Privacy Policy

This privacy policy (“Policy”) applies to Riversys Technologies Pvt Ltd along with its affiliates Scrut Automation Inc herein called as Scrut Automation and was last updated February 2025. We may change or update this policy at any time, and the same will be updated here.

If you are a Scrut Automation user or customer, we shall notify the changes or updates either by sending an email or a notification on the Scrut Automation App (as defined below). Please ensure to read such notices carefully.

We sincerely believe that you should always know what data we collect from you, the purposes for which such data is used, and that you should have the ability to make informed decisions about what you want to share with us.

Therefore, we want to be transparent about:
(i) how and why we collect, store and use your personal data in the various capacities in which you interact with us; and
(ii) the rights that you have to determine the contours of this interaction.

While we would strongly advise you to read the Policy in full, the following summary will give you a snapshot of the salient points covered herein:

If you have any queries or concerns with this Policy, please contact our Grievance Officer (refer Section 12). If you do not agree with the Policy, we would advise you to not visit/use the Website or the Scrut Automation application(s)/platform(s) (collectively “App”).

Information transferred via the Google API: Scrut’s use and transfer of information received from Google API’s to any other app will adhere to Google API Services User Data Policy, including Limited Use requirements.

FOR THE AVOIDANCE OF ANY DOUBT, WE SHOULD CLARIFY THAT IN THE EVENT WE ANONYMIZE AND AGGREGATE INFORMATION COLLECTED FROM YOU, WE WILL BE ENTITLED TO USE SUCH ANONYMIZED DATA FREELY, WITHOUT ANY RESTRICTIONS OTHER THAN THOSE SET OUT UNDER APPLICABLE LAW.

Where such data is not being used by us to render Services to you, we shall explicitly seek your consent for using the same. You can choose to withdraw this consent at any time, here.

Scrut Automation uses artificial intelligence (AI) to enhance the services we provide, ensuring that customer data is processed accurately, efficiently, and securely. All AI-driven data processing is performed with a strong commitment to safeguarding customer privacy. We implement strict access controls, encryption, and regular audits to prevent unauthorized access to, or misuse of, your information. Our AI models are trained only on data necessary to deliver our services, and we adhere to industry best practices to anonymize and aggregate data wherever possible to protect customer identities.

We do not use customer data to train external models or for any purpose beyond the agreed-upon scope of our services. Any personal data processed by our AI systems is handled in compliance with applicable data protection laws, including GDPR and CCPA where relevant.

YOUR RIGHTS & PREFERENCES AS A DATA SUBJECTSubject to the GDPR and applicable law’s limitations, the rights afforded to you as a data subject are:

1. RIGHT TO BE INFORMED : You have a right to be informed about the manner in which any of your personal data is collected or used which we have endeavored to do by way of this Policy.

2. RIGHT OF ACCESS : You have a right to access the personal data you have provided by requesting us to provide you with the same.

3. RIGHT TO RECTIFICATION : You have a right to request us to amend or update your personal data if it is inaccurate or incomplete.

4. RIGHT TO ERASURE : You have a right to request us to delete your personal data.

5. RIGHT TO RESTRICT : You have a right to request us to temporarily or permanently stop processing all or some of your personal data.

6. RIGHT TO OBJECT : You have a right, at any time, to object to our processing of your personal data under certain circumstances. You have an absolute right to object to us processing your personal data for the purposes of direct marketing.

7. RIGHT TO DATA PORTABILITY : You have a right to request us to provide you with a copy of your personal data in electronic format and you can transmit that personal data for using another third-party’s product/service.

8. RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING : You have a right to not be subject to a decision based solely on automated decision making, including profiling.

In case you want to exercise the rights set out above you can contact our Grievance Officer whose details are set out in Section 12 below.

The data provided by you as a Visitor, or when you sign up as a Customer / User or register for our Services will be processed by us for the purpose of rendering Services to you or in order to take steps prior to rendering such Services, at your request. Where such data is not being used by us to render Services to you, we shall explicitly seek your consent for using the same. You can choose to withdraw this consent at any time here.

Additionally, we may process your data to serve legitimate interests.

Accordingly, the grounds on which we can engage in processing are as follows:

If you believe we have used your personal data in violation of the rights above or have not responded to your objections, you may lodge a complaint with your local supervisory authority.

Additionally, please note:

• If you are a Customer/User using one of our Services to collect data about an EU data subject from third parties, it shall be your sole obligation to inform such data subject about the source of such data; and

• We do not collect any Special Categories of Personal Data. Further, if you are a Customer/User, you hereby agree and acknowledge that you shall not, under any circumstances, whether directly or indirectly, use our Services to collect or process Special Categories of Personal Data or transfer to us any such data.

• The term “Special Categories of Personal Data” shall have the meaning ascribed to it under the GDPR and shall include, without limitation, data pertaining to a data subject’s race, ethnic origin, genetics, political affiliations, biometrics, health or sexual orientation.

YOUR RIGHTS UNDER CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

Scrut Automation complies with CCPA by giving you the five privacy rights for California consumers:

1. The right to know about the personal information a business collects about them and how it is used and shared

2. You have a right to be informed about the manner in which any of your personal data is collected or used which we have endeavored to do by way of this Policy.

3. The right to delete personal information collected from them.

4. Scrut Automation gives you the right to request us to delete your personal data.

5. The right to opt-out of the sale of their personal information.

6. The right to non-discrimination for exercising their CCPA rights.

Scrut Automation does not sell any data of any of its users/customers/leads. Scrut Automation assures no discrimination against consumers exercising their right of privacy under CCPA.

Scrut Automation assures that it will not ask for waiver of privacy rights from California consumers. In case you want to exercise the rights set out above you can contact our Grievance Officer whose details are set out in Section 12 below.

YOUR RIGHTS UNDER INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION) RULES, 2011

Scrut Automation adheres to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) to ensure your data is secure. Here’s how Scrut Automation complies with the SPDI Rules:

Please contact our Grievance Officer, whose details are presented in Section 12, if you would like to exercise the rights listed above.

RETENTION OF PERSONAL INFORMATION

We will store any personal data we collect from you as long as it is necessary in order to facilitate your use of the Services and for ancillary legitimate and essential business purposes – these include, without limitation, for improving our Services, attending to technical issues, and dealing with disputes.

We may need to retain your personal data even if you seek deletion thereof, if it is needed to comply with our legal obligations, resolve disputes and enforce our agreements.

If you are a customer, please be advised that: (i) you will need to inform your Leads about how you store and deal with any data you collect from them using one of our Services, in compliance with applicable laws including the GDPR; and (ii) after you terminate your usage of a Service, we may, unless legally prohibited, delete all data provided or collected by you from our servers.

TOOLS USED BY OUR CUSTOMERS

If you are a Customer, you are empowered to use proprietary or other third party technologies and integrate with our App. If you do, you agree and acknowledge that it is your sole obligation to inform your stakeholders about any data you collect by using such technologies and the policies by which such collection is bound.

TRANSFER OF INFORMATION

In order for us to facilitate our operations, we may transfer and store the data we collect and process in accordance with this Policy, to our database server in a third-country for Disaster Recovery purpose. Your rights and protections will, under no circumstances, be diluted by this transfer.

Further, in the ordinary course of business, we may employ other companies and people to assist us in providing certain components of our Services in compliance with the provisions of this Policy. To do so, we may need to share your data with them.

Where applicable – if the entities to which these transfers are affected are not situated in countries deemed ‘adequate’ by the European Commission, we shall enter into appropriate Data Protection Addendums with the transferee parties that comprehensively protect your data. We shall also put in place industry-standard technical and organizational measures (including robust data handling policies) to ensure that such transfers are completed in accordance with applicable laws.

Some of the examples of where we may sub-contract processing activities to third parties include—data analysis, marketing assistance, processing credit card payments, and providing customer service.

COMPELLED DISCLOSURE

In addition to the purposes set out in the Policy, we may disclose any data we collected or processed from you if it is required:

• Under applicable law or to respond to a legal process, such as a search warrant, court order, or subpoena;

• To protect our safety, your safety or the safety of others or in the legitimate interest of any party in the context of national security, law enforcement, litigation, criminal investigation or to prevent death or imminent bodily harm;

• If required in connection with legal proceedings brought against Scrut Automation, its officers, employees, affiliates, customers or vendors; or

• To establish, exercise, protect, defend and enforce our legal rights.

SECURITY OF YOUR PERSONAL INFORMATION

We implement industry-standard technical and organizational measures by using a variety of security technologies and procedures to help protect your data from unauthorized access, use, loss, destruction or disclosure. When we collect particularly sensitive data it is encrypted using industry-standard cryptographic techniques including but not limited to SSL, TLS, RSA, and AES.

We adhere to the ISO/IEC 27001:2022 standard, an internationally recognized framework for Information Security Management Systems (ISMS). Our commitment to ISO 27001 ensures that we follow rigorous security practices and maintain high standards for information security.

In compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we adhere to the following reasonable security practices and procedures to protect your personal data:

GRIEVANCE OFFICER

The name and contact details of our Grievance Officer, who you may contact if you have any concerns, complaints or feedback pertaining to this Policy, are as follows: