Legal

Privacy Policy

Version 2.0

Effective Date: 13 June 2026

Last Updated: 13 June 2026

PixellEnergy Solutions Private Limited ("PixellEnergy", "we", "us") operates the PixellEnergy EV lifestyle app and related services. We are the Data Fiduciary for the personal data described here and handle it under India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. Quick Summary

We collect only what the Service needs: account details, your location only while the app is open, vehicle details, payment info (via our payment partners), charging activity, and — only if you set them up — the emergency contacts you enter for Safety & SOS.
We do not sell your data and do not access your device's address book, text messages, call logs, or browsing history.
Some features share data with others only at your request (e.g. an SOS can share your approximate location with the contacts you chose).
Your data is stored in India. You can access, correct, delete, export, and withdraw consent anytime.

2. Who We Are & Contact

Data Protection / Grievance Officer — dpo@pixellenergy.com · +91 90723 80048 · Bengaluru, Karnataka 560102, India.

3. Data We Collect

Account: name, email, phone, vehicles.
Location: foreground only, for chargers/trips and, if you use SOS, nearest-charger and your chosen sharing.
Camera: QR scan / optional vehicle photo.
Payment info: via PCI-DSS processor; we don't store full card numbers.
Charging & wallet activity plus telemetry.
Emergency contacts (optional SOS): the name and phone you manually enter for up to five contacts — we do not read your device's address book.
Device & usage.
Website cookies / Google Analytics.

4. How We Use It

Service delivery.
Safety & emergency response (SOS).
Analytics & improvement (separate consent, identifiers scrubbed).
Marketing (separate, optional).
Legal / financial compliance.

5. Consent & Control

Consent is requested per purpose, by affirmative action, and is as easy to withdraw as to give; each consent is recorded with the exact notice shown. Service, analytics and marketing consents are independent. Withdrawal stops future processing (not what was lawfully done before, or records we must keep).

6. Safety & SOS — Data Shared Only At Your Request

The feature is off until you use it; each sharing action is your explicit choice, with a specific notice and recorded consent.

Proactive range alerts: while the app is open, we estimate range from the battery level you enter plus foreground location and may alert you — this stays on your screen, not shared.
Alerting your contacts (SMS): on SOS (or auto-trigger at critically low battery), if enabled, we SMS the emergency contacts you entered (via MSG91) that you may need help. You are responsible for telling those contacts you've listed them.
Sharing your location: if you choose, we create a secure link your contacts (and linked family) can open. Default is approximate (~500 m); you may choose exact. The link expires after 2 hours and you can revoke it sooner.
Community (V2V) broadcast: if you choose, we broadcast a help request to nearby opted-in volunteers showing only a masked approximate area.
Mobile charging unit: if available and requested, we share the dispatch details needed to reach you.
Emergency services: the screen can dial 112/108 via your phone's dialer; we don't place the call or share data with emergency services through the app.

Legal basis for all SOS sharing is your consent; you can delete your contacts and stop using it anytime.

7. Who We Share With (Sub-processors)

Never sold; minimum necessary:

Payments: Razorpay and Cashfree (confirm).
SMS: MSG91.
Hosting: Supabase (DB / auth / functions, Mumbai / ap-south-1) plus Cloudflare (CDN and secure reverse-proxy for Indian-network reachability).
Maps: Google Maps Platform.
Notifications / config: Firebase.
Diagnostics: Sentry and PostHog (identifiers scrubbed).
Charging / franchise partners.
Legal where lawfully required.

8. Storage & Cross-border

Personal data is stored at rest in India (Mumbai). Limited in-transit / third-party processing occurs as in §7 (Cloudflare edge may route encrypted traffic; map features send location queries to Google), under contractual and technical safeguards. No other transfers outside India except as the DPDP Act permits.

9. Retention

Account: while active.
Charging & financial records: ≥ 8 years (tax / audit).
SOS: event and SMS-delivery logs retained for safety audit (anonymised for analytics); shared-location link expires after 2 hours.
Deletion: soft-delete then permanent delete after 30 days, except legally-required records.

10. Your Rights (DPDP)

Access summary, correct / update, erase, withdraw consent, nominate a representative, raise a grievance — free, via in-app Privacy controls or the DPO. Export within 7 days; other requests within legal timelines.

11. Data Breach

We notify the Data Protection Board of India and affected users as required by the DPDP Act / Rules, including affected users without undue delay.

12. Children

Not intended for under-18s; we don't knowingly collect their data.

13. Grievance & the Board

Contact our Grievance Officer / DPO; if unsatisfied, complain to the Data Protection Board of India.

14. Security

TLS 1.3 in transit, AES-256 at rest, RBAC, regular penetration testing, SOC 2 Type II-aligned practices.

15. Changes

We'll post updates here with a new date and seek fresh consent for material changes where the law requires.

16. Contact

PixellEnergy Data Protection & Grievance Officer

PixellEnergy Solutions Private Limited

Unicorn Club #113, 11th Cross Road, Near NPS, 19th Main HSR Layout Sector 4

Bengaluru, Karnataka 560102, India

Email: dpo@pixellenergy.com

Phone: +91 90723 80048