How we handle your data.

This policy explains what personal information Sloper collects, why, who sees it, how long we keep it, and what rights you have. Plain English first, then the detail.

Effective: TBD  ·  Last updated: TBD  ·  Version: 0.1 (draft)

01Who we are

This policy is published by Sloper Private Limited ("Sloper", "we", "us"), a private limited company incorporated in India. Our registered office is [REGISTERED ADDRESS — INSERT]. Our company identification number is [CIN — INSERT].

For privacy questions, our point of contact is the Data Protection Officer at admin@sloper.in.

02What we collect

Information you give us directly

• Contact data — name, work email, company, role, phone number — when you fill in our pilot or project forms, email us, or sign a contract.
• Project content — the source documents, data extracts, and reference materials you send us so we can perform the data-entry, digitization, cleansing, or labeling work you've engaged us for. This may include personal data of your customers, employees, or other third parties.
• Communications — emails, calls, and meeting notes between us during a project.

Information we collect automatically

• Site usage — pages visited, referrer, approximate location (city-level), device type, browser. We use a privacy-friendly analytics tool that does not set tracking cookies or store IP addresses.
• Server logs — request timestamps, IP address (truncated), and user-agent. Held for 30 days for security and abuse prevention, then deleted.

Information we don't collect

• We don't run advertising networks, retargeting pixels, or social-media trackers on this site.
• We don't ask for, and we don't want, special-category data (health, biometric, political, religious) except where it is explicitly the subject of a project (e.g., medical records digitization), in which case it's covered by a signed DPA and a project-specific brief.
• We don't intentionally collect data from anyone under 18.

03Why we collect it

• To deliver our services — we can't digitize your archive without your archive.
• To respond to enquiries — pilot requests, project briefs, support questions.
• To run the business — invoicing, accounting, contract administration, vendor management.
• To improve the service — anonymous, aggregated insights about how our site and processes are working. We don't profile individual users.
• To meet legal and regulatory obligations — tax filings, audit responses, lawful requests from authorities.

04Legal basis

For visitors and clients in the EU, UK, or other jurisdictions where a legal basis is required, we rely on the following:

• Contract — when we collect data to perform a service you've engaged us for (Article 6(1)(b) GDPR).
• Legitimate interests — for site analytics, security, and responding to your enquiries (Article 6(1)(f) GDPR). You can object at any time.
• Legal obligation — for tax records, regulatory reporting, lawful requests (Article 6(1)(c) GDPR).
• Consent — for any processing where we explicitly ask you (e.g., subscribing to status updates). You can withdraw at any time.

05Who sees it

We share personal data only with the following categories of recipient, all of whom are bound by written contract and confidentiality:

• Internal staff and contractors — only the assigned project team, on a need-to-know basis. Every Sloper team member signs an NDA and a confidentiality undertaking before joining.
• Sub-processors — a small set of named infrastructure providers (cloud hosting, email, secure file transfer). The current list is in our DPA and is updated when it changes.
• Professional advisers — accountants, auditors, lawyers — bound by professional confidentiality.
• Authorities — when required by valid legal process. We push back on overbroad requests and notify you wherever permitted.

We do not sell, rent, or trade personal data. We do not share it with advertising networks.

06International transfers

Sloper operates from Hyderabad, India. If you are based in the EU, UK, or another jurisdiction with restrictions on cross-border transfers, your data may be transferred outside that jurisdiction.

Where required, we rely on:

• The EU Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum, executed as part of our Data Processing Agreement.
• Supplementary technical and organisational measures — encryption in transit and at rest, access controls, audit logging.

The full transfer impact assessment is available to enterprise clients on request.

07How long we keep it

• Pilot files — deleted within 30 days of the pilot's end, or sooner on your request.
• Project source data — deleted within 30 days of the engagement ending, unless your contract says otherwise (some clients require longer retention for audit reasons).
• Contact details and contractual records — retained for the duration of the engagement plus 7 years for tax and audit purposes (as required by Indian law).
• Server logs — 30 days.
• Marketing emails — until you unsubscribe.

08Security

We protect personal data with technical and organisational measures appropriate to the risk, including:

• Encryption — TLS 1.2+ in transit; AES-256 at rest on all production storage.
• Access control — role-based access; project data visible only to the assigned team; multi-factor authentication on all admin accounts.
• Network — production environments segmented from corporate IT; perimeter monitoring.
• People — background checks, signed NDAs, and security training for all staff handling client data.
• Audit — annual third-party security review; incident-response plan with a 30-minute internal-notification SLA.

If we ever suffer a personal data breach that affects you, we will notify you and the relevant supervisory authority within the timelines required by applicable law (72 hours under GDPR).

09Your rights

Depending on where you live, you have some or all of the following rights regarding your personal data:

• Access — get a copy of what we hold about you.
• Correction — fix anything that's wrong.
• Deletion — ask us to delete your data, subject to our legal retention obligations.
• Portability — get your data in a machine-readable format, or have us send it to another provider.
• Restriction or objection — pause or limit our processing in certain cases.
• Withdraw consent — wherever we relied on it.
• Complain — to your local data protection authority. In India, that's the Data Protection Board; in the EU/EEA, your national DPA; in the UK, the ICO.

To exercise any of these rights, write to admin@sloper.in. We respond within 30 days. There's no charge for reasonable requests.

10Cookies & analytics

We use a small number of strictly necessary cookies (or local storage) to make the site work — for example, remembering whether you've dismissed a notice. We don't use advertising or third-party tracking cookies.

If we add a cookie banner in future, it will let you choose. Until then, the only cookies set are strictly necessary and don't require consent.

11Children

Our services are sold to businesses; the site is not directed at children under 18 and we don't knowingly collect data from them. If you believe a child has provided us data, write to us and we'll delete it.

12Changes

If we make a material change to this policy, we'll update the version and date at the top, and — for active clients — give you advance written notice. The current version is always at sloper.in/privacy.