Purpose of the Document
This document aims to provide a comprehensive overview of three mobile applications, detailing their purpose, target users, core functionalities, Privacy Policy, Terms of use and Security Policy. It serves as a reference for stakeholders to understand the applications' roles within the ecosystem and their interactions.
Revision History
| Version | Date | Change | Status | Prepared By | Reviewed By |
|---|---|---|---|---|---|
| 1.0 | 11-Feb-2025 | Initial Copy | Final | Anushka | Abhishek Shrivastava |
1. OVERVIEW OF THE THREE MOBILE APPLICATIONS
1.1 Cane Development App
The Cane Development App is designed for Field Distribution Supervisors (FDS) to facilitate interactions with growers, manage planting and seed distribution, and provide agricultural inputs. The app helps streamline data collection, monitoring, and support for growers while enabling efficient decision-making at different managerial levels.
Target Users: Field Distribution Supervisors (FDS)
Core Functionality:
- Field supervisors visit villages and interact with growers.
- Collect details related to planting, indenting, and seed distribution.
- Provide agricultural inputs to growers.
User Roles & Access:
- Field Distribution Supervisor (FDS) – Operates in the field, collects data, and assists growers.
- Zonal Manager – Monitors multiple FDSs and ensures smooth operations in the assigned zone.
- Block Manager – Supervises FDS activities at the block level.
- Mill Admin – Creates logins and manages user access.
1.2 Grower App
Target Users: Farmers (Growers)
Core Functionality:
- Store and manage farmer-related details, including plot information.
- Provide growers with contact details of their respective FDS.
- Track agricultural inputs received by farmers.
- Manage loans and financial details.
- Allow growers to request agricultural services from the Agricultural Technical Service Provider (ATSP) and track the status of requested services.
User Roles & Access:
- Mill Admin – Creates logins and manages user access.
1.3 ATSP App
Target Users: Agricultural Technical Service Providers
Core Functionality:
- Enable and manage agricultural services for growers.
- Display queries raised by growers.
- Facilitate resolution of grower queries.
User Roles & Access:
- Mill Admin – Creates logins and manages user access.
2. PRIVACY POLICY
2.1 Information We Collect
We collect different types of information from users based on their role in the ecosystem.
2.1.1 Personal Information
- Growers: Name, phone number, plot location.
- ATSP Users: Name, phone number, professional details, location details.
- FDS Users: Name, phone number, email, and role in field development.
2.1.2 Service Data
- Grower Requests: Queries submitted for agricultural assistance.
- ATSP Responses: Solutions provided to growers for their requests.
- Cane Development Records: Information entered by FDS, such as planting schedules, indenting schedules, and seed distribution details.
2.1.3 Device & Technical Information
- Device type, operating system, app version, and IP address.
- Location data (if enabled for tracking service coverage).
2.1.4 App Interaction Data
- Logs of grower requests, service responses, and field data updates.
- Status updates on completed services.
2.2 Purpose of Data Collection
We collect and use data to ensure efficient service coordination across all three applications:
2.2.1 Grower Cane App Usage
- Allows growers to request and track services.
- Displays responses from ATSP regarding their queries.
- Shows updates from the Cane Development App, such as planting and seed distribution.
2.2.2 ATSP Cane App Usage
- Enables ATSP professionals to receive and respond to grower requests.
- Logs service completion updates that are reflected in the Grower App.
2.2.3 Cane Development App Usage
- Allows FDS to record planting schedules and seed distribution.
- Updates are automatically shared with growers through their app.
2.2.4 General Purposes
- Communication: Sending notifications and updates regarding services.
- Service Improvement: Analyzing data to enhance agricultural support.
- Compliance: Ensuring adherence to industry regulations.
2.3 Data Sharing Across Apps
Since these three applications are integrated, data flows between them as follows:
- Grower Requests & Service Tracking → Visible to both ATSP and Cane Development App users.
- ATSP Responses & Service Updates → Reflected in the Grower App.
- Planting, Indenting, & Seed Distribution Records (Entered by FDS) → Visible in the Grower App.
We do not share user data with external third parties unless required for legal compliance or service improvement.
2.4 Updates to This Privacy Policy
We may revise this Privacy Policy periodically to reflect changes in our services or legal requirements.
3. SECURITY POLICY FOR MOBILE APPLICATIONS
This Security Policy outlines the measures implemented to safeguard the three mobile applications. It defines authentication mechanisms, encryption standards, secure data storage policies, access control mechanisms, and incident response plans to protect sensitive data and user privacy.
3.1 Authentication Mechanisms
- Username/Password: Users must create a strong password adhering to complexity requirements.
- One-Time Password (OTP): OTP verification is required for critical actions such as login, password reset, and Agricultural transactions.
3.2 Encryption Standards
- Data at Rest: All sensitive data stored in databases and local storage is encrypted using AES-256 encryption.
- Data in Transit: Secure communication channels are ensured using TLS 1.3 encryption to prevent data interception and MITM attacks.
3.3 Secure Data Storage Policies
- Minimal Data Storage: Only essential user information is stored, with Personally Identifiable Information (PII) being encrypted.
- Hashed Passwords: Passwords are stored using bcrypt hashing with a unique salt.
- Regular Data Backup: Automated encrypted backups are performed to prevent data loss.
- Secure API Communication: All API interactions are protected through OAuth 2.0 and JWT-based authentication.
3.4 Protection Against Unauthorized Access
- Firewall Protection: Web Application Firewalls (WAFs) and network firewalls are deployed to block unauthorized traffic.
- Role-Based Access Control (RBAC): Access to application features is restricted based on user roles to ensure the principle of least privilege.
- Multi-Factor Authentication (MFA): High-privilege users are required to use MFA for additional security.
- Session Management: Automatic logout after a period of inactivity and token expiration policies are enforced.
3.5 Incident Response Plan
- Continuous monitoring for security threats using Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM).
- Alerts and anomaly detection reports are reviewed regularly.
- Immediate isolation of compromised accounts or services.
- Temporary access revocation to prevent further damage.
- Removing malicious files, malware, or vulnerabilities from affected systems.
- Patching security loopholes and conducting a security audit.
- Restoring data from secure backups.
- Reinforcing authentication mechanisms for affected users.
- Users are notified of security breaches when required.
- Compliance with legal and regulatory requirements for incident reporting.
- Security reports are shared with stakeholders.
3.6 Compliance & Regular Audits
- Regular security audits and penetration testing are conducted to identify and mitigate vulnerabilities.
- Compliance with GDPR, ISO 27001, and other relevant regulations is maintained.
- Employees and users receive ongoing security awareness training.
4. TERMS OF USE
4.1 User Responsibilities and Restrictions
By using the applications, users agree to:
- Provide accurate, complete, and updated information when required.
- Use the applications in compliance with applicable laws and regulations.
- Maintain the confidentiality of their login credentials and not share them with unauthorized individuals.
- Be responsible for all activities that occur under their account.
Users must not:
- Engage in any fraudulent, abusive, or illegal activities while using the applications.
- Attempt to reverse engineer, modify, or exploit the applications in any unauthorized manner.
- Interfere with the performance or security of the applications.
- Share, distribute, or upload any content that is offensive, defamatory, or violates any third-party rights.
4.2 Acceptable Usage Policy
The applications are intended to facilitate their respective functionalities without misuse or disruption. Acceptable usage includes:
- Accessing and using features as per the intended purpose.
- Respecting the privacy and rights of other users.
- Ensuring that any content shared or uploaded is legal and does not infringe on the rights of others.
Unacceptable usage includes:
- Misrepresenting identity, impersonating others, or providing false information.
- Spamming, phishing, or distributing malicious software.
- Using automated scripts, bots, or other tools to manipulate app functionalities.
- Harassing, bullying, or engaging in any form of discriminatory behavior.
4.3 Consequences of Policy Violations
Violations of the Terms of Use may result in the following actions:
- Temporary or permanent suspension of the user’s account.
- Reporting to legal authorities in case of criminal activity.
- Legal action for damages, if applicable.
- Removal of any unlawful or violating content from the applications.
The company reserves the right to determine the severity of the violation and take necessary actions accordingly.
4.4 Copyright and Intellectual Property Details
All content, trademarks, logos, and software within the applications are the intellectual property of the company or its licensors.
Users are granted a limited, non-exclusive, and non-transferable license to use the applications for their intended purpose.
Unauthorized reproduction, distribution, modification, or resale of any part of the applications is strictly prohibited.
If a user believes their intellectual property rights have been violated, they must contact the company with relevant details.
4.5 Limitation of Liability and Warranty Disclaimers
The applications are provided on an "as-is" and "as-available" basis without warranties of any kind, express or implied.
The company does not guarantee uninterrupted or error-free operation of the applications.
Users acknowledge that they use the applications at their own risk.
The company is not liable for any:
- Data loss or corruption.
- Unauthorized access to user accounts.
- Financial or other damages resulting from the use or inability to use the applications.
4.6 Modification of Terms
The company reserves the right to update or modify these Terms of Use at any time.
Changes will be communicated through notifications within the applications or via email.
Continued use of the applications after modifications constitutes acceptance of the revised terms.
Users are encouraged to periodically review the Terms of Use to stay informed of any changes.