Privacy Policy
Privacy Policy
Last Updated: June 2026
HyGOAT ("we", "us", or "our") is operated by Ekavikalp Private Limited, India. This policy explains how we handle personal data when you use HyGOAT Screen, our public green hydrogen readiness screening service, and related contact, payment, report, guest-access, and support surfaces.
HyGOAT Screen is an indicative screening tool. It is not a certification body, audit opinion, legal advice, investment advice, regulatory approval, or a guarantee of acceptance by any authority, buyer, tender, or certification scheme owner.
1. Controller / Data Fiduciary
- Entity: Ekavikalp Private Limited, India
- Product: HyGOAT Screen
- Privacy contact: privacy@hygoat.in
- Operational support: info@hygoat.in
2. What We Collect And Why
| Category | Examples | Purpose |
|---|---|---|
| Screen session identifiers | Assessment ID, anonymous session ID, guest access token state, share token | Create, resume, secure, share, and revisit a Screen assessment |
| Consent audit record | Terms acceptance, privacy acceptance, disclaimer acceptance, authorised-representative affirmation, version numbers, timestamp, clickwrap method, jurisdiction context | Prove that public Screen processing was accepted before assessment creation |
| Company and project inputs | Company name, country, project name, production method, renewable source, GHG inputs, verification status, evidence-status notes | Generate the indicative Screen result, readiness gaps, and paid report outputs |
| Contact details | Contact name, work email, phone where supplied, company, support/contact message | Respond to support, report, partnership, enterprise, or demo requests |
| Contact-form technical data | Source URL, IP address, user agent, delivery status | Abuse prevention, routing, and operational reliability |
| Payment and order data | Razorpay order/payment IDs, amount, currency, tier, status, payment method, limited instrument metadata such as card network/last4 or bank/wallet where returned | Payment processing, reconciliation, fraud prevention, support, accounting |
| Free-result email data | Email address, sent timestamp, delivery state | Send the one-time free result summary you request |
| Generated outputs | Score, grade, verdict, gap summaries, report metadata, PDF/ZIP output generated from your inputs | Provide free and paid Screen outputs |
| Browser storage | h2global-public-assessment, hygoat:source, auth token/user storage, quick-registration tokens |
Resume drafts, maintain login, preserve first-touch source, and support quick registration |
| Source/referrer/UTM data | UTM source/medium/campaign/content/term, referrer, landing path | Understand how users reach Screen and support relevant follow-up |
| Operational notifications and logs | Limited assessment metadata, scheme/tier, country, score/verdict, payment state, completion timing, errors, security logs | Reliability, abuse prevention, support, and operational follow-up |
Do not submit unnecessary personal, sensitive, financial, health, identity, child, or third-party data in Screen or contact-form free-text fields. The service does not need those details for indicative screening.
3. Payment Processing
Payments are processed by Razorpay. HyGOAT does not store raw card numbers or CVV values. We may store Razorpay order/payment identifiers, amount, currency, tier, status, method, and limited instrument metadata returned by Razorpay where needed for order integrity, reconciliation, fraud prevention, support, accounting, or dispute handling.
Razorpay may receive order notes such as assessment reference, tier, currency, and limited project/order context needed to process and reconcile the transaction.
4. Contact Form And Microsoft 365 Handling
When you submit /contact, we store the submitted contact request in our database and may send an internal Microsoft 365/Graph notification to the HyGOAT/Ekavikalp mailbox. The database record is the source of truth. Notification copies are treated as business correspondence and are minimised where possible.
The message field is free text. Please do not include sensitive or unnecessary personal data.
5. Legal Bases
EEA/UK GDPR
| Purpose | Legal basis |
|---|---|
| Operating Screen, saving drafts, generating outputs, and delivering paid reports | Contract performance or pre-contract steps |
| Public Screen consent gate and optional free-result email | Consent |
| Contact/support requests | Consent, requested service, or legitimate interest depending on context |
| Payment, fraud prevention, order integrity, security logs | Contract, legitimate interest, or legal obligation |
| Accounting, tax, legal recordkeeping, disputes | Legal obligation or legitimate interest |
India DPDP Notice
For India-facing users, we process digital personal data for the specific purposes listed in this policy: providing Screen, recording consent, responding to contact/support requests, processing payments, delivering reports/emails, maintaining security, and meeting legal/accounting obligations.
You may withdraw consent for consent-based public Screen processing by using the privacy deletion path in the Screen result page or by emailing privacy@hygoat.in. Withdrawal is intended to be as easy as the Screen consent action, subject to identity/authority verification and legally required retained records.
6. Automated Outputs
HyGOAT Screen uses automated rules and calculations to produce scores, grades, readiness verdicts, gaps, and recommendations from self-reported inputs. These outputs are indicative only and should be reviewed with qualified professional advisors before any formal certification, tender, investment, or regulatory submission.
7. Retention
| Data type | Retention |
|---|---|
| Unpaid Screen drafts and unpaid results | 30 days after last activity, then expiry/cleanup |
| Paid Screen records | Retained only as needed for report delivery, support, accounting, legal, and dispute purposes; personal fields can be anonymised on verified deletion request |
| Guest access links | 30 days from generation |
| Contact requests | Up to 24 months unless earlier anonymised or required longer for a dispute/legal reason |
| Payment/accounting records | Up to 7 years where required for accounting, tax, legal, dispute, or reconciliation purposes |
| Browser Screen/session/source keys | Until deleted by you, expired by the app, or cleared through deletion/withdrawal on the current browser |
| Security and operational logs | Limited operational/security retention as needed for abuse prevention, incident response, and legal obligations |
8. Deletion, Withdrawal, And Minimisation
You can request privacy deletion from the Screen result page or by emailing privacy@hygoat.in.
- Unpaid Screen assessments are deleted when the requester proves control through the session/auth context.
- Paid Screen assessments are anonymised instead of fully deleted where accounting or legal records must remain.
- Share tokens, guest access tokens, registration tokens, free-result email state, browser Screen/session/source keys on the current browser, report-file references, and non-required payment metadata are cleared or minimised where applicable.
- Payment records retain minimal accounting/reconciliation fields where law or dispute handling requires retention.
- Microsoft 365 support/sent-mail copies may be retained as business correspondence unless manual minimisation or deletion is feasible after a verified request.
9. Sharing And Processors
We do not sell personal data. We may share limited data with:
- Razorpay for payment processing.
- Hosting, database, and infrastructure providers for operating the service.
- Microsoft 365/Graph for transactional, support, and operational email.
- Professional advisors, regulators, courts, law-enforcement, or authorities where required by law or necessary for legal claims.
10. International Transfers
HyGOAT operates from India. If you access the service from another country, your information may be processed in India and in jurisdictions used by our processors. We use appropriate contractual, organisational, and technical safeguards where applicable.
11. Security
We use reasonable technical and organisational measures including access controls, encrypted transport, validation, rate limiting, and hosted infrastructure safeguards. No system is perfectly secure.
If a personal data breach requires notification under applicable law, we will assess the incident, contain it, notify affected users and authorities where required, and keep incident records.
12. Your Rights
Depending on applicable law, you may request:
- Access to personal data we hold about you.
- Information about processing, sharing, and retention.
- Correction, completion, or update of inaccurate/incomplete personal data.
- Erasure or anonymisation where applicable.
- Withdrawal of consent where processing depends on consent.
- Restriction or objection where available under GDPR.
- Nomination of another person to exercise applicable DPDP rights if you are unable to do so.
- Grievance redressal.
To exercise rights, contact privacy@hygoat.in. We may need to verify your identity, authority, assessment/session ownership, or payment/contact reference before acting.
If you are in India and remain dissatisfied after grievance handling, you may have the right to escalate to the Data Protection Board of India when applicable. EEA/UK users may contact their relevant data protection supervisory authority.
13. Language Access
This policy is published in English. For India-facing users who need support understanding the notice in another Indian language, email privacy@hygoat.in and we will provide reasonable assistance or a translated explanation workflow.
14. Cookies And Browser Storage
HyGOAT Screen currently uses essential browser storage rather than representing itself as a marketing-cookie platform. Browser storage is used for draft session continuity, source attribution, authentication/quick registration where applicable, and deletion cleanup on the current browser.
You can clear browser storage through your browser settings. Clearing storage may prevent draft recovery.
15. Changes
We may update this policy. Material updates will be published on this page with a revised date and, where appropriate, reflected in the Screen consent version.
16. Contact And Grievance
- Privacy and rights requests: privacy@hygoat.in
- General support: info@hygoat.in
- Entity: Ekavikalp Private Limited, India

