Privacy Policy

Last Updated: May 14, 2026

This Privacy Policy (the "Policy") sets forth the data handling practices of AW Builds ("Company," "we," "us," or "our") in connection with the Bolt mobile application and associated services (collectively, the "Service"). By installing, accessing, or using the Service, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. If you do not agree, you must immediately cease all use of the Service.

1. Scope and Applicability

This Policy applies to all Users ("you," "your," "User") of the Service. It describes how we collect, receive, store, process, transfer, use, and disclose your information. Capitalized terms used but not defined herein shall have the meanings ascribed to them in the Terms of Service.

2. Information We Collect

We collect information necessary to provide, maintain, and improve the Service. Such information falls into the following categories:

2.1 Information You Provide

  • Account Information: When you register for the Service, we collect your name, email address, telephone number, and authentication credentials.
  • Business Records: Inventory data, rental agreements, repair orders, customer contact information, transaction histories, and related operational data that you enter, upload, or generate through the Service.
  • Media and Documentation: Photographs, scanned identification documents, invoices, and other files you capture or upload in the ordinary course of using the Service.
  • Communications: Any correspondence you send to us, including support requests, feedback, and survey responses.

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with the Service, including feature utilization, session duration, screen flows, and crash reports.
  • Device Information: Device model, operating system version, unique device identifiers, and mobile network information.
  • Diagnostic Data: Log data, performance metrics, and error reports that enable us to identify and rectify technical issues.

3. Legal Basis for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, our processing of your personal data is based on the following lawful grounds:

  • Contractual Necessity (Article 6(1)(b)): Processing necessary to perform our obligations under the Terms of Service, including providing core Service functionality.
  • Legitimate Interests (Article 6(1)(f)): Processing for our legitimate interests in maintaining and improving the Service, ensuring security, and preventing fraud, provided such interests are not overridden by your data protection rights.
  • Consent (Article 6(1)(a)): Where we rely on your consent, you have the right to withdraw such consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable legal or regulatory obligations.

4. Purposes of Processing

We process your information for the following purposes:

  • To deliver, maintain, and optimize the Service and its features;
  • To process transactions, generate invoices, and facilitate business workflows;
  • To provide customer support and respond to your inquiries;
  • To detect, investigate, and prevent fraudulent, abusive, or unauthorized activities, including through the Global Suspicious Number Registry;
  • To analyze usage patterns and improve the performance, security, and user experience of the Service;
  • To comply with applicable legal obligations and enforce our Terms of Service;
  • To communicate with you regarding Service updates, security alerts, and administrative messages.

5. Data Storage and Security

The Service operates on a local-first architecture. Your business data is stored locally on your device by default. Cloud synchronization, when enabled, utilizes Firebase services provided by Google LLC, which may store data on servers located in multiple jurisdictions, including the United States and India.

We implement industry-standard technical and organizational security measures, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, and regular security audits. Notwithstanding the foregoing, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

6. International Data Transfers

If we transfer your personal data to countries outside your jurisdiction of residence, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission, or other lawful transfer mechanisms recognized under applicable data protection law.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their own commercial purposes. We may share your information under the following circumstances:

  • Service Providers: With trusted third-party service providers who perform functions on our behalf, including cloud hosting and synchronization (Firebase by Google), payment processing (Google Play Billing, Razorpay), WhatsApp messaging for customer reminders (Meta Platforms, Inc.), advertising (Google AdMob for free-tier users), analytics, and crash reporting, subject to contractual data processing agreements.
  • Legal Compliance: When required by applicable law, regulation, legal process, or governmental request, or to establish, exercise, or defend legal claims.
  • Fraud Prevention: Aggregated, de-identified information regarding confirmed fraudulent activity may be shared through the Global Suspicious Number Registry to protect the broader Bolt community.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as a business asset, subject to prior notice.
  • With Your Consent: Where you have expressly consented to such sharing.

8. Data Retention

We retain your personal data for as long as your account remains active and for a period of twelve (12) months thereafter, or as otherwise necessary to comply with legal obligations, resolve disputes, enforce agreements, or as required by applicable law. Upon expiration of the retention period, your data will be securely deleted or anonymized.

9. Your Rights and Controls

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data, subject to certain exceptions.
  • Right to Restrict Processing: Request restriction of processing under certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at awbuilds.support@gmail.com. We will respond within thirty (30) days. If you are dissatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Account Deletion and Data Removal

You may delete your account and associated cloud data at any time:

  • In-App: Navigate to Settings → Delete Account. This will permanently remove your profile, synced cloud data, and associated records following a confirmation prompt. This action is irreversible.
  • By Email: Send a deletion request to awbuilds.support@gmail.com. We will process your request within seven (7) business days and confirm deletion by email.

Important: Uninstalling the application removes locally stored data from your device but does not automatically delete cloud-synced backups. To ensure complete data removal, you must initiate account deletion as described above.

11. Children's Privacy

The Service is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.

12. Cookies and Tracking Technologies

The Service may use essential cookies and similar tracking technologies for authentication, security, and basic functionality. We do not use third-party tracking cookies for advertising purposes within the Service. You may configure your device settings to restrict or disable cookies; however, this may affect Service functionality.

13. Changes to This Policy

We reserve the right to modify this Policy at any time. Material changes will be communicated through the Service or by email at least fourteen (14) days prior to the effective date. Your continued use of the Service after such modifications constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

14. Governing Law and Dispute Resolution

This Policy shall be governed by and construed in accordance with the laws of India, without regard to its conflict of law principles. Any disputes arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts in Kochi, Kerala, India.

15. Contact Information

For questions, concerns, or requests regarding this Policy or our data practices, please contact us:

  • Email: awbuilds.support@gmail.com
  • Data Protection Officer: awbuilds.support@gmail.com
  • Registered Office: AW Builds, Kerala, India