Privacy Policy

CenterManager is a multi-tenant SaaS platform designed for service center management in India. Our platform is used by three types of users: Super Admins (our team), Center Admins (business owners who register a center), and Operators (staff added by Center Admins).

This policy applies to all users of the platform regardless of their role. We process personal data only as necessary to deliver the Service and to comply with applicable law, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.

Our registered office is at: 4th Floor, Tech Park, MG Road, Bangalore — 560 001, Karnataka, India. Our Data Protection Officer can be reached at privacy@centersaas.test.

We collect information in the following ways:

2.1 Information You Provide Directly

• Account Data: name, email address, phone number, role, and password (hashed) when registering or being added as an operator.
• Center Profile: business name, address, subscription plan, and service types configured by Center Admins.
• Task Data: task descriptions, assignments, completion status, carry-over records.
• Attendance Records: daily check-in status (Present / Half-Day / Absent) per operator.
• Salary Information: monthly base salary, calculated pay based on attendance.
• Documents: files uploaded through the Client Document Upload portal (scanned IDs, forms, etc.).
• Contact Form: name, email, message and inquiry type submitted via our website.

2.2 Information Collected Automatically

• Log Data: IP address, browser type, pages visited, timestamps, referrer URL.
• Session Data: login sessions stored in our encrypted session database.
• Device Information: screen resolution, operating system, browser version — used for UI rendering only.

2.3 Information We Do Not Collect

We use the personal data we collect for the following purposes:

• Service Delivery: create and manage accounts, enable task management, attendance tracking, and salary computation.
• Subscription Management: activate, suspend, or modify your center subscription plan.
• Communication: send transactional emails (password resets, plan expiry notices), respond to support requests.
• Security & Fraud Prevention: detect unauthorised access, enforce role-based access control, audit logs.
• Analytics & Improvement: aggregated, anonymised usage patterns to improve features — we never sell this.
• Legal Compliance: retain records as required under applicable Indian law.

We process your personal data under the following lawful grounds as defined by the Digital Personal Data Protection Act, 2023:

• Consent: you have provided explicit, free, informed consent during registration.
• Contractual Necessity: processing is necessary to perform the subscription contract and deliver the Service you subscribed to.
• Legal Obligation: we may process data to comply with court orders, government requests, or statutory requirements.
• Legitimate Interests: security monitoring, fraud prevention, and product improvement — balanced against your privacy rights.

You may withdraw consent at any time by contacting us at privacy@centersaas.test. Withdrawal will not affect the lawfulness of any processing carried out before withdrawal.

We are not in the business of selling or renting your personal data. We share data only in the following limited circumstances:

5.1 Within the Platform

Data is scoped to the appropriate panel. Operators see only their own tasks and attendance. Center Admins see all data within their center. Super Admins can access all centers for support and administration purposes.

5.2 Trusted Service Providers

• Hosting & Infrastructure: cloud servers hosted in India (or with data residency guarantees) — bound by strict data processing agreements.
• Email Delivery: transactional email providers for password resets and notifications.
• Payment Processors: if applicable, PCI-DSS certified third parties — they receive only the data necessary to process your payment.

5.3 Legal Requirements

We may disclose data if required by law, regulation, court order, or governmental authority, or to protect the rights, property, or safety of CenterManager, our users, or the public.

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.

After the applicable retention period, data is securely deleted or anonymised. You may request earlier deletion — see Your Rights.

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction:

• Encryption in Transit: all data transmitted between your browser and our servers is encrypted using TLS 1.2+.
• Password Hashing: all passwords are one-way hashed using bcrypt (cost factor 12) — we never store plaintext passwords.
• Role-Based Access Control: three distinct panels with scoped permissions ensure operators cannot access other operators' data.
• Session Security: sessions are stored in an encrypted database and invalidated on logout.
• CSRF Protection: all form submissions are protected with Laravel's built-in CSRF tokens.
• Regular Backups: encrypted daily backups with 30-day retention.

Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the following rights regarding your personal data:

To exercise any of these rights, email privacy@centersaas.test with the subject line "Data Rights Request". We will acknowledge within 72 hours and respond fully within 30 days. We may ask you to verify your identity before processing the request.

If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Board of India once it is constituted under the DPDP Act, 2023.

We use cookies and similar technologies to operate and improve our Service. We do not use third-party advertising cookies or behavioural tracking pixels.

Essential cookies cannot be disabled as they are required for the platform to function. You can manage cookies in your browser settings; however, disabling session cookies will prevent you from logging in.

CenterManager is a business-to-business platform intended for use by adults operating or working in service centers. We do not knowingly collect personal data from individuals under the age of 18 years.

If you believe a minor has provided us with personal data without appropriate consent, please contact us immediately at privacy@centersaas.test and we will take prompt steps to delete such data.

Our platform or website may contain links to third-party websites or services (e.g., payment gateways, social media). These external sites operate under their own privacy policies, which we do not control.

We recommend reviewing the privacy policy of any third-party site you visit. CenterManager is not responsible for the privacy practices of external sites and services.

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or product features. When we make material changes we will:

• Update the "Last Updated" date at the top of this page.
• Display a prominent notice within the CenterManager platform dashboard for at least 14 days.
• Send an email notification to the registered Center Admin email address.

Your continued use of the Service after the effective date constitutes acceptance of the revised policy. If you do not agree with the changes, please contact us to discuss your options or close your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer: