PRO.TR.ON DST Global  ·  Value with Trust
Privacy & Legal ← Back to Site
Legal Document

Privacy Policy

DST Global is committed to the responsible handling of personal data. This Policy sets out what information we collect, the lawful basis on which we process it, how we protect it, and the rights available to you as a data principal under applicable Indian law.

Effective Date 01 June 2025
Last Revised 09 June 2026
Version 2.0
Governing Law India — IT Act 2000 & DPDPA 2023

Section 01 — Scope & Applicability

Scope and applicability of this Policy

This Privacy Policy ("Policy") is published by DST Global, a proprietary entity operating under the trade name DeepSphere Technologies, having its principal place of business at Pune, Maharashtra, India, and its associated digital product PRO.TR.ON (Project Tracking Online) (collectively "DST Global", "we", "us", or "our").

This Policy applies to all personal data processed in connection with:

  • The website located at deepspheretech.com and all subdomains thereof;
  • The PRO.TR.ON SaaS platform, including web and API interfaces;
  • All marketing, sales, and support communications conducted by DST Global;
  • Any third-party integrations or connectors activated by users within the platform.

This Policy does not apply to the data practices of third-party platforms, vendors, or partners who may be accessible via links or integrations within our Services. DST Global accepts no responsibility for the privacy practices of such third parties.

Important: By accessing or using our Services in any manner, you acknowledge that you have read, understood, and agreed to the terms of this Policy. If you are accessing the Services on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that entity to this Policy.

Section 02 — Definitions

Key definitions

The following terms carry the meanings set out below throughout this Policy:

"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the Digital Personal Data Protection Act, 2023 ("DPDPA").

"Data Principal" means the individual to whom Personal Data relates — i.e., the user, customer, or visitor whose data is being processed.

"Data Fiduciary" means DST Global, which alone or in conjunction with others determines the purpose and means of processing Personal Data.

"Processing" means any operation or set of operations performed on Personal Data, including collection, storage, use, disclosure, transfer, or erasure.

"Services" means the PRO.TR.ON platform, the deepspheretech.com website, and all associated communications, support, and marketing activities operated by DST Global.

"Consent" means a freely given, specific, informed, and unambiguous indication of agreement to the processing of Personal Data for a stated purpose.

Section 03 — Personal Data We Collect

Personal data we collect

We collect only the minimum personal data necessary to provide, operate, and improve our Services ("data minimisation principle"). The categories of data collected are as follows:

A. Data you provide directly

👤

Identity & Contact Data

Full name, work email address, designation, company name, and phone number collected during account registration, demo requests, or contact form submissions.

💳

Billing & Commercial Data

Organisation legal name, billing address, GST registration number, and invoice-related correspondence. Payment card details are handled exclusively by PCI-DSS-compliant processors and are never stored by DST Global.

📁

Platform Content Data

Projects, sprints, user stories, tasks, timesheets, budgets, uploaded files, and any other content that you or your organisation create within the PRO.TR.ON platform. This data is owned by you.

✉️

Communications Data

Content of emails, support tickets, chat messages, demo call notes, and feedback submissions addressed to DST Global.

B. Data collected automatically

  • Log & Technical Data: IP address, browser type and version, operating system, referral URL, pages visited, timestamps, and error logs generated during platform use.
  • Device Data: Device type (desktop / mobile / tablet), screen resolution, and preferred language.
  • Usage & Behavioural Data: Features accessed, actions performed, session duration, navigation paths, and frequency of use — collected in aggregate and pseudonymised where possible.
  • Cookie Data: Session identifiers, authentication tokens, and analytics identifiers placed by first-party and approved third-party cookies (see Section 9).

C. Data received from third parties

Where you elect to authenticate via a third-party identity provider (e.g., Google OAuth, Microsoft SSO), we receive only the data you expressly authorise — typically name, email address, and profile photograph. DST Global does not purchase, acquire, or receive personal data from data brokers or data aggregators under any circumstances.

Special Categories: DST Global does not intentionally collect any sensitive personal data as defined under the DPDPA 2023, including financial passwords, health information, biometric data, caste, religion, or sexual orientation. If any such data is inadvertently submitted, it will be deleted upon identification and the submitter notified.

Section 04 — Purposes & Legal Basis

Purposes for which we process personal data

We process personal data only for specified, explicit, and legitimate purposes. The processing activities, corresponding data categories, and legal bases are set out in the table below. Where processing is based on consent, you retain the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

Processing Purpose Data Categories Used Legal Basis
Provision and operation of the PRO.TR.ON platform Identity, contact, platform content data Contractual necessity
Account creation, authentication, and access management Identity, contact, log data Contractual necessity
Billing, invoicing, and payment processing Billing and commercial data Contractual necessity / Legal obligation
Sending transactional notifications (security alerts, system updates, invoices) Contact, identity, billing data Contractual necessity
Sending promotional and marketing communications Email address, role, company Consent (freely withdrawn at any time)
Responding to enquiries, support requests, and demo bookings Identity, contact, communications data Legitimate interest / Pre-contractual steps
Product improvement, analytics, and research Anonymised / pseudonymised usage data Legitimate interest
Platform security, fraud detection, and abuse prevention Log, device, usage data Legitimate interest / Legal obligation
Compliance with legal, regulatory, or judicial obligations Any data required by competent authority Legal obligation
Exercising or defending legal rights and claims Relevant data as required Legitimate interest / Legal obligation

DST Global does not use personal data for automated individual decision-making or profiling that produces legal or similarly significant effects without explicit consent. If such processing is introduced in future, affected users will be notified and their consent sought prior to commencement.

Section 05 — Disclosure of Personal Data

How and when we disclose personal data

DST Global does not sell, rent, lease, or trade personal data to any third party for their independent commercial purposes, under any circumstances. Disclosure occurs only in the limited, controlled situations described below.

A. Data Processors (sub-processors)

We engage vetted third-party service providers who process data strictly on our instructions under binding Data Processing Agreements ("DPAs"). Current categories of sub-processors include:

  • Cloud Infrastructure: Hosting and server providers (e.g., AWS, Microsoft Azure) providing the compute and storage environment on which PRO.TR.ON operates.
  • Email Delivery: Transactional and marketing email platforms (e.g., Mailchimp) used solely to deliver communications authorised under this Policy.
  • Analytics: Aggregate website and product analytics tools (e.g., Google Analytics) operating under approved data-sharing configurations with IP anonymisation enabled.
  • Payment Processing: PCI-DSS Level 1 compliant payment gateways for subscription billing. DST Global never transmits, stores, or logs raw payment card data.
  • Customer Support: Helpdesk platforms used to manage support tickets and communications.

All sub-processors are contractually prohibited from using your data for any purpose other than delivering the specific service to DST Global.

B. Legal and regulatory disclosure

We may disclose personal data to government authorities, law enforcement agencies, courts, or regulators where we are legally compelled to do so by applicable Indian law, a binding court order, or a lawful governmental directive. In such circumstances, we will:

  • Disclose only the minimum data legally required;
  • Notify the affected Data Principal to the extent permitted by applicable law;
  • Maintain a record of such disclosures for audit purposes.

C. Protection of rights and property

DST Global may disclose personal data where it reasonably believes such disclosure is necessary to: (i) investigate, prevent, or take action regarding suspected or actual fraud or illegal activity; (ii) enforce our Terms of Service; (iii) protect the rights, safety, or property of DST Global, its personnel, users, or the public; or (iv) defend against legal claims. Any such disclosure will be proportionate to the legitimate aim pursued.

D. Corporate transactions

In the event of a merger, acquisition, restructuring, divestiture, or sale of all or a material portion of DST Global's assets, personal data may be transferred to or reviewed by the acquiring or successor entity, subject to confidentiality obligations and the same level of protection as described in this Policy. Affected users will be notified by email and via a prominent notice on our website not less than 30 days prior to any such transfer becoming effective, and will be afforded the opportunity to delete their accounts.

E. Consent-based disclosure

Any disclosure not covered by the above categories will occur only with your prior, explicit, and informed consent, which may be withdrawn at any time.

Section 06 — Storage, Security & Transfers

How we store and protect your data

Personal data is stored on enterprise-grade cloud infrastructure hosted within India and/or Singapore. DST Global implements a layered, defence-in-depth security programme comprising the following controls:

🔐

Encryption

All personal data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Database backups are independently encrypted.

🛡️

Access Control

Role-based access control (RBAC) restricts internal access on a strict need-to-know basis. Privileged access requires multi-factor authentication.

🔑

Authentication & SSO

Enterprise single sign-on (SSO) and two-factor authentication are available to all paid account holders.

📜

Audit Trails

All access events, data modifications, and administrative actions are logged immutably and retained for security review and compliance purposes.

🔍

Vulnerability Management

Regular penetration testing, dependency scanning, and security code reviews are conducted as part of our secure development lifecycle.

🌐

Network Security

Firewalls, DDoS mitigation, intrusion detection systems, and network segmentation protect platform infrastructure from external threats.

International transfers

Where personal data is transferred to a sub-processor located outside India (e.g., for cloud infrastructure or email delivery), DST Global ensures such transfers are protected by appropriate contractual safeguards, including Standard Contractual Clauses or equivalent mechanisms consistent with applicable Indian law. No personal data is transferred to a jurisdiction that does not provide an adequate level of protection without appropriate safeguards in place.

Security Limitation: Notwithstanding the foregoing measures, no method of electronic transmission or digital storage can be guaranteed to be 100% secure. DST Global therefore cannot warrant the absolute security of personal data transmitted to or stored within our Services. We will, however, notify affected users and relevant authorities in accordance with applicable breach notification obligations under the DPDPA 2023 in the event of a material security incident.

Section 07 — Retention Periods

How long we retain personal data

DST Global retains personal data for no longer than is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable law. Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised.

Data Category Retention Period Basis
Active account and identity data Duration of account, then 30 days post-closure Contractual necessity
Platform content (projects, sprints, files) 30 days post account deletion, then permanent erasure Contractual necessity
Billing, invoicing, and tax records 7 years from the relevant financial year Companies Act 2013 / Income Tax Act 1961
Marketing consent records Duration of consent + 3 years post-withdrawal Legal obligation / Proof of consent
Security and access logs 12 months from generation Legitimate interest / Legal obligation
Support and communications data 3 years from last interaction Legitimate interest
Legal hold data (litigation / dispute) Until resolution of the relevant matter + 1 year Legal obligation
Anonymised / aggregated analytics data Indefinite (no longer constitutes personal data) Legitimate interest

Where you request erasure of your personal data before the expiry of a legally mandated retention period, DST Global will restrict active processing of that data to the extent required by law and delete it as soon as the legal obligation ceases to apply.

Section 08 — Rights of Data Principals

Your rights and how to exercise them

Subject to applicable law, you have the following rights in respect of your personal data. DST Global will acknowledge all valid requests within 72 hours and fulfil them within 30 calendar days, extendable by a further 30 days in complex cases with prior notification.

  • Right of Access (Section 11, DPDPA): You may request a summary of the personal data DST Global holds about you and the purposes for which it is being processed.
  • Right to Correction & Completeness: You may request correction of inaccurate, incomplete, or outdated personal data held by us.
  • Right to Erasure (Right to be Forgotten): You may request deletion of your personal data where: (i) the purpose of processing is fulfilled; (ii) you withdraw consent and no other lawful basis applies; or (iii) processing is unlawful. Erasure is subject to any overriding legal obligation to retain the data.
  • Right to Grievance Redressal: You may raise a complaint or grievance with our designated Grievance Officer (see Section 14) or with the Data Protection Board of India upon its establishment.
  • Right to Withdraw Consent: Where processing is based solely on your consent, you may withdraw that consent at any time via email or the platform's notification settings. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format (e.g., CSV or JSON) to facilitate transfer to another service provider.
  • Right to Nominate: You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity, as permitted under the DPDPA.

To exercise any of the above rights, submit a written request to contact@deepspheretech.com with the subject line "Data Principal Rights Request". We reserve the right to verify your identity before processing the request to prevent unauthorised access or fraudulent erasure. No fee is charged for exercising these rights, except where requests are manifestly unfounded or excessive, in which case DST Global may charge a reasonable administrative fee or decline to respond, with written reasons provided.

Marketing opt-out

Every marketing communication dispatched by DST Global includes a clearly labelled one-click unsubscribe mechanism. You may also opt out by emailing us directly. Unsubscribing from marketing communications does not affect the delivery of transactional or service-essential notifications, which are necessary for the performance of the contractual relationship.

Section 09 — Cookies & Tracking Technologies

Cookies and tracking technologies

DST Global uses cookies, web beacons, and similar technologies to operate our Services securely, retain your preferences, and gather aggregate insights into how our platform and website are used. The following categories of cookies are deployed:

Cookie Category Purpose Basis Opt-Out Available
Strictly Necessary Session management, authentication, CSRF protection, and load balancing. The platform cannot function without these. Legitimate interest / Contractual necessity No
Functional / Preference Remembering language, time zone, layout, and UI preferences across sessions. Consent Yes — via cookie banner or browser settings
Analytics (Google Analytics) Aggregate, anonymised measurement of page views, traffic sources, session durations, and feature usage. IP addresses are anonymised at collection. Consent Yes — via cookie banner or Google Analytics opt-out
Marketing / Retargeting May be deployed in future for interest-based advertising and campaign measurement. No marketing cookies are currently active. Consent (required before activation) Yes — consent must be granted before any deployment

You may withdraw or modify your cookie consent at any time via the cookie preference centre accessible on our website or by configuring your browser to refuse or delete cookies. Please note that disabling functional cookies may impair the performance and usability of certain PRO.TR.ON features. Disabling strictly necessary cookies may prevent access to the platform.

Section 10 — Minors

Persons under the age of 18

PRO.TR.ON is a business-to-business (B2B) enterprise software platform designed exclusively for use by professionals and organisational representatives who are 18 years of age or older. DST Global does not knowingly solicit, collect, or process personal data from individuals under the age of 18.

In the event that DST Global becomes aware, or is credibly informed, that personal data belonging to a minor has been submitted to our Services without verifiable parental or guardian consent, we will take prompt steps to permanently delete such data from our systems. If you have reason to believe that a minor's data has been submitted, please notify us immediately at contact@deepspheretech.com. Organisational customers are responsible for ensuring that access credentials are not made available to individuals under the age of 18.

Section 11 — Third-Party Services

Third-party links and integrations

Our website and platform may contain hyperlinks to external websites, or offer integrations with third-party software tools and services (including but not limited to Slack, GitHub, Google Workspace, and Microsoft Teams). DST Global provides such links and integrations as a convenience.

This Policy applies solely to personal data processed directly by DST Global. DST Global has no control over, and assumes no responsibility for, the content, privacy policies, or data practices of any third-party website or service. The presence of a link or integration does not constitute an endorsement by DST Global. We strongly encourage users to review the privacy policies of any third-party service before activating an integration or providing personal data to that service.

Where a third-party integration is activated by an administrator of a DST Global account, that administrator accepts responsibility for ensuring the integration complies with applicable data protection obligations and has obtained any necessary consents from end users within their organisation.

Section 12 — Limitation of Liability

Limitation of liability in connection with data

To the maximum extent permitted by applicable law, DST Global's total aggregate liability in connection with any privacy or data protection claim arising under or in relation to this Policy shall not exceed the greater of: (i) the total fees paid by the relevant user or customer to DST Global in the twelve (12) months immediately preceding the event giving rise to the claim; or (ii) INR 10,000 (Indian Rupees Ten Thousand).

DST Global shall not be liable for any indirect, incidental, consequential, special, or exemplary damages arising out of or in connection with: (i) unauthorised access to or use of your personal data by third parties despite our reasonable security measures; (ii) loss or corruption of data caused by factors outside our reasonable control, including force majeure events; (iii) acts or omissions of third-party sub-processors that are beyond DST Global's reasonable control, provided we have fulfilled our due diligence and contractual obligations to such sub-processors; or (iv) your failure to implement reasonable security practices on your own systems and devices.

Nothing in this section limits DST Global's liability for fraud, wilful misconduct, gross negligence, or any liability that cannot be excluded by applicable Indian law.

Section 13 — Amendments to this Policy

Changes to this Policy

DST Global reserves the right to update or modify this Policy at any time to reflect changes in applicable law, regulatory guidance, business operations, or technological developments. All revisions will be effective from the date published on this page unless a later effective date is specified.

In the event of a material change — meaning any change that substantially affects the nature of the data we collect, the purposes for which we use it, the parties with whom we share it, or your rights under this Policy — we will:

  • Update the "Last Revised" date and version number at the top of this page;
  • Send a written notification to the email address associated with all registered accounts, no fewer than 14 days prior to the change taking effect;
  • Display a prominent in-platform notification for a minimum of 30 days following the effective date of the change.

Your continued access to or use of the Services following the effective date of any revision constitutes your acceptance of the updated Policy. If you do not agree to any material change, you must cease use of the Services and may request deletion of your account and personal data in accordance with Section 8 before the change takes effect. Non-material clarifications or editorial corrections may be made without notice.

Section 14 — Grievance Officer

Grievance redressal mechanism

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and in anticipation of the Grievance Appellate Committee framework under the DPDPA 2023, DST Global has designated a Grievance Officer to address data protection and privacy concerns raised by users.

Any Data Principal who has a grievance regarding the processing of their personal data, or considers that their rights under applicable law have not been adequately addressed, may submit a formal complaint to the Grievance Officer. Complaints will be acknowledged within 48 hours of receipt and substantively addressed within 30 calendar days.

Designated Role Grievance Officer — Data Protection
Organisation DST Global (DeepSphere Technologies)
Grievance Email contact@deepspheretech.com
Subject Line Required "Formal Privacy Grievance — [Your Name]"
Response Commitment Acknowledgement within 48 hours; Resolution within 30 days

If your grievance is not resolved to your satisfaction within the stated timeframe, you may escalate the matter to the Data Protection Board of India (upon its formal establishment under the DPDPA 2023) or seek such other remedies as may be available under applicable Indian law.

Section 15 — Contact Details

How to contact DST Global

For general privacy enquiries, data rights requests, or questions regarding this Policy, please contact us using the details below. All communications should be in English or Hindi. We respond to all enquiries within 3 business days.

Legal Entity DST Global (DeepSphere Technologies)
Registered Address Pune, Maharashtra, India
Privacy Enquiries contact@deepspheretech.com
Telephone +91 99600 12274
Business Hours Monday – Friday, 09:00 – 18:00 IST

Legal Disclaimer: This Privacy Policy has been prepared for general informational and operational purposes and reflects DST Global's current data processing practices. It does not constitute legal advice. DST Global strongly recommends that you seek independent legal counsel if you have specific questions regarding your rights or obligations under applicable data protection law.

This Policy is an integral part of the DST Global Terms of Service and is incorporated by reference therein. In the event of any conflict between this Policy and the Terms of Service regarding personal data, this Policy shall prevail.

This document was last reviewed by the DST Global management team on 09 June 2026. Version history is maintained internally and available upon written request to our Grievance Officer.