1 Introduction
All Check Services LLP ("ACS", "Company", "we", "our", or "us") respects the privacy of individuals whose information is entrusted to us and is committed to protecting personal information through responsible processing, appropriate security controls, and compliance with applicable laws and contractual obligations.
This Privacy Policy explains how All Check Services LLP collects, uses, processes,
stores, protects, and discloses information when users access our websites, mobile
applications (including CRM Mobile Native, package
com.crmmobilenative), client portals, employee portals, APIs, and other
digital services operated under the allcheckservices.com domain.
As a provider of verification, investigation, risk control, and related business services, we recognize that the information we process is often sensitive and confidential. We therefore maintain administrative, technical, and organizational safeguards designed to protect the confidentiality, integrity, and availability of information under our control.
By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy.
2 Scope
This Privacy Policy applies to:
- All websites operated under allcheckservices.com
- Client portals
- Employee portals
- Field Verification mobile applications, including CRM Mobile Native
- Internal operational systems
- APIs and system integrations
- Future digital services operated by All Check Services LLP
- All authorized users of our systems
Our services are intended solely for authorized business use. Access is restricted to:
- Clients
- Employees
- Field Verification Executives
- Managers
- Supervisors
- Administrators
- Other approved users
Public registration is not available unless specifically introduced for a particular service. CRM Mobile Native is an internal app restricted to authorised All Check Services field agents; there is no public self-registration.
3 Definitions
4 Our Role
All Check Services LLP primarily acts as a data processor or service provider on behalf of its clients.
Our clients generally determine:
- What information is collected
- Why it is collected
- How long it should be retained
- The lawful purpose for processing
We process information only:
- In accordance with client instructions
- Under contractual obligations
- Pursuant to applicable laws
- As required by regulatory requirements
- For legitimate business operations
Where All Check Services LLP collects information directly for its own operational purposes (such as employee administration, support communications, or website inquiries), we act as the controller of that limited information.
5 Information We Collect
Depending upon your relationship with us, we may collect the following categories of information:
Identity Information
- Name
- Employee ID
- Username
- Designation
- Organization name
Contact Information
- Email address
- Official telephone number
- Business communication details
Authentication Information
- Username
- Password (stored securely)
- Login history
- Authentication logs & tokens
- Session information
- Device identifier
- Notification (FCM) tokens
Verification / Case Information
- Assignment details & status
- Field observations & reports
- Applicant names, phone numbers, addresses
- Employer/company details
- Identifiers such as PAN
- Site visit records & operational notes
Precise Location Information
- GPS coordinates (precise location)
- Check-in / check-out location
- Verification location
- Navigation-related location information
Collected only during authorized operational activities and while the agent is signed in. Not collected in the background when the app is closed. Not used for continuous background tracking.
Photographs
- Residential & business premises
- Office locations & verification sites
- Camera images captured as verification evidence, with embedded GPS coordinates and a visible watermark
Not designed to routinely capture photographs of customers or personal identity documents.
Technical Information
- Device model
- Operating system version
- Browser type
- IP address
- Application version
- Crash reports & diagnostics
- Network information
Audit Information
- Login history
- User activity
- Assignment history
- Security events
- Administrative actions
- System changes
6 Information We Do Not Intentionally Collect
Unless specifically required by a client's documented verification process and permitted by applicable law, we do not intentionally collect:
- Personal social media accounts
- Personal chat messages
- Personal call history
- Personal contacts
- Personal photographs unrelated to verification
- Audio recordings unrelated to business operations
- Personal videos unrelated to assigned work
We collect only the information reasonably necessary to provide contracted services.
7 How We Use Information
Information processed by All Check Services LLP may be used for legitimate business purposes including:
- Performing verification services
- Completing client assignments
- Conducting investigations
- Preventing fraud
- Authenticating users & securing sign-in
- Managing user accounts
- Assigning, performing, evidencing, and delivering verification cases
- Improving operational efficiency
- Generating reports
- Maintaining service quality
- Providing customer support
- Responding to inquiries
- Protecting our systems
- Maintaining audit trails
- Meeting contractual obligations
- Complying with legal and regulatory requirements
- Business continuity and disaster recovery
- Internal quality assurance
We do NOT use this data for advertising and we do NOT sell personal data. Information is processed only for lawful and authorized purposes.
8 Mobile Application Permissions
Our mobile applications (including CRM Mobile Native) may request certain permissions required to perform assigned verification activities.
Camera
Camera access is used to capture photographs of verification locations and related evidence required to complete authorized assignments. Photos include embedded GPS coordinates and a visible watermark for evidentiary purposes.
Location (Precise / GPS)
Precise location (GPS) is collected only while an agent is signed in, to geo-tag verification evidence and confirm the agent's presence at the verification address. It is not collected in the background when the app is closed. Location information is not collected continuously for employee surveillance.
Storage
Storage access may be required for securely storing temporary operational data before transmission to our systems. Temporary mobile application data is automatically removed in accordance with company retention policies.
Internet
Internet connectivity is required to synchronize assignments, upload reports, submit photographs, receive notifications, authenticate users, and maintain secure communication with company servers.
Users may choose to deny certain permissions; however, doing so may limit or prevent the proper functioning of specific application features.
9 Cookies & Website Technologies
Our websites may use cookies and similar technologies to enhance functionality, maintain secure user sessions, improve performance, and analyze website usage.
These technologies may be used to:
- Authenticate authorized users
- Maintain secure login sessions
- Remember user preferences
- Improve website functionality
- Monitor system performance
- Detect security incidents
- Prevent unauthorized access
Users may configure their browser settings to refuse certain cookies; however, doing so may affect the availability or functionality of some website features.
10 Information Sharing & Disclosure
All Check Services LLP treats information entrusted to it as confidential. We may share information only where necessary and appropriate with:
- The client on whose behalf the information is processed — verification results (including applicant information and evidence) are delivered to the client who instructed the verification, under contract.
- Authorized employees, managers, supervisors, and field executives with a legitimate business need.
- Infrastructure, hosting, email, or technology service providers engaged to support our operations under appropriate confidentiality and security obligations.
- Regulatory authorities, law enforcement agencies, courts, or government bodies where required by applicable law or a lawful request.
- Professional advisers, auditors, or legal representatives where necessary to meet legal, regulatory, or contractual obligations.
We do NOT:
Sell, rent, trade, or otherwise commercially exploit personal information or client data.
We do NOT:
Use client information for advertising, behavioral profiling, or unrelated marketing purposes.
We do not share this data with other third parties beyond those listed above.
11 Third-Party Service Providers
To operate and support our services, we may engage trusted third-party providers for functions such as:
- Dedicated server hosting
- Business email services
- Network infrastructure
- Security monitoring
- Backup and disaster recovery
- Technical support
- Software maintenance
Our current infrastructure includes dedicated hosting and business email services provided by Cyfuture. These providers receive access only to the extent necessary to perform contracted services and are expected to maintain appropriate confidentiality, security, and data protection measures.
12 Data Retention
We retain information only for as long as necessary to fulfill contractual obligations, legal requirements, regulatory obligations, and legitimate business purposes.
When information is no longer required, it is securely deleted, anonymized, or otherwise disposed of in accordance with our internal procedures.
13 Information Security
Protecting client and user information is a core responsibility of All Check Services LLP. We implement administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, misuse, loss, or destruction.
Our security measures may include:
- User authentication
- Role-based access controls
- Least-privilege access principles
- Secure communication channels
- Encryption where appropriate (on-device data stored encrypted via SQLCipher)
- TLS with certificate pinning for data in transit
- Audit logging
- System monitoring
- Regular backups
- Network security controls
- Malware protection
- Periodic security reviews
- Incident response procedures
- Business continuity and disaster recovery measures
While we take reasonable steps to protect information, no method of electronic storage or transmission can be guaranteed to be completely secure. Uninstalling the app removes local data from the device.
14 Confidentiality
All information processed by All Check Services LLP is treated as confidential. Access to client information is limited to authorized personnel who require such access to perform their assigned duties.
Employees, contractors, and authorized users are expected to comply with applicable confidentiality obligations, company policies, and contractual requirements.
15 User Responsibilities
Authorized users are responsible for:
- Maintaining the confidentiality of login credentials.
- Using company systems only for authorized purposes.
- Protecting devices used to access company services.
- Reporting lost, stolen, or compromised devices without undue delay.
- Reporting suspected security incidents promptly.
- Ensuring that information entered into company systems is accurate to the best of their knowledge.
- Complying with applicable laws, client requirements, and company policies.
Users must not:
- Share accounts or passwords.
- Attempt unauthorized access.
- Misuse client information.
- Copy, download, or disclose confidential information except as authorized.
- Introduce malicious software or interfere with system security.
Failure to comply may result in suspension or termination of access and may also lead to disciplinary action, contractual remedies, or legal proceedings where appropriate.
16 Data Subject Rights
As All Check Services LLP primarily acts as a data processor, requests relating to access, correction, deletion, restriction, objection, or other rights concerning personal information should generally be directed to the relevant client (such as the bank, NBFC, financial institution, or corporate organization) that collected the information.
Where required by applicable law or our contractual obligations, we will reasonably assist our clients in responding to such requests.
Retention & Your Rights (Digital Personal Data Protection Act, 2023): Access and erasure requests for data collected through our mobile applications (including CRM Mobile Native) are handled via support@allcheckservices.com, subject to retention obligations under our client contracts and applicable law. See Section 26 — Data Deletion Request for details.
17 Data Breach Response
All Check Services LLP maintains procedures for identifying, investigating, managing, and responding to security incidents.
Where required by applicable law, contractual obligations, or regulatory requirements, appropriate notifications may be made to affected clients and relevant authorities.
Users who become aware of any suspected security incident, unauthorized disclosure, or compromise of information should promptly report the matter using the appropriate internal reporting channels.
18 Account Suspension & Termination
Access to our systems may be suspended, restricted, or terminated where:
- Employment or contractual relationships end.
- Client authorization is withdrawn.
- Security concerns arise.
- Misuse of company systems is detected.
- Legal or regulatory requirements require access restrictions.
Following termination, access credentials may be disabled and company information may be removed from authorized devices in accordance with applicable policies and operational requirements.
19 Children's Privacy
Our services are intended for business use by authorized users and are not directed to children.
We do not knowingly collect personal information directly from children through our platforms.
20 International Data Processing
Information may be processed using infrastructure or service providers engaged by All Check Services LLP as necessary for business operations and in accordance with applicable laws, contractual obligations, and appropriate security measures.
21 Changes to this Privacy Policy
We may update this Privacy Policy periodically to reflect changes in legal requirements, regulatory guidance, technology, business practices, or operational needs.
The revised version will be published on the applicable website with an updated Effective Date.
Continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.
22 Contact Us
If you have questions regarding this Privacy Policy or our privacy practices, please contact:
23 Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023.
Any dispute arising out of or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts having jurisdiction over the registered office of All Check Services LLP, unless otherwise required by applicable law.
24 Policy Acceptance
By accessing or using the websites, portals, mobile applications, APIs, or other services operated by All Check Services LLP, you acknowledge that you have read, understood, and agreed to this Privacy Policy.
Where you are using our services on behalf of an organization, you represent that you are authorized to do so and that your organization agrees to be bound by this Privacy Policy to the extent permitted by applicable law.
25 CRM Mobile Native — App-Specific Practices
App: CRM Mobile Native (package com.crmmobilenative), by All Check Services.
Who uses this app: An internal app restricted to authorised All Check Services field agents.
No public self-registration; every account is provisioned by us.
Information We Collect via CRM Mobile Native
- Agent account data: username, device identifier, authentication tokens, notification (FCM) tokens.
- Precise location (GPS): collected only while an agent is signed in, to geo-tag verification evidence and confirm the agent's presence at the verification address. Not collected in the background when the app is closed.
- Camera images: photos the agent captures as verification evidence, with embedded GPS coordinates and a visible watermark.
- Case & applicant information entered/received for an assigned case: names, phone numbers, addresses, employer/company, and identifiers such as PAN — as required by the verification instructed by our client.
How We Use It
To assign, perform, evidence, and deliver verification cases; to secure sign-in; and to prevent fraud. We do NOT use this data for advertising and we do NOT sell personal data.
Sharing
Verification results — including the applicant information and evidence above — are delivered to the client who instructed the verification, under contract. We do not share this data with other third parties.
Storage & Security
On-device data is stored encrypted (SQLCipher). Data in transit uses TLS with certificate pinning. Uninstalling the app removes local data from the device.
Retention & Your Rights (Digital Personal Data Protection Act, 2023)
Access and erasure requests are handled via support@allcheckservices.com, subject to retention obligations under our client contracts and applicable law. Operational data on our systems is deleted within 90 days of a verified deletion request; verification records already delivered to the instructing client are retained per contract and law.
Contact
26 Data Deletion Request
CRM Mobile Native is an internal app for authorised All Check Services field agents; it has no public self-registration. To request deletion of your account and personal data:
- In the app: Profile → Privacy Policy → "Request account deletion" (this emails our support team with your account details).
- By email: write to support@allcheckservices.com from your registered address (or include your agent username), subject "Account deletion request".
We verify the request comes from the account holder before acting. We confirm and process verified requests within 30 days, subject to the retention policy below.
What Is Deleted
- Your agent account, profile, and authentication tokens.
- The link between your account and your device/notification token.
- Your recorded location history and any captured evidence photos still linked to your account that have NOT already been delivered to the instructing client.
- On-device data is removed when you uninstall the app.
- Operational data on our systems is deleted within 90 days.
What We Must Keep
Verification results (applicant information + evidence) already delivered to the instructing client are retained under client contracts and the Digital Personal Data Protection Act, 2023 and other legal/audit obligations, and are kept even after your account is deleted.