Your Data, Your Rights
Privacy Policy
We collect the minimum information needed to give you an accurate invisible-grill quote and to install it safely. This page explains exactly what we collect, why, who we share it with, and how you can control it — in plain language.
Effective from 17 May 2026 · Last updated 17 May 2026
1. Who we are
This website (a1grills.in) is operated by A1 Grills, a marketplace that connects homeowners with independent, verified invisible-grill installers across Gujarat. We do not manufacture or install ourselves. In this policy, “we”, “us” and “A1 Grills” refer to A1 Grills. “You” refers to the individual whose personal data we process — a Data Principal under India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”).
A1 Grills is the Data Fiduciary for personal data collected through this website and our sales and installation operations.
2. What personal data we collect
We collect only the data needed to quote, contact and install. Specifically:
Data you give us
- Full name — so our team can address you correctly when we call or visit.
- 10-digit Indian mobile number— so we can call you back within working hours and send the on-site surveyor’s details on WhatsApp.
- City — to route the lead to the nearest installation crew and apply correct city-wise pricing.
- Opening type / location (balcony, window, staircase, etc.) — to estimate material requirements.
- Optional message — any additional context you type into the quote form.
- Site-visit address — collected by phone or in person once you accept a survey. We do not request it through this website.
Data we collect automatically
- Technical metadata attached to each quote submission: IP address, browser user-agent, referring page URL, timestamp.
- Marketing attribution: UTM parameters (source, medium, campaign, term, content) read from the URL if you arrived from an ad or external link.
- Analytics: aggregated, non-identifying usage data (pages viewed, device class, approximate region) via Google Analytics 4, Vercel Analytics and Vercel Speed Insights.
We do notknowingly collect bank details, Aadhaar numbers, passwords, biometric data, health data, children’s data, or any of the other “sensitive personal data or information” categories defined under the IT Rules, 2011 through this website.
3. Why we use your data (purposes)
- To match your requirement with up to 2 verified installer partners and let them call or message you with a price estimate.
- To enable your matched installer to prepare a written quotation, raise an installation work order, and honour their 10-year warranty.
- To send service messages tied to your enquiry (visit reminders, ETA updates, invoice and warranty documents).
- To improve the website and our service quality — using aggregated analytics, never to single out an individual.
- To detect spam and abuse (e.g. our hidden honeypot field filters automated bots) and to keep our records auditable.
- To comply with applicable Indian law, including the Consumer Protection Act, 2019 and the DPDP Act, 2023, and to defend legal claims if any arise.
4. Legal basis (DPDP Act, 2023)
When you submit the quote form or message us on WhatsApp, you give us your consent to process the personal data you have entered, for the purposes set out in Section 3. That consent is specific, informed, unambiguous and revocable — you can withdraw it at any time by writing to us (see Section 10).
For data we process to perform a contract you have entered with us (e.g. delivering an installation you have ordered), we rely on the “legitimate use” ground recognised under Section 7 of the DPDP Act. We may also process minimal data to comply with a legal obligation, such as issuing a GST invoice.
7. How long we keep your data
- Lead enquiries are retained for up to 36 months from your last contact with us, so we can honour repeat-customer pricing and answer warranty queries. After that, we delete or anonymise the record.
- Installation and warranty records are retained for the full 10-year warranty period plus three years, after which they are archived in line with Indian tax and limitation-period requirements.
- Technical request logs (IP, user agent, referrer) are retained for up to 12 months for security and abuse-prevention purposes.
- Analytics datafollows the provider’s default retention (currently 14 months for Google Analytics 4).
8. How we secure your data
We follow the “reasonable security practices and procedures” required under Section 8 of the DPDP Act and Rule 8 of the IT Rules, 2011:
- TLS / HTTPS encryption in transit, HSTS enabled site-wide.
- Database connections over TLS to MongoDB Atlas; production credentials kept in encrypted environment variables, never in source code.
- Admin access protected by a single-user account with a scrypt-hashed password and short-lived JSON Web Token sessions delivered in an httpOnly cookie.
- Server-side input validation on every form, with anti-spam honeypot and rate awareness.
- Security response headers — HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — applied to every response.
- Principle of least privilege: only the staff and contractors who need a specific lead see it.
Despite these measures, no internet-based service is 100% secure. If we ever become aware of a breach affecting your personal data, we will notify you and the Data Protection Board of India in line with the DPDP Rules, 2025.
9. Your rights under the DPDP Act
As a Data Principal, you have the right to:
- Access a summary of the personal data we hold about you and the identities of third parties with whom we have shared it.
- Correct, complete or update any inaccurate personal data.
- Erase personal data that is no longer necessary for the purpose for which it was collected (subject to retention obligations in Section 7).
- Withdraw consent at any time, with the same ease with which it was given. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.
- Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
- Grievance redressal — raise a complaint with our Grievance Officer (Section 10). If we do not resolve it within 30 days, you may escalate it to the Data Protection Board of India.
To exercise any of these rights, write to us at the address in Section 10. We will verify your identity (typically by confirming the mobile number used in your enquiry) and respond within 30 days.
10. Grievance Officer & contact
In line with Rule 5(9) of the IT Rules, 2011 and Rule 5 of the Consumer Protection (E-Commerce) Rules, 2020, we have designated a Grievance Officer to address questions and complaints about your personal data, the website, or our services.
Grievance Officer
A1 Grills
Ahmedabad, Gujarat 380001, India
We acknowledge complaints within 48 hours and aim to resolve them within 30 days of receipt.
11. Children
Our services are intended for adults arranging work for their own homes. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has submitted personal data through this site, please contact our Grievance Officer and we will delete it.
12. International transfers
The processors listed in Section 5 may store and process data on servers located outside India. Where they do, we rely on their certifications and contractual commitments to apply protections equivalent to those required under Indian law. The Central Government may from time to time restrict transfers of personal data to specified countries under Section 16 of the DPDP Act; we will comply with any such restriction.
13. Changes to this policy
We may update this policy as our service, our processors or the law change. The “Last updated” date at the top of the page always shows the current version. Material changes affecting how we use your existing data will be communicated to you by SMS or email where we have your contact details.
Looking for our service terms instead? Read our Terms of Service →