Application Name: Pinnacle Enterprises
Data Fiduciary: Pinnacle Enterprises
Data Processor /
Technology Service Provider: SDK Infinity Technologies, 6, 2nd Street, VOC Colony, Kodambakkam,
Chennai, Tamil Nadu 600024, India
Contact Email: goalsplanner.sdk@gmail.com
Effective Date: February 3, 2026
Last Updated: February 3, 2026
Pinnacle Enterprises
("we", "us", "our", "Company", or
"Data Fiduciary") is committed to protecting the privacy and security
of personal data of our employees, site supervisors, contractors, and internal
operational staff (collectively, "Users", "Data
Principals", or "you") who utilize the Pinnacle Enterprises
mobile application (the "Application" or "App").
This Privacy Policy
("Policy") is issued in accordance with the Digital Personal Data
Protection Act, 2023 ("DPDP Act"), the Information Technology Act,
2000 ("IT Act"), the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules,
2011 ("SPDI Rules"), and applicable provisions of Indian law
governing the processing of personal data.
This Policy sets forth the manner
in which personal data is collected, used, stored, processed, disclosed,
retained, and protected by the Company in connection with the Application,
which is designed exclusively for internal construction and project lifecycle
management purposes.
By accessing, downloading,
installing, or using the Application, you acknowledge that you have read,
understood, and agree to be bound by the terms of this Privacy Policy. If you
do not agree with any provision of this Policy, you must immediately cease using
the Application and notify the Company.
For the purposes of this Privacy
Policy, the following terms shall have the meanings ascribed to them below, in
addition to the meanings provided under the DPDP Act, 2023:
This Privacy Policy applies to
all personal data collected, processed, stored, and disclosed by Pinnacle
Enterprises through the Application. The Application is an internal enterprise
system designed exclusively for workforce management, construction project
lifecycle tracking, and operational purposes. The scope of this Policy
encompasses:
This Policy does not apply to any
personal data collected offline or through channels other than the Application,
unless specifically stated otherwise. This Policy also does not govern the
privacy practices of third-party websites, applications, or services that may
be linked to or integrated with the Application, and Users are advised to
review the privacy policies of such third parties independently.
The Application is intended
exclusively for use by individuals aged eighteen (18) years or above and is not
directed at or intended for use by minors.
The Company collects the
following categories of personal data through the Application in order to
facilitate construction project management, workforce administration, and
operational efficiency:
The Company processes personal
data collected through the Application solely for the following lawful purposes
related to construction project management, workforce administration, and
operational efficiency:
The Company shall not use
personal data for any purpose beyond those explicitly stated in this Policy
without obtaining prior consent from the Data Principal, except where permitted
or required by law.
The Company processes personal
data in accordance with the DPDP Act, 2023, and other applicable laws. The
legal bases for processing personal data through the Application include:
By voluntarily accessing,
installing, and using the Application, Data Principals provide explicit consent
to the collection, processing, and use of their personal data for the purposes
specified in this Privacy Policy. Consent is obtained through a clear
affirmative action during the initial registration or onboarding process and
may be withdrawn at any time in accordance with Section 17 of this Policy.
Processing of personal data is
necessary for the performance of employment contracts, contractor agreements,
and service arrangements entered into between Data Principals and Pinnacle
Enterprises. The Application serves as an essential tool for fulfilling
contractual obligations related to workforce management, project execution,
attendance tracking, expense reimbursement, and operational coordination.
Failure to provide requisite personal data may result in the inability to
perform contractual duties or utilize the Application effectively.
The Company processes personal
data to comply with statutory obligations under Indian law, including but not
limited to tax laws, labor laws, employee provident fund regulations,
professional tax requirements, statutory audit requirements, and other legal
obligations imposed by central or state governments.
The Company processes personal
data where necessary to pursue legitimate business interests, including
operational efficiency, security of systems and data, prevention of fraud and
unauthorized access, business analytics, quality control, and improvement of
Application functionality, provided that such interests do not override the
fundamental rights and freedoms of Data Principals.
SDK Infinity Technologies serves
as the Data Processor for Pinnacle Enterprises in relation to personal data
processed through the Application. The roles and responsibilities are
delineated as follows:
SDK Infinity Technologies
processes personal data exclusively on behalf of and in accordance with the
documented instructions of Pinnacle Enterprises as the Data Fiduciary. SDK
Infinity Technologies does not determine the purposes or means of processing
and acts solely as a technology service provider responsible for the
development, hosting, maintenance, and technical support of the Application.
SDK Infinity Technologies has
implemented appropriate technical and organizational security measures to
protect personal data against unauthorized access, disclosure, alteration, and
destruction. SDK Infinity Technologies shall not use, disclose, or transfer
personal data for any purpose other than as instructed by the Data Fiduciary or
as required by applicable law.
The relationship between Pinnacle
Enterprises and SDK Infinity Technologies is governed by a formal Data
Processing Agreement that stipulates the scope of processing activities, data
security obligations, confidentiality requirements, breach notification
procedures, and compliance with applicable data protection laws.
SDK Infinity Technologies may
engage sub-processors, including cloud hosting providers and infrastructure
service providers, to assist in processing personal data. Any such
sub-processors are contractually obligated to maintain equivalent security
standards and comply with applicable data protection requirements. SDK Infinity
Technologies shall ensure that sub-processors process personal data only in
accordance with the instructions of the Data Fiduciary.
For inquiries or concerns related
to data processing activities performed by SDK Infinity Technologies, Data
Principals may contact:
SDK Infinity Technologies
6, 2nd Street, VOC Colony, Kodambakkam
Chennai, Tamil Nadu 600024, India
Email: goalsplanner.sdk@gmail.com
The Application collects and
processes precise geolocation data for specific operational purposes. Data
Principals are hereby informed of the following:
Location data is collected for
the following purposes:
The Application requests location access permission during the initial setup
or when location-dependent features are first accessed. Data Principals have
the right to grant or deny location access through device settings. Denial of
location access may limit the functionality of certain features, particularly
attendance verification and site-based validation.
Location data is collected only
when the Application is actively in use and when location-dependent features
are accessed. The Application does not collect location data continuously in
the background except where necessary for active attendance tracking sessions.
The Application collects GPS
coordinates with precision sufficient to verify site presence. Location
metadata, including latitude, longitude, altitude, and timestamp, may be
embedded in uploaded photographs and documents for authentication and audit
purposes.
Data Principals may revoke
location access permissions at any time through device operating system
settings. However, revocation of location access may prevent the use of
attendance tracking and site verification features, which may affect the
ability to comply with employment or contractual obligations.
The Application requests access
to the device camera and storage for operational purposes related to
construction documentation, expense verification, delivery confirmation, and
quality control. Data Principals are informed as follows:
Camera access is required for the
following purposes:
The Application may request
access to device storage for the purpose of uploading existing documents,
photographs, invoices, and receipts relevant to project management, expense
claims, and operational documentation. Uploaded files are securely stored on
Company servers and are accessible only to authorized personnel based on
role-based access controls.
Photographs and documents
uploaded through the Application are automatically tagged with metadata,
including date, time, and GPS location (where location access is granted). This
metadata serves as a verification mechanism to establish authenticity, prevent
fraudulent submissions, and maintain an accurate audit trail.
Data Principals may revoke camera
and storage access permissions at any time through device settings. However,
denial of such permissions may prevent the use of document upload features,
attendance verification requiring photographic proof, and other critical
functionalities necessary for operational duties.
Pinnacle Enterprises does not
sell, rent, trade, or otherwise commercialize personal data collected through
the Application. Personal data may be shared or disclosed only under the
following circumstances:
Personal data may be accessed by
authorized employees, managers, site supervisors, and administrative personnel
of Pinnacle Enterprises on a need-to-know basis for legitimate operational
purposes, including project management, payroll processing, attendance
verification, expense approvals, and workforce coordination. Access is governed
by role-based permissions and strict confidentiality obligations.
Personal data is shared with SDK
Infinity Technologies in its capacity as Data Processor for the purpose of
hosting, maintaining, and providing technical support for the Application. SDK
Infinity Technologies processes personal data solely on behalf of Pinnacle
Enterprises and in accordance with documented instructions.
Personal data may be shared with
authorized third-party service providers engaged by the Company for specific
operational functions, including but not limited to:
All third-party service providers
are contractually obligated to maintain confidentiality, implement appropriate
security measures, and process personal data only for the purposes specified by
the Company. Third-party service providers are prohibited from using personal
data for their own purposes or disclosing it to unauthorized parties.
Personal data may be disclosed to
government authorities, regulatory bodies, law enforcement agencies, courts, or
other public authorities where required or permitted by law, including but not
limited to:
In the event of a merger,
acquisition, reorganization, asset sale, or other business transfer involving Pinnacle
Enterprises, personal data may be transferred to the successor entity, provided
that such entity agrees to honor the terms of this Privacy Policy or provides
Data Principals with notice and an opportunity to withdraw consent where
required by law.
The Company may share aggregate,
anonymized, or de-identified data that does not identify individual Data
Principals for business analytics, research, benchmarking, or other lawful
purposes. Such data is processed in a manner that prevents re-identification.
The Application may utilize or
integrate with third-party services for hosting, analytics, communication, and
other operational functions. The Company carefully vets third-party service
providers to ensure compliance with applicable data protection laws and
contractual obligations. Key third-party services include:
The Application and associated
databases are hosted on secure cloud infrastructure provided by reputable cloud
service providers that maintain industry-standard security certifications,
including ISO 27001, SOC 2, and other relevant compliance frameworks. Data is
stored within data centers located in India or other jurisdictions subject to
adequate data protection safeguards.
The Application integrates with
SMS gateway providers and WhatsApp Business API providers for sending
operational notifications, task alerts, and critical communications. These
service providers are contractually bound to process personal data only as instructed
by the Company and to implement appropriate security measures.
The Company may utilize analytics
tools to monitor Application performance, diagnose technical issues, and
improve user experience. Analytics data is processed in a manner that minimizes
the collection of personally identifiable information and is used solely for
operational improvement purposes.
The Application does not
integrate third-party advertising networks, tracking pixels, or behavioral
advertising technologies. The Application does not track Users across
third-party websites, applications, or platforms. Personal data is not used for
advertising purposes or shared with advertisers.
Pinnacle Enterprises retains
personal data for the duration necessary to fulfill the purposes outlined in
this Privacy Policy, comply with legal and regulatory obligations, and maintain
accurate business records. Specific retention periods are as follows:
Personal data of active
employees, site supervisors, contractors, and operational staff is retained for
the duration of their employment or contractual engagement with the Company.
Data is continuously updated and maintained to reflect current operational
requirements.
Following the cessation of
employment or contractual engagement, personal data may be retained for a
period of up to seven (7) years or such longer period as may be required under
applicable law, including but not limited to tax laws, labor laws, accounting
standards, and statutory audit requirements. Retention is necessary for the
following purposes:
Project-related data, including
photographs, delivery challans, goods receipt notes, expense records, and site
documentation, may be retained for the duration of the project lifecycle and
for such additional period as may be required for project closeout, warranty
obligations, legal compliance, and dispute resolution. Certain project records
may be retained permanently for archival and reference purposes.
Technical logs, error reports,
and diagnostic data are retained for a period of up to one (1) year or such
shorter period as may be necessary for troubleshooting, security monitoring,
and Application improvement purposes.
Upon expiration of the applicable
retention period, personal data is securely deleted or anonymized in accordance
with industry best practices. Deletion includes removal from active databases,
backup systems, and archival storage, subject to technical feasibility and
legal constraints. Data Principals may request deletion of their personal data
in accordance with Section 18 of this Policy, subject to the Company's legal
and contractual obligations.
Pinnacle Enterprises and SDK
Infinity Technologies implement reasonable technical, organizational, and
physical security measures to protect personal data against unauthorized
access, disclosure, alteration, destruction, loss, or misuse. Security
safeguards include, but are not limited to:
While the Company employs
reasonable security measures, no system is entirely immune to security risks.
The Company cannot guarantee absolute security of personal data transmitted
over the internet or stored in digital systems. Data Principals acknowledge and
accept the inherent risks associated with electronic data transmission and
storage. In the event of a data breach, the Company shall comply with
applicable breach notification requirements and take prompt remedial action to
mitigate harm.
Personal data collected through
the Application is primarily processed and stored within the territory of
India. However, in certain circumstances, personal data may be transferred to,
or accessed from, jurisdictions outside India for the following purposes:
Where personal data is
transferred outside India, the Company shall ensure that such transfers comply
with applicable legal requirements and that adequate safeguards are in place to
protect personal data, including:
Data Principals consent to
cross-border transfers of personal data as described in this section, provided
that such transfers are conducted in accordance with applicable law and subject
to appropriate safeguards.
Data Principals are entitled to
exercise the following rights under the Digital Personal Data Protection Act,
2023, subject to applicable legal limitations and exceptions:
Data Principals have the right to
obtain confirmation as to whether personal data concerning them is being
processed and, where applicable, to access such personal data. Access requests
shall be processed within a reasonable timeframe in accordance with applicable
law.
Data Principals have the right to
request correction of inaccurate, incomplete, or outdated personal data. The
Company shall verify the accuracy of corrected information and update records
accordingly, subject to verification requirements.
Data Principals have the right to
request erasure of personal data where the retention of such data is no longer
necessary for the purposes for which it was collected, subject to legal,
regulatory, or contractual obligations that require retention. Erasure requests
shall be evaluated on a case-by-case basis.
Data Principals have the right to
receive personal data concerning them in a structured, commonly used, and
machine-readable format and to transmit such data to another data fiduciary,
where technically feasible and permitted by law.
Data Principals have the right to
file grievances regarding the processing of personal data with the designated
Grievance Officer of Pinnacle Enterprises or with the Data Protection Board of
India, as provided under the DPDP Act.
Data Principals have the right to
nominate another individual who may exercise rights on their behalf in the
event of death or incapacity, as provided under the DPDP Act.
The exercise of the above rights
may be subject to limitations where necessary to comply with legal obligations,
protect the rights and freedoms of others, preserve evidence for legal
proceedings, or fulfill contractual obligations. The Company shall assess each
request on a case-by-case basis and provide a reasoned response.
Pinnacle Enterprises has
established a grievance redressal mechanism in accordance with the DPDP Act,
2023, and the IT Act, 2000. Data Principals may submit grievances, complaints,
or inquiries regarding the processing of personal data to the designated
Grievance Officer.
Name of Grievance
Officer: [To be
designated]
Organization: Pinnacle Enterprises
Email: goalsplanner.sdk@gmail.com
Address: 6, 2nd Street, VOC Colony, Kodambakkam, Chennai,
Tamil Nadu 600024, India
Grievances may be submitted in
writing via email or postal mail to the Grievance Officer. The grievance must
include the following information:
The Company shall acknowledge
receipt of grievances within forty-eight (48) hours and shall endeavor to
resolve grievances within thirty (30) calendar days from the date of receipt,
subject to the complexity of the grievance and the need for investigation.
Where resolution requires additional time, the Company shall provide periodic
updates to the Data Principal.
If a Data Principal is
dissatisfied with the resolution provided by the Company or if the grievance
remains unresolved after exhausting the internal grievance mechanism, the Data
Principal may escalate the matter to the Data Protection Board of India in accordance
with the DPDP Act, 2023.
Data Principals have the right to
withdraw consent for the processing of personal data at any time, subject to
legal, regulatory, or contractual constraints. Withdrawal of consent may be
effectuated as follows:
To withdraw consent, Data
Principals may submit a written request to the Grievance Officer via email at
goalsplanner.sdk@gmail.com or through the Application interface, where such
functionality is provided. The withdrawal request must include the Data Principal's
name, employee identification number, and specific categories of personal data
or processing activities for which consent is being withdrawn.
Withdrawal of consent shall take
effect prospectively and shall not affect the lawfulness of processing
conducted prior to withdrawal. However, withdrawal of consent may result in the
following consequences:
Withdrawal of consent does not
exempt the Company from retaining personal data where retention is required by
law, necessary for the establishment, exercise, or defense of legal claims, or
essential for the performance of contractual obligations.
Upon cessation of employment,
termination of contractual engagement, or voluntary withdrawal from the
Application, Data Principals may request account termination and deletion of
personal data, subject to the following conditions:
Data Principals may request
account termination by submitting a written request to the Grievance Officer.
The request must include the Data Principal's name, employee identification
number, and confirmation of intent to terminate the account and delete personal
data.
Upon receipt of a valid deletion
request, the Company shall:
The Company reserves the right to
retain personal data notwithstanding a deletion request where:
In such cases, the Company shall
inform the Data Principal of the reasons for continued retention and the
expected retention period.
The Pinnacle Enterprises
Application is designed exclusively for use by adults aged eighteen (18) years
or above. The Application is not directed at, intended for, or designed to
attract individuals below the age of eighteen (18) years. The Company does not
knowingly collect, process, or solicit personal data from minors.
Employment and contractual
engagement with Pinnacle Enterprises require Data Principals to be of legal age
as per Indian labor laws and contractual capacity requirements. If the Company
becomes aware that personal data has been inadvertently collected from an
individual below the age of eighteen (18) years, the Company shall take
immediate steps to delete such data and terminate access to the Application.
Parents, guardians, or legal
representatives who believe that a minor has provided personal data to the
Company may contact the Grievance Officer to request deletion of such data.
This Application complies with
the Google Play User Data Policy effective as of 2026. In accordance with
Google Play requirements, the Company hereby discloses the following:
The Application collects personal
data solely for operational purposes related to construction project
management, workforce administration, and employment-related functions.
Personal data is not collected, used, or disclosed for advertising purposes or third-party
advertising networks.
The Application does not track
Users across third-party applications or websites for advertising or analytics
purposes. The Application does not integrate third-party advertising SDKs or
tracking technologies.
The Company does not sell, rent,
trade, or monetize personal data collected through the Application. Personal
data is processed exclusively for internal operational purposes and is not
disclosed to third parties for commercial gain.
The Application's Google Play
Store listing includes a Data Safety section that accurately describes the
types of personal data collected, the purposes of collection, data sharing
practices, and security measures implemented to protect personal data. Users
are encouraged to review the Data Safety section for a concise summary of data
practices.
This Application complies with
the Apple App Store Privacy Guidelines effective as of 2026. In accordance with
Apple App Store requirements, the Company hereby discloses the following:
The Application's App Store
listing includes a privacy nutrition label that discloses the types of personal
data collected, whether data is linked to the User's identity, and whether data
is used for tracking purposes. The privacy label accurately reflects the data
practices described in this Privacy Policy.
The following categories of
personal data are linked to the User's identity:
Personal data collected through
the Application is not used for tracking Users across applications or websites
owned by third parties for advertising or analytics purposes. The Application
does not link User data to third-party data for targeted advertising.
The Application requests access
to sensitive device features, including location, camera, and notifications,
only when such access is necessary for core Application functionality.
Permission requests are accompanied by clear, contextual explanations of why
the permission is required.
If the Application implements
third-party sign-in options, it shall offer "Sign in with Apple" as
an option where required by Apple App Store guidelines.
Pinnacle Enterprises reserves the
right to amend, modify, or update this Privacy Policy at any time to reflect
changes in legal requirements, operational practices, technological
advancements, or business needs. Any material changes to this Policy shall be
communicated to Data Principals through the following means:
The "Last Updated" date
at the top of this Privacy Policy indicates the effective date of the most
recent revision. Data Principals are encouraged to review this Privacy Policy
periodically to remain informed of current data practices.
Continued use of the Application
following the posting of changes constitutes acceptance of the revised Privacy
Policy. Where required by law, the Company shall obtain fresh consent from Data
Principals for material changes that expand the scope of data processing or
introduce new processing purposes.
Previous versions of this Privacy
Policy may be archived and made available upon request for reference purposes.
For questions, concerns, or
inquiries regarding this Privacy Policy or the processing of personal data,
Data Principals may contact:
Organization: Pinnacle Enterprises
Grievance Officer Email: goalsplanner.sdk@gmail.com
Address: 6, 2nd Street, VOC Colony, Kodambakkam, Chennai,
Tamil Nadu 600024, India
Organization: SDK Infinity Technologies
Email: goalsplanner.sdk@gmail.com
Address: 6, 2nd Street, VOC Colony, Kodambakkam, Chennai,
Tamil Nadu 600024, India
The Company shall acknowledge
receipt of inquiries within forty-eight (48) hours and shall endeavor to
provide substantive responses within thirty (30) calendar days, subject to the
complexity of the inquiry. Where additional time is required, the Company shall
provide interim updates.
Acknowledgment: By accessing, installing, or using the Pinnacle
Enterprises Application, you acknowledge that you have read, understood, and
agree to be bound by the terms of this Privacy Policy. You further acknowledge
that you have been informed of your rights under applicable data protection
laws and the mechanisms available to exercise such rights.
Governing Law: This Privacy Policy shall be governed by
and construed in accordance with the laws of India. Any disputes arising out of
or relating to this Privacy Policy or the processing of personal data shall be
subject to the exclusive jurisdiction of the courts located in Chennai, Tamil
Nadu, India.
Severability: If any provision of this Privacy Policy
is found to be invalid, illegal, or unenforceable by a court of competent
jurisdiction, such provision shall be severed, and the remaining provisions
shall remain in full force and effect.