Report Policy for GCredit™

This Report Policy (“Policy”) forms an integral and binding part of the applicable Master Services Agreement, subscription terms, statement of work, proposal, order form, or other governing instrument executed or accepted for the use of GCredit™ (“Platform”, “Tool”, or “Services”). It governs the generation, availability, classification, interpretation, access, confidentiality, traceability, and permitted use of reports, dashboards, analytical summaries, capability outputs, and related reporting materials produced through the Services.

This Policy is intended to be read together with the Platform Privacy Policy, Data Policy, methodology documents, any accepted commercial terms, and any signed enterprise arrangement. In the event of inconsistency, the stricter privacy, confidentiality, or lawful-use obligation shall prevail unless a separately executed written agreement expressly states otherwise.

The Platform may generate two broad reporting classes: (a) organisational-level aggregated reports and (b) self-reflective individual reports. Organisational reports are intended to present systemic, anonymised, and aggregated insight relating to leadership capability, psychosocial risk patterns, workplace wellness signals, or similar cohort-level indicators. Individual reports, where enabled, are intended as self-reflective outputs for the responding participant and not as employer-facing performance documents.

Organisational reports may include dashboard summaries, domain-wise trend charts, maturity distributions, period-over-period comparisons, score ranges, and capability commentary. Individual reports may include index summaries, self-reflective interpretations, development-oriented guidance, action prompts, or support references. In all cases, the reporting architecture is intended to preserve dignity, minimise identity exposure, and prevent conversion of reflective assessment output into covert surveillance or punitive decision tools.

All reports generated through GCredit™ are intended to be non-clinical, non-diagnostic, and non-medical. They do not constitute psychiatric diagnosis, clinical screening, therapeutic advice, legal opinion, employee fitness certification, or compliance adjudication. Reports are intended for workplace insight, leadership development, psychosocial risk reflection, organisational review, and related prevention-oriented use only.

Accordingly, no report shall be construed as determining any individual’s mental health status, behavioural intent, professional suitability, legal responsibility, disciplinary liability, or employment fitness. Any reference to wellbeing, trust, stress, capability, leadership response, or related constructs is intended as a non-clinical indicator framework only. For clinical, psychiatric, medical, or emergency concerns, users and clients must seek appropriately licensed and qualified professionals outside the Platform.

Reports are generated on the basis of structured assessment inputs, scoring models, domain calculations, response-pattern processing, statistical aggregation where applicable, and pre-configured interpretive logic. Organisational reports may include domain comparisons, current-versus-previous-period shifts, maturity distributions, domain snapshots, and consolidated commentary. Individual reports may include score bands, zone interpretations, developmental meaning, behavioural experience summaries, action guidance, and self-reflective capability framing.

The Company reserves the right to apply report-generation conditions including but not limited to minimum participation thresholds, minimum cohort safeguards, threshold-based suppression rules, report withholding logic, display timing controls, template updates, weighting refinements, wording improvements, interpretive revisions, chart redesign, and governance-led report restructuring, where reasonably necessary for privacy protection, product enhancement, security, methodological refinement, or lawful compliance.

All reports generated through the Platform are intended to be treated as confidential information unless expressly stated otherwise in writing by the Company. Organisational reports may be made available only to authorised representatives of the subscribing client. Individual self-reflective reports, where generated, are intended for the individual respondent and are not intended to be transmitted to employers, HR teams, managers, board members, third-party agencies, or unrelated recipients unless separately and lawfully configured through a documented process consistent with the Platform’s privacy architecture and applicable law.

The Client shall implement reasonable internal safeguards to restrict report access, prevent indiscriminate circulation, and avoid misuse, selective extraction, screenshot abuse, unauthorised forwarding, insecure storage, or public dissemination. The Company shall not be responsible for the Client’s downstream handling of reports once lawfully accessed by authorised client representatives.

Reports generated by the Platform are not intended to serve as sole or primary grounds for disciplinary action, termination, demotion, promotion denial, harassment, retaliation, adverse appraisal, forced disclosure, or individual employment fitness determinations. Organisational reports are intended to reflect system-level patterns only and shall not be used to identify, infer, target, isolate, or penalise any natural person.

The Client shall not attempt to reverse engineer aggregated outputs, combine reports with external data to infer individual identity, or treat self-reflective capability or wellness outputs as proof of character, misconduct, instability, or incapacity. Any such use shall be deemed a material misuse of the Services and a breach of this Policy.

Reports may contain Report IDs, Integrity Codes, Audit Confidence Levels, generation dates, reporting periods, or similar internal reference fields. These controls are intended solely for internal traceability, lifecycle control, or limited audit reference. They are not public verification credentials, not third-party authenticity certificates, and not evidence of regulatory endorsement.

Unless the Company expressly states otherwise in writing, no online, public, or third-party verification service is enabled for such report identifiers. The presence of an identifier, integrity reference, or audit confidence field shall not be interpreted as validation of factual truth, legal weight, clinical certainty, or independent external authentication.

Report availability may be session-bound, dashboard-bound, subscription-bound, or period-bound depending on the service configuration. Individual reports may not remain available after session closure, timeout, browser termination, or expiry of non-retained inputs. Organisational reports may vary in timing, format, scope, and comparative availability depending on assessment cycles, minimum threshold achievement, dashboard status, or subscription continuity.

The Company does not warrant perpetual access, indefinite archival retrieval, fixed-format permanence, or unlimited regeneration of any report unless expressly committed in writing. Where report inputs are not retained or identity-linked data is not preserved, re-generation may be impossible by design. This limitation is intentional and forms part of the Platform’s privacy-first architecture.

Reports should be understood as directional indicators, structured analytical summaries, and decision-support materials only. They do not constitute proof of causation, intent, fault, misconduct, compliance status, or guaranteed future outcome. Commentary within a report is intended to support reflective understanding and capacity-building, not to replace independent managerial judgement, legal review, workplace investigation, risk governance, or professional advice.

The Company does not warrant that use of any report will necessarily result in improved productivity, reduced attrition, lower burnout, improved trust, stronger leadership performance, reduced grievance exposure, or improved legal or ESG outcomes. Reports are tools for insight and planning, not warranties of organisational result.

This Policy is drafted with reference to recognised privacy, information security, and workplace governance standards. Such references are included for governance alignment, policy design, and responsible reporting architecture. They do not, by themselves, constitute a representation of formal certification or regulatory approval unless separately and expressly stated in writing by the Company.

• Regulation (EU) 2016/679 (GDPR): Article 5(1)(b) (purpose limitation), Article 5(1)(c) (data minimisation), Article 5(1)(e) (storage limitation), Article 25 (data protection by design and by default), and Recital 26 (anonymous information and identifiability context).
• ISO/IEC 27001:2022: Annex A Control 5.14 (information transfer), Annex A Control 5.33 (information deletion / retention governance context), Annex A Control 5.34 (privacy and protection of PII), and related access, logging, integrity, and security governance controls.
• ISO/IEC 27701:2019: Clause 7.2.1 (purpose specification / processing context), Clause 7.4.1 (PII minimisation), Clause 7.4.4 (storage limitation guidance context), and related privacy information management principles.
• ISO/IEC 20889:2018: guidance relevant to anonymisation, de-identification, and privacy-enhancing treatment of data.
• ISO 45003:2021: psychological health and safety at work guidance, relevant to psychosocial risk review, supportive leadership behaviour, and workplace wellbeing governance.
• Information Technology Act, 2000 (India) and the Digital Personal Data Protection Act, 2023 (India), to the extent applicable in the relevant deployment context.

The Client shall use reports only for lawful, ethical, and workplace-improvement purposes. The Client shall not publish, misquote, selectively excerpt, materially distort, or externally rely upon reports in a misleading or defamatory manner. No third party may rely on a report without the Company’s prior written consent. Reports are intended solely for the internal use of the subscribing client and authorised users under the governing commercial arrangement.

The Client remains solely responsible for its employment actions, managerial decisions, HR processes, labour-law compliance, governance choices, and any downstream reliance or action taken by its representatives. The Company shall have no responsibility for employment, disciplinary, or governance outcomes chosen by the Client.

The Client shall indemnify, defend, and hold harmless the Company, its directors, officers, employees, affiliates, licensors, and service providers from and against all claims, losses, liabilities, costs, damages, penalties, expenses, and reasonable legal fees arising out of or relating to: (a) misuse of reports or reporting outputs; (b) attempts to identify individuals from anonymised or aggregated reports; (c) unlawful disclosure, recording, reproduction, publication, or circulation of reports; (d) misinterpretation or misrepresentation of report meaning; (e) employment or organisational decisions made wholly or partly on the basis of report outputs; or (f) breach of this Policy, applicable law, or third-party rights by the Client or its representatives.

To the maximum extent permitted under applicable law, the Company shall not be liable for any indirect, incidental, special, exemplary, punitive, or consequential damages, nor for loss of profit, goodwill, reputation, anticipated savings, business opportunity, employee relations, internal trust, attrition impact, or claims arising out of report interpretation, report unavailability, inability to regenerate reports, or actions taken by the Client based on report content.

Subject to non-excludable liability under applicable law, the aggregate cumulative liability of the Company arising out of or relating to reports, reporting logic, report access, or this Policy shall not exceed the total fees actually paid by the Client to the Company for the relevant Services during the three (3) months immediately preceding the event giving rise to the claim. If no such fee was paid during that period, aggregate liability shall be limited to INR 10,000.

Nothing in this clause shall exclude liability that cannot lawfully be excluded under applicable law; all exclusions and limitations shall otherwise apply to the maximum extent legally enforceable.

Nothing in this Policy shall prevent the Company from restricting, withholding, preserving, using, or disclosing limited report-related information to the extent reasonably necessary for cybersecurity protection, fraud prevention, abuse investigation, incident response, infrastructure defence, lawful compliance, court process, regulatory direction, insurance reporting, or the establishment, exercise, or defence of legal claims.

Any such exception shall be interpreted narrowly and only to the extent reasonably required for the relevant lawful, security, or defensive purpose.

This Policy, and any dispute, claim, controversy, or proceeding arising out of or relating to reports, reporting access, reporting interpretation, or related use of the Platform, shall be governed by and construed in accordance with the laws of India, without regard to conflict-of-law principles.

The courts having territorial jurisdiction at Chennai, Tamil Nadu, India shall have exclusive jurisdiction over all disputes arising from or in connection with this Policy, the Services, or any related commercial relationship, subject always to the Company’s right to seek interim, injunctive, equitable, or protective relief before any court of competent jurisdiction where such relief is reasonably necessary to protect confidential information, systems, intellectual property, or legal rights.

The Company may amend, update, restate, or revise this Policy from time to time to reflect legal, technical, commercial, product, methodological, or security developments. A revised version may be published on the applicable webpage or otherwise communicated through reasonable business channels. Continued use of the Services after the effective date of a revised version shall constitute acceptance of the revised Policy to the extent permitted by applicable law and any governing written agreement.

For legal notices, governance clarifications, report-policy enquiries, or authorised communications relating to this Policy, please contact:

GreenSignature Services Private Limited
Email: support@gcreditwellness.com
Website: https://greensignature.org

Any legal notice intended to create, modify, waive, dispute, or enforce rights under this Policy should be made in writing by an authorised representative and sent through a verifiable communication channel.