Privacy Policy

BNG Infotech Private Limited ("BNG Infotech," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our websites, use our products, or interact with our services. This Privacy Policy explains what personal information we collect, how we use it, how we share it, and what rights you have regarding your data. This policy applies to all BNG Infotech websites, products (eFacto®, LOZICS®, eFacto® ONE), and services.

We collect information in the following ways: Information you provide directly: • Contact details (name, email address, phone number, company name) • Account registration information • Business data entered into our ERP platforms • Communication records (support tickets, emails, chat messages) • Payment and billing information Information collected automatically: • Device information (browser type, operating system, device type) • Usage data (pages visited, features used, session duration) • IP address and approximate location • Cookies and similar tracking technologies (see our Cookie Policy) Information from third parties: • Business information from publicly available sources • Referral information from partners or existing clients

We use the information we collect for the following purposes: • Providing and maintaining our software services • Processing transactions and managing your account • Delivering technical support and customer service • Sending important notices about your account or service changes • Improving and developing our products and features • Analysing usage patterns to enhance user experience • Complying with legal obligations and regulatory requirements • Protecting our rights and preventing fraud or abuse • Communicating product updates, new features, and relevant offers (with your consent)

We do not sell your personal information. We may share your data only in the following circumstances: Service providers: With trusted third-party vendors who help us operate our business (cloud hosting, payment processing, analytics), bound by strict confidentiality agreements. Legal requirements: When required by law, court order, or governmental regulation, or to protect the rights, property, or safety of BNG Infotech, our users, or the public. Business transfers: In connection with a merger, acquisition, or sale of assets, where your data may be transferred to the successor entity. With your consent: When you explicitly authorise us to share your information with a specific third party.

Your data is stored on secure, enterprise-grade cloud infrastructure hosted in India. We implement industry-standard security measures including: • Encryption of data in transit (TLS 1.2+) and at rest (AES-256) • Regular security audits and vulnerability assessments • Role-based access controls and multi-factor authentication • Automated backups and disaster recovery procedures • ISO 9001:2015 certified quality management processes While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your personal information for as long as necessary to: • Provide our services and maintain your account • Comply with legal, accounting, or regulatory obligations • Resolve disputes and enforce our agreements When data is no longer needed, we securely delete or anonymise it. Business data in our ERP platforms is retained for the duration of your subscription plus 90 days after termination to allow for data export.

Depending on your jurisdiction, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you • Correction: Request correction of inaccurate or incomplete data • Deletion: Request deletion of your personal data (subject to legal retention requirements) • Portability: Request your data in a structured, machine-readable format • Objection: Object to processing of your data for specific purposes • Restriction: Request restriction of processing in certain circumstances • Withdrawal of consent: Withdraw consent for processing where consent was the legal basis To exercise any of these rights, please contact us at privacy@bng.co.in. We will respond to your request within 30 days.

Our services are designed for businesses and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

Our primary data storage and processing occurs within India. If your data needs to be transferred outside India for any reason (such as using global cloud services), we ensure appropriate safeguards are in place, including contractual protections consistent with applicable data protection laws.

Our websites and products may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services you interact with.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through our website or via email at least 30 days before they take effect. The "Last updated" date at the top of this policy indicates when it was most recently revised.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: Data Protection Officer BNG Infotech Private Limited 114, Sultanpur Colony, Mehrauli-Gurgaon Road New Delhi — 110030, India Email: privacy@bng.co.in Phone: (+91) 81006 41006