A1

Your Data, Your Rights

Privacy Policy

We collect the minimum information needed to give you an accurate invisible-grill quote and to install it safely. This page explains exactly what we collect, why, who we share it with, and how you can control it — in plain language.

Effective from 17 May 2026 · Last updated 17 May 2026

1. Who we are

This website (a1grills.in) is operated by A1 Grills, a marketplace that connects homeowners with independent, verified invisible-grill installers across Gujarat. We do not manufacture or install ourselves. In this policy, “we”, “us” and “A1 Grills” refer to A1 Grills. “You” refers to the individual whose personal data we process — a Data Principal under India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

A1 Grills is the Data Fiduciary for personal data collected through this website and our sales and installation operations.

2. What personal data we collect

We collect only the data needed to quote, contact and install. Specifically:

Data you give us

  • Full name — so our team can address you correctly when we call or visit.
  • 10-digit Indian mobile number— so we can call you back within working hours and send the on-site surveyor’s details on WhatsApp.
  • City — to route the lead to the nearest installation crew and apply correct city-wise pricing.
  • Opening type / location (balcony, window, staircase, etc.) — to estimate material requirements.
  • Optional message — any additional context you type into the quote form.
  • Site-visit address — collected by phone or in person once you accept a survey. We do not request it through this website.

Data we collect automatically

  • Technical metadata attached to each quote submission: IP address, browser user-agent, referring page URL, timestamp.
  • Marketing attribution: UTM parameters (source, medium, campaign, term, content) read from the URL if you arrived from an ad or external link.
  • Analytics: aggregated, non-identifying usage data (pages viewed, device class, approximate region) via Google Analytics 4, Vercel Analytics and Vercel Speed Insights.

We do notknowingly collect bank details, Aadhaar numbers, passwords, biometric data, health data, children’s data, or any of the other “sensitive personal data or information” categories defined under the IT Rules, 2011 through this website.

3. Why we use your data (purposes)

  • To match your requirement with up to 2 verified installer partners and let them call or message you with a price estimate.
  • To enable your matched installer to prepare a written quotation, raise an installation work order, and honour their 10-year warranty.
  • To send service messages tied to your enquiry (visit reminders, ETA updates, invoice and warranty documents).
  • To improve the website and our service quality — using aggregated analytics, never to single out an individual.
  • To detect spam and abuse (e.g. our hidden honeypot field filters automated bots) and to keep our records auditable.
  • To comply with applicable Indian law, including the Consumer Protection Act, 2019 and the DPDP Act, 2023, and to defend legal claims if any arise.

5. Who we share your data with

We do not sell or rent your personal data. We share it only with the limited set of vendors and partners we need to run the service:

  • MongoDB Atlas — our managed database provider, where lead records are securely stored. Data is hosted in an Atlas region selected for Indian customer proximity.
  • Vercel Inc. — our website hosting, serverless and analytics platform. Vercel processes request logs and aggregated analytics on our behalf.
  • Google LLC — Google Analytics 4, used for aggregated traffic measurement only.
  • Cloudinary — used by our admin team to host images we publish on the site. We do not upload your personal data to Cloudinary.
  • WhatsApp / Meta Platforms— when you click a WhatsApp button on our site, you are redirected to WhatsApp and your message is delivered through Meta’s servers under its own privacy policy.
  • Verified installer partners — we share your name, phone, locality and requirement with at most 2 independent installer partners you have consented to be contacted by, solely so they can quote and arrange your installation. They may not use your data for any other purpose.
  • Government or regulatory authorities — when we are required to disclose data by law or by a valid order from a court or competent authority.

Each of these providers is contractually bound to handle the data only for the purposes we instruct, and to apply reasonable security safeguards.

6. Cookies and similar technologies

We use a small number of cookies and similar technologies on this website:

  • Strictly necessary — to keep the admin panel session secure (httpOnly a1g_session cookie set by JSON Web Token authentication). This cookie is only set if you log in at /admin.
  • Analytics — Google Analytics 4 and Vercel Analytics set first- and third-party cookies to count unique visitors and measure performance. IP addresses are truncated before storage by Google Analytics.

You can block or delete cookies through your browser settings. Doing so will not affect your ability to request a quote.

7. How long we keep your data

  • Lead enquiries are retained for up to 36 months from your last contact with us, so we can honour repeat-customer pricing and answer warranty queries. After that, we delete or anonymise the record.
  • Installation and warranty records are retained for the full 10-year warranty period plus three years, after which they are archived in line with Indian tax and limitation-period requirements.
  • Technical request logs (IP, user agent, referrer) are retained for up to 12 months for security and abuse-prevention purposes.
  • Analytics datafollows the provider’s default retention (currently 14 months for Google Analytics 4).

8. How we secure your data

We follow the “reasonable security practices and procedures” required under Section 8 of the DPDP Act and Rule 8 of the IT Rules, 2011:

  • TLS / HTTPS encryption in transit, HSTS enabled site-wide.
  • Database connections over TLS to MongoDB Atlas; production credentials kept in encrypted environment variables, never in source code.
  • Admin access protected by a single-user account with a scrypt-hashed password and short-lived JSON Web Token sessions delivered in an httpOnly cookie.
  • Server-side input validation on every form, with anti-spam honeypot and rate awareness.
  • Security response headers — HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — applied to every response.
  • Principle of least privilege: only the staff and contractors who need a specific lead see it.

Despite these measures, no internet-based service is 100% secure. If we ever become aware of a breach affecting your personal data, we will notify you and the Data Protection Board of India in line with the DPDP Rules, 2025.

9. Your rights under the DPDP Act

As a Data Principal, you have the right to:

  • Access a summary of the personal data we hold about you and the identities of third parties with whom we have shared it.
  • Correct, complete or update any inaccurate personal data.
  • Erase personal data that is no longer necessary for the purpose for which it was collected (subject to retention obligations in Section 7).
  • Withdraw consent at any time, with the same ease with which it was given. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.
  • Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
  • Grievance redressal — raise a complaint with our Grievance Officer (Section 10). If we do not resolve it within 30 days, you may escalate it to the Data Protection Board of India.

To exercise any of these rights, write to us at the address in Section 10. We will verify your identity (typically by confirming the mobile number used in your enquiry) and respond within 30 days.

10. Grievance Officer & contact

In line with Rule 5(9) of the IT Rules, 2011 and Rule 5 of the Consumer Protection (E-Commerce) Rules, 2020, we have designated a Grievance Officer to address questions and complaints about your personal data, the website, or our services.

Grievance Officer

A1 Grills

Ahmedabad, Gujarat 380001, India

We acknowledge complaints within 48 hours and aim to resolve them within 30 days of receipt.

11. Children

Our services are intended for adults arranging work for their own homes. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has submitted personal data through this site, please contact our Grievance Officer and we will delete it.

12. International transfers

The processors listed in Section 5 may store and process data on servers located outside India. Where they do, we rely on their certifications and contractual commitments to apply protections equivalent to those required under Indian law. The Central Government may from time to time restrict transfers of personal data to specified countries under Section 16 of the DPDP Act; we will comply with any such restriction.

13. Changes to this policy

We may update this policy as our service, our processors or the law change. The “Last updated” date at the top of the page always shows the current version. Material changes affecting how we use your existing data will be communicated to you by SMS or email where we have your contact details.

Looking for our service terms instead? Read our Terms of Service →

Call WhatsAppGet Quote