# Flucto – Privacy Policy **Version:** 1.2 **Effective Date:** February 18, 2026 **Last Updated:** February 18, 2026 --- ## 1. Introduction and Legal Basis This Privacy Policy explains how Flucto ("we", "us", "our" or the "Company") collects, uses, shares, and protects your personal data when you use the Flucto mobile application (the "App"), any related websites, and connected services and IoT devices (together, the "Services"). This Policy is designed to comply with, and be read in accordance with: - The Digital Personal Data Protection Act, 2023 (India) and its rules. - The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. - The Indian Contract Act, 1872. By using the App and Services, you agree to the practices described in this Policy, as updated from time to time. --- ## 2. Data Protection Officer and Contact We have appointed a Data Protection Officer (DPO) to oversee compliance and handle grievances and user requests. **Data Protection Officer** - Email: dpo@flucto.in - Address: Kolkata, West Bengal, India - Typical response time: within 10 business days The DPO is responsible for: - Monitoring compliance with this Policy and applicable data protection laws. - Handling access, correction, deletion, and portability requests. - Managing incident response and regulatory interactions where required. --- ## 3. What the Service Does (High-Level Overview) Flucto is an IoT water tank monitoring and pump-control solution that combines: 1. **A smart water pump Controller Unit** — an IoT-based device installed near your water pump that controls the pump's operation (on/off), implements safety features (lockout, stall detection), and communicates with the cloud. 2. **A wireless Sensor Unit** — a separate RF-based sensor module installed at your water tank that measures water level, temperature, and humidity, and transmits readings to the Controller Unit wirelessly. 3. **Backend cloud services** — hosted on Google Cloud / Firebase (Asia-South1, Mumbai, India) that receive, store, and process device data, manage user accounts, deliver notifications, generate reports, and serve firmware updates. 4. **A mobile application (the App)** — used to view live and historical data, configure devices, manage alerts, view daily reports, and control the pump remotely. **How setup works:** Users pair the device by scanning a QR code printed on the Controller Unit. The Controller temporarily creates a local WiFi access point (AP mode) that the user connects to via the App in order to provide home WiFi credentials and complete initial configuration. Once configured, the Controller connects to the user's home WiFi and begins sending data to the cloud. The system measures water level, temperature, humidity, and pump status at your tank, sends this data securely to our cloud backend, and presents it in the App in real time with historical charts, alerts, and AI-generated insights (optional). --- ## 4. Categories of Data We Collect We only collect data that is necessary to provide and improve the Services, and we keep it for no longer than required for those purposes. ### A. Identity and Account Data (Mandatory) **What we collect** - Full name (first and last name) - Email address - Mobile phone number (verified via SMS OTP during registration; also used for account security and potential future SMS notifications) - Optional profile picture (user-uploaded; JPEG, PNG, GIF, or WebP) - System-generated user ID, assigned role (e.g., owner, observer, manufacturer), and account creation date **Why we collect it** - To create and manage your account and authenticate you when you log in - To verify your identity via SMS OTP and help secure your account - To personalise the App (e.g., display your name and profile picture) and manage roles/permissions **Retention** - Retained for as long as your account is active and for up to 30 days after account deletion to complete closure and handle disputes, except where a longer period is required by law ### B. Age Confirmation Data **What we collect** - An age-confirmation statement (for example, a checkbox confirming that you are at least 18 years old at the time of registration) - We do not require you to provide full date of birth as part of normal registration **Why we collect it** - To ensure that only adults (18+) use the Services, in accordance with the DPDP Act, 2023 **Retention** - Stored as part of consent/audit logs and retained in line with our audit log retention described in Section 11 ### C. Consent and Legal Records **What we collect** - Whether you accepted the Terms of Use (yes/no) - Whether you accepted the Privacy Policy (yes/no) - Whether you confirmed the minimum age requirement (yes/no) - Timestamp when each consent was given - App version at the time consent was recorded **Why we collect it** - To demonstrate lawful processing and maintain a legally compliant audit trail **Retention** - Retained indefinitely or for as long as necessary for legal compliance ### D. Device and IoT Data (Mandatory for Functionality) **What we collect** From the smart Controller Unit and Sensor Unit: - Water level readings (percentage of tank fullness, 0–100%) - Pump status (ON/OFF) and pump run duration per cycle - Water level change (delta) during each pump cycle - Air temperature and humidity inside the water tank - Device connection status (online/offline) - Device ID (a 12-character identifier derived from the device's hardware MAC address — not linked to any person) - Hardware information (chip model, processor cores, memory capacity) and firmware version - Device configuration settings (measurement intervals, alert thresholds, lockout timers, calibration settings) - Operational events including: - Pump on/off events (with reason: automatic, manual, or remote) - Safety lockout activations and deactivations - Stall detection events (pump running with no water level change) - Low water alerts - Communication timeouts with the Sensor Unit - Configuration changes - Firmware update events (OTA start, progress, completion, failure) - Device boot/restart events - Connection/disconnection from the internet **Why we collect it** - To provide live dashboards, historical charts, and alerts for your water tank and pump - To enable automated and remote pump control and implement safety features (lockout, stall detection) - To diagnose device issues, monitor device health, and support over-the-air firmware updates - To generate daily usage reports **Retention** - Sensor readings and device's time-series data are retained for up to 5 days by default so that you can view historical trends; older data is automatically deleted - Certain critical safety or operational logs may be retained for a longer period where needed to investigate incidents or comply with legal obligations, but not beyond what is reasonably required ### E. App and System Logs, Diagnostics, and Security Data **What we collect** - Phone/tablet model, operating system version, app version (from the App) - Crash reports and error logs in production builds only (no user content; mainly stack traces and technical diagnostics) - API request timestamps, request types, device IDs involved, success/failure status, and IP addresses in backend audit logs - Device-side diagnostic logs: boot/restart events, error messages, signal strength, system warnings, and software crash reports (from the Controller Unit firmware) **Why we collect it** - To detect and fix bugs and improve the stability and security of the App, devices, and backend - To detect abuse and unauthorized access attempts and protect all users' data **Retention** - Crash reports and diagnostics: retained for approximately 90 days - System audit and security logs: typically retained for up to 90 days unless a longer period is needed for a specific investigation - Device diagnostic logs: retained for approximately 90 days ### F. Push Notification Data **What we collect** - Firebase Cloud Messaging (FCM) device tokens linked to your account and device, along with platform (Android / iOS) and token registration timestamps - Subscription to notification topics (e.g., device-specific alerts, marketing notifications) **Why we collect it** - To send push notifications about water level alerts, pump events, device health, and system messages to your mobile device - To deliver news and marketing related notifications ( **Retention** - FCM tokens are kept as long as you are logged in and notifications are enabled, and removed when you log out, disable notifications, or uninstall the App - Topic subscriptions are removed upon logout or account deletion ### G. Daily Reports and AI / Insight Data (Optional) **What we collect** - Daily water usage reports (self-contained HTML files) derived from your device data, containing: - Water consumption statistics and pump cycle analysis - Fill rate consistency metrics and fill time statistics - System health scores, leakage detection results, and sensor health assessments - Usage patterns, peak hour identification, and hourly consumption breakdowns - Anomaly detection with severity indicators - Environmental conditions (temperature, humidity) summaries - Interactive charts (water level trends, hourly usage, pump cycle histograms) - AI-generated insights and recommendations - Report generation timestamps and metadata (device ID, date, status) **AI Processing** - Reports may include insights generated by Google Gemini AI (currently gemini-2.5-flash model) to provide personalised recommendations about water usage - The AI analyses only water usage patterns, pump cycle data, and environmental conditions — **not** your personal identity data (name, email, phone) - AI-generated insights are informational only and do not make decisions on your behalf **Why we collect it** - To provide daily reports and optional AI-powered insights on your water use and pump performance - To help you understand trends and optimise water consumption **Retention** - Daily report HTML files are typically retained for upto 365 days by default and then removed - AI insights are generated as part of the report and share the report's retention period (approximately 365 days) **Optionality** - AI-powered insights and recommendations are optional; you can disable them in the App, in which case we will stop sending your data to Google Gemini for this purpose and will only generate basic non-AI reports ### H. Network and Connection Data **What we collect** - On the device: Wi-Fi SSID, local IP address, signal strength, and router gateway address, stored locally on the Controller for connectivity and troubleshooting; sent to the cloud only when explicitly needed for diagnostics - On the backend: IP addresses in audit/security logs; no GPS coordinates or continuous location tracking is performed **Why we collect it** - To connect your device securely to your home network and our cloud servers - To troubleshoot connectivity issues and protect against abuse **Retention** - Wi-Fi credentials are stored encrypted on the device until you change or factory-reset it - IP addresses in security logs are retained for up to 90 days as part of audit and security monitoring ### I. Access Request Records **What we collect** - User ID of the person requesting access to a device - Device ID they want to access - Request timestamp - Approval or denial decision - User who approved or denied the request - Approval/denial timestamp **Why we collect it** - To manage multi-user device access (e.g., sharing access with family members or a building manager) - To maintain an audit trail of permission changes **Retention** - Pending requests expire automatically during daily maintenance - Completed request records are retained for up to 90 days ### J. Platform and Marketing Notification Records **What we collect** - Platform announcement content (titles, messages, images) - Marketing campaign records (campaign ID, title, message, images, target audience, delivery status) - Per-user notification read status - Notification creation and expiration timestamps **Why we collect it** - To communicate system maintenance schedules and important platform updates - To send optional promotional offers and feature announcements (with your consent) - To track which notifications you have read **Retention** - Platform notifications: until their expiration date (if set), or approximately 90 days - Marketing campaign records: approximately 90 days **User control** - You can opt out of marketing notifications through App settings --- ## 5. How and Why We Use Your Data We use your data only for specific, lawful purposes that are clear to you: | Data Type | Main Purposes | Legal Basis (DPDP) | |---|---|---| | Identity & Account Data | Account creation, authentication, role/permission management, account recovery, core service communication | Contract performance; legitimate purposes | | Age Confirmation & Consent Data | Enforcing 18+ eligibility, complying with child-data restrictions, demonstrating lawful processing | Compliance with law | | Device & IoT Data | Real-time monitoring, alerts, reports, device health and safety features, remote and automated pump control | Contract performance | | Logs, Diagnostics & Security | Bug fixing, performance optimisation, security monitoring, incident investigation | Legitimate purposes; compliance with law | | Push Notification Tokens | Delivery of alerts, system notices, and optional marketing with your consent | Contract (service alerts); consent (marketing) | | Daily Reports & AI Insights | Generating reports and optional AI-based recommendations | Consent | | Network & Connection Data | Connecting devices, Wi-Fi troubleshooting, securing infrastructure | Contract performance; legitimate purposes | | Access Request Records | Multi-user access management, audit trail | Contract performance | | Platform & Marketing Notifications | System announcements, feature updates, promotional communications | Legitimate purposes (marketing) | We do not sell your personal data to advertisers or data brokers, and we do not use your sensor data to build advertising profiles. --- ## 6. App Permissions The App requests the following permissions on your mobile device. These are required by the operating system and are used solely for the purposes described below: | Permission | Purpose | |---|---| | **Camera** | To scan the QR code printed on the Controller Unit during initial device setup and pairing | | **Location** (Fine & Coarse — Android) | Required by Android to scan for nearby WiFi networks during device setup. **We do not track, store, or transmit your location.** This permission is used purely at the operating system level to enable WiFi scanning. | | **Nearby WiFi Devices** (Android 13+) | Modern Android permission for WiFi scanning without requiring background location | | **WiFi** (Access & Change state) | To connect to the Controller's WiFi hotspot during initial setup and configuration | | **Notifications** | To deliver push notifications (water level alerts, pump status, reports, system messages) | | **Internet** | To communicate with cloud servers for real-time data, notifications, and reports | | **Network State** | To detect whether the phone has an active internet connection | > **Important:** Location data is **never stored, transmitted, or shared** by the App. It is used purely at the operating system level to enable WiFi scanning, as required by Android. --- ## 7. Mandatory vs Optional Data and Consent Some data is necessary for the App and devices to function, and some is optional. **Mandatory (required to use the core Service)** - Identity and Account Data (name, email, phone, login credentials) - Device and IoT Data (sensor readings and device status) - Logs and diagnostics strictly necessary for security and stability - Network and connection data needed to connect the device to the cloud If you do not provide this data, we may not be able to create your account, connect your devices, or provide the Services. **Optional (you can withdraw consent)** - AI / Gemini-based insights - Any marketing or promotional notifications not strictly related to service operation - Any additional analytics or experimental features that we explicitly label as "optional" in-app You can withdraw your consent for optional processing at any time via in-App settings or by contacting the DPO. --- ## 8. Cookies and Local Storage The mobile App does not use cookies in the browser sense, but it stores certain data locally on your device such as: - **Time-series cache** — Water level and pump status chart data stored in a local SQLite database for performance, automatically deleted after approximately 24 hours - **UI state flags** — Stored in local preferences (SharedPreferences) until you uninstall the App, including: - Onboarding completion status - Notification read status (list of read notification IDs) - Last-selected device ID No personal identifiers such as your name, email, or phone are stored in plain text on the device. The local SQLite database is stored in the App's private directory, inaccessible to other apps. --- ## 9. Third-Party Service Providers We rely on reputable third-party providers to deliver the Services. These providers act as processors on our behalf and are bound by appropriate data protection and security obligations. **Core infrastructure and authentication** - **Google Firebase / Google Cloud Platform (Google LLC)**: Authentication, Firestore, Realtime Database, Cloud Storage, Cloud Functions, Crashlytics, Cloud Messaging, App Check, Play Integrity - **Google Sign-In (Google LLC)**: Social login when you choose Google sign-in - **Facebook Login (Meta Platforms, Inc.)**: Social login when you choose Facebook login **Messaging and IoT connectivity** - **EMQX Cloud (EMQ Technologies)**: Managed MQTT broker for secure message routing between devices and our backend — acts as a pass-through and does not permanently store your data - **NTP Servers**: Time synchronisation for devices (no personal data) **AI and analytics** - **Google Gemini AI (Google LLC)**: AI-based insights and recommendations (optional, opt-in) — analyses only water usage patterns and environmental data, not personal identity data **SMS and contact validation** - **Msg91 (Walkover Web Solutions Pvt. Ltd.)**: SMS gateway for OTP delivery during phone number verification - **Phone-validation provider (e.g., NumLookupAPI)**: Optional phone number validation for deliverability and fraud prevention — validation is real-time only and results are not stored permanently We do not allow these providers to use your data for their own marketing or profiling purposes beyond what is necessary to perform their services. --- ## 10. Data Sharing and Transfers We may share your data: - With the service providers listed above to operate the Services - With other users you authorise (e.g., when you grant observer access to a device) - With regulators, law enforcement, or courts when required by applicable law - In connection with a merger, acquisition, or sale of all or part of the business (subject to safeguards and notice) Our primary data hosting region is Asia South (Mumbai, India) using Google Cloud and Firebase. Where limited cross-border transfers occur (e.g., for Google Cloud infrastructure redundancy or third-party authentication services), we rely on contractual protections and security measures such as encryption in transit and at rest. --- ## 11. Children's Data The Services are intended for adults and are **not intended for children under 18 years of age**. We do not knowingly collect personal data from children under 18. If we learn that a user is under 18, we will disable the account and delete associated personal data within a reasonable period, except where retention is required by law. Parents or guardians who believe their child has provided us with personal data may contact the DPO to request deletion. --- ## 12. Data Retention and Deletion We apply the following general retention periods: | Data Type | Typical Retention | Reason | |---|---|---| | Identity & Account Data | Life of the account + up to 30 days | Account management, dispute handling | | Consent & Audit Records | Indefinite (as long as legally required) | Demonstrate lawful processing | | Device & IoT Sensor Data | ~12 months / 365 days (configurable) | Historical trends, reports, troubleshooting | | Device Diagnostic Logs | ~90 days | Troubleshooting recent issues | | Daily Reports (HTML) | ~30 days (configurable) | Recent analysis and user access | | AI Insights (within Reports) | Same as daily reports (~30 days) | Part of the report content | | Crash & Diagnostic Logs (App) | ~90 days | Stability and security analysis | | System Audit / Security Logs | ~90 days (longer if under investigation) | Security monitoring and compliance | | FCM Notification Tokens | Until logout or uninstall | Push notification delivery | | Access Request Records | Until expiry or ~90 days | Permission audit trail | | Marketing Campaign Records | ~90 days | Audit trail and effectiveness tracking | | Platform Notifications | Until expiration date or ~90 days | Time-limited announcements | | Device Health Monitoring Data | ~30 days | Recent health history for troubleshooting | | Dynamic MQTT Credentials | 24–48 hours (auto-expiring) | Short-lived device authentication | | Profile Pictures | Until user changes/removes or deletes account | Displaying user profile | When data is no longer needed, it is deleted or anonymised in our production systems and backup copies are overwritten after their standard retention period. You can request deletion of your account and personal data as described in Section 14. **What happens when your account is deleted:** 1. User profile is permanently deleted from Firestore 2. Device associations are removed from user profile 3. FCM tokens are unsubscribed from all topics and removed 4. Profile picture is permanently deleted from Cloud Storage 5. User-specific notifications and read statuses are deleted 6. Marketing notification preferences are deleted 7. User is removed from Firebase Authentication 8. Audit/security logs are retained for up to 90 days (security requirement) 9. Sensor data is retained if the device is still in active use by other authorised users --- ## 13. Data Security We implement technical and organisational measures designed to protect your data, including: - Encrypted communications using HTTPS/TLS for all App-to-cloud and device-to-cloud transmissions - MQTTS (MQTT over TLS/SSL) for device-to-broker communication - Authentication and authorisation controls (Firebase Auth, device credentials, custom JWT claims) - Role-based access controls for device owners and approved observers, enforced at database, API, and application layers - Firebase App Check and Google Play Integrity to prevent unauthorised applications and bots from accessing the backend - Encrypted storage of Wi-Fi and cloud credentials on the device (NVS encryption) - Dynamic MQTT credentials with automatic rotation (24–48 hour lifetime) to limit exposure - Secure boot, firmware signing, and OTA update validation for devices - Rate limiting on all API endpoints to prevent abuse and denial-of-service attacks - Input validation on all incoming data (webhooks, API requests, MQTT messages) - Logging and monitoring of system access and key security events - Data isolation: each user's data is logically separated, and database security rules enforce access controls No system can be guaranteed to be 100% secure. If we become aware of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant authorities as required by law, typically within 72 hours of detection. --- ## 14. Your Rights Under the DPDP Act Subject to applicable law, you have the right to: - Access your personal data - Correct inaccurate or incomplete data - Request erasure/deletion of your personal data (subject to legal retention) - Request data portability where technically feasible (e.g., export sensor data in JSON/CSV, download reports, export profile picture) - Withdraw consent for optional processing (such as AI insights or marketing) **How to exercise these rights** - Use the relevant features in the App where available (e.g., update profile, leave a device, manage notifications) - Email the DPO at `dpo@flucto.in` with the relevant subject line (e.g., "Data Access Request", "Data Deletion Request") We aim to respond within reasonable timelines consistent with applicable law. --- ## 15. Grievance Redressal If you have concerns about how your data is handled: 1. Contact the DPO at `dpo@flucto.in` with details of your concern 2. If unresolved, you may escalate to the Data Protection Board of India as per applicable procedures --- ## 16. International Data Transfers and Localisation Your data is primarily stored and processed in India (Asia South region, Google Cloud/Firebase). Where transfers outside India occur (for example, for Google Authentication infrastructure or EMQX MQTT broker services in the Asia-Southeast region), they are limited to what is necessary to provide the Services and are protected using contractual and technical safeguards, including encryption in transit and at rest. --- ## 17. Automated Processing and AI Our system uses automated processing to: - Validate and store sensor readings - Trigger alerts based on user-configured thresholds - Calculate device health scores and detect anomalies - Generate daily reports with usage metrics, pump cycle analysis, and fill rate statistics - Generate AI-based insights where you have opted in (using Google Gemini AI) Automated processing does not make legal or similarly significant decisions about you. AI-generated insights are informational only and do not make decisions on your behalf. All alerts and thresholds are configured by you. --- ## 18. Changes to This Policy We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy within the App and seek renewed consent where required. --- ## 19. Contact and Support For privacy questions, rights requests, or grievances: - Data Protection Officer: dpo@flucto.in - General Support: support@flucto.in - Address: Kolkata, West Bengal, India