Legal

Privacy Policy

How we handle your data and your team's data. Effective from the date you sign up.

Last updated: 2 July 2026

FieldSetu ("we", "our", "the Service") is operated by Mainblu Technologies Pvt. Ltd. ("Mainblu"), Mumbai, India. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

1. Who is the data controller?

When an organization ("Customer", "Admin") signs up for FieldSetu, the Customer is the controller of any personal data of workers and team members added to their account. Mainblu acts as the data processor, processing that data on the Customer's instructions in order to deliver the Service. Workers should direct data-access or deletion requests to their employer in the first instance. For platform-level questions, reach us at info@mainblu.com.

2. What we collect

  • Account data: name, email address, phone number, organization name and role.
  • Worker profiles: name, phone number, PIN (stored only as a one-way hash), assigned sites, language preference.
  • Attendance data: check-in and check-out timestamps, GPS coordinates captured at check-in and check-out, the site the worker was assigned to.
  • Site media: photos and videos captured live through the in-app camera during work, with the location and timestamp embedded as metadata.
  • Leave and payment records: leave requests, approvals, days worked, calculated payment summaries and finance sheets.
  • Technical data: device type, browser, IP address and basic usage logs required to operate and secure the Service.

3. How we use it

  • To provide attendance tracking, live site proof, leave and payment workflows.
  • To create a tamper-resistant evidence trail (geo-tagged photos, timestamps) for the Customer's field operations.
  • To authenticate users (admins by email/password, workers by phone + PIN).
  • To send transactional notifications (leave decisions, account changes).
  • To secure, debug and improve the Service.
  • To meet legal, tax and accounting obligations.

4. Sub-processors we share data with

We use the following trusted service providers to run FieldSetu:

  • Supabase - database, authentication and file storage (hosted infrastructure).
  • Resend - delivery of transactional emails.
  • Cashfree - subscription and payment processing (once billing is live).

We do not sell personal data. We do not share personal data with advertisers.

5. Data retention

We retain your data for as long as your account is active. On termination, standard data is retained for up to 90 days to allow for reactivation and export, after which it is deleted or anonymised. Backup copies may persist for a short additional period under our standard backup rotation. Records we are legally required to keep (for example, tax and invoicing records) are retained for the statutory period.

6. Your rights

You can request access to, correction of, export of, or deletion of your personal data by writing to info@mainblu.com. Workers should ordinarily raise such requests through their employer (the Admin), who is the controller of their profile within FieldSetu.

7. Security

Data is encrypted in transit (HTTPS) and at rest on our sub-processors' infrastructure. PINs and passwords are stored as one-way hashes only. We apply row-level security so that a Customer's data is only accessible by users within that Customer's organization. No system is perfectly secure; we work continuously to reduce risk.

8. Cookies and analytics

We use strictly necessary cookies to keep you signed in and to remember basic preferences. We may use privacy-respecting analytics to understand aggregate product usage. We do not use third-party advertising cookies.

9. Children's data

FieldSetu is a workplace tool intended for use by adults. It is not directed at children under 18, and we do not knowingly collect personal data from children.

10. International transfers

Our sub-processors may store or process data outside India. Where that happens, we take reasonable steps to ensure the data continues to receive a level of protection consistent with this policy.

11. Governing law

This policy is governed by the laws of India. Any disputes are subject to the exclusive jurisdiction of the courts of Mumbai, Maharashtra.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified through the Service or via email to account owners.

13. Contact

Questions or requests: info@mainblu.com.