Privacy Policy

Who We Are & What This Policy Covers

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have regarding your information. It applies to all personal data processed through our website at www.netsoft.in, through enquiry and contact forms, during client onboarding and project delivery, and through any communications you have with us by telephone, email or in person.

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services.

We may update this policy from time to time. Continued use of our services after changes are posted constitutes acceptance of the revised policy. We will notify active clients of material changes by email.

Information We Collect

We collect only the personal data necessary to provide our services, respond to enquiries and operate our business. The categories of information we collect include:

Information You Provide Directly

• Contact details: Name, email address, phone number, organisation name, job title and postal address — provided through contact forms, enquiry submissions or when you call or email us directly.
• Project requirements: Technical specifications, scope documents, design briefs, workflow descriptions, business requirements and any other information you share during discovery and scoping sessions.
• Business information: Company registration details, GST number, billing address and financial information required for contracts and invoicing.
• Account credentials: Login credentials, access tokens and system information you may share with us during the delivery of software, web or application projects where we require access to your existing infrastructure.
• Communications: Emails, WhatsApp messages, meeting notes and any correspondence you send to us.

Information Collected Automatically

• Usage data: Pages visited, time spent on pages, referring URLs, browser type, device type and operating system — collected via server logs and analytics tools.
• IP address: Your IP address is logged by our server and any CDN or security provider (such as Cloudflare) when you visit our website.
• Cookies and local storage: Small data files stored in your browser to support website functionality, preferences and analytics. See Section 6 for full details.

Information From Third Parties

• Referrals: If a current client refers you to us, they may share your name and contact details so we can reach out.
• Business directories: We may receive basic profile information from platforms such as Clutch, GoodFirms or Google Business where you have left a review or enquiry.
• LinkedIn or social media: If you reach out to us via a social media platform, we receive the profile information you make available through that platform.

How We Use Your Information

We use the personal data we collect for the following purposes:

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Legal Basis for Processing

Where applicable under data protection laws including India's Digital Personal Data Protection Act 2023 (DPDP Act) and the General Data Protection Regulation (GDPR) for clients in the European Economic Area, we process personal data under the following lawful bases:

• Contract performance: Processing is necessary to fulfil a contract with you or to take pre-contractual steps at your request — for example, providing a project quote or delivering software development services you have engaged us for.
• Legitimate interests: Processing is necessary for our legitimate business interests, such as responding to enquiries, improving our website, and maintaining records of completed work — where those interests are not overridden by your rights.
• Consent: Where we send marketing emails or newsletters, we rely on your freely given, specific and informed consent. You may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws, such as retaining financial records under the Income Tax Act or GST regulations.

Client & Project Data

In the course of delivering our services — which include custom software development, ERP systems, web and mobile application development, e-commerce platforms, and IT outsourcing — we may access, process or store data that belongs to your organisation or your end-users. The following principles apply to all such data:

NDA and Confidentiality

We sign a Non-Disclosure Agreement (NDA) with any client whose project involves proprietary business data, trade secrets, or sensitive operational information. All project data is treated as strictly confidential and is not shared with any third party without your explicit written consent.

Source Code and Intellectual Property

All source code, design files, databases and related intellectual property developed specifically for your project are transferred to you upon full payment, as per the terms of the project agreement. We retain no ownership rights over bespoke work commissioned and paid for by you.

System Access

Where you provide us with credentials to access your servers, hosting accounts, CMS, databases or third-party APIs during a project or under an AMC, those credentials are stored securely and accessed only by the team members working on your account. Access is revoked from our systems at project completion unless an ongoing AMC arrangement requires continued access, which will be documented in your agreement.

End-User Data in Client Systems

If we develop or maintain a software application, web portal, e-commerce platform or mobile app that processes personal data of your customers or end-users, we act as a data processor on your behalf. You, as the data controller, remain responsible for ensuring that your end-users are informed about how their data is processed. We will process that data only on your documented instructions.

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to operate correctly and to understand how visitors use the site. Below is a summary of the cookies we use:

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality. You may also use browser extensions such as uBlock Origin or Privacy Badger to restrict tracking.

Our website is delivered in part through Cloudflare, which may set its own security and performance cookies. These are governed by Cloudflare's Privacy Policy.

Third-Party Services & Integrations

We use a limited number of trusted third-party services to operate our website and business. Each is governed by its own privacy policy:

• Google Analytics: Website traffic analysis. Data is processed by Google and governed by Google's Privacy Policy. We use IP anonymisation where available.
• Cloudflare: Content delivery network (CDN), DDoS protection and performance optimisation. Cloudflare processes request data as a security intermediary.
• WhatsApp Business: Client communication channel. Messages sent via WhatsApp are subject to Meta's Privacy Policy.
• Google Workspace: Email, document storage and calendar. Our business communications use Google's infrastructure.
• Payment processors: Where invoices are paid online, payments are processed through secure, PCI-DSS compliant payment gateways. We do not store card numbers on our servers.
• Clutch & GoodFirms: Business review platforms where we maintain a company profile. Reviews submitted there are governed by those platforms' policies.

We do not sell, rent or trade your personal data to any third party for marketing or commercial purposes, under any circumstances.

Data Sharing & Disclosure

We do not share your personal data with any third party except in the following limited circumstances:

• Service delivery: Where a project requires specialist subcontractors (for example, a domain registrar, hosting provider, or third-party API developer), we share only the minimum data required, under confidentiality obligations.
• Professional advisors: Our accountants, auditors and legal advisors may access data where necessary for compliance, taxation or legal purposes, subject to professional confidentiality obligations.
• Legal requirement: We may disclose your data if required to do so by law, court order, or by a government or regulatory authority with lawful jurisdiction — for example, the Income Tax Department or a court of competent jurisdiction in India.
• Business transfer: In the unlikely event that Net Soft Solutions is acquired, merged or transfers its business, client data may be transferred to the new entity, which will be bound by equivalent data protection obligations.

In all cases of disclosure, we share only the minimum data necessary and require recipients to handle it with equivalent care.

Data Retention

We retain personal data only as long as necessary for the purpose it was collected and to meet our legal obligations. Our general retention periods are:

After retention periods expire, data is securely deleted or anonymised so that it can no longer be attributed to an individual.

Data Security

We take the security of your personal data seriously and implement a range of technical and organisational measures to protect it against unauthorised access, loss, destruction or alteration:

• Encrypted transmission: Our website enforces HTTPS (TLS encryption) for all data in transit. Sensitive communications over email are handled with care and we recommend encrypted channels for highly sensitive information.
• Access controls: Personal data and project files are accessible only to team members who require it for their work. Access is role-based and reviewed periodically.
• Password management: All client credentials shared with us are stored in encrypted credential managers, never in plain text, and are not shared via insecure channels.
• Secure development practices: The software, web applications and ERP systems we build for clients follow secure coding standards including input validation, parameterised queries, session management best practices and OWASP guidelines.
• Cloudflare protection: Our website is protected by Cloudflare, providing DDoS mitigation, web application firewall (WAF) and bot protection.
• Regular backups: Project data is backed up regularly during active development to prevent accidental data loss.

While we implement strong safeguards, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and keep your own credentials confidential.

Your Rights

Under India's Digital Personal Data Protection Act 2023 (DPDP Act) and, where applicable, the GDPR, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you, free of charge, within a reasonable timeframe.
• Right to correction: You may ask us to correct inaccurate or incomplete personal data we hold about you.
• Right to erasure: You may request that we delete your personal data where it is no longer necessary for the purpose it was collected, subject to our legal retention obligations.
• Right to restrict processing: You may ask us to pause processing of your data in certain circumstances, for example while you contest its accuracy.
• Right to data portability: Where technically feasible and legally required, you may request your data in a structured, machine-readable format.
• Right to withdraw consent: Where processing is based on your consent (such as marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to object: You may object to processing based on legitimate interests in certain circumstances.
• Right to nominate: Under the DPDP Act 2023, you may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please contact us at [email protected] or via our contact page. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the relevant data protection authority — in India, this is the Data Protection Board of India once constituted under the DPDP Act 2023.

Children's Privacy

Our website and services are directed at businesses and professionals. We do not knowingly collect personal data from children under the age of 18. If you believe a child has submitted personal data to us without appropriate parental or guardian consent, please contact us immediately at [email protected] and we will delete it promptly.

Where we develop software, web portals or applications that may be used by or involve data about children on behalf of a client (for example, an educational institution), we will work with that client to ensure appropriate data protection safeguards are in place as required by applicable law.

Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our services, technology, legal requirements or business practices. The "Last updated" date at the top of this page indicates when the most recent revision was made.

For material changes that significantly affect how we process your personal data, we will notify active clients by email at least 14 days before the changes take effect. We encourage all visitors to review this page periodically.

Your continued use of our website or services following any changes constitutes acceptance of the revised Privacy Policy.

Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or the way we handle your personal data, please contact us through any of the following channels:

We aim to respond to all privacy-related enquiries within 2 business days. For urgent matters involving a potential data breach or misuse of your personal data, please mark your email as URGENT — DATA PRIVACY and we will prioritise your request.