FULL PRIVACY POLICY FOR M2000 LITE APPLICATION
Effective Date: 12-03-2026
Last Updated: 12-03-2026
1. INTRODUCTION
Exicom Tele-Systems Limited respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the M2000 LITE mobile application for monitoring and controlling Exicom M2000 LITE Controllers and associated critical power infrastructure via Bluetooth Low Energy (BLE) technology.
This App is intended for use by authorized personnel who have been provided access credentials by Exicom or its authorized distributors. By downloading, installing, accessing, or using the Application, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS, INSTALL, OR USE THE APPLICATION.
This Policy is incorporated into and subject to Product Sales Agreement and Terms of Service, wherever applicable. For the purpose of this Policy, "Personal Data" means any information relating to an identified or identifiable natural person.
2. SCOPE AND APPLICATION
This Privacy Policy applies solely to information collected through your use of the M2000 LITE Application. It does not apply to:
Information collected by the physical Exicom power control hardware or any other Exicom products.
Information collected through any other websites, mobile apps, products, or services offered by Exicom, which are governed by their own separate privacy policies.
Information collected by third parties, including through any application or content (including advertising) that may link to or be accessible from or within the Application.
3. DATA CONTROLLER AND RESPONSIBILITY
The data controller for the Personal Data processed via the M2000 LITE Application is:
Exicom Tele-Systems Limited
Plot No 38, Institutional Area, Sector 32
Gurgaon 122001, Haryana, India
As the data controller, Exicom determines the purposes and means of processing your Personal Data in connection with this Application.
4. INFORMATION WE COLLECT
4.1. Information You Input or Provide
Access Credentials: The Application requires login using a username and password that are provisioned, assigned, and managed exclusively by Exicom or its authorized system administrators. Users cannot create custom usernames or passwords. These credentials are mandatory for authentication and authorization, enabling the Application to determine your specific user role, access level, and functional permissions (e.g., view-only, basic control, administrative control) within the connected power system.
4.2. Information Collected Automatically Through Application Use
User Session Data: The Application maintains an active session log during use, which includes the authenticated user ID (the username provided by Exicom), login timestamp, session duration, and a log of high-level actions initiated (e.g., "Start Command Sent," "Status Requested"). This data is stored locally on your mobile device for the purpose of maintaining session state and application stability. It is not transmitted to Exicom servers in the current version of the Application.
Application Performance and Diagnostic Data: The Application may collect non-personal, technical data to ensure functionality and diagnose issues. This may include:
Application version and build number.
Mobile device operating system (iOS/Android) and version.
BLE connection state events (e.g., "Connected," "Disconnected," "Connection Failed").
Generic error codes and crash reports that do not contain Personal Data or sensitive system operational data.
4.3. Information Related to Device Operation (NON-PERSONAL DATA)
Control Commands and Machine Status Data: The primary function of the Application is to send control commands to and receive status information from the Exicom M2000 LITE controller via a direct BLE connection. This data exchange includes, but is not limited to:
Commands Sent: Start, Stop, Reset, Adjust Parameters.
Status Received: Voltage, Current, Frequency, Temperature, System State (On/Off/Error), Fault Logs.
Crucially, this operational data is considered Non-Personal Data. It pertains solely to the performance, status, and condition of the mechanical and electrical power system hardware. It is not linked to an identifiable individual, only to the machine itself. This data is processed in real-time for display and control purposes and is not persistently stored or logged by the Application in a manner that is retrievable or transmittable.
No Device Fingerprinting: The Application does NOT collect, read, log, store, or transmit the Bluetooth MAC address, serial number, or any other unique hardware identifier of the device to which it connects.
4.4. Information We Do NOT Collect
The current version of the M2000 LITE Application explicitly does NOT collect:
Personal name, email address, physical address, or telephone number.
Location data (GPS, network-based geolocation).
Contact lists, SMS, or call history from your mobile device.
Photos, audio, or video from your mobile device.
Information from other apps on your device.
Payment or financial information.
Biometric data.
5. HOW WE USE YOUR INFORMATION
We use the limited information we collect strictly for the following legitimate business purposes:
Purpose of Processing
Legal Basis for Processing (GDPR) / Justification
To authenticate your identity and authorize access to the Application and connected systems.
Necessary for the performance of a contract (providing controlled access to the system). Legitimate interest (security of critical infrastructure).
To enforce role-based access control (RBAC), ensuring users only perform actions permitted by their assigned credentials.
Necessary for the performance of a contract. Legitimate interest (safety, security, and operational integrity).
To establish, maintain, and manage the BLE connection between the Application and the controller.
Necessary for the performance of a contract (providing the core App functionality).
To process your commands and display system status information to you in real-time.
Necessary for the performance of a contract.
To maintain application stability, troubleshoot technical issues, and improve the App's performance and reliability.
Legitimate interest (ensuring quality of service and continuous improvement).
To comply with legal obligations, regulatory requirements, or respond to lawful requests from public authorities.
Compliance with a legal obligation.
6. DATA SHARING AND DISCLOSURE
6.1. No Commercial Sharing
We DO NOT sell, rent, lease, or trade your access credentials, user session data, or any information derived from your use of the Application to any third parties for marketing, advertising, or profiling purposes.
6.2. Current Version (No External Data Transmission)
In the current, installed version of the M2000 LITE Application, all data processing occurs locally on your mobile device. No data—including your username, password, session logs, or operational data—is transmitted over the internet to Exicom servers or any third-party servers. The data flow is confined to the local BLE connection between your mobile device and the M2000 LITE controller.
6.3. Disclosure for Legal and Safety Reasons
We may disclose information we hold if we are required to do so by law or if we believe in good faith that such action is necessary to:
Comply with a legal obligation, judicial proceeding, court order, or valid subpoena.
Protect and defend the rights, property, or safety of Exicom, our users, or the public.
Prevent or investigate possible wrongdoing in connection with the Application, including safety or security violations of the critical power systems.
Protect against legal liability.
6.4. Corporate Transactions
In the event Exicom undergoes a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, your information (to the extent it is held by us) may be among the assets transferred. You will be notified via a prominent notice on our website and/or within the Application of any such change in ownership or control.
6.5. Future Version Notice: Cloud-Based Authentication
Exicom plans to develop a future version of the Application that will implement cloud-based authentication and management features to enhance security, enable remote access (where applicable), and provide centralized user management. This future version will necessarily involve:
Transmitting encrypted access credentials to a secure, third-party authentication service (e.g., AWS Cognito, Auth0, or a similar provider) for validation.
Storing user roles, access permissions, and audit logs on secure Exicom-managed cloud servers.
Prior to the release of any such updated version, this Privacy Policy will be comprehensively revised. The revised policy will be made available within the Application and on our website, detailing the specific data flows, identifying the third-party service providers, explaining the purposes of cloud processing, and outlining your enhanced rights and controls. Your continued use of the Application after such an update will constitute your acceptance of the new terms.
7. DATA SECURITY
We implement technical and organizational measures designed to protect the information processed by the Application.
Local Storage Security: Access credentials and session data stored locally on the mobile device utilize the device's native security frameworks (iOS Keychain, Android Keystore System where possible).
Authentication: The use of company-provisioned credentials prevents unauthorized access.
BLE Security: The BLE communication channel between the Application and the M2000 LITE controller uses appropriate pairing and encryption methods to prevent eavesdropping or command injection.
Physical and Operational Security: Access to the credential provisioning system is restricted to authorized Exicom administrators.
However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. The security of your mobile device and its operating system is also critical; you are responsible for keeping your device's software up to date and using device-level security features (e.g., passcodes, biometric locks).
8. DATA RETENTION AND DELETION
On Your Device: Locally stored session logs and cached data are designed to be temporary. They may be overwritten or cleared when the Application is closed, the device is restarted, or when storage space is needed. There is no indefinite retention of local logs.
At Exicom: In the current App version, Exicom does not retain any data from your specific App sessions, as no data is transmitted to us. Exicom corporate records maintain the master list of provisioned usernames and their associated access rights for system administration purposes.
Account Deactivation/Deletion: Since user accounts (credentials) are corporate assets managed by Exicom for system access control, users cannot self-delete their accounts via the Application. Requests for credential deactivation, access review, or data-related inquiries must be directed to the Exicom system administrator who provisioned the credentials or to our official support channel (see Contact Us). Deactivation of credentials will functionally prevent future access but may not immediately purge the username from internal administrative records due to audit and compliance requirements.
9. YOUR RIGHTS AND CHOICES
Depending on your jurisdiction (e.g., under the GDPR, CCPA/CPRA, or other data protection laws), you may have certain rights regarding your Personal Data. As our current data processing is minimal and local, your primary rights in this context are:
Right to Know/Access: You can request confirmation of what Personal Data we hold related to your provisioned username.
Right to Correction: You can request correction of inaccurate access rights associated with your credentials.
Right to Deactivation/Deletion: You can request the deactivation of your access credentials. Full deletion from administrative records may be subject to legal retention requirements.
Right to Object/Restrict Processing: You can object to our processing of your data, though this will likely result in the inability to use the Application.
Exercising Your Rights: To exercise any of these rights, please contact us using the details in Section 12. We may need to verify your identity before fulfilling your request, which may involve coordinating with your organization's system administrator.
10. INTERNATIONAL DATA TRANSFERS
In the current operation of the Application, no data is transferred internationally as all processing is local to your mobile device. Any future cloud-based features (as noted in Section 6.5) may involve data transfer to servers located in India or other countries. Any such future transfer will be governed by the revised Privacy Policy and will comply with applicable data protection laws, implementing appropriate safeguards such as Standard Contractual Clauses (SCCs).
11. CHILDREN'S PRIVACY
The M2000 LITE Application is NOT intended for use by children. It is designed for professional use in industrial and commercial settings. We do not knowingly collect Personal Data from children. If you are a parent or guardian and believe your child has provided us with information, please contact us. If we learn we have collected information from a child without verification of parental consent, we will take steps to delete that information.
12. CONTACT US
If you have questions, comments, or concerns about this Privacy Policy, wish to exercise your data rights, or need to report a security issue related to the Application, please contact our Data Protection team at:
Exicom Tele-Systems Limited
Attn: Data Protection Officer / Privacy Team
Plot No 38, Institutional Area, Sector 32
Gurgaon 122001, Haryana, India
Website: https://www.exicom.com/critical-power
We will endeavour to respond to your inquiry within a reasonable timeframe.
13. CHANGES TO THIS PRIVACY POLICY
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or the functionality of the Application. The "Last Updated" date at the top of this policy will be revised accordingly.
For non-material changes, the updated policy will be effective immediately upon posting on our website and within the Application's update description.
For material changes (e.g., the introduction of cloud data collection as per Section 6.5), we will provide more prominent notice. This may include an in-App notification requiring your consent, an email to registered administrative users (where applicable), or a notice on our website prior to the change becoming effective. Your continued use of the Application after the effective date of a revised Privacy Policy constitutes your acceptance of its terms.
END OF PRIVACY POLICY