SG
SHAR GroupDigital Gallery
Sign In

Legal Document

Privacy Policy

Effective Date: March 2, 2026Last Updated: March 2, 2026Governed by: Laws of India

Jump to section

1. Introduction2. Who We Are3. Scope of This Policy4. Information We Collect5. How We Use Your Information6. Data Storage & Security7. Data Sharing & Disclosure8. Data Retention9. Your Rights10. Account Deletion11. Cookies & Local Storage12. Children's Privacy13. Changes to This Policy14. Contact Us

1. Introduction

SHAR Group ("we", "us", or "our") operates the Digital Gallery application (the "Application") — a private, invite-only platform for authorised members, employees, and workers of SHAR Group to securely store, manage, and share digital media assets.

This Privacy Policy describes how we collect, use, store, protect, and disclose information in connection with your use of the Application. It is governed by the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and the Digital Personal Data Protection Act, 2023 (DPDP Act), along with other applicable laws of India.

By accessing or using the Application, you acknowledge that you have read and agree to the terms of this Privacy Policy.

2. Who We Are

Organisation: SHAR Group

Country: India

Application: Digital Gallery

Contact: support@sharevision.in

3. Scope of This Policy

The Application is strictly invite-only and is not open for public registration. Access is granted exclusively to authorised individuals — members, employees, or workers of SHAR Group — by a designated administrator. This policy applies to all such authorised users of the Application.

This policy does not apply to any third-party websites, services, or applications linked from within the Application.

4. Information We Collect

We collect the minimum information necessary to provide the Application's functionality:

4.1 Account Information

  • First Name & Last Name — provided by the administrator when creating your account via invitation
  • Email Address — used as your unique login identifier
  • Password — set by you upon accepting your invitation; stored as a one-way bcrypt hash and never in plaintext
  • Role & Permissions — your assigned role (User, Admin, or Superadmin) and specific access permissions
  • Invitation Metadata — the administrator who invited you and the date your account was created

4.2 Media Content

  • Photos — image files (JPEG, PNG, WebP, GIF) you upload, up to 25 MB per file
  • Videos — video files (MP4) you upload, up to 100 MB per file
  • Documents — document files (PDF) you upload, up to 10 MB per file
  • File Metadata — file name, file size, image dimensions, upload timestamp, and the event or gallery the file is associated with

4.3 Technical & Security Data

For security monitoring, audit compliance, and fraud prevention, we automatically record the following for every significant action taken in the Application:

  • IP Address — your network IP address at the time of each action
  • Browser / Client Information — browser type, version, and operating system (User-Agent header)
  • Action Type — e.g., login, media upload, media deletion, gallery creation
  • Timestamp — date and time of each action
  • Session Tokens — short-lived authentication tokens (JWT) that expire within 24 hours

4.4 What We Do Not Collect

  • We do not use any third-party analytics tools (e.g., Google Analytics, Firebase Analytics)
  • We do not collect payment or financial information
  • We do not track your activity outside the Application
  • We do not access your device's contacts, location, or microphone

5. How We Use Your Information

We use the information we collect solely to:

  • Create and manage your account and authenticate your identity
  • Grant you access to events, galleries, and media based on your assigned role and permissions
  • Store, process, and deliver the media files you upload via our cloud infrastructure
  • Enforce per-user upload quotas and media approval workflows
  • Maintain a complete audit trail of actions for security, accountability, and compliance purposes
  • Send invitation emails to new users (via our email service)
  • Respond to account deletion requests and support enquiries
  • Detect, investigate, and prevent unauthorised access or security incidents

We do not use your personal data for advertising, marketing to third parties, or any purpose unrelated to operating the Application.

6. Data Storage & Security

6.1 Storage Infrastructure

  • Media Files: Stored on Amazon Web Services (AWS) S3 object storage (eu-north-1 region)
  • Media Delivery: Served via Amazon CloudFront CDN over HTTPS — never transmitted unencrypted
  • Application Database: Account data, metadata, and audit logs are stored in a secured relational database
  • All data is stored on servers subject to Indian data protection laws and AWS's data processing agreements

6.2 Security Measures

  • Passwords are hashed using bcrypt with salt — they are never stored or transmitted in plaintext
  • All communications between your browser/app and our servers use HTTPS/TLS encryption
  • Authentication uses short-lived JSON Web Tokens (JWT) that expire within 24 hours
  • Media uploads use presigned S3 URLs — files are uploaded directly to S3 without passing through our application servers
  • Role-based access control (RBAC) ensures users can only access data they are explicitly permitted to see
  • All sensitive actions are logged in a tamper-evident audit trail
Note: While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and keep your credentials confidential.

7. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data to any third party. We share data only in the following limited circumstances:

Infrastructure Providers

Amazon Web Services (AWS) — for S3 storage and CloudFront CDN delivery of your media files. AWS acts as a data processor on our behalf and is bound by its data processing agreements.

Email Service

SendGrid — used solely to send invitation emails to new users. Only your email address is shared for this purpose.

Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority under applicable Indian law, or to protect the rights, property, or safety of SHAR Group, its users, or the public.

8. Data Retention

Account data (name, email, role)

Until account is deleted

Uploaded media files

Until deleted by user or admin; 30-day grace period before permanent removal from storage

Invitation tokens

7 days from creation (auto-expire)

Authentication tokens (JWT)

24 hours (auto-expire)

Audit logs (IP address, action history)

Retained for security compliance; deleted when the associated user account is deleted

All data (upon account deletion)

Permanently deleted following Superadmin approval of deletion request

9. Your Rights

Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the following rights with respect to your personal data:

Right to Access

You may request a summary of the personal data we hold about you.

Right to Correction

You may request correction of inaccurate or incomplete personal data.

Right to Erasure

You may request deletion of your account and associated personal data (see Section 10).

Right to Grievance Redressal

You may raise a grievance with us at any time. We will respond within a reasonable timeframe.

To exercise any of these rights, contact us at support@sharevision.in.

10. Account Deletion

You may request deletion of your account at any time. The process is as follows:

  1. 1You submit an account deletion request from within the Application (Account Settings).
  2. 2The request is reviewed and approved by a designated Superadmin.
  3. 3Upon approval, your account data is permanently deleted, including: your profile, all media you uploaded, your access grants, and your audit history.
  4. 4Media files you uploaded are removed from our cloud storage following the 30-day retention grace period.
  5. 5Any content you created (events, galleries) is reassigned to the system rather than deleted, to preserve organisational records.

11. Cookies & Local Storage

The Application uses browser local storage to retain your authentication session so that you remain logged in between visits. This does not involve third-party cookies or tracking technologies.

We do not use cookies for advertising, analytics, or cross-site tracking. The only data stored locally is your authentication token, which expires within 24 hours and is cleared when you sign out.

12. Children's Privacy

The Application is intended for use by adults who are employed by or associated with SHAR Group. We do not knowingly collect personal data from individuals under the age of 18. Access is granted exclusively through administrative invitation, ensuring that only authorised personnel can use the Application.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of the Application after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or grievances regarding this Privacy Policy or the handling of your personal data, please contact us:

SHAR Group — Privacy Team

Email: support@sharevision.in

Country: India

We aim to respond to all privacy-related enquiries within 5 business days.

This document was last updated on March 2, 2026 and is effective immediately.
© 2026 SHAR Group. All rights reserved.