Privacy Policy

Last updated: November 30, 2025

We respect your privacy and are committed to protecting your personal data. This policy explains what we collect, how we use it, and the rights available to you.

1) Who we are & scope

UltraGen Technologies ("UltraGen", "we", "us") provides software, hardware, and IoT services. This policy applies to our website, contact forms, client portals, and any services that link to it (collectively, the "Services").

We aim to align with the Digital Personal Data Protection Act, 2023 (India) and international best practices (e.g., GDPR principles). If local law requires stricter standards, we apply those where applicable.

2) Data we collect

  • Identity & contact: name, email, phone, organization, role.
  • Project & support: requirements, documents you share, tickets, and communications.
  • Usage & technical: IP, device/browser, pages viewed, timestamps, referrers, error logs.
  • Cookies/local storage: preferences, session IDs, auth tokens (if you log in), consent choices.
  • Marketing: newsletter opt‑ins, campaign source/medium, ad attribution where enabled.
  • Notifications: web‑push subscription keys (if you subscribe), delivery receipts.
  • Payments: if applicable, we use third‑party processors; we do not store full card details on our servers.

3) How we use data

  • Provide and improve the Services, fulfill contracts, and deliver customer support.
  • Operate security: fraud prevention, abuse detection, incident response, and backups.
  • Measure performance: analytics, product research, and service diagnostics.
  • Communicate: proposals, onboarding, transactional alerts, and (with consent) marketing updates.
  • Comply with law: taxation, accounting, and legal requests.

Legal bases (where applicable): consent, contract performance, legal obligation, and legitimate interests such as securing and improving our Services.

4) Cookies & tracking

We use cookies and similar technologies (local storage, pixels) to remember preferences, maintain sessions, and analyze usage.

  • Essential: required for core functionality (e.g., authentication, CSRF).
  • Analytics: e.g., Google Analytics 4 (GA4) with IP masking and aggregated reports.
  • Marketing: only if you consent—used for measuring campaign effectiveness.

You can manage cookies in your browser and via the consent options we provide. Disabling some cookies may affect site functionality.

5) Sharing & processors

We do not sell personal data. We may share limited data with trusted processors to operate our Services, subject to contracts and security obligations, such as:

  • Hosting & infrastructure (e.g., data centers/hosting providers)
  • Analytics & error monitoring (e.g., GA4, server logs)
  • Email, SMS, or push notification providers
  • Payment processors (for invoices or online payments)
  • Professional advisors (legal/accounting) where necessary

Access is limited to what is needed to perform their services. We may also disclose data where required by law or to protect our rights and users.

6) Retention & security

We retain data only as long as needed for the purposes described above, legal requirements, or legitimate business needs. We employ reasonable administrative, technical, and physical safeguards, including encryption in transit (HTTPS), access controls, and regular backups.

No system can be 100% secure. We work to prevent unauthorized access and will notify you of material incidents as required by law.

7) Your rights

Subject to applicable law (including India’s DPDP Act and, where relevant, GDPR‑style rights), you may request to:

  • Access, correct, or delete your personal data
  • Withdraw consent where processing is based on consent
  • Object to or restrict certain processing
  • Export data you provided (portability) where feasible

To exercise rights, contact us as described below. We may need to verify your identity before acting on requests.

8) International transfers

We may store or process data outside your country. Where required, we use appropriate safeguards (e.g., contractual clauses) to protect your information.

9) Children

Our Services are not directed to children under the age where parental consent is required by law. We do not knowingly collect data from such children. If you believe a child provided data to us, please contact us to remove it.

10) Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will post the updated version with a new "Last updated" date.

11) Contact & grievance

If you have questions, requests, or complaints about privacy, contact us:

Grievance Officer (India DPDP): Please write to the email above with subject line “DPDP Grievance” and we will respond within statutory timelines.