RMS App Privacy policy

Privacy Policy 

Last updated: 10th  March, 2026 

1. Who we are 

1. Statcon Powtech Private Limited (“Statcon Powtech”, “we”, “us”, “our”) provides the Statcon Powtech Remote Monitoring System (“RMS”) mobile application, companion web dashboard, and related services that monitor and manage SunPunch solar inverters (“Services”).  

2. Contact: apps@powtech.in. Address: D29, A Block, Sector 59, Noida, Uttar Pradesh 201309, India.  

2. Scope
   This Policy applies to the Statcon Powtech Android app, the web dashboard, and supporting infrastructure that connect to SunPunch solar inverter RMS data loggers. It explains how we collect, use, share, secure, and retain personal information and device/telemetry data when users create accounts, pair devices, view telemetry, generate reports, and receive support. 

Statcon Powtech Private Limited acts as a Data Fiduciary under the Digital Personal Data Protection Act (“DPDPA”) 2023 and DPDP Rules 2025, determining the purpose and means of processing your personal data. You, as a user of our Services, are the Data Principal whose rights are protected under this Act. 

The DPDPA grants you specific rights regarding your personal data, including the right to access, correct, erase, and nominate representatives to exercise your rights. We are committed to respecting these rights and ensuring transparent data processing practices. 

3. What we collect 

1. Account and identity data 

• Email/username and password (stored using industry‑standard hashing), optional phone number, and optional profile photo. 

• Social sign‑in: Via Google (or future providers like Apple/Facebook), we receive name, email, profile image per provider consent screen, used solely for authentication. Providers' policies apply; we delete post-unlink unless needed for security. 

2. Device and operations data 

• Device identity and pairing data: inverter model and serial number, RMS module identifiers, configuration metadata. 

• Telemetry and performance: power, voltage, current, PV input, grid values, battery parameters (charge/discharge power and state of charge), temperatures, alarms/fault codes, timestamps, firmware/runtime status. These variables are subject to change and shall be updated time to time. 

• Reports: data contained in reports the user generates. 

3. Technical and usage data 

• App and device information (app version, device model, OS version), IP address, time zone, language, authentication and security logs. 

4. Bluetooth and location 

• Bluetooth: used solely to provision RMS modules and communicate with the data logger. 

• Location: we do not store precise location; where Android requires location permission to scan for Bluetooth, we only use it to enable provisioning. 

5. Support and communications 

• Messages, attachments, and metadata submitted via support channels and feedback forms. 

• We do not collect any payment information, as the Services are free at launch. If we do require such information, we will seek consent and we will update this Policy.  

4. How we use information 

1. Deliver core functionality: account setup, device onboarding, secure connections, telemetry visualization, charts/analytics, configuration management, and report generation. 

2. Safety, reliability, and security: detect faults/alarms, enforce access control, prevent abuse and fraud, protect users and equipment. 

3. Support and operations: respond to tickets, troubleshoot connectivity/performance, and improve service quality. 

4. Product improvement: evaluate features and performance; at launch we do not use third‑party analytics or crash reporting. If we add such tools later, we will update this Policy and, where required. 

5. Legal and compliance: comply with applicable laws, enforce terms, and respond to lawful requests. 

5. Legal bases (GDPR/UK GDPR, where applicable) 

1. Contract performance: providing the Services and related support. 

2. Legitimate interests: ensuring security, reliability, and improving features in a manner balanced against user privacy. 

3. Consent: optional features such as future push alerts; marketing (if introduced). 

4. Legal obligation: where we must retain or disclose data. 

6. Sharing and disclosures
   We do not sell personal information. We share data only with: 

1. Service providers/sub‑processors/Data processors under written contracts (e.g., AWS IoT Core, email/SMS and identity providers) for hosting/connectivity, authentication, and support. 

2. Professional advisers (auditors, legal counsel) bound by confidentiality. 

3. Affiliates (if any) for internal processing consistent with this Policy. 

4. Authorities/third parties when required by law or to protect rights, safety, and property. 

5. Business transfers: in a merger/acquisition, data may transfer under safeguards consistent with this Policy. 

7. Storage locations and international transfers 

1. Primary storage: Cloud storage/compute (e.g. EC2/RDS) in India. We use AWS IoT Core for device connectivity. International transfers: when personal data is transferred outside a user’s jurisdiction, we implement appropriate safeguards (e.g., Standard Contractual Clauses) where required. 

8. Retention 

1. Account/profile: retained for the life of the account and a reasonable post‑closure period for security, support, and legal obligations. 

2. Telemetry: retained for 3 years by default; may change as services evolve. Aggregated/anonymized telemetry may be retained for reliability analytics. 

3. Support records: retained as needed for compliance, quality assurance, and dispute resolution. 

4. Automated deletion: We delete or anonymize data when retention ends, unless longer retention is required by law. 

5. Legal Holds: In certain circumstances (e.g., ongoing litigation, regulatory investigation, or legal obligations), we may retain data beyond standard retention periods. 

9. Security  

1. We apply administrative, technical, and physical safeguards aligned with industry practices, including encryption in transit, role‑based access control, secure key management, and monitored infrastructure. No method is 100% secure; we continuously improve our protections. 

2. Under DPDP Rules 2025, Data Fiduciaries must: 

1. Immediately notify the Data Protection Board of India upon becoming aware of a breach 

2. Provide a comprehensive update within 72 hours including nature, extent, timing, location, and likely impact 

3. Notify affected Data Principals promptly (unlike GDPR, there is no risk threshold, hence all breaches must be reported) 

4. Maintain breach logs for one year 

10. Children’s privacy and device safety
    Our Services are intended only for adults and qualified personnel aged 18 years and above and are not directed to children. We do not knowingly offer the app to, or process personal data of, individuals under 18 years of age. If we become aware that a person under 18 has provided personal data, we will take reasonable steps to delete that data and disable the related account. Because the app can monitor and modify inverter configuration, access should be limited to authorized users only. 

11. Roles and access control 

1. Mobile app: end‑user access without RBAC at launch. 

2. Web dashboard: role‑based access control (RBAC). Organization admins and Statcon Powtech super‑admins can grant/revoke access to sites/devices; administrative actions may be logged for accountability. 

12. Your privacy rights 

1. Data Principal (DPDPA) 

Under the Digital Personal Data Protection Act, 2023, you have the following rights: 

1. Right to Access: You may request a summary of the personal data we are processing about you, including details of Data Fiduciaries and Data Processors with whom your data has been shared. 

2. Right to Correction: You may request correction of inaccurate, incomplete, or outdated personal data. We will update or correct your data promptly upon verification. 

3. Right to Erasure: You may request deletion of your personal data. We will comply unless retention is necessary for legal compliance, contract performance, or specified legitimate purposes under the DPDPA. 

4. Right to Nominate: You may nominate an individual who will be entitled to exercise your rights under the DPDPA in the event of your death or incapacity. You may notify us of such nomination by emailing apps@powtech.in. 

5. Right to Withdraw Consent: You may withdraw consent for processing at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal. 

6. Right to Grievance Redressal: You have access to our grievance redressal mechanism and may escalate unresolved complaints to the Data Protection Board of India (see Section 12A). 

7. Exercising Your Rights: To exercise any of these rights, please contact us at apps@powtech.in. We will verify your identity and respond within a reasonable timeframe as required by the DPDPA.Data Principal Duties: Under the DPDPA, Data Principals also have duties, including: (a) complying with applicable laws when exercising rights; (b) not impersonating another person when providing personal data; and (c) not suppressing material information when providing personal data. 

2. GDPR/UK GDPR rights (where applicable) 

• Access, rectification, erasure, restriction, objection, and data portability. 

• Right to withdraw consent for optional processing at any time (does not affect prior lawful processing). 

• Right to lodge a complaint with a supervisory authority.
  Requests: apps@powtech.in. We may request verification of identity and may decline requests only as permitted by law. 

3. CCPA/CPRA rights (California residents) 

• Right to know/access the categories and specific pieces of personal information collected, sources, purposes, and categories of disclosures. 

• Right to delete personal information (with statutory exceptions). 

• Right to correct inaccurate personal information. 

• Right to opt out of the “sale” or “sharing” of personal information (we do not sell personal information and do not share it for cross‑context behavioral advertising). 

• Right to limit use/disclosure of “sensitive personal information” where applicable (we do not intentionally collect SPI as defined by CPRA, such as precise geolocation or government IDs, in the mobile app at launch). 

• Right to non‑discrimination for exercising rights.
   

4. How to exercise: submit requests to apps@powtech.in. We will verify requests and respond within the timelines required by law. Authorized agents may submit requests with proof of authorization. We will acknowledge your grievance within 5 business days and aim to resolve it within 30 days. If additional time is required, we will notify you with an explanation and expected resolution timeline. 

5. Do Not Sell or Share
   We do not sell personal information and do not share personal information for cross‑context behavioral advertising as defined by CPRA. If this changes, we will update this Policy and provide required opt‑out mechanisms (“Do Not Sell or Share My Personal Information”). 

12. Automated decision‑making and profiling 

 
We do not engage in automated decision‑making that produces legal or similarly significant effects on individuals. If this changes, we will update this Policy and provide legally required notices and choices. 

13. Cookies/SDKs and analytics
    At launch, we do not use third‑party analytics or crash‑reporting SDKs in the mobile app. If we integrate tools (e.g., Crashlytics, Sentry, analytics), we will update this Policy, disclose the categories of data collected, and provide consent/controls where required. 

14.  Permissions and controls 

1. Bluetooth: used only for provisioning and secure communication with RMS modules; disabling limits functionality. 

2. Files/Storage: used to export and save user‑generated reports in PDF or Excel Sheet(s) (e.g., Downloads folder). 

3. Camera: used solely for QR scanning. Explicit consent is prompted at first use; can be revoked anytime in the app settings. Images processed on-device are not shared.  

4. Notifications: used to send push notifications for updates, alerts, or promotions. Explicit consent is obtained via prompt; can be revoked anytime in the settings.   

Users will be able to manage preferences of these controls in app and OS settings. 

15. Third‑party services and links
    The Services may link to third‑party sites or integrate third‑party SDKs/APIs subject to their own privacy policies. We recommend reviewing those policies to understand their practices. 

16. Changes to this Policy
    We may update this Policy to reflect operational, technical, or legal changes. Material updates will be communicated via in‑app notice or email. The “Last updated” date shows the latest revision. 

17. Contact us
    For questions, requests, or complaints:
    Email: apps@powtech.in
    Address: Statcon Powtech Private Limited, D29, A Block, Sector 59, Noida, Uttar Pradesh 201309, India