Aatar Technology

Legal · Privacy

Privacy Policy — Aatar

How Aatar Technology Solutions Pvt. Ltd. collects, uses, stores, shares, and protects personal data through the Aatar Inspect mobile and web applications.

Last updated: 12 May 2026  ·  Effective: 12 May 2026

This Privacy Policy describes how Aatar Technology Solutions Pvt. Ltd. (“Aatar”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal data through the Aatar Inspect mobile application (Android and iOS) and its web counterpart (collectively, the “App”).

Aatar Inspect is a business-to-business (B2B) field inspection and data collection product. It is provided to enterprise customers (“Customer” or “Customers”) under a written agreement, and is used by their authorised employees, contractors, and field operators (“Users”, “you”). The App is not intended for direct sign-up or use by the general public.

In this Policy, the Customer is the “Data Fiduciary” (under India’s Digital Personal Data Protection Act, 2023) or “Controller” for personal data processed through the App. Aatar acts as the Data Processor on the Customer’s documented instructions, except where Aatar processes data for its own legitimate purposes (such as service operation, security, and product improvement), in which case Aatar is the Data Fiduciary.

1. Information we collect

The App collects the following categories of information, only as needed to operate the inspection workflows configured by the Customer:

1.1 Identity and account information

  • Full name, work email address, phone number (where provided by the Customer)
  • Employee ID, role, designation, team, and reporting hierarchy
  • Authentication credentials and session tokens (we do not store passwords in plain text)

1.2 Location information

  • Precise device location (latitude and longitude) stamped against an inspection record when location is required by the Customer’s workflow
  • Location is captured at the moment an inspection is started or submitted; the App does not track location continuously in the background
  • You may revoke location permission at any time in your device settings; some inspection workflows may be unavailable without it

1.3 Camera, photos, and media

  • Photographs and short videos captured through the App’s camera, or selected from the device gallery, as part of an inspection
  • Optional metadata embedded in media (timestamp, geotag) where the Customer’s workflow requires it
  • The App accesses the camera and gallery only on user action; it does not silently record media

1.4 Inspection content

  • Text inputs, structured form responses, checklist values, signatures, voice notes, and any other content you submit through an inspection
  • Site or asset identifiers (e.g., tower ID, plant code, project reference) attached to the record

1.5 Device and diagnostic information

  • Device model, operating system version, app version, language, and time zone
  • Unique device identifiers and installation identifiers
  • IP address and approximate network-based location for security and abuse prevention
  • Crash logs, performance metrics, and error traces used to diagnose technical issues

2. How we use the information

PurposeExamples
Service deliveryAuthenticate users; record, store, and synchronise inspections; assign work; generate reports
Field workflowStamp inspections with time, location, and capturer; route records to reviewers and approvers
AI featuresAuto-summarisation, data extraction from photos and notes, anomaly detection, language translation, and similar features powered by third-party AI inference services
Security and integrityDetect fraudulent submissions, prevent unauthorised access, and maintain audit trails
Support and operationsRespond to Customer or user support requests; investigate incidents
Product improvementAggregate, de-identified analytics on feature usage and reliability
Legal and regulatoryComply with applicable laws, court orders, or lawful requests from public authorities

3. Lawful basis for processing

We process personal data on the following lawful bases under the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and other applicable law:

  • Performance of a contract between Aatar and the Customer, and between the Customer and the User as part of their employment or engagement;
  • Consent, where required (for example, certain camera or location features);
  • Legitimate uses, including security, fraud prevention, and service operation; and
  • Legal obligation, where processing is required by law.

4. Sharing of information

We do not sell personal data. We share personal data only with the following categories of recipients, and only to the extent necessary:

4.1 The Customer

All inspection records, identity information, location, and media captured through the App are made available to the Customer that provisioned your account. The Customer determines who within their organisation can access this data.

4.2 Sub-processors

We engage a limited set of vetted service providers (“Sub-processors”) under written agreements that require them to protect personal data and process it only on our instructions. Our current Sub-processors are:

Sub-processorPurposeProcessing location
Amazon Web Services, Inc. (AWS)Primary cloud hosting, storage, databases, backupsMumbai, India (ap-south-1)
Groq, Inc.AI/LLM inference for in-app intelligence features (summarisation, extraction, classification)United States
Identity and single sign-on provider (as configured by the Customer)Authentication and access managementAs designated by the provider
Crash and product analytics providerCrash reporting, stability monitoring, aggregate usage analyticsAs designated by the provider

An up-to-date list of Sub-processors is available on request at info@aatar.co. We require Sub-processors to maintain security standards consistent with this Policy and applicable law.

4.3 Legal and safety

We may disclose personal data when required by law, regulation, legal process, or enforceable governmental request, or where we believe in good faith that disclosure is necessary to protect rights, property, or safety.

4.4 Business transfers

If Aatar is involved in a merger, acquisition, financing, reorganisation, or sale of assets, personal data may be transferred as part of that transaction, subject to the protections in this Policy.

5. Where your data is stored

Primary storage of inspection content, identity data, media, and backups is in India (AWS Mumbai, ap-south-1). Limited categories of data may be transferred outside India strictly for the purposes described above — most notably, prompts and content sent to AI inference Sub-processors (Groq) for the duration of an inference request. Such transfers are made only to jurisdictions and entities that we consider provide adequate protection, and under contractual safeguards.

6. Data retention

We retain personal data processed through the App for as long as the Customer’s agreement with Aatar is in force, and as instructed by the Customer. On termination or expiry of that agreement:

  • Customer data is, by default, deleted or returned to the Customer within thirty (30) to ninety (90) days, as specified in the Customer’s agreement;
  • De-identified, aggregated data and limited operational records (such as audit logs and billing records) may be retained for longer where required to comply with law, resolve disputes, or enforce our agreements;
  • Backups containing personal data are overwritten in the ordinary course of our backup rotation.

7. Security

We implement reasonable security practices and procedures aligned with ISO/IEC 27001 controls and the Information Technology (Reasonable Security Practices) Rules, 2011. These include:

  • Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256);
  • Role-based access control and least-privilege provisioning for Aatar personnel;
  • Multi-factor authentication for administrative access;
  • Audit logging of access to inspection records;
  • Routine vulnerability scanning and periodic third-party security review;
  • Incident response procedures, including notification to affected Customers and authorities as required by law.

No method of transmission or storage is fully secure. We cannot guarantee absolute security but commit to acting promptly on any incident that affects your data.

8. Your rights

Subject to applicable law (including the Digital Personal Data Protection Act, 2023), you have the following rights with respect to personal data we process:

  • Right to access a summary of personal data being processed about you;
  • Right to correction and erasure of inaccurate, incomplete, or no-longer-required personal data;
  • Right to grievance redressal against Aatar or the Customer;
  • Right to nominate another individual to exercise rights in the event of death or incapacity;
  • Right to withdraw consent previously given, where processing relies on consent.

Because Aatar acts as a Data Processor on behalf of the Customer, requests relating to inspection content, your account, or your employment data should first be directed to your employer (the Customer). We will support the Customer in responding to such requests. You may also contact us directly using the details in Section 12 and we will route the request appropriately.

9. Children’s data

Aatar Inspect is intended exclusively for workplace use by adults (eighteen years and above). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will delete it without undue delay.

10. Cookies and similar technologies (web app)

The web version of Aatar Inspect uses strictly necessary cookies and local storage to maintain your session, remember preferences, and secure your account. We do not use third-party advertising cookies or cross-site tracking. You can clear cookies through your browser at any time; doing so may sign you out of the App.

11. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify the Customer or display an in-app notice. Continued use of the App after a change takes effect indicates acceptance of the updated Policy.

12. Contact us

For any questions, concerns, or requests relating to this Policy or your personal data, please contact:

Aatar Technology Solutions Pvt. Ltd.

Attn: Grievance Officer / Data Protection Contact
[Registered Office Address]

Email: info@aatar.co

We will respond to verifiable requests within the timelines required by applicable law.

© 2026 Aatar Technology Solutions Pvt. Ltd. All rights reserved.

Questions? Contact us →