Field Pulse

Privacy Policy

Effective date: April 7, 2026

Draft notice: This document is provided for use by Field Pulse customers and should be reviewed by legal counsel before relying on it for commercial purposes.

This Privacy Policy explains how MCS Ventures (“we”, “us”, or “Field Pulse”) collects, uses, stores, and protects information when you use the Field Pulse platform, mobile application, and related services (collectively, the “Service”).

1. Information we collect

We collect information in three ways: what you provide directly, what the Service generates from your use, and what we receive from third parties.

1.1 Information you provide

  • Account information: organization name, address, GSTIN, contact phone, email
  • User information: first name, last name, email, phone number, role, team, designation, employee code
  • Billing information: organization billing contact, GSTIN, billing address (payment card details are handled by Razorpay and never touch our servers)
  • Support requests: messages you send to our support team

1.2 Information generated by use of the Service

  • Location data: GPS coordinates, accuracy, speed, and heading while field employees are punched in. Collected in the background only during shifts, and only with explicit user consent at device level.
  • Attendance records: punch in/out timestamps, geofence events, shift summaries, total hours worked, distance travelled.
  • Activity data: client visits, orders created, payments recorded, expenses submitted, tasks completed, routes taken.
  • Device information: device model, operating system version, app version, battery level at key events, network type. Used for troubleshooting and anti-spoofing detection.
  • Logs: IP addresses, user-agent strings, request timestamps, error traces. Retained for security, debugging, and audit compliance.

1.3 Information from third parties

  • Razorpay: payment status, order references, and invoice IDs (but not card details)
  • Google Maps / OpenStreetMap: reverse geocoding to enrich location data with address information

2. How we use information

We process personal data on behalf of your organization (the “controller”) to:

  • Provide and maintain the Service, including attendance tracking, order management, and reporting
  • Authenticate users and secure the platform from abuse
  • Process payments and issue invoices
  • Send transactional emails (password resets, payment receipts, trial reminders)
  • Detect and investigate fraud, including location spoofing
  • Comply with legal obligations and respond to lawful requests from authorities
  • Improve the Service through aggregated, anonymized analytics

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.

3. Legal basis for processing

For users in jurisdictions that require a specific legal basis (including the EU/EEA, UK, and India under the DPDP Act 2023), we rely on:

  • Performance of contract: to provide the Service you have subscribed to
  • Legitimate interests: to secure our platform and prevent fraud
  • Consent: for location tracking, which is collected only when a user explicitly grants device permissions and is actively punched in
  • Legal obligation: to retain invoice records and audit logs as required by Indian tax and corporate law

4. Data retention

  • Account and user data: retained for the life of the subscription plus 30 days after termination, after which it is permanently deleted
  • Location data: retained for 180 days by default, after which it is aggregated or deleted
  • Attendance and order records: retained for 7 years to comply with Indian tax and employment record-keeping requirements
  • Invoices: retained for 7 years to comply with GST record-keeping requirements
  • Audit logs: retained for 2 years
  • Error logs: retained for 30 days

5. Data security

We take reasonable technical and organizational measures to protect your data:

  • All traffic is encrypted in transit with TLS 1.2+
  • Passwords are hashed with bcrypt before storage
  • Database access is restricted to authorized services only
  • Payment processing is handled by Razorpay, a PCI-DSS certified provider
  • Anti-spoof detection flags suspicious location data automatically
  • Role-based access controls prevent unauthorized data access within your organization
  • Audit logs track all sensitive operations

Despite these measures, no system is perfectly secure. If we become aware of a data breach affecting your information, we will notify the affected account administrators without undue delay.

6. Your rights

Subject to applicable law, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correct: ask us to correct inaccurate data
  • Delete: ask us to delete your personal data (subject to our retention obligations for tax and legal records)
  • Port: request your data in a portable format (JSON) for transfer to another service
  • Object: object to processing based on legitimate interests
  • Withdraw consent: for any processing based on consent, at any time

To exercise any of these rights, contact your organization administrator, or email us directly at privacy@fieldpulse.mcsventures.in. We will respond within 30 days.

7. Location tracking specifics

Field Pulse tracks GPS location only in the following circumstances:

  • The user has installed the mobile app and granted location permission at the device level
  • The user is actively punched in to a work shift
  • Tracking stops automatically when the user punches out or when the shift ends

Your organization administrator is responsible for informing field employees that location tracking is in use, obtaining their consent, and respecting applicable labor and privacy laws in your jurisdiction.

8. Sub-processors

We engage the following sub-processors to deliver the Service:

  • Razorpay Software Private Limited — payment processing (India)
  • Contabo GmbH — server infrastructure (European Union)
  • OpenStreetMap / Google Maps — geocoding and mapping tiles

9. Children’s privacy

Field Pulse is not designed for users under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to account administrators by email at least 15 days before they take effect.

11. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@fieldpulse.mcsventures.in.