Privacy Policy

1. Who We Are

AutoStock is operated by AuTECHSOFT on behalf of your dealership. For the purposes of India's Digital Personal Data Protection Act, 2023 (“DPDP Act”), the dealer principal is the Data Fiduciary and AuTECHSOFT acts as a Data Processor under written instructions from the dealer.

2. Data We Collect

We process the following categories of personal data:

• Account data — name, email, phone, employee ID, role, reporting manager, region, and branch.
• Customer data you enter — name, phone number, sales order ID, and booking proofs you upload.
• Activity data — every state-changing action you take on the Platform, with timestamps, the entity acted on, your IP address, and your browser user-agent. Your consent acceptance is recorded with the same technical data.
• Session cookies — set by the authentication service to keep you signed in and to enforce role-based routing.

3. How We Use It

Your personal data is processed only for the following purposes:

• authenticating you and authorising access to the right screens;
• enabling inventory, booking, and approval workflows;
• producing audit trails for your administrator and for compliance;
• notifying you of actions that require your attention;
• meeting legal, tax, and regulatory obligations.

We do not sell personal data, and we do not use it to train machine learning models.

4. Legal Basis for Processing

Personal data of dealership staff is processed under Section 7(g) of the DPDP Act, which permits processing for purposes related to employment and the provision of services to an employee, without separate consent. Your dealership, as your employer and the Data Fiduciary, is responsible for informing you of the tools it uses (including AutoStock) through its employment terms and employee communications.

If you wish to object to or stop this processing, raise the request with your dealership administrator. Access decisions are made by the dealership; AuTECHSOFT acts on the dealership's instructions.

5. Sharing

We do not share your personal data with third parties except: (a) the dealer principal, (b) sub-processors we use to run the service (for example Supabase for database and authentication, and Vercel for hosting), each bound by data-protection obligations at least as protective as those in this Policy, and (c) where required by law.

6. Retention and Deletion

Your account and activity data are retained for as long as the dealership requires them for legitimate business, audit, and compliance purposes. We do not delete them on a pre-set schedule.

Deletion is on request: when the dealer principal, or you as the data subject, asks us in writing to delete specific data, we will do so, subject only to records we are legally obliged to keep (for example, tax or statutory audit records). See Section 7 for how to raise such a request.

7. Your Rights

Subject to the DPDP Act, you have the right to:

• access the personal data we hold about you;
• ask that it be corrected or completed;
• ask that it be erased, subject to legal retention obligations;
• nominate another person to exercise these rights on your behalf in case of incapacity or death;
• raise a grievance and, if unresolved, approach the Data Protection Board of India.

To exercise any of these rights, contact your administrator or write to privacy@autechsoft.com.

8. Security

We use industry-standard safeguards including encrypted connections, role-based access control, row-level security policies, and immutable audit logs. No system is perfectly secure; if you suspect a compromise please notify us immediately.

9. Grievance Officer

For any complaint about how your personal data is handled, write to the Grievance Officer at privacy@autechsoft.com. We will acknowledge within the time-frames prescribed by the DPDP Act.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be signalled by a new version number and you will be asked to re-acknowledge on your next sign-in.