SoulAce Privacy Policy

Last updated on June 17, 2024

When you use SoulAce’s services, either via website or the App, you are trusting us with some of your information. We understand this is a big responsibility on our shoulders and we are always working hard to keep your information safe and secure, and give you control over your data. We are already ISO 27001 certified, and working on a few other major data privacy certifications.
 This Privacy Policy section is meant to help you understand what information SoulAce collects, why we collect such information and how you have full control to update, manage or delete your information.

Introduction

SoulAce has a comprehensive CSR management platform helping CSR departments or equivalent to monitor their CSR spending and project status in real time.

SoulAce seamlessly connects the NGOs – field staff, project milestone tracking, budget and actual data, etc – through the app and the portal, with a view to ease out CSR activities and compliance.

Information SoulAce Collects

We would like you to understand that the information collected via the SoulAce app or website is to help us provide you with superlative service. 

The information SoulAce collects, and how that information is used, depends on CSR project design and commitments. For e.g. for standard CSR management app, only beneficiary name, address and number might be recorded. However, if CSR department and NGO chooses to use advanced features like geotagging, Aadhar card details, health information, etc. All the personally identifiable information is treated as sensitive information by us and you will have full control over this data.

Information collected on the CSR Management app and website:

Beneficiary: Name, Email address, Mobile number, your apartment/villa number, other project indicators that CSR Department and NGOs have chosen.

Additional information: IP address, user login date and time, geographic location of the user

We collect standard website access information (type of browser etc) using cookies and other similar technologies on all our websites (soulace.in). We do this to measure, improve and personalize our services for you and we do not share this information with any third party organizations for commercial purposes.

We don’t sell or trade user information in any form to anyone. The information is used solely for the purpose of enabling services and making your experience better on SoulAce platforms.

How The Information is Collected

SoulAce provides its services through our website and mobile app (will be collectively referred to as “Platforms”). User information is collected via our platforms and mobile app either directly or indirectly to give great product and service experience.

Direct Information: All personally identifiable information as mentioned in “Information SoulAce Collects” segment is collected on the platform and mobile app where users fill in their as well as beneficiary details and give necessary consent to be contacted or their information to be used by SoulAce for serving them better via the platforms.

Indirect Information: Information like Ip address, device data, browsing data and other information as detailed in “Information SoulAce Collects” is collected while the user is interacting with our platform. The same is collected to make user experience on our platforms better.

Why The Information is Collected

We use information collected from users and beneficiaries to help CSR departments to track project progress. The data is collected on SoulAce portal and app as per discretion and inputs given by users. On the mobile app information is collected as per our agreement with CSR department.

User Privacy Controls

SoulAce ensures that you are in full control of the information we collect and how it is used.

This section describes key controls for managing your privacy across our platforms and services. In addition to this we also provide few other mechanisms by which users can reach out to us to modify or erase their information available with us.

Managing, reviewing, and updating your information: When you’re signed in, you can always review and update information by visiting the services you use. For example, you can change your contact details such as your name, email and phone number. You can also contact us on notification@SoulAce.in

Unsubscribing, removing and deleting your information: If you choose to unsubscribe from our platforms or delete any of all of your information, you can send an email to notification@SoulAce.in for specific information about your account or deletion of your account history.

Sharing Your Information and Disclosures

We do not share your personal information with companies, organizations, or individuals outside of the purpose initially agreed upon.

For Legal Reasons: We may need to share or disclose some of your information outside SoulAce if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonable necessary in the following events:

  • Meet any law, regulation or legal process as applicable or enforceable request from government.

  • To enforce applicable terms of service, including investigation of potential violations, fraud, security or technical issues/breaches.

  • Protect against harm to the rights, property or safety of our users, SoulAce, or the public as required or permitted by Law.

Your Information Security

We build security into each and every system and services to protect your information.

All SoulAce platforms and processes are built with strong security features that continuously protect your information. We have multiple real time checks and tests running to help us detect and automatically block security threats from ever reaching you. In case of any detection of threat or risk that we deem you should be aware of; we will notify you and guide you through steps to keep your privacy protected.

We are constantly striving to protect your data from unauthorized access, disclosure, modifications, or destruction of any information we hold, including:

  • All information going in and out of the app is 256 bit https encrypted. TLS encryption is used throughout the application for data in motion and data is also encrypted at rest. 

  • All information is stored in servers with best in class firewalls and needs multiple authentications for any access and no unauthorized person will have access to the same.

  • We constantly review our information collection, storage and processing practices, including physical security measures, to prevent unauthorized access to our systems. 

  • We restrict access to personal information to employees, and external contractors who may need the information in order to process some services. Any internal employee with this access is subject to strict contractual confidentiality obligations and strict actions (up to termination or criminal action) will be taken if they fail to meet these obligations.

  • The SoulAce app is ISO 27001 certified and audited on a regular basis. SoulAce application and data servers do not use public accessible addresses or IP. The access is further secured through a VPN tunnel with 2FA (two factor authentication). All traffic is routed through a WAF (Web Application Firewall) and is checked strictly for malicious traffic.

However, we would like you to understand and accept that data transmission over the internet may be liable to risk and we would assume no liability for any disclosure of information due to errors in transmission issues or unauthorized third-party access to our platforms or databases. 

Your Information Retention and Deletion

The information collected on our platforms is retained for different periods of time depending on what the information is and how it is used and how you configure your settings.

Users can request to export a copy of their information or delete it from your SoulAce account at any given point of time (some information deletion may be subject to CSR department and NGO, SoulAce will facilitate the approval process).

When you delete data or request for deletion of data, we follow a process to make sure that all your data is safely and completely removed from all our servers. We also ensure that none of your information is subject to accidental or malicious deletion. This may lead to some delay between actual requests made and final deletion as we ensure that information deletion is genuine and not accidental from our active and backup systems. Any request will be replied within 7 days and actioned within 30 days subject to approvals from NGO, CSR department and not including the time taken by them in approvals.