Privacy Policy for One Step Solution

This Privacy Policy explains how One Step Solution ("we", "our", or "us") collects, uses, shares, and protects your personal and sensitive information when you use our Android mobile app ("App"). By using One Step Solution, you agree to the terms of this policy. This policy is accessible within the App (via Settings → Privacy Policy) and in our Google Play Store listing.

1. Information We Collect

a. Information You Provide

• Account Information: Name, phone number, email address, and password used for registration and login.
• Transaction Information: Details of recharges, bill payments, and other services you request through the App.

b. Information Collected Automatically

• Device Information: Device-specific ID (e.g., Installation ID), Android ID, device model, and OS version for security and account mapping.
• Usage Data: App logs, crash reports, feature usage statistics for analytics and service improvement.

2. Prominent Disclosure & User Consent

We are committed to transparency. We only request sensitive permissions when strictly necessary for specific App functionalities. Before prompting you for any sensitive permission, we present a clear, in-app disclosure before the permission request, explaining what data we need, why we need it, how it will be used, and the benefits to you. You must provide consent before we access the data.

a. Permissions and Their Purposes

• Contacts (android.permission.READ_CONTACTS):
  Purpose: To allow you to select a phone number from your device’s contacts when initiating a mobile recharge or bill payment.
  Disclosure: "Allow One Step Solution to access your contacts to quickly select recipients for recharges and payments. We do not store or upload your contact list."
  Data Usage: Only selected contact numbers are used to pre-fill transaction fields. Your entire contact list is never uploaded, stored, or shared.
• Storage ( READ_EXTERNAL_STORAGE):
  Purpose: To allow you to save or share transaction receipts, statements from your device when requested.
  Disclosure: "Allow One Step Solution to access your device’s Storage to save or attach transaction receipts and statements. We do not read or upload other images from your device."
  Data Usage: Only Storage you select for saving or sharing are accessed. No other media files are uploaded or shared.
• Phone (android.permission.READ_PHONE_STATE):
  Purpose: To verify your mobile number during registration and for security features like device binding and fraud prevention.
  Disclosure: "Allow One Step Solution to access your device’s phone state to verify your mobile number securely and protect your account."
  Data Usage: Helps identify your device. We do not access call logs or make phone calls. Device Android ID may be collected for security and account mapping.

b. User Control

You have full control over your privacy. You can manage or revoke these permissions at any time through your device’s system settings. Denying a permission may limit access to the corresponding feature (e.g., you cannot save images if image permission is denied), but the core functionality of the One Step Solution App remains available.

3. How We Use Your Data

• Service Provision: To create and manage your account, process transactions, and deliver the services offered by the App.
• Communication: To send you transaction confirmations, account notifications, service updates, respond to your inquiries, and provide customer support.
• Security & Fraud Prevention: To authenticate users, detect and prevent fraudulent or unauthorized activity, and enhance the overall security of the App and user accounts.
• Analytics & Improvements: To understand how users interact with the App, analyze performance, diagnose technical issues, and improve the user experience, features, and content.
• Personalization: To tailor the App’s content and features to your interests and preferences (where applicable and with your consent).
• Legal Compliance: To comply with applicable laws, including India’s Digital Personal Data Protection Act (DPDP) 2023, regulations, legal processes, or enforceable governmental requests, and to enforce our Terms of Service.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We may share information with trusted third parties in the following circumstances:

• Telecom & Utility Providers: With telecom operators and utility companies to fulfill the recharge or bill payment requests you initiate.
• Cloud & Hosting Providers: With service providers like Google Cloud Platform or AWS to securely store data and operate our services.
• Analytics Services: With services like Firebase for app analytics, crash reporting, and performance monitoring.
• Legal Requirements: When required by law, court order, or other valid legal process, or to protect the rights, property, or safety of One Step Solution, our users, or others.
• With Your Consent: We may share information with your consent or at your direction.

5. Third-Party SDKs and Services

Our App integrates with the following third-party services and Software Development Kits (SDKs), which may collect and process information according to their own privacy policies. No additional SDKs beyond those listed are used. We encourage you to review their practices:

• Firebase (Crashlytics, Analytics): For app analytics, crash reporting, and performance monitoring. Privacy & Security
• Google Play Services: For core app functionality and security features. Privacy Policy

6. Data Security

We implement robust, industry-standard security measures, including encryption for data in transit (e.g., SSL/TLS) and at rest (where applicable), secure data storage practices, and strict access controls limited to authorized personnel, to protect your information. While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure.

7. Data Retention

We retain your personal data for as long as your account is active and for a subsequent period as required to comply with legal and regulatory obligations (e.g., financial record-keeping laws, typically 5–7 years), resolve disputes, and enforce our agreements. Specific retention periods include:

• Active Account Data: While your account is active.
• Transaction Records: Typically 5–7 years for financial/legal compliance.
• Usage Analytics: Generally anonymized or deleted after 24–36 months.
• Inactive Accounts: Data deleted after 2–3 years of inactivity unless retention is required.

Once data is no longer needed, it is securely deleted or anonymized.

8. Your Rights & Controls

Depending on your location, you may have certain rights regarding your personal data:

• Access & Update: View and edit your profile information in the App settings.
• Data Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Deletion: Request deletion of your account and associated personal data (see Section 12).
• Restriction/Objection: Request restriction of or object to data processing in certain circumstances.
• Withdraw Consent: Withdraw consent for data processing where consent was the legal basis (e.g., marketing).
• Opt-Out: Opt out of promotional communications via the “unsubscribe” link in emails or App notification settings.
• Managing Permissions: Revoke permissions for device features via device settings.

To exercise these rights, contact us (Section 14). We will acknowledge your request within 48 hours and fulfill it within one month (unless complexity requires extension, in which case we will notify you).

9. Children’s Privacy

Our services are not intended for individuals under 13. We do not knowingly collect personal information from children under 13. If we become aware of such data without verified parental consent, we will delete it. For users aged 13–17, parental guidance is recommended, and we limit data collection to what is necessary for core App functions. Parents or guardians who believe their child has provided information should contact us.

10. International Data Transfers

Your information may be processed and stored on servers in India or other countries where data protection laws may differ from your jurisdiction. We ensure appropriate safeguards, such as service providers certified under frameworks like the EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs), to protect your data’s privacy and security.

11. Data Breach Notification

In the event of a data security breach posing a risk to your rights and freedoms, we will notify you and relevant data protection authorities as required by law, typically within 72 hours of becoming aware of the breach, providing details on the breach, likely consequences, and our response measures.

12. Account Deletion

You have the right to delete your One Step Solution account and associated personal data.

• How to Delete: Navigate to Settings → Account → Delete Account in the App and follow the instructions. Identity confirmation may be required.
• Data Deletion Process: Upon confirmation, your account is deactivated immediately, and personal data is permanently deleted from active systems within 30 days. Residual data may be retained longer only for legal compliance, fraud prevention, security, or backup purposes and will be deleted once those purposes are fulfilled.

13. Policy Updates & Notices

We may update this Privacy Policy to reflect changes in practices or for legal, regulatory, or operational reasons. We will notify you of significant changes by posting the revised policy in the App and updating the “Effective Date.” We may also use in-app notifications or email (if provided) for material changes. Continued use of the App after updates constitutes acceptance. If you disagree, discontinue using the App.

14. Contact Us

• Email: onestepsolution.care@gmail.com
• Developer: One Step Solution
• Expected Response Time: We aim to acknowledge inquiries within 48 hours and provide a substantive response within one month.

15. Data Collection Disclosure Table

The following table details the personal data One Step Solution may collect, whether it is collected, the purpose, and whether providing it is required or optional: