1. INTRODUCTION & COMMITMENT TO PRIVACY

This Privacy Policy (“Policy”) outlines how Digibytetechnologies Pvt Ltd (“Company,” “We,” “Us,” or “Our”) collects, uses, stores, protects, and manages personal and professional information (“Data”) of users of the StrydeHR HRMS platform (“Platform”), including our website at www.strydehr.com, www.digibytetechnologies.com, and our mobile HR application.

We are committed to protecting your privacy and ensuring transparency in how we handle your Data. This Privacy Policy applies to all users of the Platform, including Administrators, HR Personnel, Employees, Managers, and other authorized users.

By accessing or using the Platform, you consent to the collection and use of Data as described in this Privacy Policy. If you do not agree with our privacy practices, please discontinue use of the Platform.

2. DATA CONTROLLER & CONTACT INFORMATION

Data Controller (Company): Digibytetechnologies Pvt Ltd

Address: #1B, M&M Building, 31, VLK Garden, Kalapatti Road, Coimbatore - 641048, Tamil Nadu, India

Contact for Privacy Inquiries: info@strydehr.com

Data Protection Officer (if applicable): For data protection-related inquiries, please contact us at the email address above.

3. TYPES OF DATA COLLECTED

The Platform collects the following categories of personal and professional Data:

3.1 Employee Personal Details

• Full name, email address, phone number
• Date of birth, age
• Gender and marital status
• National identification numbers (PAN, Aadhaar, if provided)
• Address and location information
• Emergency contact details
• Professional certifications and qualifications
• Employee ID and designation

3.2 Employment & Organizational Data

• Job title, department, reporting manager
• Employment status (active, inactive, probation, etc.)
• Salary and compensation information
• Employment contract and agreement documents
• Performance records and evaluations
• Training history and development records
• Promotion and career progression history

3.3 Attendance & Time-Tracking Data

• Daily attendance logs and check-in/check-out times
• Shift information and roster assignments
• Attendance status (present, absent, late, half-day, etc.)
• Overtime records
• Biometric data (if attendance is tracked via biometric systems)
• Device used for attendance marking (computer, mobile, kiosk)

3.4 Leave & Absence Management Data

• Leave requests (type, duration, dates)
• Leave balance and entitlements
• Leave approval history and approver names
• Absence records and reasons
• Medical leave documentation and certificates
• Unpaid leave and other leave categories

3.5 Onboarding Documents

• Government-issued ID proof (Aadhaar, Passport, PAN, Voter ID)
• Address verification documents
• Educational certificates and transcripts
• Work experience and reference letters
• Background check documentation
• Medical examination reports (if required)
• Offer letters and employment agreements
• Signed acknowledgments and policy acceptance forms

3.6 Location & GPS Tracking Data

• GPS coordinates for field employees (if attendance tracking via mobile app)
• Real-time location data during work hours (if enabled)
• Location history for remote work verification
• Check-in and check-out locations

3.7 Website & Application Cookies

• Session cookies for login and authentication
• Functional cookies for remembering preferences
• Analytics cookies for user behavior tracking
• Marketing cookies for targeted communications
• Cookie consent preferences

3.8 Device & Technical Information

• IP address and device identification
• Browser type and version
• Operating system and device type (Windows, iOS, Android, etc.)
• Device ID and unique identifiers
• Internet service provider (ISP) information
• Pages visited and time spent on each page
• Referral source (how you accessed the Platform)
• Device storage and memory specifications

3.9 Communication & Support Data

• Support tickets and inquiries submitted
• Email communications with the Company
• Chat logs and conversations through the Platform
• Feedback and survey responses
• Complaint records and resolutions

3.10 Financial & Payment Information

• Payment history and transaction records
• Billing address and payment method (processed through Razorpay)
• Subscription plan details and renewal dates
• Invoice records

4. LEGAL BASIS FOR DATA COLLECTION

We collect and process your Data based on the following legal grounds:

4.1 Contract Fulfillment

• To provide HRMS services and functionalities you have subscribed to
• To manage your Account and access to the Platform
• To process payments and manage billing

4.2 Legal Compliance

• To comply with Indian labor laws and employment regulations
• To fulfill tax and statutory obligations
• To comply with government requests or legal orders
• To maintain records as required by law

4.3 Legitimate Business Interests

• To improve our Platform and services
• To ensure Platform security and prevent misuse
• To analyze usage patterns and optimize performance
• To conduct business analytics and reporting

4.4 User Consent

• For marketing communications (explicit opt-in)
• For optional features or advanced analytics
• For data sharing with third parties beyond service provision

5. PURPOSE OF DATA COLLECTION & USE

We collect and use your Data for the following purposes:

5.1 Core HRMS Functionality

• Employee Management: To maintain employee records, manage profiles, and update organizational data
• Attendance Tracking: To record and monitor employee attendance, shifts, and work schedules
• Leave Management: To process leave requests, maintain leave balances, and track absences
• Onboarding: To manage employee onboarding workflows, document collection, and new hire processes
• Payroll & Compensation: To calculate salaries, process payroll, and manage compensation data

5.2 HR Analytics & Reporting

• To generate HR analytics dashboards and reports
• To analyze workforce trends, headcount, and organizational metrics
• To create customized reports for management and decision-making
• To track key HR indicators (KPIs) and performance metrics
• To forecast future HR needs and requirements

5.3 Workforce Automation

• To automate HR workflows and processes
• To enable automated notifications and reminders (leave approvals, attendance alerts, etc.)
• To trigger automated workflows based on predefined rules
• To streamline administrative tasks and reduce manual effort

5.4 Security & Compliance

• To ensure Platform security and prevent unauthorized access
• To detect and prevent fraud, misuse, or policy violations
• To investigate security incidents or breaches
• To maintain audit trails and compliance logs
• To enforce compliance with Terms & Conditions
• To comply with employment law and regulatory requirements

5.5 Product Improvement

• To analyze user behavior and Platform usage patterns
• To identify bugs, performance issues, and areas for improvement
• To conduct user research and collect feedback
• To develop new features and optimize existing functionalities
• To personalize user experience based on role and preferences

5.6 Communication & Support

• To respond to your inquiries, support requests, and complaints
• To send administrative notifications and service updates
• To communicate changes to terms, policies, or features
• To provide customer support and assistance

5.7 Marketing & Business Development

• To send promotional materials (only with explicit consent)
• To invite you to webinars, events, or product demos
• To conduct customer surveys and satisfaction studies
• To understand customer needs and market trends

5.8 Legal & Regulatory Compliance

• To comply with government requests or legal proceedings
• To maintain statutory records as required by law
• To resolve disputes or legal claims
• To enforce contractual obligations

6. DATA STORAGE & INFRASTRUCTURE

6.1 Cloud Hosting on AWS

All Platform data is stored on Amazon Web Services (AWS) infrastructure. AWS provides secure, scalable, and reliable data storage services. Your Data is hosted on AWS servers, and the Company leverages AWS’s data center infrastructure in India or other designated regions.

6.2 Security Standards

Data stored on AWS is protected using AWS’s industry-standard security measures, including:

• Data encryption during transmission (HTTPS/TLS)
• Firewall protection and network security
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Backup and disaster recovery systems
• AWS Security Best Practices and compliance certifications (ISO 27001, SOC 2, etc.)

6.3 Current Encryption Status

Important: Your Data is currently NOT end-to-end encrypted. Data is transmitted and stored securely using AWS standards, but messages and sensitive information are not encrypted end-to-end by default.

6.4 Future Encryption Plans

The Company plans to implement end-to-end encryption for enhanced security in future updates. When encryption is implemented, users will be notified in advance, and opt-in or opt-out options may be provided based on use cases.

6.5 Data Residency

Your Data is primarily stored in AWS data centers. The Company will ensure compliance with data residency requirements as mandated by Indian law and regulations.

6.6 Third-Party Storage

While the primary storage is on AWS, certain data (such as payment information) may be stored with third-party providers (e.g., Razorpay) as necessary for service provision.

7. THIRD-PARTY INTEGRATIONS & DATA SHARING

7.1 Razorpay (Payment Gateway)

• Purpose: Payment processing and transaction management
• Data Shared: Payment information, billing details, transaction history
• Data Protection: Payment data is processed according to Razorpay’s security standards and PCI-DSS compliance
• Razorpay Privacy Policy: Please review Razorpay’s privacy policy at https://razorpay.com/privacy/

7.2 Amazon Web Services (AWS)

• Purpose: Cloud hosting, data storage, infrastructure management
• Data Shared: All Platform data stored on AWS infrastructure
• Data Protection: AWS maintains its own privacy policy and security standards
• AWS Privacy Policy: Visit https://aws.amazon.com/privacy/

7.3 No Sale of Data to Third Parties

The Company does NOT sell, trade, or share your personal Data with third parties for marketing or commercial purposes without your explicit consent.

7.4 Data Sharing with Other Users

Within your organization:

• Administrators may have access to employee Data as required for HR management
• HR Personnel may access relevant employee information based on their role
• Managers may view Data of employees under their supervision
• Employees may view their own Data and relevant organizational information

7.5 Legal Disclosures

The Company may disclose your Data if required by law, court order, or government request, including compliance with:

• Income Tax Act and tax authorities
• Labor laws and employment regulations
• Anti-fraud and security investigations
• Legal proceedings or litigation

8. COOKIES & TRACKING TECHNOLOGIES

8.1 Cookie Usage

The Platform uses cookies to enhance your user experience and analyze usage patterns. Types of cookies include:

8.2 Cookie Consent

When you first visit the Platform, you will be presented with a cookie consent banner. You can:

• Accept all cookies
• Accept only essential cookies
• Customize cookie preferences
• Opt-out of non-essential cookies

Your cookie preferences are stored and respected for future visits.

8.3 Disabling Cookies

You can disable cookies through your browser settings. However, this may affect Platform functionality and user experience. Some features may not work properly if cookies are disabled.

8.4 Third-Party Cookies

Analytics or marketing tools integrated with the Platform (if any) may place third-party cookies. These are governed by the respective provider’s privacy policies.

9. DATA RETENTION POLICY

9.1 Active Account Data

While your Account is active, the Company retains all your Data necessary to provide HRMS services, including:

• Employee records and onboarding documents
• Attendance and leave history
• Performance and HR analytics
• Communication records

9.2 Data Retention After Account Termination

Upon Account termination or deletion request:

• Your Data is retained for a maximum of 90 days
• During this 90-day period, you can retrieve or export your Data
• After 90 days, your Data is permanently deleted from active systems
• Backups may retain Data for an additional period for disaster recovery, after which they are also deleted

9.3 Legal & Compliance Retention

Notwithstanding the above, the Company may retain Data for longer periods if required by:

• Indian tax laws and compliance requirements
• Employment and labor law records
• Legal proceedings or government requests
• Audit and regulatory compliance obligations

9.4 Backup Data

Data stored in backups is retained according to AWS’s backup retention policies and may be retained longer than active system data for disaster recovery purposes.

9.5 Anonymized Data

The Company may retain anonymized, aggregated data indefinitely for analytics, product improvement, and business purposes, as this Data cannot identify individuals.

10. USER RIGHTS & DATA SUBJECT RIGHTS

10.1 Right to Access

You have the right to access all personal Data the Company holds about you. To request access:

• Log in to your Account and download your data from the “My Data” or “Export Data” section; or
• Email us at info@strydehr.com with your request

The Company will provide access within 10 business days.

10.2 Right to Data Portability

You have the right to obtain and export your Data in a structured, commonly used, machine-readable format (such as CSV or JSON). You may:

• Export your Data directly from the Platform settings
• Request export via email: info@strydehr.com
• Export your data for transfer to another service

10.3 Right to Rectification (Edit/Correct)

You have the right to correct inaccurate or incomplete Data:

• Update your profile information directly through the Platform
• Request corrections for employee records
• Contact HR or Administrators to modify organizational data
• Submit requests to info@strydehr.com for data corrections

10.4 Right to Data Deletion (Right to be Forgotten)

You have the right to request deletion of your Data, subject to:

• Completion of contractual obligations
• Compliance with legal and tax requirements
• Retention of records for statutory periods

To request deletion:

• Submit a written request to info@strydehr.com
• Specify which Data you wish to delete
• Provide verification of your identity

The Company will delete your Data within 30 days or provide reasons for any delays. Note: Certain Data may be retained longer due to legal requirements.

10.5 Right to Withdraw Consent

If you have consented to specific Data processing (such as marketing communications), you may withdraw your consent at any time:

• Unsubscribe from marketing emails by clicking the unsubscribe link
• Disable cookie preferences through your Account settings
• Email info@strydehr.com to withdraw consent for specific purposes

10.6 Right to Restrict Processing

You may request restriction of Data processing in certain circumstances, such as when:

• You dispute the accuracy of your Data
• Processing is unlawful but you prefer restriction over deletion
• The Data is no longer needed but you need it for legal purposes

Email info@strydehr.com with your restriction request.

10.7 Right to Lodge a Complaint

If you believe your privacy rights have been violated, you may lodge a complaint with:

• The Company at info@strydehr.com
• The relevant data protection authority in your jurisdiction
• The office of the Data Protection Officer (if applicable)

11. SECURITY MEASURES & DATA PROTECTION

11.1 Role-Based Access Controls

The Platform implements role-based access controls (RBAC) to restrict Data access:

• Admin: Full access to all employee Data and Platform settings
• HR: Access to HR-relevant Data and onboarding documents
• Managers: Access to employee Data under their supervision
• Employees: Access to personal Data and self-service features
• Other roles have granular permissions based on organizational policy

11.2 Encryption & Data Protection

• In Transit: Data transmitted between your device and the Platform is encrypted using HTTPS/TLS 1.2 or higher
• At Rest: Data stored on AWS uses AWS-managed encryption keys
• Future Enhancement: End-to-end encryption will be implemented in future versions

11.3 Access Logging

The Company maintains audit logs of all Data access and modifications to detect unauthorized activities and ensure accountability.

11.4 Security Practices

• Regular security audits and vulnerability assessments
• Employee training on data protection and privacy
• Incident response procedures for security breaches
• Compliance with AWS security best practices
• Regular software patching and updates

11.5 Password Security

• Passwords must meet minimum complexity requirements
• Passwords are hashed and salted for storage
• Multi-factor authentication (MFA) is available for enhanced security
• Password reset mechanisms are available for account recovery

11.6 Data Breach Notification

In case of a security breach or unauthorized Data access:

• Affected users will be notified within 72 hours
• Notification will include details of the breach and remediation steps
• The Company will cooperate with relevant authorities and comply with breach notification laws

12. CHILDREN’S PRIVACY

The Platform is intended for use by adults and organizations. The Company does NOT knowingly collect Data from individuals under 18 years of age, except as part of employee onboarding Data when necessary for employment purposes.

If the Company becomes aware that Data of a minor has been collected without parental consent, such Data will be promptly deleted. Parents or guardians concerned about a child’s Data should contact info@strydehr.com.

13. DATA PROCESSING AGREEMENT

For organizations using the Platform for employee Data management, the Company may enter into a Data Processing Agreement (DPA) to clarify responsibilities as Data Controller and Data Processor as required by applicable privacy laws.

Organizations requiring a DPA should contact info@strydehr.com to request a copy.

14. INTERNATIONAL DATA TRANSFERS

While the Company is based in India, Data may be accessed, processed, or stored on servers located in India or other regions where AWS maintains data centers.

By using the Platform, you consent to such international data transfers. The Company ensures compliance with Indian data protection laws and relevant international standards.

15. UPDATES TO PRIVACY POLICY

15.1 Policy Modifications

The Company reserves the right to update this Privacy Policy at any time to reflect changes in privacy practices, legal requirements, or Platform features.

15.2 Notification of Changes

Material changes to this Privacy Policy will be communicated via:

• Email notification to your registered email address
• In-app notification within the Platform
• Updated “Last Updated” date on this document

15.3 Effective Date of Changes

Changes become effective upon posting unless specified otherwise. Your continued use of the Platform constitutes acceptance of the updated Privacy Policy.

15.4 Previous Versions

Previous versions of this Privacy Policy are available upon request and will be maintained for historical reference.

16. COMPLIANCE WITH APPLICABLE LAWS

16.1 Indian Privacy Laws

The Company processes Data in compliance with applicable Indian laws, including:

• Information Technology Act, 2000 and Rules, 2011
• Employment laws and regulations
• Income Tax Act and GST regulations
• Any future data protection legislation in India

16.2 Reasonable Security

The Company implements reasonable security measures to protect Data against unauthorized access, alteration, or destruction, as required by law.

16.3 User Responsibility

Users are responsible for:

• Maintaining the confidentiality of login credentials
• Ensuring lawful collection and processing of employee Data
• Obtaining necessary consents from employees
• Complying with employment laws in their jurisdiction

17. CONTACT & GRIEVANCE REDRESSAL

For privacy-related questions, concerns, or Data subject requests, please contact:

Email: info@strydehr.com
Address: #1B, M&M Building, 31, VLK Garden, Kalapatti Road, Coimbatore - 641048, Tamil Nadu, India

Response Timeline: The Company will respond to privacy inquiries and Data subject requests within 10–15 business days.

Grievance Escalation: If your concern is not resolved satisfactorily, you may escalate your grievance to the Company’s management or lodge a complaint with relevant data protection authorities.

18. DISPUTE RESOLUTION & GOVERNING LAW

18.1 Governing Law

This Privacy Policy is governed by the laws of India, specifically the laws of the State of Tamil Nadu.

18.2 Jurisdiction

Disputes arising from this Privacy Policy will be resolved through arbitration or litigation in courts located in Coimbatore, Tamil Nadu, India.

18.3 Dispute Resolution Process

Before initiating legal proceedings:

• Parties agree to attempt good-faith resolution through negotiation
• Escalation to senior management or mediation may be offered
• If unresolved, disputes may proceed to arbitration or litigation

19. MISCELLANEOUS

19.1 Entire Privacy Agreement

This Privacy Policy, together with the Terms & Conditions, constitutes the entire agreement regarding privacy and Data handling.

19.2 Severability

If any provision is found invalid, that provision will be modified or severed, and remaining provisions will remain in effect.

19.3 No Third-Party Beneficiaries

This Privacy Policy does not create rights for third parties. Only the Company and users are parties to this agreement.

19.4 Company Assumption of Compliance

The Company assumes that all users are complying with applicable laws when using the Platform and processing employee Data.

20. SPECIAL PROVISIONS FOR EMPLOYEES

20.1 Employee Data Subject Rights

Employees have specific rights regarding their personal Data, including:

• Access to their own records
• Correction of inaccurate information
• Deletion requests (subject to legal retention requirements)
• Objection to certain processing
• Request for data portability

20.2 Employee Consent

Employees acknowledge that their organizations use the Platform to manage employment-related Data, and their organizations have collected necessary consents for Data processing.

20.3 Employee Privacy

The Company respects employee privacy and ensures Data is used only for legitimate HR purposes as outlined in this Policy.

ACKNOWLEDGMENT

By accessing or using the StrydeHR Platform, you acknowledge that you have read, understood, and agree to the Data collection, use, and protection practices outlined in this Privacy Policy.

For any questions or concerns, please contact us at info@strydehr.com.

Last Updated: December 9, 2025