AnyGrid

Privacy Policy

Effective date: [EFFECTIVE_DATE]

1. Who we are

AnyGrid (“we”, “us”, “our”) is operated by [ANYGRID LEGAL NAME], [ADDRESS].

Contact: privacy@anygrid.app.

Data Protection Officer (DPO): [DPO NAME / EMAIL].

EU representative (for GDPR): [IF APPLICABLE].

2. Scope & applicability

This policy applies to our websites, apps, and services including wallet, bookings, trip planner (AI), fleet portal, and partner portal. It covers personal data processed under DPDP (India) and GDPR (EU).

3. Data we collect

  • Account & Identity: name, email, phone, fleet/company, role.
  • Transactions: bookings, sessions, payments, refunds, credits, invoices.
  • Device & Usage: device model, OS, app version, crash logs, cookies, IP.
  • Location: with consent, for live routing/ETA and nearby chargers.
  • Vehicle & Preferences: EV model, connector type, routing preferences.
  • Support & Comms: messages, call recordings (if disclosed).
  • Partners (CPO/OMC): OCPI/CSMS endpoints, settlement metadata.

4. How we use data (purposes & lawful bases)

  • Provide services (bookings, wallet, routing, support) — Contract / Consent
  • Payments & settlements — Contract / Legal obligation
  • Safety, security, fraud prevention — Legitimate interests / Legal obligation
  • Product analytics & service improvement — Legitimate interests / Consent (EU cookies)
  • Marketing (opt-in, withdraw anytime) — Consent
  • Legal compliance & disputes — Legal obligation / Legitimate interests

5. Retention

We keep data only as long as needed for service, tax/finance obligations (e.g., 7–10 years for invoices), or until consent is withdrawn where applicable.

6. Sharing & subprocessors

We use vetted vendors for hosting, analytics, messaging, payments, support, and operations (including OCPI/CSMS integrations). We only share what’s necessary under agreements with confidentiality and security obligations.

7. International transfers

We may transfer data internationally. Where required, we use safeguards such as SCCs, DPDP-compliant measures, and vendor due diligence.

8. Your rights (DPDP & GDPR)

  • DPDP (India): right to access, correction, erasure, grievance redressal, and nominate.
  • GDPR (EU): access, rectification, erasure, restrict, portability, object, and withdraw consent.

Exercise rights: privacy@anygrid.app. Supervisory authorities: [INDIA/COUNTRY DPA], EU DPAs.

9. Children’s data

Our service is not directed to children under applicable age thresholds. We do not knowingly collect children’s data.

10. Security

We use technical & organizational measures including encryption in transit/at rest, access controls, monitoring, and incident response.

11. Cookies & analytics

See our Cookie Notice. In the EU/EEA/UK, we only set non-essential cookies with consent.

12. App permissions (location, NFC, camera)

Permissions are requested only to deliver features: location for nearby chargers & routing; NFC/camera to start sessions (tap/QR). You can disable them in system settings, but features may degrade.

13. Contact & complaints

DPO: [DPO EMAIL]. Email privacy@anygrid.app. Complaints: [INDIA DPA LINK]; EU: relevant DPA.

14. Changes to this policy

We’ll post updates with a new effective date; material changes will be highlighted in-app or via email.