— Privacy —

Privacy Policy.

How we handle your personal information, in plain language.

Effective: 1 May 2026 Last updated: 5 May 2026 Version: 0.1 (draft)
Status — draft. This is a starting draft authored internally. It is being reviewed by independent counsel before any campaign that drives meaningful traffic. If you spot something that looks wrong or is missing, write to privacy@biosarthi.com.

1. Who we are

BioSarthi Technologies Pvt Ltd ("BioSarthi", "we", "us", "our") designs, builds, runs, and monitors compressed-biogas plants across India. Our registered office is at NASSCOM CoE IoT, Hartron Innovation Campus, Plot 1, Udyog Vihar Phase 1, Sector 20, Gurugram, Haryana 122022. We are a private limited company recognised under DPIIT (DIPP61367).

For the purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), BioSarthi is the Data Fiduciary for personal data submitted via this website.

2. What we collect

We collect only what we need to respond to enquiries, run our services, and operate the site responsibly.

2.1 Information you give us

  • Contact form submissions — name, phone number, organisation, sector, and the message you send via the "Talk to an expert" form.
  • Email and call enquiries — anything you put in an email to hello@biosarthi.com or share on a call.
  • Site enquiries on WhatsApp — your phone number and message contents when you initiate a chat.

2.2 Information collected automatically

  • Aggregate analytics — page views, referring source, country, device type, and rough geographic region. We use Cloudflare Web Analytics, which does not set cookies and does not fingerprint users.
  • Marketing attribution — if you arrive via a tagged link (UTM parameters), we record the source / medium / campaign so we know which channels work. This data is not personally identifying on its own.
  • Server logs — IP address, user-agent, and request path, kept short-term for security and abuse prevention.

2.3 Information from third parties

  • YouTube embeds — when you play an embedded video, YouTube (Google LLC) may set its own cookies subject to its own policy.
  • LinkedIn embeds — when our LinkedIn feed loads, LinkedIn may set its own cookies subject to its own policy.

3. How we use it

  • To respond to your enquiry and route it to the right person on our team.
  • To send you information you have specifically asked for (e.g. our deck, a feasibility note).
  • To improve our services — understanding which pages help prospects make decisions, and which do not.
  • To meet legal, tax, and contractual obligations.
  • To detect and prevent fraud or abuse of the site.

We do not sell your personal data. We do not run third-party advertising or behavioural-tracking scripts on this site. We do not build profiles of individuals for resale.

5. Who we share it with

We share personal data only with the parties below, only to the extent needed, and only under written agreements requiring confidentiality and DPDP-compliant handling. We refer to these as our Data Processors ("subprocessors").

SubprocessorPurposeRegion
Frappe Technologies (Frappe CRM)Lead capture and CRMIndia
Frappe Technologies (ERPNext)Operations, finance, project recordsIndia
Cloudflare, Inc.CDN, DNS, edge security, web analytics (cookieless)Global edge
Google LLC (YouTube)Embedded video playback only — no first-party data sharedGlobal
Microsoft / LinkedIn CorporationEmbedded LinkedIn post display onlyGlobal

We will keep this list current. We never share enquiry contents with third-party marketing networks. Government and law-enforcement requests are honoured only when legally required.

6. How long we keep it

  • Enquiry data — kept for as long as we have an active commercial relationship, plus 36 months thereafter for follow-up and statute-of-limitation purposes.
  • Customer records (contracts, invoices) — kept for the period required by Indian tax and corporate law, currently 8 years.
  • Aggregate analytics — retained at the source (Cloudflare) per their default; we do not store individually identifiable analytics records.
  • Server logs — 30 days, then deleted.

7. Your rights

Under the DPDP Act you have the right to:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate or out of date.
  • Erase data we no longer have a lawful basis to keep.
  • Withdraw consent for any processing based on consent — at any time, without affecting prior lawful processing.
  • Nominate another individual to exercise these rights on your behalf in case of death or incapacity.
  • Grievance redressal — contact our Data Protection Officer (Section 12 below); we respond within 30 days. If unresolved, you can approach the Data Protection Board of India.

To exercise any of these rights, write to privacy@biosarthi.com with enough detail for us to identify your records. We do not charge a fee for reasonable requests.

8. Security

We take reasonable technical and organisational measures to protect personal data, including encryption in transit (TLS), role-based access to internal systems, and audit logging on Frappe and ERPNext. No system is perfectly secure; we will notify the Data Protection Board and affected individuals of any reportable breach within the timelines required by law.

9. Children

This site is intended for adults engaged in commercial decision-making about biogas plants. We do not knowingly collect personal data from children under 18. If you believe a child has submitted personal data to us, please contact privacy@biosarthi.com and we will delete it.

10. International transfers

Our primary systems (Frappe CRM, ERPNext, our document store) are hosted in India. Some of our infrastructure (Cloudflare, YouTube, LinkedIn) is operated globally and may process data outside India in the course of normal CDN operation, video delivery, and embed loading. We take steps to ensure such transfers are subject to appropriate safeguards consistent with the DPDP Act and any rules issued under it.

11. Changes to this policy

We update this policy as our practices evolve and as the DPDP rulemaking process matures. The effective date at the top reflects the latest substantive change. For material changes (e.g. a new category of processing), we will give prominent notice on the site for at least 14 days before the change takes effect.

12. How to reach us

Data Protection Officer

BioSarthi Technologies Pvt Ltd
NASSCOM CoE IoT, Hartron Innovation Campus
Plot 1, Udyog Vihar Phase 1, Sector 20
Gurugram, Haryana 122022, India
Email: privacy@biosarthi.com
Phone: +91 98737 50969