Privacy Policy

Effective Date: December 25, 2025

1. Introduction

Welcome to Longiflo. This Privacy Policy explains how we collect, use, and protect information in relation to our survey and QR code management services (the "Service").

This policy is designed to comply with India's Digital Personal Data Protection Act, 2023 (DDPA). In the context of the DDPA and our Service:

• You (Our Customer): When you create surveys or QR codes using Longiflo, you are the "Data Fiduciary." You determine the purpose and means of processing the personal data of the individuals who interact with your surveys or QR codes.
• Longiflo (The Platform): We act as the "Data Processor" on your behalf. We process the data you collect according to your instructions and the terms of our agreement with you.
• Your End-Users (Respondents/Scanners): The individuals who take your surveys or scan your QR codes are the "Data Principals."

This policy covers two types of data:

• Service Data: The data you collect from Data Principals through your surveys and QR codes, which we process on your behalf.
• Account Data: The information we collect directly from you when you register for and use your Longiflo account.

2. Information We Process for You (Service Data)

As a Data Processor, we process the following data based on the surveys and QR codes you create:

• Survey Responses: Answers to your survey questions, which may include text, numbers, voice recordings, and other personal data. All responses are encrypted at rest in our database.
• QR Code Scan Data: When your QR code is scanned, we collect the scanner's IP address, User-Agent (browser and device type), and the timestamp of the scan. We may also derive approximate location data (city, country) from the IP address for analytical purposes.
• Contact Information: If you configure your survey to collect personal identifiers like names or email addresses, we process that information as part of the survey response.

Your Responsibility: You, as the Data Fiduciary, are solely responsible for ensuring you have a lawful basis (such as obtaining valid consent under the DDPA) to collect and process this Service Data from your end-users.

3. Information We Collect from You (Account Data)

As a Data Fiduciary for our own customers, we collect the following to provide and manage your account:

• Account Information: Your name, email address, and a securely hashed password.
• Usage Information: We collect data about how you use our Service, such as the number of surveys created, QR codes generated, and credits used.
• Technical Information: Your IP address, browser type, and device information when you log in to your Longiflo account. We also log security events like login attempts and password changes.
• Third-Party Integrations: If you connect your Google account to sync data with Google Sheets, we securely store an encrypted refresh token to maintain this connection. We only use it for the purpose of syncing your data as you direct.

4. How We Use Information

• To Provide the Service (as a Data Processor): We use Service Data solely to operate, maintain, and provide the features of the Longiflo platform to you. This includes displaying analytics, enabling data exports, and processing voice transcriptions at your request. We will not use your Service Data for any other purpose without your explicit instruction.
• To Manage Your Account (as a Data Fiduciary): We use your Account Data to authenticate you, communicate with you about your account, process transactions, provide customer support, and enforce our terms.

5. Data Sharing and Disclosure

We do not sell your Account Data or Service Data. We may share information with trusted third-party service providers (sub-processors) who help us operate our platform, such as:

• Cloud Infrastructure: Google Cloud Platform (GCP) for database, storage, and hosting services.
• Voice Transcription: SarvamAI for processing voice recordings when you initiate a transcription.
• Session Management: Redis for secure and efficient session handling.

We will only disclose data to law enforcement or government authorities if required by law. As a Data Processor, if we receive a request for your Service Data, we will, where legally permissible, redirect the request to you.

6. Your Rights as a Data Principal (DDPA, 2023)

The DDPA grants individuals several rights over their personal data.

• If you are an End-User (Respondent/Scanner): Longiflo is a Data Processor for the data you provided. To exercise your rights to access, correct, erase, or file a grievance regarding your data, you must contact the person or organization (the Data Fiduciary) who created the survey or QR code. We will assist our customers in responding to your requests.
• If you are a Longiflo Customer: You have the right to access, update, or delete your Account Data. You can manage most of this information directly from your account settings. For other requests or grievances, please contact our Grievance Officer.

7. Data Security and Retention

We implement robust technical and organizational measures to protect all data, as detailed in our Security Statement.

We retain your Account Data for as long as your account is active with us. We retain Service Data on your behalf for as long as your account is active. You can delete surveys, QR codes, and individual submissions at any time, which will permanently erase the associated Service Data from our systems.

8. Grievance Officer

In compliance with the DDPA, 2023, we have appointed a Grievance Officer to address your concerns regarding data protection.

• Name: Johnny NY
• Email: grievance@longiflo.com

9. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, through other channels.