Prozo Mobile Control Tower
Privacy Policy
Prozo Integrated Logistics Private Limited
CIN: U72200HR2014PTC052701
Unit No. 1220, 12th Floor, Enkay Tower, Vanijya Nikunj, Udyog Vihar Phase V, Gurugram, Haryana 122016, India
1. Introduction
Prozo Integrated Logistics Private Limited, operating under the brand name "Prozo" (CIN: U72200HR2014PTC052701), with its registered office at Unit No. 1220, 12th Floor, Enkay Tower, Vanijya Nikunj, Udyog Vihar Phase V, Gurugram, Haryana 122016, India, is the developer and operator of the Prozo Mobile Control Tower application ("App").
This Privacy Policy explains how we collect, use, store, share, and protect information when you use the Prozo Mobile Control Tower Android application. By installing, accessing, or using the App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
This Privacy Policy should be read together with our Terms of Use and the overarching Prozo Privacy Policy available on our website. In the event of any conflict between this App-specific policy and the website privacy policy with regard to data collected through the App, this policy shall prevail.
2. About the Application
Prozo Mobile Control Tower is an operational application used within Prozo's warehousing network across India. The App is tightly integrated with Prozo WMS (Warehouse Management System) and Prozo Control Tower, enabling real-time execution and monitoring of key warehouse processes directly from mobile devices.
The App is used by on-role and off-role warehouse personnel working within Prozo facilities to carry out operational workflows that require real-time data capture, verification, and process completion on the warehouse floor. Through the App, warehouse staff perform critical activities including — but not limited to — picking, packing, dispatch, value-added services, scanning forward and return AWBs (Airway Bills), uploading courier manifest copies, and capturing operational proof points required for shipment processing and reconciliation.
Important: This App is intended solely for authorised personnel operating within Prozo's warehousing network — including on-role Prozo employees and off-role warehouse staff (contractors, temporary workers, and third-party warehouse partner employees) working at Prozo-managed facilities. The App is not directed at the general public, consumers, or children under the age of 18. Access is restricted to authenticated users with valid credentials issued or authorised by Prozo.
3. Information We Collect
We collect and process the following categories of information through the App:
3.1 Information You Provide Directly
| Data Type | Examples | Purpose |
|---|---|---|
| Account & Authentication Data | Employee name, employee ID, email address, mobile number, login credentials | User authentication, access control, and session management |
| Operational Data | AWB numbers (forward & return), courier manifest uploads, shipment scan data, dispatch records, handover proof points, returns processing data | Warehouse operations execution, shipment tracking, and reconciliation |
| Warehouse Assignment Data | Assigned warehouse, role designation, shift information | Role-based access control (RBAC), workflow routing |
3.2 Information Collected Automatically
| Data Type | Examples | Purpose |
|---|---|---|
| Device Information | Device model, operating system version, unique device identifiers (Android ID), screen resolution | App compatibility, debugging, and security |
| App Usage Data | Feature usage patterns, session duration, timestamps of actions, error and crash logs | App performance monitoring, improvement, and troubleshooting |
| Network Information | IP address, network type (Wi-Fi/mobile data), connection status | Connectivity management, security monitoring |
3.3 Camera and Storage Access
The App may request access to:
- Camera: For scanning AWB barcodes/QR codes and capturing operational proof images (e.g., manifest copies, dispatch evidence). Camera data is used solely for operational workflows and is not used for facial recognition or any surveillance purpose.
- Storage/Files: For uploading courier manifest copies, downloading operational documents, and caching data for offline functionality.
These permissions are requested only when functionally necessary and are used exclusively for the stated operational purposes.
3.4 Information We Do Not Collect
The App does not collect:
- Precise or approximate device location (GPS/network-based)
- Contact lists or call logs
- SMS or messaging content
- Microphone or audio data
- Financial information, payment card details, or banking credentials
- Health or fitness data
- Biometric data (fingerprints, facial recognition)
- Background location tracking
- Google Advertising ID (GAID)
3.5 Google Play Data Safety Disclosure
The following table maps data collected by the App to the categories declared in the Google Play Data Safety section. This disclosure is kept consistent with the Data Safety Form submitted to Google Play.
| Category | Data Type | Collected | Essential/Optional | Shared |
|---|---|---|---|---|
| Personal Info | Name, Employee ID, Email, Phone | Yes | Essential | Yes (Warehouse Partners) |
| Photos & Videos | Operational proof images, manifest photos | Yes | Essential | Yes (Prozo backend) |
| App Activity | Feature usage, session logs | Yes | Essential | No |
| App Info & Performance | Crash logs, diagnostics | Yes | Optional | Yes (Firebase) |
| Device or Other IDs | Android ID, device model, OS | Yes | Essential | Yes (Firebase) |
| Location | — | No | — | No |
| Contacts | — | No | — | No |
| Financial Info | — | No | — | No |
| Health & Fitness | — | No | — | No |
| Messages | — | No | — | No |
| Audio | — | No | — | No |
Data collected through the App is not sold to any third party. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Users may request deletion of their account and associated data as described in Section 10.
3.6 Offline Data Handling
The App may cache operational data (AWB scan records, manifest images, pending uploads) on the device to support offline functionality in warehouse environments with intermittent connectivity. Cached data is encrypted using AES-256 on-device encryption, is automatically synchronised with Prozo's servers when connectivity is restored, and is purged from the device upon successful sync or user logout. If a device is lost while containing cached data, the data remains inaccessible without the user's authenticated session credentials.
4. How We Use Your Information
We use the information collected through the App for the following purposes:
- Operational Execution: Facilitating picking, packing, dispatch, value-added services, AWB scanning, returns processing, courier handover recording, manifest management, and other warehouse-floor workflows — and synchronising these actions with Prozo's central systems (ProWMS and Control Tower).
- Authentication & Access Control: Verifying user identity, managing role-based access, enforcing warehouse-specific permissions, and maintaining session security.
- Operational Visibility & Reporting: Providing real-time operational dashboards, tracking throughput and process compliance, generating audit trails for shipment reconciliation.
- App Performance & Reliability: Monitoring app stability, diagnosing crashes and errors, optimising load times, and improving user experience.
- Security & Fraud Prevention: Detecting unauthorised access attempts, preventing data manipulation, and maintaining the integrity of operational records.
- Compliance & Legal Obligations: Fulfilling record-keeping requirements under applicable Indian laws, including the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (DPDP Act), and applicable goods and services tax regulations.
We do not use your data for advertising, marketing, profiling, or any purpose unrelated to Prozo's warehouse operations and the legitimate functioning of the App.
4.1 Automated Processing
The App may employ rule-based logic to flag operational anomalies (e.g., unusually high scan volumes, duplicate AWB submissions, or upload format errors) for manual review by warehouse supervisors. Such flagging is based on predefined operational rules, not on personal profiling. No automated decisions affecting your employment, compensation, or disciplinary status are made by the App. If you believe an automated flag has been raised in error, you may raise the matter with your warehouse operations manager or the Grievance Officer (Section 15).
5. Legal Bases for Processing
We process your personal data under the following legal bases as recognised under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws:
- Contractual Necessity: Processing necessary for the performance of your employment or service contract with Prozo or its warehouse operating partners.
- Consent: Where explicitly required, your consent is obtained at the time of account creation and App onboarding. You may withdraw consent as described in Section 10 below.
- Legitimate Interest: Processing necessary for the legitimate interests of Prozo's supply chain operations, including operational integrity, security, and compliance, where such processing does not override your fundamental rights. Specifically: crash and error monitoring is justified because operational stability benefits both Prozo and users, and does not involve reading personal messages or tracking location; device information collection is justified for security and compatibility purposes and is limited to non-sensitive technical identifiers.
- Legal Obligation: Processing required to comply with applicable laws, regulations, court orders, or governmental directives.
6. Data Sharing and Disclosure
We may share your information with the following categories of recipients, strictly on a need-to-know basis and for the purposes outlined in this policy:
| Recipient Category | Purpose |
|---|---|
| Prozo Group Entities | Internal operational coordination, centralised reporting, and compliance across Prozo's warehousing network |
| Warehouse Operating Partners | Operational workflow execution, manpower management, and performance tracking at specific warehouse facilities |
| Courier and Logistics Partners | Shipment handover verification, AWB reconciliation, manifest validation, and delivery tracking |
| Cloud Infrastructure Providers | Data hosting and processing on Amazon Web Services (AWS) infrastructure, with servers located in India (Mumbai region) |
| Client Brands (as applicable) | Operational data related to their inventory and shipments, as governed by client service agreements |
| Government and Regulatory Authorities | When required by law, regulation, legal process, or enforceable governmental request |
| Professional Advisors | Legal counsel, auditors, and compliance consultants engaged by Prozo, subject to confidentiality obligations |
We do not sell, rent, trade, or otherwise commercially transfer your personal data to any third party.
All third-party recipients are bound by contractual obligations to maintain the confidentiality and security of your data and to use it only for the specified purposes.
6.1 Data Fiduciary and Responsibility
Prozo Integrated Logistics Private Limited (Prozo) is the Data Fiduciary under the DPDP Act, 2023 for all personal data collected through the App, including data of on-role Prozo employees and off-role warehouse personnel (contractors, temporary staff, and third-party warehouse partner employees). Where warehouse operating partners independently collect personal data outside of this App, they act as separate Data Fiduciaries for that data. For data collected through this App, Prozo is solely responsible for privacy compliance, and all grievance redressal requests should be directed to Prozo's Grievance Officer (Section 15).
6.2 Client Brand Data Sharing Scope
Data shared with client brands is limited to aggregated operational metrics: AWB counts, dispatch throughput, SLA compliance rates, and returns processing volumes. Employee personal data (names, IDs, contact details, device information) is not shared with client brands unless explicitly consented to by the employee or required under a specific client service agreement that incorporates privacy obligations equivalent to this policy.
7. Data Storage and Retention
7.1 Storage Location
All data collected through the App is stored on secure servers hosted on Amazon Web Services (AWS) infrastructure located in India (ap-south-1, Mumbai region). Data is processed within India and is not transferred outside India except as described in Section 8.
7.2 Retention Periods
| Data Category | Retention Period | Basis |
|---|---|---|
| Shipment and operational records (AWB scans, dispatch data, manifest uploads) | 8 years from date of creation | Tax and regulatory compliance (GST, IT Act) |
| Employee account and authentication data | Duration of employment/engagement + 1 year | Contractual and legal obligations |
| App usage logs and crash reports | 2 years | Performance monitoring and debugging |
| Device and network information | 1 year | Security and troubleshooting |
Upon expiry of the applicable retention period, data is securely deleted or anonymised in accordance with Prozo's data lifecycle management procedures.
8. Cross-Border Data Transfers
Your data is stored and processed on AWS infrastructure located exclusively in India (ap-south-1, Mumbai region). Prozo does not transfer your personal data outside India for routine processing. In limited and exceptional circumstances — such as disaster-recovery backups or integration with international courier partner systems — data may be replicated to or accessed from jurisdictions outside India. Any such transfer is conducted in strict compliance with the DPDP Act, 2023, is limited to jurisdictions not restricted by the Central Government of India, and is protected by contractual data protection clauses ensuring equivalent safeguards.
You will be notified of any material change to data storage locations through a policy update (Section 14).
9. Data Security
We implement industry-standard technical and organisational security measures to protect your data, including:
- Encryption: AES-256 encryption for data at rest; TLS 1.2+ encryption for all data in transit between the App and Prozo's servers.
- Access Controls: Role-based access control (RBAC) ensuring that users can only access data and functions relevant to their warehouse role and assignment.
- Authentication: Secure login mechanisms with session management and automatic timeout for inactive sessions.
- Infrastructure Security: AWS-managed security services including network firewalls, DDoS protection, and intrusion detection. SOC 2 Type II compliant hosting environment.
- Monitoring: Continuous monitoring via AWS CloudWatch, Grafana dashboards, and real-time alerting for anomalous activity.
- Incident Response: Documented incident response procedures with defined escalation paths and resolution timelines.
While we take all reasonable measures to safeguard your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any data breach in accordance with applicable law.
10. Your Rights as a Data Principal
Under the Digital Personal Data Protection Act, 2023, and other applicable Indian laws, you have the following rights in relation to your personal data:
- Right to Access (Section 11, DPDP Act): You have the right to obtain confirmation of whether your personal data is being processed and to access a summary of such data and the processing activities.
- Right to Correction and Erasure (Section 12, DPDP Act): You may request the correction of inaccurate or misleading personal data, the completion of incomplete data, and the erasure of personal data that is no longer necessary for the purpose for which it was collected.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
- Right to Grievance Redressal (Section 13, DPDP Act): You have the right to lodge a grievance with our Grievance Officer (details in Section 15) and, if dissatisfied with the resolution, to escalate to the Data Protection Board of India.
- Right to Nominate (Section 14, DPDP Act): You may nominate another individual to exercise your data principal rights in the event of your death or incapacity.
10.1 Account Deletion
You may request deletion of your Prozo Mobile Control Tower account and associated personal data by:
- Contacting your warehouse operations manager or Prozo HR representative;
- Sending an email to privacy@prozo.com with the subject line "Account Deletion Request — Mobile Control Tower";
- Using the account deletion option within the App (Settings > Account > Request Account Deletion), if available.
Upon receiving a valid deletion request, we will delete your account and personal data within 30 days, except for data that we are legally required or have a legitimate interest to retain (such as operational shipment records required for tax compliance). Data retained beyond account deletion will be limited to the minimum necessary and will be securely deleted upon expiry of the applicable retention period.
You will receive an email confirmation once your account and associated personal data have been deleted. If you do not receive confirmation within 30 days, you may escalate the matter to the Grievance Officer at privacy@prozo.com with the subject line "Deletion Escalation — Mobile Control Tower". If the Grievance Officer does not resolve within a further 15 days, you may escalate directly to the Data Protection Board of India.
10.2 How to Exercise Your Rights
To exercise any of your rights under Section 10, submit a request via email to privacy@prozo.com with the subject line "Data Rights Request — Mobile Control Tower" and include your employee name, employee ID, and the specific right you wish to exercise. Prozo will respond within 15 days of receiving a valid request. Access requests will be fulfilled in a machine-readable format (CSV or Excel). Correction requests will be verified against operational records and updated within 15 days. If your request is denied, you will receive a written explanation with the reasons for denial and instructions to escalate to the Grievance Officer or the Data Protection Board of India.
10.3 Consent Withdrawal and Workplace Use
Operational data processing (AWB scanning, manifest uploads, dispatch recording) is essential to the performance of your warehouse role and is processed on the basis of contractual necessity. Consent for optional processing — such as crash reporting and app diagnostics — may be withdrawn at any time via the App settings (Settings > Privacy > Data Preferences) or by contacting privacy@prozo.com. Withdrawal of optional consents will not affect your employment status or your ability to perform core operational functions through the App.
11. Children's Privacy
The Prozo Mobile Control Tower is a workplace application intended exclusively for authorised warehouse personnel who are 18 years of age or older. The App is not directed at children, does not contain any child-directed content or features, and does not engage in any youth-targeted marketing or advertising.
Access to the App is restricted through mandatory authentication — only users with valid credentials issued or authorised by Prozo (including credentials provisioned for off-role warehouse staff working at Prozo-managed facilities) can access the App. This authentication mechanism serves as age verification, as Prozo's employment and engagement processes, as well as those of its warehouse operating partners, require all personnel to be 18 years of age or older.
The App does not knowingly collect personal data from children under the age of 18. If we become aware that a person under 18 has gained access to the App, the account will be immediately deactivated and all associated personal data will be deleted within 48 hours. If you believe that a minor's data has been collected through the App, please contact us immediately at privacy@prozo.com.
12. Third-Party Services and SDKs
The App may integrate with third-party services and software development kits (SDKs) for specific functionality. These may include:
- Firebase Crashlytics (Google): For crash reporting and app stability monitoring. Firebase Crashlytics collects: device model, operating system version, crash stack traces, error logs, and a Firebase installation ID. It does not collect: Google Advertising ID (GAID), precise location, contact lists, financial data, or any content from operational scans or uploads. Crash data is retained by Firebase for 90 days before automatic deletion.
- AWS SDKs (Amazon): For secure API communication with Prozo's cloud infrastructure. AWS SDKs facilitate data transmission only and do not independently collect or store personal data beyond what Prozo explicitly sends to its own servers.
We ensure that all third-party SDKs integrated into the App comply with Google Play Developer Program policies. Data collection by these SDKs is disclosed in the Google Play Data Safety section for the App (see Section 3.5). Prozo is responsible for the data practices of all SDKs embedded within the App and has reviewed their privacy practices to ensure alignment with this policy. We do not use any advertising SDKs, analytics SDKs for behavioural profiling, or social media SDKs in this App.
The App may contain links to Prozo's web-based systems (e.g., Control Tower at ct.prozo.com). These web platforms are governed by the Prozo Website Privacy Policy.
13. Data Breach Notification
In the event of a personal data breach, Prozo will:
- Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, as required under the DPDP Act.
- Notify affected data principals (users) within 48 hours of breach confirmation, providing details of the nature of the breach, the categories of data affected, the potential impact, and the remedial actions taken or planned.
- Complete a root cause analysis and remediation plan within 30 days of the breach.
- Maintain a documented incident register recording all data breaches, their root causes, corrective measures, and outcomes.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, the App's functionality, or applicable legal requirements. When we make material changes:
- The "Last Updated" date at the top of this policy will be revised.
- A notification will be provided within the App or via your registered email address.
- Continued use of the App after the effective date of any changes constitutes your acceptance of the updated policy.
We encourage you to review this policy periodically.
15. Grievance Officer and Contact Information
In accordance with the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, the details of our Grievance Officer are as follows:
| Grievance Officer | Vaibhav Dhawan |
| privacy@prozo.com | |
| Address | Prozo Integrated Logistics Private Limited, Unit No. 1220, 12th Floor, Enkay Tower, Vanijya Nikunj, Udyog Vihar Phase V, Gurugram, Haryana 122016, India |
| Response Timeline | Acknowledgment within 48 hours; resolution within 30 days |
If the Grievance Officer does not resolve your complaint within 30 days without providing a written justification for the delay, you may escalate your complaint directly to the Data Protection Board of India as established under the DPDP Act, 2023, without further waiting.
16. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts in Gurugram, Haryana, India.
17. Consent
By downloading, installing, and using the Prozo Mobile Control Tower application, you consent to the collection, use, storage, and sharing of your information as described in this Privacy Policy. If you do not agree with this policy, please do not install or use the App.
For workplace-mandated use of the App, your consent is obtained as part of your employment or engagement onboarding process with Prozo or its warehouse operating partners.
18. Version History
| Version | Date | Summary of Changes |
|---|---|---|
| 1.0 | 15 March 2026 | Initial publication for Google Play Store launch of Prozo Mobile Control Tower. |
© 2026 Prozo Integrated Logistics Private Limited (Prozo). All rights reserved.