Privacy Policy

1. Information We Collect

We collect the following categories of information to provide and operate the Service:

• Account Information: Name, email address, and password when you create an account.
• Firm Information: Firm name, project prefix, city, and business address provided during onboarding. This is used solely to configure your workspace.
• Google Account Data: If you sign in with Google, we receive your name, email, and profile picture, and request access to Google Drive for project folder management. Calendar access is not requested during sign-in — it is requested separately only if you choose to enable calendar sync from Settings.
• Payment Information: When you subscribe to a paid plan, payment details are processed by our third-party payment provider (Razorpay). We do not store your card or bank details on our servers.
• Usage Data: Log data, device information, browser type, IP address, pages visited, and interactions with the Service for debugging and improvement purposes.

2. How We Use Your Information

• To provide, maintain, and improve the Service.
• To manage your account, process subscriptions, and communicate with you about the Service.
• To create and manage Google Drive folder structures for your projects.
• To send transactional emails (welcome emails, project notifications, password resets).
• To enforce our Terms & Conditions and protect against fraud or misuse.
• To comply with applicable laws and regulations.

3. Data Sharing & Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: Third-party providers who assist us in operating the Service (e.g., cloud hosting, payment processing via Razorpay, email delivery).
• Legal Requirements: When required by law, regulation, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

4. Tenant Data Isolation & Ownership

5. Data Storage & Security

Your data is stored on secure, encrypted servers with industry-standard security measures including encrypted connections (HTTPS/TLS), secure password hashing (bcrypt), tenant-scoped database queries, and role-based access controls within your workspace. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

7. Your Rights

You have the right to:

• Access, correct, or delete your personal data.
• Withdraw consent for data processing where applicable.
• Export your project data.
• Opt out of marketing communications.

To exercise any of these rights, contact us at [email protected].

8. Cookies & Analytics

We use essential cookies to maintain your session and preferences. We may use analytics tools (such as Google Analytics) to understand usage patterns and improve the Service. You can control cookie settings through your browser.

9. Google API Services — User Data Policy & Limited Use Disclosure

DesignOS integrates with Google Workspace APIs (Google Drive API, Google Calendar API) to provide project folder management and calendar features. Our use of information received from these APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google OAuth Scopes Requested & Justification

DesignOS uses incremental authorization — we only request the permissions we need, when we need them. This means you are never asked for more access than necessary at any given step.

How We Use Google Data — Scope by Scope

• Google Drive (drive.file): We use Drive access solely to: (1) create a centralised "DesignOS" root folder during onboarding; (2) create organised project folder structures with subfolders (Drawings, 3D Renders, Client Approvals, etc.) when you create a project; (3) share project folders with team members when they are added to a project; (4) upload and manage project documents attached to bills and communications. We do not have access to your entire Google Drive — only to files and folders created by DesignOS.
• Google Calendar (calendar.events, calendar.readonly): Calendar access is optional and only granted when you explicitly choose to connect your calendar from Settings → Calendar. Once connected, we use Calendar access solely to create project milestone events, deadline reminders, and site visit entries, and to read your existing events for availability checking when scheduling. You can use DesignOS without ever connecting your calendar.
• Authentication (openid, email, profile): We use these solely for sign-in, account creation, and displaying your name and email within the DesignOS interface.

Token Storage & Security

• Your Google OAuth access token and refresh token are stored in our encrypted database, transmitted only over HTTPS/TLS, and are never logged, shared with third parties, or exposed to client-side code.
• Access tokens are short-lived (1 hour) and automatically refreshed using the refresh token only when a Drive or Calendar operation is triggered by you.
• Tokens are associated with your user account and are never used to access data of other users or for any purpose outside the features described above.

What We Do NOT Do With Google Data

• We do not sell, lease, rent, or share your Google user data with any third parties for advertising, analytics, market research, or any purpose unrelated to the core functionality of DesignOS.
• We do not use your Google data for training machine learning models, profiling, or any automated decision-making.
• We do not mine, scrape, or index the content of your Google Drive files or calendar events for any purpose beyond providing the DesignOS service.
• We do not access your Gmail inbox, email content, or contacts through these scopes.

Revoking Google Access & Data Deletion

You can revoke DesignOS's access to your Google account at any time through your Google Account permissions page.

• Calendar access: Since calendar permissions are granted separately, you can revoke calendar access independently without affecting your sign-in or Drive access. Revoking calendar permissions will stop DesignOS from creating or modifying calendar events, but your existing events will remain in your Google Calendar.
• Full revocation: Revoking all Google permissions will stop DesignOS from creating Drive folders, syncing calendar events, or accessing any Google data. Existing project data within DesignOS (task names, budgets, contacts) will remain intact. Drive folders already created will remain in your Google Drive under your ownership.
• Account deletion: If you request deletion of your DesignOS account, we will delete all stored Google tokens (access and refresh tokens) within 30 days. Project folders in your Google Drive are owned by you and remain unless you delete them manually.
• To request data deletion, email [email protected] or use the Data Export feature in Settings before requesting deletion.

10. Third-Party Links

The Service may contain links to third-party websites (e.g., Google Drive). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Techsharingb
320, Ground Floor, Service Rd, NGR Layout,
Bommanahalli, Bengaluru, Karnataka 560068
Email: [email protected]
Phone: +91 77607 40596