SureMDM Privacy policy

1. A “Customer” refers to any individual who registers for or accesses SureMDM services, including trial accounts or licensed enterprise solutions or a Company that takes a subscription for their employees in which case the company assumes the role of the Administrator.
   Please note that this Privacy Statement does not apply to any services offered by 42Gears or third parties that are governed by separate privacy policies not referencing or incorporating this Statement. Likewise, it does not cover the data practices of other entities that may advertise, link to, or integrate with SureMDM. This Statement applies to personal data (including sensitive personal data) as defined under applicable laws such as the EU General Data Protection Regulation (GDPR) and India’s Digital Personal Data Protection Act (DPDPA), 2023, which is collected to deliver and support SureMDM services (collectively, “Services”). It does not apply to anonymised, de-identified, or aggregated data that cannot be reasonably used to identify an individual.

1. Sign-Up Page Data Collection: For all personal data collected directly through the sign-up or registration page of the application, SureMDM shall act as the Data Controller. In this capacity, SureMDM determines the purposes and means of processing such data and assumes full responsibility for compliance with applicable data protection laws, including the exercise of Data Subject Rights.
2. Device/Application Data Collection: For all other personal data that is collected through the use of the application installed on user devices, whether on web, mobile, or other devices, SureMDM acts solely as a Data Processor. In these instances, the subscribing organisation (referred to as the "Admin" as defined in this policy) shall be the Data Controller, determining the purposes and means of processing the data collected through the application. SureMDM processes such data strictly on the instructions of the Admin and in accordance with the contractual agreement and applicable legal obligations.
3. This Privacy Policy does not extend to any data stored on-premise by the Admin. In such cases, SureMDM neither accesses the data nor acts as a data processor. In capacities mentioned under clauses 3.1 and 3.2, SureMDM shall facilitate the exercise of Data Subject Rights in accordance with its role and as defined under the applicable data protection laws. SureMDM is the Data Controller, and it will directly address and respond to Data Subject Rights requests. Where it is a Data Processor, it shall refer such requests to the respective Admin (Data Controller) and support them in responding to the data subject in a timely and compliant manner.

4. Processing shall be performed lawfully, fairly and in a transparent manner. 4.2 Personal Data shall be collected for specified and explicit purposes and not further processed in a manner that is incompatible with those purposes; further Processing for any other purposes is permissible if they are similar or relevant to the purposes for which such data are originally collected.
5. Personal Data shall be adequate and limited to what is necessary in relation to the purposes for which they are processed;
6. Personal Data shall be accurate and, where necessary, kept up to date; 4.5 Every reasonable step must be taken to ensure that Personal Data that is inaccurate is erased or rectified;
7. Personal Data shall be kept in a manner that ensures appropriate security of the Personal Data, including protection against any infringement, breach or unauthorised or unlawful processing, using appropriate technical or organisational measures by the applicable laws in this regard;
8. Personal Data shall not be kept after the completion of the purpose for which such data is processed, provided that such data may be further kept if its Data Subject can no longer be identifiable using the “anonymisation” technique.

1. Performance of a Contract: SureMDM processes your personal data where it is necessary to fulfil its contractual obligations to you. This includes situations where the processing of data is essential for providing the products or services you have requested or purchased. For example, when you register for a subscription, trial, or event, we may use your personal and payment information to verify your identity, process transactions, provide access credentials, and deliver the relevant features or services under the terms of the agreement. This also includes managing user accounts, responding to service-related queries, providing technical support, and facilitating onboarding or implementation services as contractually agreed. Processing under this lawful basis ensures that SureMDM can meet its commitments and provide you with a functional and reliable service experience.
2. Legitimate Interest: SureMDM processes certain data for the legitimate interests of the organisation, its affiliates, partners, or customers. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and developing mobile applications. The company will rely on its legitimate interests for processing personal data only after balancing its interests and rights against the impact of the processing on individuals.
3. Other Legal Basis: In some cases, the company may have a legal obligation to process your personal data, such as in response to a court or regulatory order. SureMDM may also need to process your personal data to protect vital interests or to exercise, establish, or defend legal claims.

1. At the Time of Device Enrolment: When a device is first enrolled into SureMDM, the platform collects basic device identifiers. This helps prevent duplicate registrations and enables compatibility checks for apps in the Enterprise Store.
2. During Regular Monitoring and Usage: As part of routine operations, SureMDM continuously monitors battery status and data usage and other data as detailed in here: https://www.42gears.com/trust-center/privacy/data-we-collect/.
   This allows IT administrators to track charging activity and network usage, and receive alerts when values exceed or fall below configured thresholds.
3. For Company-Owned Devices: Upon enrollment and during ongoing use, SureMDM collects detailed hardware and software.
4. For Personally-Owned Devices (BYOD): SureMDM collects limited data only necessary for enterprise use and compliance. Data is collected primarily for asset tracking, inventory management, compliance monitoring, and security enforcement in both cases. Location data helps trace lost or stolen devices, while SIM card and hardware identifiers allow detection of tampering or unauthorised access.SureMDM sign up page asks you to provide certain personal data for direct marketing/ communication purposes. You may give your free and explicit consent or not for the collection and processing of your personal data by ticking a consent box.

1. SureMDM as a Controller:
   • Name
   • Company Name
   • Country and State
   • ZIP Code
   • Phone Number
   • Mail Address
2. SureMDM as a Processor:
   1. General Device Information (All Devices)
      • Android ID 
      • Device make and model 
      • Operating system and version 
      • Time zone 
      • IP address 
      • MAC address 
      • Mobile carrier information
   2. Company-Owned Devices
      • UDID 
      • SIM serial number 
      • IMEI / IMEI2 
      • MAC address 
      • Phone number 
      • Address 
      • Bluetooth MAC address 
      • Contact name 
      • Local IP address 
      • GPS location (longitude and latitude) 
      • Security patch date 
      • Managed apps installed by SureMDM 
      • Configuration profiles installed by SureMDM
   3. Personally Owned Devices (BYOD)
      • UDID 
      • Serial number 
      • MAC address 
      • Model, brand 
      • IMEI / IMSI 
      • Storage details 
      • Phone number 
      • Address 
      • Bluetooth MAC address 
      • Contact name 
      • Local IP address 
      • GPS location (longitude and latitude) 
      • OS version 
      • Security patch date 
      • Managed apps installed by SureMDM 
      • Configuration profiles installed by SureMDM 

1. Service Delivery and Support: We process personal and technical information to provide the services requested by customers. This includes enabling device management features, troubleshooting issues, and offering technical support. All such data is processed only as necessary and under the direction of the customer.
2. Business Analytics (Usage Data): We collect system-generated usage data from the devices and services configured by our customers. This data, such as device model, network statistics, memory and storage usage, and system settings, is used for internal analytics to understand how our products are used, optimize performance, and improve service offerings. We do not identify individual end users through this data unless necessary for support and with customer consent.
3. Location-Based Services: With the user’s explicit consent, SureMDM may collect location data to enable features such as real-time location tracking, geofencing, and location-based customisations. Location data may be collected even when the application runs in the background, provided location services are enabled. These services rely on device features like GPS, Bluetooth, and Wi-Fi, and may integrate with Google Maps APIs.
4. Application Management: Administrators may configure SureMDM to collect information about installed applications, including version details and usage status. This enables application lifecycle management such as remote uninstallation, compliance enforcement, app analytics, and startup configurations. The collected data is securely stored and never shared with third parties.
5. Call Log and Contact Management: With explicit user consent, SureMDM may access call logs and contact details to help administrators enforce communication policies, track usage, and manage SIM-related data. Information such as contact names, call durations, and call frequency may be processed for audit and inventory purposes.
6. SMS Usage and Reporting: Upon user authorisation, SureMDM may collect and process SMS logs, including message content, timestamps, and contact information. This supports cellular plan management and enables administrators to monitor communication usage in a compliant and secure manner.
7. Remote Storage and File Management: Device storage-related data is processed to support remote file uploads, downloads, and execution, ensuring seamless device management and operational continuity.All information processed by SureMDM is stored securely, used strictly for legitimate business purposes as configured by the customer, and never disclosed to third parties without consent.

1. A right to be informed: you have the right to be informed in a concise, transparent, intelligible and easily accessible form about the way in which your personal data is processed.
2. A right of access: you have the right to obtain (i) confirmation as to whether personal data concerning you is processed or not and, if processed, to obtain (ii) access to such data and a copy thereof.
3. A right to rectification: you have the right to obtain the rectification of any inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4. A right to erasure: you have the right to obtain the erasure of personal data concerning you. However, this is not an absolute right, and SureMDM may have legal or legitimate grounds for keeping such data.
5. A right to restriction of processing: in some cases, you have the right to obtain the restriction of the processing of your personal data.
6. A right to data portability: you have the right to receive the personal data concerning you that you have provided to SureMDM in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance from SureMDM. This right only applies when the processing of your personal data is based on your consent or on a contract, and such processing is carried out by automated means.
7. A right to object to processing: you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you when such processing is based on the legitimate interest of SureMDM. SureMDM may, however, invoke compelling legitimate grounds for continued processing. When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of such data.
   You may, in particular, exercise that right by clicking on the “unsubscribe” link provided at the bottom of any messages received.
8. The right to Object to Automated decision-making: you can challenge decisions made solely based on automated processing without human intervention.
9. A right to Grievance Redressal: you have the right to contact a supervisory authority to complain about SureMDM’s personal data protection practices.The rights under this section can be exercised in line with merely the role of “Data Controller” by 42Gears as detailed in section 3. To exercise these rights, you can send a request to the form available on the website, or an email to privacyinfo@42gears.com, together with a copy of your identity document.

Stripe Privacy Statement

PayPal Privacy Statement

1. We may share information with third parties. We share information with vendors who help us manage our service process.
2. We may share information with our business partners. This includes third parties who provide or operate services on our behalf.
3. We may share information if we think we have to to comply with the law or to protect ourselves. We will share information to respond to a court order or summons.
4. We may also share it if a government agency or investigatory body requests it. Or we might also share information when we are investigating potential fraud. 12.5 We will never use your personal data or information to advertise, promote, or market third-party goods or services to you.You can find a list of our processors here.

1. Confidentiality and Third-Party Processing: We place paramount importance on the security of Personal Data. Third parties entrusted with processing Personal Data do so exclusively under our documented instructions, with a binding commitment to maintain strict confidentiality and data security.
2. Robust Encryption Protocols: Data Security and Encryption: We use strong encryption protocols, including TLS 1.2 and higher with secure ciphers, to protect data in transit, and AES-256 encryption for data at rest. Authentication is enforced using digital certificates, and all web connections are secured with HTTP Strict Transport Security (HSTS). Communications between devices and the MDM server are protected using SSL, with platform-specific secure messaging services such as Apple Push Notification Service (APNs) for iOS, Firebase Cloud Messaging (FCM) for Android, and Windows Notification Service (WNS)