") and their employees and staff ("End Users"). If you are an End User, your employer (the Customer) is the primary data controller for your information — please also refer to your employer's own policies.

1. Who We Are

The MonoRo Platform is operated by Sujana Kavikondala, trading as "MonoRo" ("MonoRo", "we", "us", "our"), a sole proprietorship based in Bengaluru, Karnataka, India. We build and operate an AI-powered operations management platform for shift-based businesses, covering attendance, task verification, training, inventory, and payroll.

By using the Platform, you confirm that you have read and understood this Privacy Policy. If you do not agree, please do not access or use the Platform.

2. Information We Collect

We collect the following categories of information when you use the Platform:

Account & Identity Data

Name, phone number, and role (e.g. Staff, Manager, Admin) provided during onboarding or registration. Login is authenticated via OTP to your registered phone number.

📸 Visual & Biometric Data (Sensitive)

Selfie photographs captured during attendance clock-in for identity and grooming verification. Photos and short videos submitted as proof of task completion for AI-audited checklists. This data is classified as sensitive personal data under applicable Indian law.

📍 Location Data

Geographic coordinates (latitude/longitude) collected at the point of clock-in and clock-out to verify geofence compliance at your assigned outlet or worksite.

Operational & Work Data

Shift schedules, clock-in/out timestamps, task logs, checklist completion records, training progress, quiz scores, and incentive/payroll-related records.

Purchase & Inventory Data

Purchase invoices, supplier information, and inventory records submitted by Managers and Admins on behalf of their business.

Device & Usage Data

Device type, browser/app version, IP address, and feature usage logs collected automatically to support platform performance and debugging.

3. How We Use Your Information

3.1 Providing the Platform

  • Processing attendance, task verification, and checklist audits.
  • Running AI-powered grooming and compliance checks on visual evidence.
  • Managing shift schedules, payroll calculations, and incentive tracking.
  • Enabling Managers and Admins to monitor outlet operations in real time.

3.2 Platform Improvement

  • Analysing aggregated, anonymised usage patterns to improve features.
  • Training and evaluating AI models used for task and grooming verification (using only anonymised or Customer-consented data as applicable).
  • Diagnosing technical issues and maintaining platform security.

3.3 WhatsApp Operational Notifications

By accepting these Terms at login, End Users consent to receive operational WhatsApp messages from MonoRo on the registered phone number. These include:

  • Shift start/end reminders and schedule updates.
  • Task assignment notifications and checklist prompts.
  • Payroll processing alerts and incentive confirmations.
  • Account security alerts (e.g. PIN change confirmation).

Operational notifications are necessary for the functioning of the Platform and cannot be individually opted out of while your account is active. If you no longer wish to receive them, contact your Manager or Administrator to deactivate your account.

3.4 Customer Communications (Admins & Managers)

  • Sending platform updates, billing notices, and subscription-related communications.
  • Product announcements and feature release notes.

3.5 Legal & Compliance

  • Maintaining records as required under applicable Indian law.
  • Responding to lawful requests from regulatory or law enforcement authorities.

4. Legal Basis for Processing

We process personal data on the following legal bases under the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act):

ConsentObtained at login (operational notifications) and at lead capture (marketing outreach). Sensitive personal data processed only on explicit consent.
Contractual NecessityProcessing required to deliver the Platform to the Customer under the Terms of Service, including payroll and attendance functions.
Legitimate InterestPlatform security, fraud prevention, debugging, and aggregated product analytics.
Legal ObligationCompliance with Indian tax, labour, and data protection laws, and responding to lawful regulatory requests.

5. Information Sharing and Disclosure

We do not sell personal data. We share information only in the following circumstances:

5.1 Within the Customer Organisation

End User attendance, task, and operational data is accessible to that End User's Manager and Admin within the same Customer organisation on the Platform. This is the core purpose of the service.

5.2 Infrastructure & Technology Providers

Google Firebase (authentication, database, and storage), cloud hosting providers, and AI processing services used to operate the Platform. These providers act as sub-processors under our instructions and are bound by appropriate data processing terms.

5.3 WhatsApp / Messaging Providers

Phone numbers are shared with our WhatsApp Business API provider solely to deliver operational notifications you have consented to at login. The provider does not use this data for its own marketing purposes.

5.4 Legal Requirements

Where required by law, court order, or a lawful request from a government or regulatory authority.

5.5 Business Transfer

In the event of a merger, acquisition, or sale of substantially all assets, data may be transferred to the successor entity, who will be bound by this Privacy Policy.

6. Cross-Border Data Transfers

Important notice for Customers outside India

MonoRo's infrastructure, personnel, and primary service providers are located in India. If you access or use the Platform from outside India — including as part of a pilot or trial — your information and your employees' information will be transferred to, stored, and processed in India.

By accepting the Terms of Service and using the Platform, you and your organisation consciously acknowledge and consent to this cross-border transfer. Data protection standards applicable in India may differ from those in your home jurisdiction. MonoRo implements reasonable technical and organisational security measures regardless of where data is processed, but does not represent that these measures satisfy every jurisdiction-specific regulatory requirement applicable to your organisation.

If your organisation is subject to UK GDPR, EU GDPR, or US state privacy laws (e.g. CCPA), please contact us at sreeram@mail.monoro.in before onboarding so we can discuss applicable safeguards and execute a Data Processing Addendum.

7. Data Security

We implement reasonable technical and organisational measures to protect your information, including:

  • Encryption of data in transit using TLS/HTTPS.
  • Firebase Security Rules to enforce role-based access control (Staff / Manager / Admin).
  • OTP-based authentication — no passwords stored on our servers.
  • Geofencing and PIN-based session controls to prevent unauthorised access.
  • Restricted internal access to personal data on a need-to-know basis.

No method of electronic transmission or storage is 100% secure. We will notify affected Customers of a confirmed data breach in accordance with applicable law.

8. Data Retention

We retain information for as long as necessary for the purposes described above:

Active account data: Retained for the duration of the Customer's subscription and for 90 days after termination (to enable data export).

Operational records (attendance, payroll): 7 years from the date of record, in compliance with Indian labour and accounting laws.

Visual evidence (selfies, task photos/videos): 90 days from capture, unless the Customer's Admin specifically extends retention for audit purposes.

Location data: 90 days from capture.

Deleted accounts: Anonymised or deleted from active systems within 30 days of a deletion request, subject to legal retention obligations above.

9. Your Rights

Under the DPDP Act, 2023 and the IT (SPDI) Rules, 2011, you have the following rights:

AccessRequest a copy of the personal data we hold about you.
CorrectionRequest correction of inaccurate or incomplete data.
ErasureRequest deletion of your data (subject to legal retention obligations).
Withdraw ConsentWithdraw consent for processing where consent is the legal basis. Note: withdrawal does not affect prior processing.
GrievanceLodge a complaint with our Grievance Officer (see Section 11).
NominationNominate a person to exercise these rights on your behalf in the event of your death or incapacity (DPDP Act right).

If you are an End User (employee), requests for access or deletion should be directed to your employer (the Customer Admin) in the first instance, as they are the data controller for your employment data. MonoRo will assist Customers in fulfilling such requests.

10. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to review their policies before submitting any personal information.

11. Children's Privacy

The Platform is intended solely for business use by persons aged 18 and above. We do not knowingly collect information from anyone under 18. If you believe a minor has accessed the Platform, contact us at sreeram@mail.monoro.in and we will take steps to delete the data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform and/or by WhatsApp/email to registered Admins at least 14 days before they take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

13. Contact Information

Sujana Kavikondala, trading as "MonoRo"

A-902, NR Royal Park Residency, St Anns Church Rd, Rachenahalli, Bangalore 560045

sreeram@mail.monoro.in

+91 7674880713

14. Grievance Officer

In accordance with the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, and the Digital Personal Data Protection Act, 2023, our Grievance Officer is available to address concerns within 30 days of receipt.

Grievance Officer

Sreeram

MonoRo, Bengaluru, Karnataka, India

Email: sreeram@mail.monoro.in

Phone: +91 7674880713

15. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, and the Digital Personal Data Protection Act, 2023. Any disputes will be subject to the exclusive jurisdiction of courts in Bengaluru, Karnataka.