Privacy Policy

kCube Consultancy Services Pvt. Ltd. is a company registered in India, with offices in Chennai, Tamil Nadu. We can be reached at kfield@kcubeconsulting.com or via kcubeconsulting.com. The Grievance Officer for matters under the Digital Personal Data Protection Act, 2023 can be reached at the same email address.

We collect the following categories of data:

• Account data — name, work email address, organisation name, role (administrator / GIS operator / field officer). Provided by you or by your organisation’s administrator when an account is created.
• Authentication data — password (hashed), session tokens, sign-in timestamps, IP address and user-agent of sign-in attempts.
• Usage telemetry — the kField mobile app and kField Sync plugin log basic usage events (sync attempts, success/failure status, app version, device model, Android version) to enable support and to compute the daily activity report. We do not collect contact lists, browsing history, or unrelated app data.
• Customer Data — the geographic features, attributes, photos, and audio notes that your field officers capture in the app and synchronise to kFieldCloud. Customer Data may incidentally include personal data (e.g. a name in a feature attribute or a person captured in a photo). You, the customer organisation, are the data controller for Customer Data; kCube acts as a data processor on your behalf.
• Communications — messages you send to support, your replies to onboarding emails, and your marketing-email opt-in choice.
• Website cookies — the public website (kfield.app) uses only essential first-party cookies for session management and theme preference. We do not use third-party advertising or cross-site tracking cookies.

We use personal data for the following purposes:

• Provide the Service — authenticate you, sync your data, render the apps and the dashboard, generate daily activity reports.
• Billing and account management — calculate per-officer fees, issue invoices, collect payment.
• Security and abuse prevention — detect unusual sign-ins, throttle abuse, maintain audit logs.
• Customer support — respond to your messages, troubleshoot issues you report.
• Legal compliance — respond to lawful requests, retain records as required by Indian law.
• Service improvements — aggregate, anonymous statistics about how the Service is used (no individual identification).

We rely primarily on the following legal bases under the Digital Personal Data Protection Act, 2023:

• Performance of a contract for everything required to deliver the Service.
• Consent for marketing emails and any optional features you explicitly turn on (e.g. crash diagnostics).
• Legal obligation for tax records, fraud prevention, and compulsory disclosures.

We do not sell personal data. We share data only with the following recipients, only as needed for the purposes above:

• Hosting infrastructure — the production kFieldCloud service is self-hosted on infrastructure operated by kCube within India. We do not transfer Customer Data outside India in the normal course of operation.
• Email delivery — transactional and report emails are delivered via the SMTP provider configured in your kFieldCloud instance (currently routed through standard providers such as Gmail / SendGrid / AWS SES; see your administrator’s configuration).
• Payment processor — if and when you pay for a paid plan, billing details are processed by the payment provider listed on your invoice (we do not store full payment-card numbers).
• Lawful authorities — we may disclose data when compelled by court order, subpoena, or other valid legal process.

• Account information — retained while your account is active. After deletion, we keep a minimal record (email + deletion timestamp) for 90 days for audit and re-creation safety, then purge.
• Customer Data — retained until you delete it or close the account. We do not maintain backups beyond 30 days post-deletion.
• Server logs (sign-in attempts, request metadata) — 90 days.
• Daily activity reports + the in-app sync history database — the most recent 200 sync events per device; older entries are auto-pruned.
• Communications and support tickets — 24 months from last activity, then archived or deleted.
• Tax and statutory records — for the period required by Indian law (typically 8 years).

kField production data resides on infrastructure located in India. If, in the future, we use sub-processors located outside India (for example a regional CDN or email provider), we will list them in this Policy and ensure appropriate safeguards as required by the Digital Personal Data Protection Act, 2023.

As a Data Principal under the Digital Personal Data Protection Act, 2023 you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or outdated personal data.
• Erase personal data when no longer required for the original purpose (subject to overriding legal obligations).
• Withdraw consent for processing that depended on it.
• Nominate another individual to exercise these rights on your behalf in case of incapacity.
• Grievance redressal via our Grievance Officer (see §1) and, if unresolved, escalation to the Data Protection Board of India.

To exercise these rights, email kfield@kcubeconsulting.com. We will respond within 30 days.

We use commercially reasonable safeguards including: TLS in transit, encryption-at-rest for SMTP credentials and other secrets, hashed passwords, role-based access control, restricted server access, regular backups, and detailed audit logs. No system is entirely immune to breach — we will notify affected users and the relevant authorities promptly if a breach occurs as required by law.

The Service is intended for organisational use by adults (18 and over). It is not directed at children under 18, and we do not knowingly collect data from them.

kField is built on top of the open-source QField, QFieldSync, and QFieldCloud projects by OPENGIS.ch. The complete source code of all kField-specific modifications is published under their respective open-source licences (see our Terms of Service §9). Inspecting the source code is one way to independently verify what data the apps collect and how it is processed.

We may update this Policy as the Service evolves or as the law requires. Material changes will be notified by email and via an in-product banner at least 14 days before they take effect. The “Effective” date at the top of this page indicates the most recent revision.

For questions, concerns, or to exercise any of the rights described above:
kCube Consultancy Services Pvt. Ltd.
Chennai, Tamil Nadu, India
Email: kfield@kcubeconsulting.com
Web: kcubeconsulting.com