← Back to Planovel
Privacy Policy
Last updated: December 19, 2024
1. Introduction
Planovel Technologies Private Limited ("Planovel," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered design and architecture software services.
This Privacy Policy complies with applicable data protection laws globally, including:
- India: Information Technology Act, 2000 and related rules
- European Union: General Data Protection Regulation (GDPR)
- United States: California Consumer Privacy Act (CCPA) and other state privacy laws
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
- Australia: Privacy Act 1988
- Singapore: Personal Data Protection Act (PDPA)
- Brazil: Lei Geral de Proteção de Dados (LGPD)
2. Information We Collect
2.1 Information You Provide Directly
We collect information you provide when you:
- Create an Account: Name, email address, phone number, company information, location, and software preferences
- Use Our Services: Design files, project data, preferences, and communications
- Contact Support: Support requests, feedback, and communications
- Participate in Surveys: Feedback and responses to research questions
2.2 Information We Collect Automatically
When you use our Service, we automatically collect:
- Usage Data: Features used, time spent, and interaction patterns
- Device Information: Device type, operating system, browser type, and IP address
- Log Data: Access times, pages viewed, and error logs
- Performance Data: System performance metrics and crash reports
- Location Data: Geographic location for fraud prevention and regional pricing (with consent)
- Device Fingerprinting: Browser characteristics, hardware specs, and behavioral patterns for security
- Network Analysis: Connection patterns, latency measurements, and network characteristics
2.3 Information from Third Parties
We may receive information from:
- Authentication Providers: Google OAuth (name, email, profile picture)
- Analytics Services: Usage statistics and user behavior data
- Business Partners: Referral information and joint service data
- Fraud Detection Services: IP reputation, VPN detection, and security scoring
- Geolocation Services: Location verification and regional validation
3. How We Use Your Information
We use your information for the following purposes:
| Purpose |
Legal Basis |
Data Types |
| Provide and maintain our Service |
Contract performance |
Account data, usage data, project files |
| Process payments and billing |
Contract performance |
Payment information, billing address |
| Improve our AI models and algorithms |
Legitimate interest |
Anonymized usage patterns, design preferences |
| Provide customer support |
Contract performance |
Support communications, account information |
| Send important service updates |
Contract performance |
Email address, account preferences |
| Marketing and promotional communications |
Consent |
Email address, preferences, usage data |
| Ensure security and prevent fraud |
Legitimate interest |
IP address, device fingerprint, network analysis, behavioral patterns |
| Location verification and regional pricing |
Legitimate interest & consent |
GPS coordinates, IP geolocation, network characteristics |
| VPN/Proxy detection and blocking |
Legitimate interest |
WebRTC IPs, DNS analysis, network latency patterns |
| Comply with legal obligations |
Legal obligation |
All data types as required by law |
4. Fraud Detection and Security Measures
4.1 Advanced Fraud Prevention
To protect our platform and users from fraud, abuse, and security threats, we implement comprehensive detection systems:
- VPN/Proxy Detection: We analyze network characteristics, WebRTC IP leaks, and DNS patterns to identify VPNs, proxies, and anonymization services
- Device Fingerprinting: We collect browser characteristics, hardware specifications, and behavioral patterns to create unique device identifiers
- Location Verification: We verify user locations through GPS, IP geolocation, and network analysis to prevent geographic fraud
- Behavioral Analysis: We monitor mouse movements, keystroke patterns, and interaction behaviors to detect automated or suspicious activity
- Network Analysis: We analyze connection patterns, latency measurements, and network characteristics to identify suspicious connections
4.2 Security Risk Assessment
Our system assigns risk scores based on multiple factors:
- Low Risk (0-30): Normal users with legitimate connections and behavior patterns
- Medium Risk (31-59): Users with some suspicious indicators requiring additional verification
- High Risk (60-79): Users with multiple risk factors requiring enhanced verification
- Blocked (80-100): Users with severe security risks who are denied access
4.3 Automated Security Responses
Based on risk assessment, we may:
- Require Additional Verification: Phone or email verification for medium/high risk users
- Block Access: Immediate denial for users with severe security risks
- Enhanced Monitoring: Continuous monitoring of suspicious accounts
- Manual Review: Human review of flagged accounts and activities
4.4 Your Rights Regarding Security Data
You have the right to:
- Know: Be informed about what security data we collect and why
- Access: Request access to your security assessment data
- Correct: Request correction of inaccurate security data
- Appeal: Appeal security decisions that affect your access
- Opt-out: Request reduced security monitoring (may limit service access)
5. Information Sharing and Disclosure
5.1 We Do Not Sell Your Personal Information
We do not sell, rent, or trade your personal information to third parties for monetary consideration.
5.2 When We Share Information
We may share your information in the following circumstances:
- Service Providers: With trusted third-party vendors who assist in providing our Service (cloud storage, payment processing, analytics)
- Business Transfers: In connection with mergers, acquisitions, or asset sales
- Legal Requirements: When required by law, court order, or government request
- Protection of Rights: To protect our rights, property, or safety, or that of our users
- Consent: When you have given explicit consent for specific sharing
5.3 Data Processing Locations
Your data may be processed in India and other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers, including:
- Standard Contractual Clauses (SCCs): For EU data transfers under GDPR
- Adequacy Decisions: For transfers to countries with adequate data protection
- Certification Schemes: For transfers under approved certification mechanisms
- Derogations: For specific situations under applicable law
6. Data Security
6.1 Security Measures
We implement industry-standard security measures to protect your information:
- Encryption: Data encrypted in transit and at rest using AES-256
- Access Controls: Role-based access controls and multi-factor authentication
- Regular Audits: Security assessments and penetration testing
- Employee Training: Regular security awareness training for all staff
- Incident Response: Comprehensive incident response procedures
- Fraud Detection: Advanced algorithms to detect and prevent fraudulent activities
- Network Security: Firewalls, intrusion detection, and DDoS protection
6.2 Data Breach Notification
In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law:
- EU (GDPR): Within 72 hours to supervisory authority, without undue delay to data subjects
- US (CCPA): Within reasonable time and without unreasonable delay
- India: As required under Information Technology Act and related rules
- Other Jurisdictions: As required by applicable local laws
7. Data Retention
We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:
- Account Data: Until account deletion or 3 years of inactivity
- Project Files: Until account deletion or 1 year of inactivity
- Usage Data: Aggregated and anonymized data may be retained indefinitely
- Support Communications: 3 years from last interaction
- Legal Compliance: As required by applicable laws and regulations
8. Your Rights and Choices
7.1 Access and Portability
You have the right to:
- Access your personal information
- Receive a copy of your data in a portable format
- Update or correct your information
7.2 Deletion and Restriction
You may request:
- Deletion of your personal information
- Restriction of processing in certain circumstances
- Objection to processing based on legitimate interests
7.3 Communication Preferences
You can control:
- Email notifications and marketing communications
- Cookie preferences through your browser settings
- Location data collection through device settings
7.4 Exercising Your Rights
To exercise your rights, contact us at privacy@planovel.com. We will respond to your request within 30 days.
8. Cookies and Tracking Technologies
8.1 Types of Cookies We Use
- Essential Cookies: Required for basic website functionality
- Performance Cookies: Help us understand how you use our Service
- Functional Cookies: Remember your preferences and settings
- Marketing Cookies: Used for targeted advertising (with consent)
8.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect Service functionality.
9. Children's Privacy
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.
10. International Users
If you are accessing our Service from outside India, please note that your information may be transferred to, stored, and processed in India where our servers are located. By using our Service, you consent to the transfer of your information to India.
11. Third-Party Services
Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you use.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to your registered email address
- Prominent notice on our website
- In-app notification when you next use the Service
13. Contact Information
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@planovel.com
- Data Protection Officer: dpo@planovel.com
- Address: Planovel Technologies Private Limited, Mumbai, India
- Phone: +91-XXXX-XXXXXX
14. Grievance Redressal
If you have any grievances regarding our data practices, you may contact our Grievance Officer:
- Name: [Grievance Officer Name]
- Email: grievance@planovel.com
- Address: Planovel Technologies Private Limited, Mumbai, India
We will acknowledge your grievance within 24 hours and resolve it within 30 days.
15. Global Compliance Framework
15.1 Regional Compliance
This Privacy Policy is designed to comply with data protection laws globally:
European Union (GDPR)
- Lawful basis for processing (consent, contract, legitimate interest, legal obligation)
- Data subject rights (access, rectification, erasure, portability, objection)
- Data Protection Impact Assessments (DPIAs) for high-risk processing
- Data Protection Officer (DPO) appointment and contact
- Cross-border data transfer mechanisms
United States (CCPA & State Laws)
- Consumer rights (know, delete, opt-out of sale, non-discrimination)
- Business obligations (disclosure, data minimization, security)
- Service provider agreements and restrictions
- Minor protection and parental consent requirements
India
- Information Technology Act, 2000
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
- Digital Personal Data Protection Act, 2023 (when effective)
Other Jurisdictions
- Canada (PIPEDA): Privacy principles and consent requirements
- Australia (Privacy Act): Australian Privacy Principles (APPs)
- Singapore (PDPA): Consent, purpose limitation, and data breach notification
- Brazil (LGPD): Data subject rights and lawful basis requirements
- UK (UK GDPR): Post-Brexit data protection framework
15.2 Compliance Monitoring
We maintain ongoing compliance through:
- Regular Audits: Annual privacy compliance assessments
- Legal Updates: Monitoring changes in applicable laws
- Training Programs: Staff education on privacy requirements
- Policy Reviews: Quarterly review and updates of privacy policies
- Third-party Assessments: Independent compliance verification
15.3 Cross-Border Data Transfers
We ensure lawful international data transfers through:
- Adequacy Decisions: Transfers to countries with adequate protection
- Standard Contractual Clauses: EU-approved contractual safeguards
- Certification Mechanisms: Approved certification schemes
- Binding Corporate Rules: Internal data protection policies
- Derogations: Specific situations under applicable law