Privacy Policy

Last updated: March 28, 2026

1. Who We Are

EMI Locker is a B2B device financing platform that helps phone retailers, distributors, and finance networks remotely manage financed Android devices, track EMI payments, and operate activation key networks. Our platform is used by business partners (retailers, distributors, salespersons, super-distributors) and, indirectly, by end customers whose devices are enrolled.

For privacy enquiries, contact us at: info@emivault.com

2. Information We Collect

2.1 Partner / Business Account Data

When you register as a partner (retailer, distributor, salesperson, or super-distributor) on EMI Locker, we collect:

• Full name, email address, and phone number
• Business / shop name and address (city, state, PIN code, country)
• Alternate contact name and phone number
• KYC documents: Aadhaar number and PAN number (required for verification in India)
• Google OAuth profile data (name, email, profile picture) if you sign in with Google
• Password (stored as a cryptographic hash — never in plain text)
• Role assignment, approval status, and audit trail of approvals
• Key wallet balances: available, generated, sent, received, and demo keys
• Last login time and last password change time

2.2 Device & Customer Data (submitted by partners)

Partners enroll customer devices on the platform and submit the following data:

• Device details: name, brand, model, colour, and IMEI number
• Customer details: owner name, owner phone number, owner email
• EMI schedule: device cost, down payment, EMI amount, instalment months, start/end dates, next due date, paid and remaining amounts, interest rate, per-instalment payment records
• Device status: active, inactive, locked, unlock codes, lock messages
• FCM token (Firebase Cloud Messaging token for sending remote commands to the device app)
• App registration date and last sync timestamp

2.3 Transaction & Financial Data

• Key purchase and transfer records including party details, key counts, and amounts
• Manual payment details: price per key, total amount, received amount, outstanding balance, payment method, transaction reference, due date, and payment notes
• Wallet receivables, payables, and settlement history

2.4 Activity & Usage Data

• Login events and account activity logs (30 enumerated activity types including device lock/unlock events, key transfers, login history)
• IP address and user agent (browser/device identifier) recorded with each activity
• Related references: which user, device, or transaction triggered an activity
• Metadata associated with platform events

2.5 Contact & Inquiry Data

When you submit a contact or partnership inquiry, we collect your name, email, business name, country, phone number, website URL, role, and message.

2.6 Cookies & Local Storage

We use session cookies to keep you logged in to the partner panel. We also use localStorage in the browser to cache authentication tokens and UI preferences. No third-party advertising or tracking cookies are used on the platform.

3. How We Use Your Information

• Account management: Creating, verifying, and managing your partner account and role-based access
• Platform operations: Processing key requests, wallet settlements, device enrollments, and EMI tracking
• Remote device control: Sending lock/unlock commands and EMI alerts to enrolled Android devices via Firebase Cloud Messaging (FCM)
• KYC & compliance: Verifying partner identity using Aadhaar/PAN for regulatory compliance
• AI features: Running risk scoring, fraud detection, auto-lock decisions, and collection reminders using device and payment behaviour data
• Security: Detecting fraud, suspicious access patterns, and unauthorized activity using IP address and activity logs
• Communications: Sending account notifications, EMI reminders, low-key-stock alerts, and support responses
• Product improvement: Analysing aggregated, anonymised usage data to improve platform features

4. Legal Basis for Processing (GDPR / applicable laws)

• Contract performance: Processing is necessary to provide the device financing and key management services you have subscribed to
• Legal obligation: KYC data (Aadhaar, PAN) is collected to comply with Indian financial and identity verification regulations
• Legitimate interests: Activity logs, IP addresses, and fraud detection serve our legitimate interest in platform security and fraud prevention
• Consent: Google OAuth sign-in data is processed based on your explicit consent when you choose «Sign in with Google»

5. Data Sharing & Disclosure

We do not sell personal data. We share data only in these limited circumstances:

• Within the platform hierarchy: Your distributor or super-distributor can see your account status, key balances, and transaction history as necessary for network management
• Firebase / Google: Device FCM tokens are sent to Firebase Cloud Messaging to deliver remote lock/unlock commands to enrolled devices
• Google OAuth: If you sign in with Google, your public profile data (name, email, picture) is received from Google's APIs
• Legal requirements: We may disclose data to law enforcement or regulatory authorities when required by applicable law or valid legal process
• Service providers: We use hosting and infrastructure providers under data processing agreements. They process data only on our behalf
• Business transfers: In the event of a merger or acquisition, data may be transferred as part of the transaction, with prior notice to users

6. Data Retention

• Active accounts: Data is retained for as long as your account is active
• Device records: EMI and device data is retained for the full EMI term plus 2 years for dispute resolution
• KYC data: Retained as required by applicable Indian regulations (typically 5 years)
• Activity logs: Retained for 12 months for security and audit purposes
• Deleted accounts: Upon deletion, personal identifiers are removed within 30 days; aggregated/anonymised records may be retained longer

7. Security

We implement the following security measures:

• Passwords are stored using bcrypt hashing — never in plain text
• All data in transit is encrypted with TLS/HTTPS
• JWT-based authentication with configurable token expiry
• Role-based access control (RBAC) prevents cross-role data access
• Administrative actions require elevated permissions and are audit-logged
• KYC fields are restricted to authorised admin roles only

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at info@emivault.com.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated personal data (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Disconnect Google Sign-In at any time via your Google account settings

To exercise any of these rights, email info@emivault.com with your request. We will respond within 30 days.

9. Children's Privacy

EMI Locker is a business-only (B2B) platform. We do not knowingly collect personal data from individuals under the age of 18. If you become aware that a minor has submitted data to us, please contact us immediately.

10. Third-Party Links

Our website and panel may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Please review their privacy policies independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the «Last updated» date at the top of this page. Material changes will be communicated via email or a prominent notice on the platform. Continued use of EMI Locker after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions, requests, or complaints:

• Email: info@emivault.com
• Contact form: emivault.com/contact-us.html