Privacy Policy & Security Overview
Last updated: February 27, 2026
1. Who We Are
PurpleDrone Supplychain Solutions ("Cuberoote", "we", "us", "our") operates the Cuberoote logistics management platform. We are committed to protecting your personal information and your right to privacy in compliance with applicable Indian laws including the Digital Personal Data Protection Act, 2023 (DPDP Act).
Registered Address: Plot No. 216, Village Bamnoli, Sector 28, Dwarka, New Delhi - 110077
Contact: care@purpledrone.in
2. Information We Collect
We collect personal information that you provide when using our platform:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name, phone, email | Account creation, communication | Contract performance |
| Shipping addresses | Order fulfilment, delivery | Contract performance |
| Login credentials | Authentication, access control | Security / contract |
| Device information | Security (trusted device recognition) | Legitimate interest |
| IP address, timestamps | Security logging, fraud prevention | Legitimate interest |
3. How We Use Your Information
- Fulfil and manage your orders, returns, and exchanges
- Provide customer support and respond to inquiries
- Authenticate your identity and protect your account
- Detect and prevent fraud, unauthorized access, and security threats
- Comply with legal obligations (CERT-In, DPDP Act)
- Improve our platform and services
4. Data Sharing
We do not sell your personal data. We may share information only in these circumstances:
- Courier partners: Name, address, and phone number for order delivery
- Payment processors: Transaction data for payment processing
- Legal requirements: When required by law, court order, or government authority
- Business transfers: In connection with merger or acquisition (with prior notice)
5. Data Storage & Retention
- Location: All data is stored in India (AWS Mumbai region)
- Retention: We retain your data for as long as your account is active, plus any period required by law
- Deletion: Upon account termination, personal data is deleted or anonymized within 90 days, unless retention is legally required
6. Your Rights (DPDP Act 2023)
As a data principal under the DPDP Act, you have the right to:
- Access: Request a summary of your personal data we process
- Correction: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data (subject to legal obligations)
- Grievance redressal: Raise concerns about data processing
To exercise these rights, contact us at care@purpledrone.in. We will respond within 30 days.
7. Cookies
We use essential cookies for session management and authentication. We do not use third-party tracking cookies or advertising cookies. Session cookies expire when you close your browser or after 30 minutes of inactivity.
8. Children's Data
We do not knowingly collect data from individuals under 18 years of age. If you believe a minor has provided us with personal information, please contact us immediately.
9. Security Overview
We implement multiple layers of technical and organizational security measures to protect your data:
Authentication & Access Control
| Measure | Description |
|---|---|
| Multi-Factor Authentication (MFA) | TOTP-based MFA required for all user accounts |
| Strong password policy | Minimum 10 characters with complexity requirements |
| Password rotation | Mandatory password change every 15 days |
| Session management | Automatic timeout after 30 minutes of inactivity |
| Brute force protection | Account lockout after repeated failed login attempts |
Data Protection
| Measure | Description |
|---|---|
| Encryption in transit | All data transmitted over HTTPS/TLS |
| Encryption at rest | Sensitive personal data encrypted using format-preserving encryption |
| PII masking | Personal data automatically masked in logs and API responses |
| Access-controlled downloads | File downloads require authentication and are audit-logged |
Monitoring & Audit
| Measure | Description |
|---|---|
| Security monitoring | Automated monitoring for anomalies and suspicious activity |
| Audit logging | All access to sensitive data and admin actions are logged |
| Rate limiting | Protection against abuse on all sensitive endpoints |
| Incident response | Documented incident response plan with defined escalation procedures |
Infrastructure
- Hosted on AWS (Mumbai region) with network segmentation
- Database access restricted through bastion architecture
- Automated backups with encryption
- Security scanning integrated into development workflow
Compliance
We are actively working towards compliance with:
10. Changes to This Policy
We may update this policy from time to time. The updated version will be indicated by an updated date at the top of this page. We encourage you to review this page periodically.
11. Contact Us
If you have questions about this privacy policy or our security practices, please contact us:
- Email: care@purpledrone.in
- Address: PurpleDrone Supplychain Solutions, Plot No. 216, Village Bamnoli, Sector 28, Dwarka, New Delhi - 110077