Privacy Policy

1. About This Policy

Syltor Solutions Private Limited ("Syltor," "we," "us," or "our"), registered at 122, 1st Floor, Shree Ram Square, Near Virar (West) Flyover, Virar (West), Maharashtra — 401303, India (GST: 37AVSCS7955E1ZM), is committed to protecting the privacy of the businesses and individuals with whom we interact.

This Privacy Policy applies to:

• Visitors to our corporate website
• Clients and their authorised users who access platforms, software, or dashboards developed and operated by Syltor
• Prospective clients and leads who provide information for business enquiries
• Personnel of client organisations interacting with Syltor's services

By engaging with our website or services, you consent to the data practices described in this Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Business contact information: Name, job title, company name, business email address, phone number, and business address provided during enquiries, onboarding, or contract execution
• Account credentials: Usernames, passwords (stored in encrypted form), and security settings for platforms managed by Syltor
• Project and contractual information: Business requirements, technical specifications, correspondence, and documents shared during service delivery
• Payment and billing information: GST number, PAN, bank account details (for refund purposes), and billing address for invoice processing. We do not store complete credit/debit card information.

2.2 Information Collected Automatically

• Usage data: IP address, browser type, device type, operating system, pages visited, time spent, and navigation paths when accessing our website or hosted platforms
• Log data: System logs, error reports, and access timestamps for security monitoring and platform diagnostics
• Cookies and similar technologies: Session cookies, persistent cookies, and similar identifiers for authentication and user experience (see Section 7)

2.3 Information from Third Parties

In certain cases, we may receive information about clients or their end-users from third-party integrations, APIs, or data sources as part of the contracted service delivery scope. Such data is processed strictly in accordance with the applicable SoW and client instructions.

3. How We Use Your Information

We process personal and business data for the following purposes:

• Service delivery: To develop, maintain, and deliver the software platforms, dashboards, and technology solutions contracted by you
• Account management: To create and manage user accounts, authenticate access, and provide technical support
• Billing and payments: To generate invoices, process payments, handle disputes, and comply with GST and tax regulations
• Communication: To respond to enquiries, provide project updates, share product announcements, and send service-related notifications
• Legal compliance: To comply with applicable laws, court orders, regulatory requirements (including RBI, IRDAI, and MCA filings where relevant), and to enforce our Terms and Conditions
• Security and fraud prevention: To monitor for unauthorised access, investigate security incidents, and maintain the integrity of our platforms
• Service improvement: To analyse usage patterns and feedback to improve our products and services (using aggregated, anonymised data where possible)
• Marketing (with consent): To send relevant service updates or case studies to existing clients; you may opt out at any time

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal or business information to third parties. We may share data in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party vendors who assist in delivering our services, including cloud hosting providers (such as AWS, Google Cloud, or Azure), email service providers, payment processors, and analytics tools. These vendors are contractually bound to process data only on our instructions and are prohibited from using it for their own purposes.

4.2 Client-Authorised Sharing

Where the delivery of contracted services requires sharing data with third-party APIs or systems specified by the client (e.g., insurance company APIs, RBI-connected systems), such sharing is done solely on the client's behalf and under their direction.

4.3 Legal Requirements

We may disclose information when required to do so by law, court order, government authority, or regulatory body, or when we believe in good faith that disclosure is necessary to protect our legal rights or prevent imminent harm.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, client information may be transferred as part of that transaction. We will notify affected clients and this Privacy Policy will continue to apply.

5. Data Security

Syltor implements industry-standard technical and organisational security measures to protect data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest using AES-256 or equivalent standards
• Role-based access control (RBAC) and principle of least privilege
• Multi-factor authentication (MFA) for administrative access to production systems
• Regular vulnerability assessments and security audits
• Secure coding practices and code review processes
• Incident response procedures with defined escalation timelines

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. Clients are responsible for maintaining the confidentiality of their own access credentials.

In the event of a data breach that is likely to affect your rights and interests, we will notify you in accordance with applicable legal requirements.

6. Data Retention

We retain personal and business data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations. Specifically:

• Client account data: Retained for the duration of the active engagement plus 7 years post-termination, as required under Indian accounting and tax laws
• Project deliverables and communications: Retained for 5 years post-project completion
• Website usage logs: Typically retained for 90 days and then deleted or anonymised
• Financial records: Retained for a minimum of 8 years in compliance with the Companies Act, 2013, and GST regulations

Upon expiry of the retention period, data is securely deleted or anonymised.

7. Cookies

Our website and hosted platforms use cookies and similar tracking technologies to improve functionality and user experience. Types of cookies we use:

• Essential cookies: Required for the operation of our website and platforms (e.g., authentication session cookies). These cannot be disabled without affecting functionality.
• Analytics cookies: Used to understand how users interact with our website, in aggregated and anonymised form, to help us improve our services.
• Preference cookies: Remember your settings and preferences for a better experience.

You can control cookie preferences through your browser settings. However, disabling certain cookies may limit functionality. We do not use cookies for cross-site advertising or sell cookie data to third parties.

8. International Data Transfers

Our primary operations and data storage are located within India. Where data is processed by third-party service providers outside India (e.g., cloud providers with data centres abroad), we ensure appropriate contractual safeguards are in place to maintain equivalent data protection standards.

9. Your Rights

Under applicable Indian law and as a matter of good practice, you have the following rights with respect to your personal and business information held by Syltor:

• Right to access: Request a copy of the personal information we hold about you or your organisation
• Right to correction: Request correction of inaccurate or incomplete information
• Right to withdrawal of consent: Withdraw consent for processing where consent is the basis for processing (note: withdrawal does not affect lawfulness of processing prior to withdrawal)
• Right to deletion: Request deletion of data that is no longer necessary, subject to our legal retention obligations
• Right to grievance redressal: Lodge a grievance with our designated data grievance officer (see below)

To exercise any of these rights, please write to us at the contact details below. We will respond within 30 days of receipt of a valid request.

10. Grievance Officer

In accordance with the IT Act, 2000 and the SPDI Rules, 2011, we have designated a Grievance Officer to address any complaints or concerns regarding the processing of your personal data:

Grievance Officer — Syltor Solutions Private Limited
Address: 122, 1st Floor, Shree Ram Square, Near Virar (West) Flyover,
Virar (West), Maharashtra — 401303, India
Email: privacy@syltorsolutions.com
Phone: +91 84596 31296

All grievances will be acknowledged within 48 hours and addressed within 30 days of receipt.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. Material changes will be communicated to active clients via email or through a notice on our website, with at least 14 days' notice prior to the effective date. We encourage you to review this Policy regularly.