Privacy Policy

TrueLocation Mobile Application & Website

This Privacy Policy constitutes a legally binding agreement between Deskotel Communications Private Limited (“Deskotel”, “We”, “Us”) and users of the TrueLocation app and website (“Users”). It governs the collection, processing, storage, and sharing of personal and sensitive personal data (“Information”) in accordance with applicable Indian laws. It also extends to third-party service providers acting on behalf of Deskotel for delivering specific features (e.g., maps, authentication), under strict confidentiality obligations. The term “Information” includes personal data and sensitive personal data or information (SPDI) as defined under Rule 3 of the IT SPDI Rules and the DPDP Act, 2023.

What We Collect: We collect personal information such as your full name, mobile number, email address, device type, and registration credentials when you download and register on TrueLocation. We also access your photo library (for profile picture) and contacts (for adding trusted contacts) only when you initiate those actions — neither is uploaded or stored beyond that purpose.

Purpose and Lawful Basis: This data is required to: (a) Identify the user uniquely, (b) Facilitate login and communication, (c) Deliver core app services (e.g., contact recognition, call-triggered location sharing). Lawful basis: Consent under Section 5 of the DPDP Act, and performance of essential service obligations under the Information Technology Act, 2000.

Protection Measures: All personal data is encrypted during transit using TLS protocols and is stored on ISO 27001:2022-certified secure servers hosted in secured data centers located in India.

What Qualifies as SPDI: In accordance with Rule 3 of the SPDI Rules, the following data qualifies as sensitive: (a) Location data captured during phone call events with trusted contacts, (b) Call metadata (timestamp, duration, contact name/number), (c) Access to selected trusted contacts.

Purpose: This data enables TrueLocation to: (a) Share your location with trusted contacts during call events, (b) Enable precise contact matching, (c) Support features like trusted contact verification.

Legal Basis: Explicit consent is obtained under the DPDP Act (Sections 6 and 7). We do not process SPDI without consent unless required under statutory law or judicial direction.

Consent Mechanism: We use explicit, opt-in consent prompts within the app at the time of registration and before enabling location or contact-based features. All permissions are granular and context-based (e.g., phone state, background location).

Consent Revocation: Users may revoke previously granted permissions by: (a) Adjusting app-level or device-level permission settings, (b) Requesting account deactivation or deletion via info@truelocation.ai.

Logging and Retention: Consent logs are securely stored with timestamp, purpose, and scope of permissions granted to ensure auditable compliance with DPDP mandates.

Data Usage: Your data is used only for the core functionality of the app, such as: (a) Triggering location sharing during phone call events with trusted contacts, (b) Delivering location information to trusted contacts, (c) Responding to security or support queries, (d) Preventing abuse or technical faults.

Voluntary Surveys and Feedback: We may occasionally conduct voluntary user surveys to gather feedback or improve app functionality. Participation is optional. Any data shared through surveys will be processed as per this policy and never sold or disclosed outside Deskotel or its service providers.

No Personal Data for Advertising: While we may display ads during app usage to support our free model, we do not use your personal or sensitive data for ad targeting or marketing purposes unless explicitly consented to. All ads are generic or contextual, and no user-identifiable information is shared with advertisers. This complies with the principle of purpose limitation under Sections 4 and 5 of the DPDP Act.

Data Minimization: Only data essential for these specific functions is collected, processed, and retained. No unnecessary or excessive data is gathered.

Display of Advertisements: To support our free-to-use model, users may be shown relevant banner ads or short video advertisements during or after call-triggered location sharing. These ads are delivered through compliant ad SDKs. No personal or sensitive data is shared with advertisers. Users may manage ad personalization preferences through their device settings.

Third-Party Ad Services: TrueLocation displays advertisements using third-party advertising services such as Google AdMob. These services may collect and use: (a) Advertising ID, (b) Device information, (c) App interaction data. This information is used solely to display advertisements and measure ad performance. TrueLocation does not share personal or sensitive personal data with advertisers.

Google’s use of data is governed by its privacy policy: https://policies.google.com/technologies/ads

TrueLocation does not use your personal or sensitive data for any automated decision-making processes that have legal or similarly significant effects. There is currently no profiling, behavior tracking, or automated data analysis for commercial use.

If in the future we implement personalized content or targeted advertisements based on user behavior or profiles, we will comply with all applicable laws including the DPDP Act. Users will be notified clearly through app updates or in-app notices. Any such profiling will follow transparency, purpose limitation, and user control obligations.

Tracking Purpose: The app captures location only when a phone call is initiated or received from a verified trusted contact and you’ve granted background location access. Location is not polled continuously between calls.

Transparency and Notification: You are informed of background activity through: (a) Clear consent prompts when enabling background location, (b) App dashboard visibility showing permission status.

Background Location Usage: TrueLocation uses background location permission solely to detect incoming and outgoing calls with trusted contacts and fetch your location at that moment. It does not continuously poll GPS or build a movement trail between calls. Users may disable background location at any time through app settings or device-level permissions.

Technical Safeguards: Location data is encrypted and never shared with third parties.

Legal Basis: Location access is granted through user consent under Section 7 of the DPDP Act. Use is restricted to call events and in compliance with Rule 5 of the IT SPDI Rules for user safety-related purposes.

Last Known Location: If a trusted contact's device is switched off or unreachable, the app may display their last known location from the most recent call event. This data is retained as part of the user's location history and is subject to the same encryption, retention, and deletion policies.

Why We Access Contacts: TrueLocation allows users to select trusted contacts who will receive location information during call events. We: (a) Access contacts locally on the device, (b) Do not upload the full contact list to our servers, (c) Only store selected trusted contact info (with encryption).

User Control: Users may update or remove trusted contacts at any time via the app dashboard.

Legal Basis: Consent is taken explicitly under Section 6 of the DPDP Act and Rule 5(4) of the IT SPDI Rules. Contact access is limited to user-selected entries and not uploaded in full.

Purpose: TrueLocation uses the Phone State permission (not call log access) to detect when a phone call with a trusted contact begins or ends. This triggers the app to fetch and share your location. Call event metadata (timestamp, duration, contact number) is recorded for the user’s call-based location history within the app.

Scope: Location sharing is triggered only by regular cellular phone calls (incoming, outgoing, and missed). VoIP calls, WhatsApp calls, other app calls, video calls, or any other internet-based calling services do not trigger location sharing.

Scope: We do not read your call logs, access call content, or collect data about calls with non-trusted contacts.

Data Handling: Call event metadata (contact number, call time, duration) is captured in real-time via phone state detection — not by reading stored call logs. All data follows strict encryption standards.

Legal Basis: Phone state access is based on user consent under Section 6 of the DPDP Act. It is declared in line with Google Play’s permission use case for safety applications.

Display Over Other Apps (SYSTEM_ALERT_WINDOW): TrueLocation uses this permission to display the caller's location as a popup card on your screen during phone calls. This overlay appears over the phone dialer so you can see the address without leaving the call. Without this permission, TrueLocation cannot show location during calls. This permission does not allow the app to read your screen content, interact with other apps, or display advertisements over other apps.

Battery Optimization Exemption (REQUEST_IGNORE_BATTERY_OPTIMIZATIONS): Android's Doze mode pauses background services to conserve battery. TrueLocation requests exemption from battery optimization so its call-detection service remains active and can respond to incoming and outgoing calls immediately. This does NOT mean TrueLocation runs GPS continuously. Location is fetched only during call events — typically a few seconds per call. This permission ensures reliability, not constant activity.

Start on Boot (RECEIVE_BOOT_COMPLETED): This normal-level permission allows TrueLocation to restart its call-detection service after a device reboot. Without it, the user would need to manually open the app after every phone restart for location sharing to work. No user data is accessed or transmitted during boot.

Legal Basis: All system permissions are requested with explicit user consent at runtime, in compliance with Google Play's Developer Programme Policies and the DPDP Act Section 6. Users can revoke any permission at any time through Android Settings.

Purpose: If enabled, TrueLocation may read or trigger SMS sending only for the purpose of transmitting or detecting OTPs required for user login or verification.

Scope and Limitations: (a) SMS access is restricted to OTP messages and only during registration or login. (b) The app does not store, forward, or access message content beyond the OTP itself.

User Awareness: A runtime permission prompt is presented before accessing any SMS features. Users may choose to enter OTP manually.

Legal Basis: This is implemented in accordance with Google Play’s SMS policy and DPDP’s Section 7 on limited lawful use.

Collected Data: TrueLocation collects device data such as model name, OS version, screen size, crash logs, and hardware information for: (a) Debugging issues, (b) Improving app performance, (c) Ensuring compatibility across devices.

No Personal Linking: These logs are never linked to user identity and are only used in aggregate or anonymized form.

Data Security: Diagnostics are stored securely with access restricted to authorized personnel and developers.

Legal Basis: Diagnostic data is collected under legitimate interest for service improvement per Section 5(c) of the DPDP Act. Logs are anonymized and used in accordance with SPDI Rules.

Purpose: We collect anonymized session data such as IP address, login timestamp, and app version to: (a) Detect fraudulent activity, (b) Manage concurrent sessions securely, (c) Troubleshoot network issues.

Retention & Security: Session logs are encrypted and retained as per CERT-IN guidelines (minimum 180 days).

Legal Reference: This logging mechanism is compliant with Rule 6 of the SPDI Rules and aligns with Google Play safety standards.

Retention Period: (a) Account data is retained only as long as the user actively uses the app. (b) Inactive accounts and associated data are auto-deleted after 180 days from last activity or explicit deletion request. (c) Location and metadata logs are cleared within 30–180 days depending on security audit rules.

Deletion Mechanism: Users may initiate deletion by: (a) Navigating to “Account Settings > Delete Account” in-app, (b) Emailing a formal request to info@truelocation.ai.

Backup Removal: All deleted user data is also removed from our backup systems within 180 days of deletion confirmation.

Cascading Deletion: When a user deletes their account, all location data shared with their trusted contacts is also removed from those contacts' history. No residual data remains visible to any other user after deletion.

Compliance: Retention periods comply with Rule 6 of the IT SPDI Rules and CERT-In’s cybersecurity directives.

We implement robust security measures to protect your data: (a) TLS encryption for all data in transit, (b) AES-256 encryption for all data at rest, (c) Secure server infrastructure hosted in secured data centers in India, aligned with ISO 27001:2022 practices, (d) Role-based access controls with multi-factor authentication, (e) Regular security audits and penetration testing.

Data Sovereignty: All personal data is stored exclusively on servers located in India. We do not transfer personal data outside India under any circumstances. All systems are monitored for unauthorized access and comply with CERT-In cybersecurity directives.

Use Cases: TrueLocation integrates SDKs for features such as: (a) Google Maps APIs (for map visualization), (b) Firebase Crashlytics (for crash detection), (c) OTP SMS gateways (for mobile verification), (d) Google AdMob (for non-targeted advertisements).

Safeguards: (a) All SDKs used are vetted for compliance with the DPDP Act and Google’s SDK disclosure policy. (b) No SDK has access to unnecessary permissions beyond its core function. (c) All SDKs are contractually bound to comply with Indian data protection laws.

No Data Selling or Sharing: We do not sell or share user data with SDK providers. Data access is scoped to technical performance only.

TrueLocation is not intended for children under the age of 18. We do not knowingly collect or process personal data of minors. Minors cannot create accounts, install the app, or be added as users. Both users must be 18+ to use TrueLocation.

If you believe a minor has provided us with personal data, please contact info@truelocation.ai for immediate deletion.

Your Rights: Under Section 11 of the DPDP Act, you are entitled to: (a) View data collected about you, (b) Request corrections to inaccurate data, (c) Request a machine-readable copy of your data, (d) Request export of data in a portable format.

How to Request: (a) Send a request to info@truelocation.ai from your registered email ID. (b) Provide identification verification as required by law.

Timeline: Requests are acknowledged within 7 working days and fulfilled within 15 working days.

Under Sections 6 and 13 of the DPDP Act: (a) Users may withdraw consent at any time via app settings or email. However, withdrawing consent for essential permissions may limit or disable core functionality. (b) Users may nominate a legal heir or guardian for account recovery or data access. (c) Users may escalate unresolved grievances to the Data Protection Board of India.

Such consent shall be deemed valid until explicitly revoked and shall be governed by the provisions under Section 6 of the DPDP Act, 2023.

In the event of a data breach: (a) Deskotel will notify affected users within 72 hours. (b) We will provide details of the nature of breach, scope, and rectification steps. (c) We will also report the incident to the Indian Computer Emergency Response Team (CERT-In) as per government mandate.

This complies with CERT-In’s cybersecurity directives and the DPDP Act’s breach notification requirements.

TrueLocation may use cookies and local storage tools to: (a) Improve user experience by saving preferences, (b) Track anonymous usage patterns and session flow, (c) Facilitate secure login and verification.

User Control: (a) You may accept or refuse cookies through your browser settings. (b) Rejecting cookies may disable certain functionalities. (c) Cookies do not collect sensitive personal data unless explicitly provided during a session.

Deskotel reserves the right to: (a) Suspend or terminate user accounts for security violations or illegal activities. (b) Report suspected abuse (e.g., impersonation, stalking) to authorities. (c) Revoke access to services if terms or policies are violated.

All actions are governed by the Indian IT Act, SPDI Rules, and applicable terms of service.

Indemnity: Users agree to indemnify Deskotel against all claims, damages, liabilities, and costs arising out of: (a) Breach of this policy or applicable laws, (b) Unauthorized access or misuse of the app, (c) Third-party claims arising due to user’s use of the service.

Limitation: Deskotel shall not be liable for indirect, incidental, or consequential damages arising from use of TrueLocation.

TrueLocation relies on secured data center providers and platform SDKs to deliver functionality. While we follow stringent security standards (ISO 27001:2022), we are not liable for: (a) Infrastructure outages or failures caused by hosting providers, (b) External breaches that originate outside our control despite preventive measures.

We regularly audit providers for compliance and security.

If the User becomes aware of any unauthorized access, data breach, or suspected misuse of their information, they must immediately notify Deskotel at info@truelocation.ai. Timely notification helps us take corrective actions and limits liability.

Deskotel reserves the right to restrict, suspend, or terminate a user’s access to the app or associated services for: (a) Violations of this Privacy Policy, (b) Misuse or unauthorized access to app resources, (c) Breach of Indian laws or ethical misuse (e.g., impersonation, stalking).

We report serious infractions to relevant authorities under Indian law. Violations may result in prosecution under the IT Act or DPDP Act.

In compliance with Rule 5(9) of the IT SPDI Rules and Section 13(1) of the DPDP Act:

Grievance Officer: Kaushal Bansal. Email: info@truelocation.ai. Phone: +91-8882201213. Address: Office No. 102, D-35, Sector-7, Noida, UP 201301.

Redressal Timeframe: All grievances will be acknowledged within 7 days and final resolution will be provided within 15 business days. This officer also acts as the Data Protection Officer (DPO) for compliance under the DPDP Act.

Escalation: If your grievance is not satisfactorily resolved within the timelines stated, you have the right to escalate the issue to the Data Protection Board of India, in accordance with Section 13(7) of the DPDP Act.

Deskotel reserves the right to modify or update this Privacy Policy as required by law or to improve user clarity. Any significant changes will be communicated via: (a) App pop-ups or in-app messages, (b) Updated version links on the TrueLocation website, (c) Email notifications (if contact is available).

Updates are made to remain in compliance with the DPDP Act, 2023, and Google Play policy changes.

By using the TrueLocation mobile application and website, the User acknowledges that they have read, understood, and agreed to the terms of this Privacy Policy. The User expressly consents to the collection, processing, usage, storage, and sharing of their Information as outlined in this document.

Consent is obtained explicitly at the time of app registration or when enabling any feature requiring access to personal or sensitive personal data. Users may withdraw consent at any time via in-app controls or by contacting the Grievance Officer. However, withdrawing consent for essential permissions may limit or disable core functionality of the app.

Such consent shall be deemed valid until explicitly revoked and shall be governed by the provisions under Section 6 of the DPDP Act, 2023.

This Privacy Policy is governed by the laws of India. Jurisdiction: Courts of Gautam Buddha Nagar, Uttar Pradesh. Disputes will be resolved as per the IT Act, 2000, and DPDP Act, 2023.

Acceptance

By using TrueLocation, you confirm that you have read and understood this Privacy Policy and provide informed consent for data processing as described above. You may withdraw consent at any time.