DRAFT — pending counsel review. Last reviewed: 2026-05-12.
Legal

Privacy Policy

Effective date: 12 May 2026  ·  Dhruvanta Systems Private Limited

1. Who we are

Dhruvanta One is operated by Dhruvanta Systems Private Limited(“Dhruvanta Systems”, “we”, “us”, or “our”), a company incorporated in India under the Companies Act 2013 (CIN U62013TS2026PTC212638), with its registered office at 15-11-86, Ramannapet, Warangal, Telangana 506002, India.

This Privacy Policy applies to the Dhruvanta One portal and all associated products (Dhruvanta ERP, Dhruvanta CLM, Dhruvanta Sign, PrintAnywhere) accessed through it. It is governed by the Digital Personal Data Protection Act 2023 (DPDP Act) and other applicable Indian law.

2. Scope

Dhruvanta One is a business-to-business (B2B) portal. Your employer or organisation (“Customer” or “Tenant”) enters into a separate agreement with us. In that context:

  • The Customer is a Data Fiduciary for data relating to its own end-users and employees.
  • Dhruvanta Systems acts as a Data Processor on behalf of the Customer for Customer-provided data.
  • Dhruvanta Systems acts as a Data Fiduciary for platform-level data (account credentials, billing, usage telemetry).

3. Data we collect

Account & contact data

Name, work email address, phone number, tenant ID, role, password hash, and session tokens.

Billing & subscription data

Plan tier, upgrade/downgrade timestamps, invoicing details. We do not store raw payment card data on our systems.

Product & usage data

Feature interactions, API request logs, payroll run records, employee records, webhook delivery logs, and in-app notification preferences.

Customer-provided data

Any data uploaded or entered by the Customer's users, including HR data, documents, or third-party integration payloads. Processed under the Customer's instructions.

Technical & device data

IP address, browser user-agent, session timestamps, and error telemetry. Used solely for security, reliability, and abuse prevention.

4. Legal bases for processing

  • Contract performance — to provide the Dhruvanta One portal and products you or your employer have subscribed to.
  • Legitimate interests — security monitoring, fraud prevention, service reliability, and anonymised analytics to improve the product.
  • Legal obligation — compliance with Indian tax, labour, and corporate law.
  • Consent — for optional notifications or marketing communications, where required by the DPDP Act 2023.

5. How we use your data

  • Authenticating access to Dhruvanta One and its products.
  • Delivering and improving the subscribed services.
  • Processing payroll computations and HR records on the Customer's behalf.
  • Sending transactional and in-app notifications (subject to your preferences).
  • Generating invoices and managing subscription billing.
  • Fulfilling legal, regulatory, and audit obligations.
  • Detecting and preventing security incidents and abuse.

6. Sharing and disclosure

We do not sell personal data. We share data only with:

  • Service providers acting as sub-processors (cloud infrastructure, messaging services, payment processors) under data processing agreements.
  • The Customer — their tenant-scoped data is accessible to authorised members of that tenant only.
  • Regulators and law enforcement — when required by applicable Indian law or court order.
  • Successors — in the event of a corporate restructuring, merger, or acquisition, subject to continued privacy obligations.

7. Data retention

We retain personal data for as long as the Customer's account is active or as needed to fulfil the purposes described in this policy. On account deletion:

  • A 7-day grace period applies, during which the deletion can be cancelled.
  • After the grace period, personal data is deleted or anonymised from live systems; legal and audit records may be retained for the period required by applicable law.

8. Security

We apply technical and organisational measures including encrypted storage at rest, TLS in transit, tenant-scoped access controls, multi-factor authentication, and regular security reviews. No transmission method over the internet is 100% secure; we will notify affected parties of confirmed breaches as required by law.

9. International transfers

Data is primarily stored in India. Where data is processed outside India (for example, by a sub-processor operating in another jurisdiction), we ensure an adequate level of protection through contractual safeguards consistent with the DPDP Act 2023.

10. Your rights under the DPDP Act 2023

As a Data Principal under the DPDP Act 2023, you have the right to:

  • Access a summary of personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Erasure — request deletion of your account and personal data (subject to the 7-day grace period in Section 7 and statutory retention obligations).
  • Nominate a representative for the exercise of rights on death or incapacity.
  • Grievance redressal — raise a complaint with our Grievance Officer or the Data Protection Board of India.

To exercise any of these rights, email privacy@dhruvantasystems.com. We will respond within the timeframe required by applicable law.

11. Cookies

Dhruvanta One uses server-side session cookies strictly necessary for authentication. No third-party advertising or cross-site tracking cookies are used. Browser-level preferences are respected.

12. Changes to this policy

We will post any material changes to this page and update the effective date. For significant changes affecting the rights of Data Principals, we will provide notice through the portal or by email at least 14 days before the change takes effect, unless prohibited by law.

13. Contact & grievance redressal

Dhruvanta Systems Private Limited

15-11-86, Ramannapet, Warangal, Telangana 506002, India

Privacy inquiries: privacy@dhruvantasystems.com

Legal: legal@dhruvantasystems.com