SURELOCK PRIVACY POLICY

1. INTRODUCTION We at 42Gears Mobility Systems Pvt Ltd including its subsidiaries and affiliates respect your privacy and are committed to protecting your personal data. This privacy disclosure/policy covers SureLock described below (as “Software”) and reveals to the customers who purchase the Software (“Customers”) the types of information collected by the Software and those individuals whose devices are being managed by the Software (“Users”) regarding the types of information collected by the Software about Users and their devices. This Privacy Disclosure describes our policies and procedures for the collection, use, and disclosure of Your information when You use the Software. By using the Software, You agree to the collection and use of information in accordance with this Privacy Policy. 2. OVERVIEW OF SURELOCK SureLock enables Customers to lock devices into kiosk mode which offers them more control over their applications and device usage. It further enables the admins to convert mobile devices into dedicated-purpose tools with additional features to gain higher control over mobile devices and applications, transforming any devices into dedicated-purpose devices, etc. 3. DATA COLLECTION Personal Identifiable Information or Personal data which is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. Such information includes:
  1. Device and Hardware Information: We collect Personal Information from your device by using standard Android API (which are commonly granted as “Runtime and Special Permissions based on the functionality the Customers configured). Such information includes IP address, unique identifiers (e.g. MAC address: WIFI, Ethernet, and Bluetooth), IMEI, IMSI, GUID, Android ID, Serial Number, Device model, and device permissions settings of  Camera, Location Information, Bluetooth, Contact, Call logs, SMS, SMS logs, Wifi State, Mobile data state, App Usage data. Further, as part of the device enrollment process, the Software pushes a privacy dialog to the User’s mobile device, which enables the User to review a summary of the settings enabled for the Software on their device. In some cases, the Customers may also have the ability to control the enablement of certain features of the Software, via their device settings. Please note that all this data remains on the device side itself and only transfers to our activation server as and when the activation ID is released from our side. (*Activation ID is released only when the customer signs up for our Software) We provide our Customers full control over the data that they want us to collect from the devices and provide them an option to restrict the data collection whilst choosing a “Preferred Activation ID” which will enable us to collect the limited data as required.
  2. Registration information: When customers purchase or sign up for Software,  customers will be asked to provide us with certain details such as: full name; e-mail address, number, and other necessary information.
  3. Surelock integration with SureMDM: When you integrate SureLock with SureMDM (42Gears other product), we collect the following information with the prior explicit consent of our Customers which includes:
    • Query All Apps: SureLock will have access to the list of apps installed on your device, including details such as their names, types, sizes, version numbers, and version codes. If your device is enrolled in SureMDM, SureLock will upload this list to the secure SureMDM server, even when the app is running in the background or not in active use. This enables your administrator to view and modify app permissions, clear app data, run applications at device startup, use the data for internal app analytics, and even uninstall apps on the device. However, SureLock does not share this information with any third-party apps or services, nor is it used for any other purpose.
    • Camera: This permission is required to import the SureLock settings file from QR Code scanning.
    • Location: SureLock will have access to your location data, and if your device is enrolled in SureMDM, this data will be uploaded to the SureMDM server, even when the app is running in the background or not actively in use. This allows your administrator to monitor and track your location, as well as enable advanced features like driver safety and Wi-Fi management. Rest assured, SureLock does not share this information with any third-party apps or services, nor is it used for any other purpose.
    • Allow Contact Access: SureLock will have access to your contacts, including names and phone numbers. If your device is enrolled in SureMDM, SureLock will upload this contact data to the secure SureMDM server, even when the app is running in the background or not actively in use. This enables your administrator to allow or block incoming and outgoing calls and SMS based on your contacts, remotely delete contacts, and generate reports for SMS and call logs on the SureMDM server. Rest assured, SureLock does not share this information with any third-party apps or services, nor is it used for any other purpose.
    • Call Logs: SureLock will have access to your call logs, including contact names, phone numbers, and call durations. If your device is enrolled in SureMDM, SureLock will upload this data to the secure SureMDM server, even when the app is running in the background or not actively in use. This allows your administrator to monitor and track your call logs and manage phone settings, such as allowing or blocking incoming calls. Please note that SureLock does not share this information with any third-party apps or services, nor is it used for any other purpose.
    • SMS, SMS Logs: SureLock will be able to read your SMS logs including the name of contact, date, time, content of the SMS, and upload it to the secure SureMDM server, even when the app is running in the background or is not actively being used. This will allow your SureLock administrator to access and track your SMS logs and change your Android lock screen PIN with SMS.
    • App Usage Data: SureLock requires this permission to block access to unapproved applications.
    Please note that the aforesaid data stored in the server will never be shared with any third party or applications for any reason whatsoever. Further, the data is processed only in accordance with applicable privacy regulations, including Art. 6 Para. 1 (f) GDPR on the basis of our legitimate interest.
4. USE OF PERSONAL DATA Having accurate information about You permits us to provide You with a smooth, efficient, and customized experience. We request Customer’s Consent before gathering any data from device for example we display Consent popup before granting each runtime and special permissions Specifically, we may use information collected about You while signing up for the Software:
  • To provide and maintain our Services, including monitoring the usage of our Services such as verifying the device etc.
  • To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the Software You have purchased or of any other contract with Us through the Service.
We will not use or disclose Personal Data to third parties except:
  • to our authorized Sub-processors as necessary to provide services or products you have requested.
  • to our affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners, or other companies that We control or that are under common control with Us.
  • in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • in other ways described in this privacy policy or to which you have otherwise consented.
  • in the aggregate with other information in such a way so that your identity cannot reasonably be determined (for example, statistical compilations).
  • as required by law, for example, in response to a subpoena or search warrant.
  • to outside auditors who have agreed to keep the information confidential.
5. RETENTION AND DELETION OF YOUR PERSONAL DATA We will retain your Personal data for as long as your account is active; as needed to provide you products or services; as stated in the EULA/TOU agreement; as needed for the purposes outlined in this policy or at the time of collection; as necessary to comply with our legal obligations, honor UNSUBSCRIBE requests, resolve disputes, meet financial audit requirements and enforce our agreements; or to the extent permitted by law. You may delete the Software from the “Settings “option using “Uninstall SureLock” or uninstall it from the device system settings in the application settings. Except as provided in this privacy disclosure, on the deletion of the Software, the data is deleted from the devices and the Activation Portal from the live system immediately. However, the data remains in the secured database as a backup for 60 days, after which the data gets permanently deleted thereafter. Please note that a deletion request may not result in the complete deletion of your data, specifically purchase information that will be maintained for legal and financial audit purposes. 6. PERSONAL DATA TRANSFER, PROCESSING AND STORAGE When SureLock will be used as a standalone product, we process and store data about you on AWS servers located in the N.Virginia region. However, in case Surelock is used by the customer in integration with SureMDM, then the data shall be stored in either AWS server location from India, US and UK as the customer chooses while signing up. Your Personal data may therefore be transferred to, using appropriate security protocols, processed and stored in a country different from your country of residence, and be subject to privacy laws that are different from those in your country of residence. The Personal Data that we store is not highly sensitive and is required to conduct normal and expected business practices. Specifically, Personal Data, as described in this policy, is stored on AWS N.Virginia data servers. We and all third-party companies with which we engage with have committed to complying with the 2018 EU GDPR privacy regulation for EU residents. Based on the Lawful basis definition, as defined by the EU GDPR regulation, 42Gears's use and storage of minimal Customer Personal Data, the Legitimate Interests basis is the appropriate legal basis for data storage and use. Further, When transferring Your Personal Data outside the EEA, Switzerland and the UK, we will, where required by applicable law,have an updated Data Processing Addendum which now includes Standard Contractual Clauses (SCCs) which are an integral part of the EULA/TOU that You agree before accessing or using the Software. 7. SECURITY OF YOUR PERSONAL DATA The security of Your Personal Data is important to Us. The nature of our services is such that we share a responsibility with our Customers for the security of data. We aim to safeguard and protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and have adopted reasonable technical and organizational security measures to ensure that this is the case, in line with established commercial good practice. It is nevertheless important that our Customers recognize their responsibility to maintain effective security in the use of our services. All the communication from the application is secured using strong SSL/TLS  protocols but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. 8. CHANGE TO THIS PRIVICY POLICY We will occasionally change and update this Privacy Policy. Any changes made to this Privacy Policy will be posted on the Software. If we make any substantial changes in our Privacy Policy, we will post a notice on the website too or send an email notification on the customer's email address available with 42Gears. 9. EXERCISING YOUR RIGHTS To exercise any of Your rights enshrined in the applicable data privacy regulations including GDPR, please refer to the “RIGHTS” tab of our global privacy policy here. 42Gears has no direct relationship with the Users whose data it processes in connection with providing the Software and any related services. A User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Customer. If the Customer requests 42Gears to modify or remove the data, we will respond to the Customer’s request in accordance with our agreement with the applicable Customer or as may otherwise be required by applicable law. 10. CONTACTING US We recognize that You may have questions about how we process Your data, or You may want to change either the data we hold or how we communicate with You in the future. You may unsubscribe from receiving marketing or commercial communications about 42Gears or 42Gears products and services by clicking the unsubscribe link at the end of the marketing or commercial communication from 42Gears or by writing us at privacy@42gears.com apprising us what particular types of marketing or commercial communications You no longer wish to receive. If You have any questions or concerns about this Privacy Notice, please feel free to email us at legal@42gears.com.

Version 1.2

Last Updated: August 20th, 2024