Skip to main content

Privacy Policy

Effective Date: April 27, 2026  |  Last Updated: April 27, 2026

ConcreteInfo ("we," "our," or "us") operates the ConcreteInfo Concrete Mix Management System ("Platform" or "Service"), a cloud-based software-as-a-service (SaaS) platform for concrete mix design, material testing, quality management, and construction analytics. This Privacy Policy describes how we collect, use, store, and protect your information when you use our Platform.

By registering for or using the Platform, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Full name, email address, phone number, organisation name, and profile photograph (if uploaded or provided via OAuth)
  • Design & Engineering Data: Concrete mix design parameters, material selections, proportions, calculated results, and associated project information you enter into the Platform
  • Testing & Quality Data: Laboratory test results, specimen data, compliance records, NCR/CAPA records, and SPC charts you create or upload
  • Project & Client Information: Client names, project names, site addresses, pour numbers, and location data you choose to associate with records
  • Communication Data: Messages, feedback, or support requests you send to us
  • Billing Information: Subscription preferences and payment information processed through Razorpay (we do not store card or bank details on our servers)

1.2 Automatically Collected Information

When you access or interact with the Platform, we may automatically collect:

  • Device and browser information (type, version, operating system, screen resolution)
  • IP address and approximate geographic location (city-level, derived from IP)
  • Session cookies for authentication (see Section 7)
  • Aggregate usage patterns — pages visited, features used, session duration, and timestamps

2. How We Use Your Information

We use collected information solely for the following legitimate purposes:

  • Service Delivery: Operate the Platform, perform calculations (IS 10262:2019, ACI 211.1, BRMCA, EFNARC, and other standards), generate reports, and deliver the features you subscribe to
  • Account Management: Authenticate your identity, manage sessions, process password resets, and verify your email address
  • Subscription & Billing: Manage your subscription plan, process payments through Razorpay, issue invoices, and send renewal or expiry notifications
  • Communications: Send transactional emails you have requested or that are necessary for the Service (design notifications, weather alerts, test result alerts, password reset, subscription updates)
  • Report Generation & Delivery: Generate and deliver PDF, Excel, Word, and CSV reports via email or download as part of the Service
  • Platform Improvement: Analyse aggregate, anonymised usage patterns to improve features, fix bugs, and enhance user experience
  • Security & Abuse Prevention: Detect and prevent unauthorised access, fraud, spam, and other abusive activities
  • Legal Compliance: Meet obligations under applicable Indian laws and regulations

3. Confidentiality of Your Data

3.1 Your Data Remains Yours

You retain full ownership of all data you enter into the Platform, including concrete mix designs, material data, test results, project information, and client records. ConcreteInfo does not claim any ownership, licence, or intellectual property rights over your data beyond what is necessary to provide the Service.

3.2 We Do Not Actively Scan or Analyse Your Data

We do not actively scan, read, mine, or analyse the content of your mix designs, test results, project records, or other business data for purposes beyond delivering the Service you have subscribed to. Specifically:

  • We do not access your design data to build profiles about your business, clients, or projects
  • We do not use your engineering data to train machine learning models, develop competing products, or create derivative datasets
  • We do not share or sell individual design data, test results, or client information with third parties for any purpose
  • Automated processes that process your data (calculations, report generation, email delivery) do so only in direct response to your actions within the Platform
  • Support personnel access your data only with your explicit permission, when you request assistance, or when required to resolve a technical issue you have reported

3.3 Isolation Between Accounts

Your data is logically separated from other users' data at the database level. Unless you explicitly share a design or report with another user, no other Platform user — including users within the same organisation unless granted access by an administrator — can view or access your data.

3.4 Confidentiality Obligations

ConcreteInfo treats all customer data as confidential. Our employees, contractors, and agents who may access data in the course of providing the Service are bound by confidentiality agreements. Unauthorised disclosure of customer data is grounds for immediate termination and legal action.

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share only the minimum information necessary with the following categories of processors who act on our behalf:

  • Razorpay (Payment Processing): Processes subscription payments. Their privacy policy: razorpay.com/privacy/
  • Google (OAuth Sign-In): Authenticates your identity when you choose "Sign in with Google." We receive only your name, email, and profile photo. Google's privacy policy: policies.google.com/privacy
  • SMTP Provider (Postfix): Delivers transactional and report emails you request. Email content is transmitted only in the course of delivering emails you or your organisation has initiated
  • Cloud Hosting Infrastructure (Coolify): Hosts the Platform on servers located in India. Data at rest and in transit is encrypted

All third-party processors are contractually obligated to process data only as instructed by ConcreteInfo and to maintain equivalent security standards.

4.2 Legal Requirements

We may disclose personal information if required by applicable law, valid legal process, or governmental regulation, or if we believe in good faith that disclosure is necessary to: (a) protect our rights, property, or safety or those of our users; (b) prevent fraud or security vulnerabilities; or (c) comply with a court order, subpoena, or similar legal obligation.

4.3 No Sale or Monetisation of Data

We do not sell, trade, rent, lease, or otherwise monetise your personal information or business data to any third party for any purpose. This includes your contact details, design data, test results, and usage patterns.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data will be transferred subject to the same confidentiality and privacy obligations described in this policy. We will notify you via email of any change in data ownership.

5. Data Security

We implement industry-standard technical and organisational measures to protect your information:

  • All data in transit encrypted via HTTPS/TLS 1.2+
  • Passwords hashed using bcrypt with adaptive cost factor
  • CSRF tokens on all state-changing forms
  • Parameterised (prepared) statements for all database queries
  • Input validation and output encoding (XSS prevention)
  • Session management with regeneration and timeout controls
  • Access control and audit logging for administrative actions
  • Infrastructure hosted on private servers within India

While we employ robust security measures, no system connected to the internet can guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and the relevant authorities within 72 hours as required by the DPDP Act 2023.

6. Data Retention

Data Category Retention Period
Active account data Duration of account existence
Mix designs, test results, project data Duration of account existence; deleted within 30 days of account deletion
Subscription & billing records 8 years from transaction date (Indian tax law requirement)
Server access & audit logs 90 days
Email delivery records 30 days
Session data & cookies Until session ends or cookie expires (max 30 days)

7. Cookies and Local Storage

When you first visit the Platform, we present a cookie consent banner explaining the cookies we use. By continuing to use the Platform, you consent to our use of essential cookies as described below.

We use only essential cookies required for the Platform to function:

  • Session Cookie (PHPSESSID): Maintains your logged-in state. Deleted when you close your browser
  • Remember Me Cookie: If you select "Remember Me," a persistent cookie stores an encrypted session token for up to 30 days
  • Theme Preference: Stores your light/dark mode preference in local storage

We do not use third-party advertising cookies, tracking pixels, or analytics cookies from external providers (Google Analytics, Meta Pixel, etc.).

8. Your Rights Under DPDP Act 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access & Portability: Download a complete copy of your personal data in machine-readable JSON format from your Profile page ("Export My Data"). This includes your profile, subscription history, mix design references, materials, test results, and activity log
  • Correction: Update your name, organization, country, phone, and preferences directly from your Profile page at any time
  • Erasure: Permanently delete your account and all associated data from your Profile page ("Danger Zone" section). Upon confirmation, all your designs, test results, materials, exports, and activity logs are irreversibly deleted. Records required by law (e.g., billing for tax compliance) are retained as mandated
  • Nomination: Nominate another individual to exercise your data rights in the event of your death or incapacity by contacting our Grievance Officer
  • Withdrawal of Consent: Withdraw consent for data processing at any time by deleting your account. Subject to data required for ongoing legal obligations
  • Grievance Redressal: File a grievance with our Data Protection Officer if you believe your data rights have been violated

To exercise any right, you may use the self-service tools in your account settings or contact our Grievance Officer at:

  • Email: amit@concreteinfo.in
  • Phone: +91-9930954848
  • Response Time: We will acknowledge your request within 48 hours and resolve it within 30 days, as required by the DPDP Act

9. Children's Privacy

The Platform is intended for use by professionals in the construction and concrete industry. It is not directed at individuals under 18 years of age. Registration requires an explicit age confirmation that the user is 18 or older. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal data, we will delete it promptly.

10. International Data Transfers

The Platform is hosted on servers located entirely within India. Your data is stored and processed in India. In the ordinary course of the Service, your data is not transferred outside India. If you access the Platform from outside India, your data continues to be stored in India, subject to Indian data protection laws.

11. Third-Party Links

The Platform may contain links to external websites or services (e.g., Razorpay payment pages, Google OAuth). This Privacy Policy does not apply to those external services. We encourage you to review the privacy policies of any third-party services you access through the Platform.

12. Data Breach Notification

In the event of a personal data breach that is likely to affect your rights and freedoms, we will:

  • Notify you via email within 72 hours of becoming aware of the breach
  • Inform the Data Protection Board of India as required by the DPDP Act 2023
  • Provide details of the breach, the data affected, and remedial actions taken
  • Take immediate steps to contain and remediate the breach

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes:

  • We will update the "Last Updated" date at the top of this page
  • We will notify registered users via email for significant changes
  • Continued use of the Platform after changes take effect constitutes acceptance of the revised policy

14. Grievance Officer

As required under the DPDP Act 2023, we have designated a Grievance Officer to address data protection concerns:

  • Grievance Officer: Amit Haridas
  • Designation: Founder & Data Protection Officer
  • Email: amit@concreteinfo.in
  • Address: ConcreteInfo, Pune, Maharashtra, India
  • Response Time: Acknowledgement within 48 hours; resolution within 30 days

15. Contact Us

For questions, clarifications, or requests regarding this Privacy Policy or our data practices:

See also our Terms of Service and Subscriber Agreement.