Privacy Policy for BytesWrite

Effective: July 18, 2025

Global Coverage

GDPR

DPDP

1. Introduction

Welcome to BytesWrite Solution Private Limited (“BytesWrite”, “we”, “us”, or “our”). We are deeply committed to protecting your privacy, safeguarding the confidentiality of your personal information, and maintaining the integrity of data entrusted to us. As a trusted provider of enterprise-grade solutions, we recognize that privacy is not merely a legal requirement — it is a fundamental pillar of trust in our relationship with customers, users, partners, & stakeholders.

This Privacy Policy outlines how we collect, use, disclose, & protect your personal information when you access our platform or any associated applications (collectively referred to as the “Application”). The personal data you provide may be used for the purposes described in this Privacy Statement or as otherwise communicated at the time of collection.

Important Note

Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we will treat it. By using our Application, you agree to the collection and use of information in accordance with this policy.

2. Our Privacy Philosophy

Transparency

We are committed to being transparent about how we collect, use, and share your personal information.

Accountability

We take responsibility for the personal information we collect and process, ensuring it is handled in accordance with this Privacy Policy.

Integrity

We strive to maintain the accuracy and integrity of your personal information, ensuring it is up-to-date and relevant.

Security

We implement robust security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

User Empowerment

We empower users with control over their personal information, providing tools and resources to manage their privacy preferences.

Innovation

We foster a culture of innovation, continuously seeking new ways to enhance user privacy and data protection.

3. Scope of This Policy

This Privacy Policy applies to all data processing activities carried out by BytesWrite across:

Our BEP, ERP, CRM, and CMS platforms
Websites and associated web applications
Customer support and communication channels
Internal administrative and operational workflows

By accessing or using our platforms or services, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy.

4. Definitions

In this Privacy Statement, the following terms are defined as follows:

“Application”: Refers to the Integrated Education Management System.
“Personal Data” or “Personal Information”: Refers to any information related to you or information that can identify you, collectively referred to as "Personal Data" or "Personal Information."
“Processing”: Refers to the handling, sharing, processing, protecting, or storing of your Personal Data. We process Personal Data within this Application for various purposes, as detailed herein.

Definition of “Us”, “We”, and “Our”

In this Privacy Statement, the terms “Us”, “We”, and “Our” refer to the BytesWrite network and/or one or more of its Member Firms that may process your Personal Information. Each Member Firm within the BytesWrite network operates as a separate legal entity. For a complete list of countries and regions where BytesWrite Member Firms are located, please refer to the relevant section.

5. Comprehensive Data Collection Framework

At BytesWrite Solution pvt Ltd, we follow a structured and purpose-driven data collection approach to ensure that only necessary and relevant information is collected and processed. We collect personal and organizational data through secure means, such as user submissions, integrated services, web interactions, and system logs — always in compliance with applicable data protection laws.

5.1 Data Categories and Collection Methods

Type of Users	Website Visitors	Customers	Employees & Personnel
Info	Collected automatically when users interact with our website or marketing materials.	Collected during sign-up, service use, support, and billing interactions.	Collected during the course of employment or contractual engagements.
What data we collect	Technical Information: IP address, browser type and version, device type, screen resolution, operating system. Behavioral Data: Visited pages, time spent per session, scroll and click behavior, heatmaps, and exit paths. Marketing Attribution: Referral sources (e.g., ad campaign, newsletter), campaign UTM tags, interaction with call-to-actions (CTAs), and cookie preference.	Contact Information: Full name, email address, phone number, and physical or business address. Business Information: Company name, industry type, number of employees, and organizational roles or hierarchies. If applicable Financial Data: Invoice details, transaction history, payment status, and method of payment (processed securely through PCI-DSS compliant providers). If applicable Usage Analytics: Interactions with the platform, feature engagement, error logs, and system performance metrics used to optimize user experience.	Personal Information: Full name, contact details, government-issued ID numbers, emergency contacts. Professional Data: Employment history, job titles, qualifications, salary/compensation details, and performance evaluations. If applicable System Access Data: Assigned login credentials, login/logout timestamps, access activity logs, and administrative privilege records. If applicable
How We Collect Data	Collected automatically when users interact with our website or marketing materials. Direct User Input: Registration forms, support tickets, surveys, emails, and contractual submissions. We only collect what is necessary for delivering, improving, or securing our services. Users are informed at the point of collection regarding why specific data is needed and how it will be used. Optional data fields are clearly labeled, and user consent is sought wherever legally required.

6. Enhanced Data Processing And Usage

At BytesWrite Solution pvt Ltd, we collect and use personal data in a lawful, transparent, and purpose-driven manner. Every data processing activity is backed by a valid legal basis, as required under data protection laws such as the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act (DPDP), 2023. This ensures that your information is used strictly for legitimate and well-defined reasons.

6.1 Primary Processing Purposes

Type of Purpose	Service Delivery	Business Operations	Analytics and Improvements
Info	We process your personal and organizational data to provide access to our core services and to ensure uninterrupted, secure, and optimized performance of our platforms.	Personal data is also used for day-to-day operations, ensuring smooth internal functioning and efficient service delivery.	To continuously improve our services, we collect and analyze aggregated or pseudonymized data to understand user behavior and market trends.
Why we collect	Enabling and customizing platform features based on your organization’s needs. Responding to customer support requests and technical issues. Performing routine maintenance, load balancing, and uptime management. Conducting real-time security monitoring, anomaly detection, and access control enforcement.	Managing customer relationships and service subscriptions. Conducting invoicing, payment tracking, and financial reconciliation. Handling employee and contractor records for workforce management. Meeting compliance requirements, internal policy enforcement, and responding to audits or legal obligations.	Analyzing feature usage patterns to enhance user experience. Evaluating performance metrics for operational efficiency. Driving product innovation based on user needs and market evolution. Performing competitive analysis and internal benchmarking.
Legal Basis	Contractual Necessity – to fulfill service obligations under customer agreements. Legitimate Interests – to maintain platform integrity and respond to user issues.	Contractual Necessity – for account and relationship management. Legal Compliance – for tax records, audit trails, and labor laws. Legitimate Interests – for operational excellence and resource optimization.	Legitimate Interests – to innovate and optimize services in a privacy-conscious way. Consent – where cookies or optional analytics are involved in web environments.

7. Strategic Data Sharing And Disclosure

BytesWrite Solution pvt Ltd is committed to handling personal and organizational data with the utmost care, confidentiality, and transparency. We only share data when necessary to provide our services, operate efficiently, and comply with legal or contractual obligations. All sharing is governed by strict access controls, data processing agreements, and security best practices.

Sharing Context	Internal Data Sharing	Third Party Data Sharing
Info	To deliver seamless service and maintain operational efficiency, certain data may be shared internally within BytesWrite under strict access policies	We may share specific categories of personal or usage data with trusted third-party service providers, solely for the purpose of enabling core functionality, improving our services, and fulfilling legal or contractual obligations. These third parties are vetted for compliance and bound by contractual data protection agreements.
Why we share	Authorized Personnel: Data access is restricted to employees and contractors who require it to perform their duties, based on clearly defined roles and the principle of least privilege. Cross-Department Collaboration: Limited data may be shared across departments (e.g., customer success, billing, compliance) to ensure a unified and personalized user experience. Strategic Insights: Aggregated and anonymized data may be used for internal reporting, product improvement, and business intelligence. Security & Compliance Operations: Internal security teams may process data to monitor for suspicious activity, investigate incidents, and maintain platform integrity.	Cloud Infrastructure & Database Hosting: Our applications and data are securely hosted using modern cloud platforms, including databases such as MongoDB, which provide enterprise-grade encryption, backup, and fault-tolerance. Payment Processing: For managing subscription billing and secure financial transactions. Marketing and Engagement Platforms: For customer communication, behavior analytics, and lifecycle management—used with consent where required. Security and Monitoring Tools: For real-time threat detection, performance optimization, and compliance auditing.
Notice of Sharing	We do not sell or monetize personal data. Any data shared with third-party vendors is strictly purpose-bound and limited to what is essential for the execution of operational services. Access is restricted and governed by clearly defined use-cases. While we ensure due diligence in selecting vendors—only engaging those who meet stringent quality and compliance standards after thorough internal evaluation and testing—any data breach or leak at the vendor’s end remains their sole responsibility and is subject to their internal security and compliance protocols. We maintain full transparency with our stakeholders regarding the vendors and infrastructure partners we utilize. This information is communicated in advance, and we take the highest precautions to ensure that all selected vendors align with our data protection standards and values.

8. Comprehensive Data Retention Framework

BytesWrite maintains a structured data retention policy aligned with legal, operational, and business needs. Customer data is retained for up to 7 years post-service, with financial records held for 10 years to meet tax and audit obligations. Employee and HR-related data are stored for up to 7 years after termination, while recruitment records are kept for 2 years. Technical data, including system logs, backups, and security incidents, are retained between 1 to 5 years depending on their purpose. All data is securely deleted once retention periods expire.

8.1 Retention Periods by Data Category

Data Category	Customer Data	Employee Data	Technical Data
Duration	Active Relationships: Duration of service agreement plus 7 years Inactive Accounts: 3 years from last interaction Financial Records: 10 years for accounting and tax purposes Support Communications: 5 years for service quality assurance	Current Employees: Duration of employment plus 7 years Former Employees: 7 years post-termination for legal compliance Recruitment Data: 2 years for unsuccessful candidates Performance Records: 5 years for reference and evaluation	System Logs: 2 years for security and performance analysis Backup Data: 1 year with automatic deletion procedures Security Incident Data: 5 years for investigation and prevention Usage Analytics: 3 years for trend analysis and improvement

8.2 Data Deletion and Archival Policy

At BytesWrite Solution pvt Ltd, we take data minimization and lifecycle management seriously. In alignment with our retention periods (Section 5.1), we follow strict protocols to ensure that your personal data is not retained any longer than necessary.

8.2.1 Deletion from Active Systems

Once the defined retention period for any category of data expires, the respective data is automatically and permanently removed from our active production systems, including:

Application databases
CRM and communication platforms
Analytics dashboards
Employee management systems

Deletion Notice

This process is governed by automated cleanup scripts and monitored periodically to ensure compliance.

8.2.2 Archival in Encrypted Metadata Stores

To fulfill limited regulatory, audit, or legal obligations, minimal metadata may be securely archived in isolated storage. These archives:

Do not contain any active personal data
Are fully encrypted and read-only
Are only accessible to a limited number of authorized compliance personnel
Are retained solely for audit trails or legal defense purposes

Archived metadata typically includes:

Anonymized transaction references
System logs (non-identifiable)
Time-stamped deletion confirmations

Archival Notice

No archived data is ever used for analytics, profiling, or commercial purposes.

8.2.3 Full Erasure and No Retention Promise

Upon expiry of both active and archival timelines, all data is irreversibly purged from our systems, including:

Primary and backup databases
Cache and content delivery systems
Metadata repositories

Full Erasure Notice

At this point, BytesWrite no longer holds any form of your personal data, directly or indirectly. This ensures full compliance with the "right to erasure" (GDPR Article 17) and reinforces our commitment to data privacy and trust.

9. Advanced Security Measures

At BytesWrite Solution pvt Ltd, we implement industry-leading security practices to ensure that all personal and organizational data remains protected against unauthorized access, misuse, or disclosure. Our security framework includes robust technical safeguards, administrative controls, and incident response mechanisms, built with a forward-looking mindset, including preparedness for emerging threats.

9.1 Technical Safeguards

Security Measure	Encryption Standards	Access Controls
Data Encryption	AES-Based Encryption: All sensitive data is encrypted using AES (Advanced Encryption Standard), ensuring strong protection for data at rest and during processing. Secure Data in Transit: Communications between clients, servers, and APIs are encrypted using TLS protocols, protecting data integrity and confidentiality. JWT Authentication: User sessions and access are secured with JWT (JSON Web Tokens), which are signed and encrypted to prevent unauthorized access or tampering. Encrypted Cloud Infrastructure: Our infrastructure providers—MongoDB Atlas, AWS, and Vercel—offer built-in encryption and comply with leading industry standards for data security.	Role-Based Access Control (RBAC): Access is granted strictly based on job roles, adhering to the principle of least privilege. Zero-Trust Architecture: We enforce continuous authentication and real-time validation, assuming no inherent trust between systems. Privileged Access Management (PAM): Elevated privileges are strictly controlled, monitored, and periodically reviewed for administrative users.

9.2 Administrative Controls

Control Measure	Privacy Governance	Incident Response and Breach Handling
Data Access Policies	Privacy Impact Assessments (PIAs) are conducted before introducing new processing activities, ensuring risk is evaluated and mitigated proactively. We conduct regular internal privacy audits and compliance reviews to ensure ongoing alignment with data protection laws and best practices. All employees receive mandatory training on data privacy, information security, and secure handling practices as part of our onboarding and continuous learning processes.	Our Incident Response Team (IRT) operates under a documented plan with clearly defined roles and escalation procedures. In the event of a personal data breach, we are committed to issuing notifications within 72 hours, as required under GDPR Article 33. Forensic investigation protocols are in place to trace, analyze, and remediate any incidents with transparency and accountability.

10. Fundamental Rights Under the DPDP Act

In accordance with the Digital Personal Data Protection (DPDP) Act, 2023, BytesWrite Solution pvt Ltd ensures that all data principals (individuals whose data is processed) retain meaningful control over their personal information. We have implemented robust mechanisms to honor and facilitate the exercise of the following fundamental rights:

Fundamental Right	Right To Information	Right To Correction	Right To Forgotten
Information	You have the right to request and receive clear, comprehensive details about the processing of your personal data.	If you believe that the data we hold about you is inaccurate, incomplete, or outdated, you may request us to correct or update it.	You have the right to request the erasure of your personal data when:
Your rights	The categories of personal data we process about you. The purposes for which your data is used. The legal basis for processing under applicable data protection laws. The entities (if any) with whom your data has been shared, including any cross-border transfers. The applicable retention periods for your data and the procedures for deletion or archival once that period has expired.	Correct factual inaccuracies or typographical errors. Update outdated or obsolete information (e.g., contact details). Supplement missing relevant data for completeness. Verify and confirm the implementation of corrections made to your data across systems and services where applicable.	The data is no longer required for the purpose it was collected. You withdraw consent where processing was based on it. You object to processing, and there are no overriding legitimate grounds.
Our Deletion & Archival Approach	Once your erasure request is validated, we initiate a multi-phase deletion process as outlined in our Data Deletion and Archival Policy (Section 5.2)

Exceptions: We may deny or defer erasure in specific scenarios where:

Retention is required by law (e.g., taxation, labor, or contractual obligations).
Data is part of a legal dispute, investigation, or regulatory hold.

11. Enhanced Contact and Grievance Framework

At BytesWrite Solution Private Limited, we value feedback and concerns from users, partners, and clients. We are committed to resolving privacy-related issues with care, but we also maintain operational discretion and legal safeguards to protect our business interests in case of disputes. This framework is designed to handle grievances respectfully, efficiently, and in compliance with relevant laws—while preserving BytesWrite’s right to defend its interests where necessary.

11.1 Contact Information

For all matters concerning your personal data, privacy rights, or general data processing queries, you may contact us via the following dedicated channels. All incoming communication is reviewed with a balanced approach—respecting user rights and BytesWrite’s legal, contractual, and operational considerations.

Email Support

support@byteswrite.com

Support Portal

https://byteswrite.com/support

Escalation Path

Complex cases may be escalated to senior management or the DPO, subject to internal prioritization and materiality.

Response Timeline

We strive to respond to valid privacy-related requests within 72 business hours. Cause we care for our users and aim to address their concerns promptly.

Please note

BytesWrite reserves the right to authenticate and assess the validity of each request before initiating any action, especially where legal or contractual obligations may be involved.

11.2 Grievance Redressal Process

BytesWrite maintains a four-tiered grievance redressal framework to provide structure and fairness in resolution, while retaining legal safeguards necessary for dispute handling. Each step is designed to filter, evaluate, and respond to concerns based on internal policy and regulatory compliance—not blanket customer demand.

Steps	Grievance Redressal Process
Step 1: Submission & Acknowledgment	Submit your concern via the listed communication channels. An acknowledgment with a case reference ID will be issued within 24 business hours. The issue is categorized by priority, legal sensitivity, and relevance to platform usage or contractual agreements.
Step 2: Review & Investigation	Our internal Privacy or Compliance Team will assess the issue based on available documentation, logs, internal records, and applicable terms. Stakeholders may be consulted, and legal counsel engaged if the concern involves risk or conflict. Not all grievances may qualify for resolution under our framework. Unsupported or misaligned grievances may be closed without action.
Step 3: Resolution	If actionable, remedial measures may include factual clarifications, policy explanations, minor adjustments, or user-level configuration changes. Monetary compensation, service changes, or legal admissions will only be considered where specifically mandated under law or an executed agreement. Resolutions are final unless materially disputed through authorized appeal channels.
Step 4: Appeals & External Channels	Unsatisfied parties may submit a formal appeal to BytesWrite’s Internal Review Committee. Where legally required, we cooperate with recognized data protection bodies under DPDP, GDPR, or equivalent frameworks. However, BytesWrite reserves the right to defend its position in good faith and reject appeals that pose commercial, reputational, or legal harm to the organization.

Legal Protection Clause

BytesWrite retains the right to restrict, defer, or decline grievance responses in situations involving legal disputes, regulatory investigations, contract violations, or potential litigation. In such cases, we will act in accordance with our legal counsel and corporate policies to protect the company’s interests.
BytesWrite reserves full discretion to determine the scope, depth, and outcome of investigation efforts, especially where commercial or legal risk is identified.

12. Policy Updates And Amendments

At BytesWrite Solution Private Limited, we view our Privacy Policy as a dynamic governance instrument—one that evolves in response to regulatory shifts, operational developments, technological advances, and business priorities. While we are committed to keeping our users informed, we retain the right to amend this policy at our discretion to safeguard the integrity and scalability of our services.

12.1 Regular Policy Review Cycle

We conduct multi-tiered reviews of this Privacy Policy to ensure it remains compliant, current, and aligned with industry expectations:

Review Cycle	Quarterly Reviews	Annual Comprehensive Audit
Policy Review	Monitoring of legal and regulatory changes (e.g., DPDP Act, GDPR, CCPA) Assessment of platform and infrastructure updates (e.g., new features, third-party integrations) Analysis of user feedback, grievances, and support trends Benchmarking against leading industry practices and risk frameworks	Full end-to-end effectiveness evaluation of our privacy practices Independent compliance gap analysis and internal audit Stakeholder and legal counsel consultation Development of a strategic privacy roadmap for the upcoming cycle

12.2 Policy Amendment and Notification Protocol

Our update process is designed to inform users without disrupting platform continuity or compromising operational agility.

Policy Changes	Material Changes	Minor or Operational Updates
Information	When updates involve a change in data usage, legal rights, or processing scope, we will:	For non-material amendments (e.g., clarifications, formatting, security adjustments), we may:
Updates	Provide a 30-day advance notice to affected users Send email communications to registered users Display a notification banner on relevant platform interfaces Offer opt-out or consent renewal mechanisms, where applicable	Publish the updated policy directly on our website Maintain detailed version history with change logs Inform users at their next login or interaction Allow a grace period for adaptation, if necessary
Note	Continued use of our services after any update constitutes acceptance of the revised Privacy Policy.

Important Notice

By maintaining the flexibility to evolve our privacy framework, BytesWrite ensures both legal compliance and business resilience, while continuing to earn and retain the trust of our stakeholders.

BytesWrite Educational Platform

CAMPUS

TRACER

UPLIFT AI

ATLAS HR

REACH

Ready to Start?

BEP Dashboard

One Organization, One Platform, One Profile

ABOUT US

PRIVACY POLICY

CAREER

TERMS OF SERVICE

HELPDESK