1 Who We Are
Whiz Cloud Pvt Ltd ("we", "us", "our") is the developer and operator of InspectPro, a multi-tenant, cloud-based inspection management platform available as a web application and a mobile application for iOS and Android devices.
Our registered address and principal place of business is in New Delhi, India. We serve business customers ("Organisations") globally, including in India, the United Kingdom, the European Union, the United States, and other jurisdictions.
We are committed to protecting the personal data of individuals who use our platform on behalf of the Organisations that have contracted with us.
2 Scope of This Policy
This Privacy Policy applies to all personal data processed through:
- The InspectPro Web Application (Admin Portal)
- The InspectPro Mobile Application (available on iOS App Store and Google Play Store)
- All associated backend services, APIs, and infrastructure operated by Whiz Cloud Pvt Ltd
Who this policy covers: InspectPro is a business-to-business (B2B) platform. End users are individuals — such as organisation administrators, sub-administrators, and field consultants (inspectors) — who access the platform on behalf of a contracted Organisation. This policy governs our processing of your personal data in that context.
Data Processor vs Data Controller: In most cases, the Organisation that has contracted with us is the Data Controller for inspection records, form data, and reports generated within their account. Whiz Cloud Pvt Ltd acts as a Data Processor for that content. However, we are the Data Controller for account credentials, usage analytics, and platform-level data we collect to operate the service.
3 Information We Collect
3.1 Account & Identity Data
| Data Type | Examples | Who Provides It |
|---|---|---|
| Name | First name, last name | User or organisation admin |
| Email address | Work email used for login | User or organisation admin |
| Profile image | Photo uploaded by user | User (optional) |
| Role & permissions | Admin, Sub-Admin, Consultant | Organisation admin |
| Password (hashed) | Stored as bcrypt hash — never in plaintext | User |
| Login timestamps | Date and time of last login | Automatically collected |
3.2 Device & Session Data
| Data Type | Purpose |
|---|---|
| Device identifier (Device ID) | Session management and security |
| Firebase Cloud Messaging (FCM) token | Delivering push notifications to the mobile app |
| IP address | Audit logging and fraud prevention |
| Browser / OS type | Compatibility and support |
| Session activity logs | Security and session revocation |
3.3 Inspection & Operational Data
This category covers data created during the use of InspectPro's core inspection workflow. The Organisation is the Data Controller for this data.
| Data Type | Examples |
|---|---|
| Inspection form data | Field values entered by consultants during inspections (text, numbers, dates, selections) |
| Photos & images | Photos captured on-site during field inspections, uploaded to secure cloud storage |
| Signatures | Digital signatures captured on the mobile device |
| GPS / location data | GPS coordinates captured at inspection check-in or as part of specific form fields |
| Audio recordings | Audio captured as part of inspection form fields (where configured) |
| Barcode / QR data | Asset identifiers scanned during inspections |
| Order & assignment data | Work orders, inspection assignments, client site records |
3.4 Usage & Audit Data
- Audit logs of all create, update, and delete actions within the platform
- Sync event records (when mobile data was synchronised with the server)
- Conflict logs (where offline data conflicts were detected and resolved)
- AI job records (image analysis requests and outcomes — see Section 12)
3.5 Data We Do NOT Collect
- Payment or billing data — InspectPro does not process or store payment card or banking details
- Biometric data on our servers — Biometric authentication (fingerprint / Face ID) is processed locally on the user's device by the operating system and is never transmitted to our servers
- Personal data of minors — The platform is not directed at individuals under the age of 18
4 How We Use Your Information
| Purpose | Data Used |
|---|---|
| Providing and operating the platform | Account data, session data, inspection data |
| Authentication and access control | Email, password hash, device ID, session tokens |
| Delivering push notifications | FCM token, notification content |
| Enabling offline-to-online data synchronisation | Inspection data, sync event records |
| Generating PDF inspection reports | Inspection form data, photos, signatures, client details |
| AI-assisted inspection analysis | Inspection photos (sent to Google Gemini API — see Section 12) |
| Security, fraud prevention, and audit compliance | IP address, audit logs, session activity |
| Technical support and troubleshooting | Usage logs, error data |
| Platform improvement and analytics | Aggregated, anonymised usage data |
| Legal obligations and dispute resolution | Any data necessary to meet legal requirements |
5 Legal Basis for Processing (GDPR)
GDPR Applicable
For users in the European Economic Area (EEA) or the United Kingdom, we process personal data on the following legal bases under the General Data Protection Regulation (GDPR) and UK GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Providing platform services under contract | Article 6(1)(b) — Performance of a contract |
| Security, audit logging, fraud prevention | Article 6(1)(f) — Legitimate interests |
| Push notifications (with user permission) | Article 6(1)(a) — Consent |
| GPS location capture during inspections | Article 6(1)(b) — Performance of a contract / Article 6(1)(a) — Consent |
| Compliance with legal obligations | Article 6(1)(c) — Legal obligation |
For Indian users, our processing is governed by the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
6 Sharing of Information
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
6.1 Within Your Organisation
Data entered by field consultants is visible to organisation administrators and authorised sub-administrators within the same tenant account. This is a core function of the platform.
6.2 With Service Providers
We engage the following categories of sub-processors to operate the platform. All are bound by data processing agreements and appropriate safeguards:
- Cloud infrastructure: Amazon Web Services (AWS) — for hosting, storage (S3), and compute
- Push notifications: Google Firebase Cloud Messaging (FCM)
- AI analysis: Google Gemini API — for inspection image analysis (see Section 12)
- Email delivery: SMTP-based email provider — for transactional emails (OTP, reports, notifications)
6.3 Legal Requirements
We may disclose personal data if required by law, court order, regulatory authority, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred to the successor entity, subject to the same privacy commitments in this policy.
7 Third-Party Services & Integrations
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Cloud Storage | Amazon Web Services (S3) | Store inspection media and PDF reports | Photos, signatures, generated PDFs |
| Push Notifications | Google Firebase (FCM) | Deliver mobile push alerts | Device token, notification payload |
| AI Image Analysis | Google Gemini API | Analyse inspection photos for defect detection | Inspection images (user-initiated only) |
| SMTP provider | OTP, report delivery, system alerts | Email address, email content |
Each third-party service is governed by its own privacy policy. We encourage you to review them. We do not control the data practices of these providers beyond our contractual agreements with them.
8 International Data Transfers
Whiz Cloud Pvt Ltd is based in India. Data may be transferred to and processed in countries outside your country of residence, including:
- United States — AWS infrastructure, Google services (Firebase, Gemini)
- India — Our primary infrastructure and operations
- Other regions — AWS global regions selected for performance and availability
GDPR For transfers from the EEA or UK, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- UK International Data Transfer Agreements (IDTAs) for UK transfers
India Transfers are conducted in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA) as applicable.
9 Data Retention
We retain personal data for as long as necessary to provide the service and meet our legal obligations:
| Data Category | Retention Period |
|---|---|
| Account and user profile data | For the duration of the Organisation's active account, plus 1 year after account termination |
| Inspection records, form data, photos | For the duration of the Organisation's active account, plus 1 year after account termination |
| Audit logs and security logs | As required by applicable law, minimum 1 year |
| Backup data | Up to 90 days after the standard retention period |
| Anonymised / aggregated analytics | Indefinitely (no longer identifiable) |
Upon expiry of the retention period, data is securely deleted or anonymised. Organisations may request earlier deletion of their data in accordance with Section 13.
10 Security
We implement industry-standard technical and organisational measures to protect your data, including:
- Encryption in transit: All data transmitted between the app, web portal, and our servers uses TLS 1.2 or higher
- Encryption at rest: Tenant database credentials are encrypted using AES-256-GCM; media files are encrypted at rest on AWS S3
- Password security: Passwords are hashed using bcrypt with application-level salting — never stored in plaintext
- Tenant isolation: Each Organisation's data is stored in a dedicated, isolated database with row-level security policies
- Access control: Role-based access control (RBAC) limits access to data based on user roles and module-level permissions
- Session management: Active session revocation on password change, permission update, or forced logout
- Audit trail: All data mutations are logged with user identity, timestamp, and IP address
- Mobile token security: Authentication tokens on mobile devices are stored in the device's secure keychain (iOS) or EncryptedSharedPreferences (Android)
While we take every reasonable precaution, no system is entirely immune to security risks. If you believe your account has been compromised, contact us immediately at info@whiz-cloud.com.
11 Mobile Application — Special Permissions
The InspectPro mobile application requests the following device permissions. All permissions are used solely to enable the inspection workflow and are not used for advertising or any purpose unrelated to the service.
| Permission | Why It Is Required | When Requested |
|---|---|---|
| Camera | Capturing inspection photos and scanning barcodes/QR codes as part of form fields | When a photo or barcode field is accessed |
| Photo Library / Media Access | Selecting existing photos from the device gallery for inspection fields | When a photo field is accessed |
| Location (GPS) | Recording GPS coordinates at check-in or for location-based inspection fields | When a GPS field is accessed or check-in is triggered |
| Microphone | Recording audio notes as part of inspection form fields where configured | When an audio field is accessed |
| Push Notifications | Receiving assignment alerts, inspection updates, and overdue reminders | On first launch (user can decline) |
| Biometrics (Face ID / Fingerprint) | Unlocking the app after a period of inactivity without re-entering credentials. Processed entirely on-device — biometric data is never transmitted to our servers. | If user enables biometric unlock in settings |
| Network Access | Synchronising inspection data with the server when connectivity is available | Automatically, in the background |
| Local Storage | Storing inspection data offline in a local encrypted database (SQLite) to enable offline inspection completion | On installation |
You may revoke any permission at any time through your device settings. Revoking certain permissions (such as camera or storage) will limit the functionality available to you within the app.
12 AI-Assisted Features
InspectPro includes an optional AI-powered image analysis feature that uses the Google Gemini API to analyse inspection photographs and suggest potential defect types, severity, and descriptions.
How it works: When a field consultant or administrator activates AI analysis for a specific inspection image, that image is transmitted to Google's Gemini API for processing. The result (suggested defect classification) is returned and stored within the inspection record.
User control: AI analysis is never automatic. It is initiated explicitly by the user on a field-by-field basis. Consultants may accept, edit, or reject any AI suggestion.
Audit trail: Every AI action (accepted / rejected / edited) is recorded in an audit log against the user's identity.
Google's data use: Images submitted to the Gemini API are processed in accordance with Google's Privacy Policy and their API usage terms. We do not permit Google to use your inspection images to train its models under our current API agreement.
13 Your Rights
13.1 Rights Under GDPR (EEA & UK Users)
GDPR UK GDPR
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time
- Right to Lodge a Complaint: With your local data protection authority (e.g. the ICO in the UK, or your national supervisory authority in the EEA)
13.2 Rights Under Indian Law (Indian Users)
India — DPDPA 2023
- Right to access a summary of personal data processed
- Right to correction and erasure of personal data
- Right to grievance redressal
- Right to nominate another individual to exercise rights on your behalf
13.3 How to Exercise Your Rights
To exercise any of the above rights, contact us at info@whiz-cloud.com with the subject line "Privacy Rights Request". We will respond within 30 days of receiving your request. We may need to verify your identity before processing the request.
Please note that for data within your Organisation's account, requests to delete inspection records or reassign permissions must be made through your Organisation's designated account administrator, as they are the Data Controller for that content.
14 Children's Privacy
InspectPro is a professional B2B platform intended exclusively for use by individuals who are at least 18 years of age and are employed or contracted by an Organisation that has a valid account with us. We do not knowingly collect personal data from anyone under the age of 18.
If you believe that a minor has provided us with personal data, please contact us immediately at info@whiz-cloud.com and we will take steps to delete that data.
15 Cookies & Tracking
15.1 Web Application
The InspectPro web portal uses the following types of cookies and local storage:
- Strictly necessary: Authentication session tokens required to keep you logged in. These cannot be disabled.
- Functional: Preferences such as active organisation context, theme settings, and UI state.
We do not use advertising cookies, cross-site tracking, or third-party analytics cookies on the InspectPro platform.
15.2 Mobile Application
The mobile application does not use cookies. It stores authentication tokens and offline data locally on the device using the device's secure storage mechanisms (iOS Keychain / Android Keystore and local SQLite database). No cross-app tracking is performed.
16 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify active Organisation accounts by email
- Display an in-app notification for mobile users where required by applicable law
Your continued use of InspectPro after any changes to this policy constitutes your acceptance of the updated terms. If you do not agree with a material change, you should discontinue use and contact your Organisation administrator.
17 Contact Us
For any privacy-related questions, data rights requests, or concerns about how we handle your personal data, please contact:
Whiz Cloud Pvt Ltd
Privacy & Data Protection
New Delhi, India
Email: info@whiz-cloud.com
Subject line: "Privacy Policy Enquiry"
Response time: We aim to respond to all privacy enquiries within 30 calendar days.
If you are located in the European Economic Area and believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with the supervisory authority in your country of residence.
InspectPro is a product of Whiz Cloud Pvt Ltd, New Delhi, India.
Website: whiz-cloud.com · Email: info@whiz-cloud.com
See also: Terms & Conditions
© 2026 Whiz Cloud Pvt Ltd. All rights reserved.