Privacy Policy

Effective date: 04 Nov 2025

Who we are: ADMINGLOVES PRIVATE LIMITED ("we", "us"). Website: admingloves.com. Products: SSPR Product.

This policy explains what we collect, why, how we use it, and your choices. It covers our website, customer portal, desktop/agent software, mobile app, and support channels.

1) Data we collect

Account & Identity data: name, company, job title, email, phone, country, passwords (hashed), tenant or license details, and identifiers used to facilitate Single Sign-On (SSO) functionality.

Billing data: billing contact, address, tax IDs (e.g., GSTIN/VAT), partial payment details from our processor. We do not store full card numbers.

Usage, Device & Access data: IP address, browser or OS version, app version, language, event logs (sign-in, errors), crash reports, and device compliance status or trusted IP ranges necessary for evaluating Conditional Access policies.

Authentication telemetry: Contextual data required to support Endpoint MFA (Multi-Factor Authentication) during desktop sessions, and diagnostic connection states for native logon screen or lock screen password resets, including scenarios where endpoints are offline or disconnected from a corporate VPN.

Support data: messages, screenshots, files you send, ticket history.

Directory data (product use only): identifiers needed for authentication or self-service password reset (e.g., username, email, user ID). We do not collect your directory password.

Cookies/SDKs: functional cookies, analytics, and—only if enabled—marketing tags. See Cookies section.

We do not intentionally collect sensitive personal data unless you provide it for a clear purpose (e.g., tax documentation or legal compliance).

2) Why we use your data

  • Provide and secure the service, create accounts, license, and authenticate users across both Hybrid AD and Microsoft 365 Cloud environments.
  • Deliver proactive security communications, such as automated password expiry notifications via email or SMS.
  • Enforce organizational security standards, including fine-grained password policy enforcement directly at the point of reset.
  • Process automated provisioning commands, such as executing custom PowerShell scripting hooks for post-reset workflows.
  • Facilitate password synchronization across integrated directory services and third-party enterprise systems (such as SAP, Oracle, or standalone cloud databases).
  • Process payments, invoicing, and tax compliance.
  • Support, troubleshooting, and continuous product maturity enhancements to ensure stability under heavy enterprise load.
  • Communicate product updates, security notices, and optional marketing (with opt-out).
  • Prevent fraud, abuse, and enforce terms.

Legal bases (EU/UK): contract, legitimate interests, consent, legal obligations.

Lawful grounds (India DPDP/2023): your consent or legitimate uses required to provide the service.

3) Sharing and disclosure

We share data with:

  • Service providers (processors): hosting, email, analytics, crash reporting, payment processing, customer support. Bound by contract and only for our purposes.
  • Security & Compliance partners: If configured by your organization, telemetry may be exported to enterprise SIEM tools (such as Splunk or Microsoft Sentinel) to support advanced auditing and credential-stuffing prevention.
  • Business transfers: merger, acquisition, or asset sale.
  • Legal: to comply with law, enforce terms, or protect rights and safety.

We do not sell your personal data.

4) International transfers

Your data may be processed outside your country. When we transfer data, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA, or equivalent). Hosting region: [cloud + region, e.g., AWS ap-south-1].

5) Security

We apply administrative, technical, and physical safeguards, including encryption in transit, role-based access, and comprehensive enterprise audit logging. No method is 100% secure. Report issues to security@admingloves.com.

6) Retention

  • Account data: life of the account + 24 months.
  • Billing/tax records: 8 years or as required by law.
  • Logs/telemetry: up to 180 days unless needed longer for security, SIEM compliance, or audits.
  • Support tickets: 24 months.

We delete or anonymize when no longer needed.

7) Your rights

Depending on your location, you can request:

  • Access, correction, deletion, portability.
  • Limit or object to certain processing.
  • Withdraw consent for optional features or marketing.
  • California (CPRA): opt out of "sharing" for cross-context advertising.
  • India (DPDP): grievance redressal and consent withdrawal.

To exercise rights, email privacy@admingloves.com with your request and verification details.

8) Enterprise Security, Auditing & Compliance

We employ enterprise-grade administrative, technical, and physical safeguards designed to secure large-scale directory environments. Our architecture is built for high availability and seamless scalability, safely supporting enterprise rollouts with 50,000+ onboarded users.

Our commitment to continuous security and compliance includes:

  • Internal Audits & Platform Integrity: We conduct regular internal security audits, vulnerability assessments, and strict role-based access reviews to ensure the continuous integrity of our infrastructure.
  • Regulatory Alignment (GDPR, ISO, & Health Data): As a data processor, our data handling and encryption practices are designed in accordance with industry-standard security frameworks (such as ISO 27001 principles) and global privacy regulations, including GDPR. We provide the technical controls necessary to support our clients' internal HIPAA or regional compliance obligations.
  • On-Demand Custom Modifications: For enterprise organizations requiring specialized product modifications, bespoke deployment architectures, or tailored telemetry logging, custom data processing parameters will be strictly governed by your dedicated Master Services Agreement (MSA).

While we utilize advanced encryption in transit and at rest, no method of transmission is 100% secure. Please report any security vulnerabilities or architectural inquiries to security@admingloves.com.

9) Cookies and similar tech

We use:

  • Strictly necessary: sign-in, load balancing, security.
  • Analytics: understand usage and improve the product.
  • Marketing (optional): only if you consent.

You can change preferences in our [Cookie Settings] and through your browser controls.

10) Product-specific notes

SSPR/Identity features: we read only the directory attributes needed to perform the requested action. We never store your directory password. Where possible we store hashes or tokens instead of raw identifiers.

Desktop/agent/mobile: may send health and crash data to keep services reliable. You can request telemetry minimization for your tenant.

11) Children

Our services are for business users. We do not knowingly collect data from children. If you believe a child provided data, contact us to delete it.

12) Third-party links

Our site may link to other sites. Their privacy practices apply to their pages and services.

13) Changes to this policy

We may update this policy. We will post the new version with an updated effective date. If changes are material, we will notify you.

14) Contact

ADMINGLOVES PRIVATE LIMITED

H.No. 10-82, INDRAREDDY NAGAR - 2, Janwada, Shankarpally, K.V.Rangareddy- 500075, Telangana

Email: privacy@admingloves.com

Support: admingloves.com/contact

India Grievance Officer (DPDP/IT Rules): grievance@admingloves.com, response within 30 days.