This policy explains what personal data Brahm Byte Technologies collects across our software, hosting, domain, API, and CRM-related services—and how we protect it.
1. Introduction
This Privacy Policy ("Policy") describes how Brahm Byte Technologies("Brahm Byte", "we", "us", or "our") collects, uses, stores, shares, and protects personal information when you visit www.brahmbyte.com, use our client area, developer portal, knowledge base, APIs, hosting and domain services, CRM integrations, demo environments, or otherwise interact with our software development, infrastructure, and digital services (collectively, the "Services").
We are committed to transparency and compliance with applicable Indian data protection principles, including reasonable security practices under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, where applicable. By using our Services, you acknowledge that you have read this Policy.
2. Data Controller
Legal entity: Brahm Byte Technologies
Website: www.brahmbyte.com
Privacy contact: [email protected] · Phone: 03369029854
For privacy-related requests (access, correction, deletion, grievances), please email [email protected]with the subject line "Privacy Request" and sufficient detail to verify your identity.
3. Information We Collect
3.1 Information you provide directly
- Contact and lead data: name, email, phone, company, job title, project description, budget range, and messages submitted via contact forms, WhatsApp links, newsletter signup, careers applications, and support tickets.
- Account and client-area data: username, password (stored hashed), billing address, GSTIN (where applicable), order history, ticket correspondence, and service configuration preferences.
- Payment-related data: billing name, billing address, invoice details, transaction references, and partial payment identifiers. Full card numbers, UPI PINs, and net-banking credentials are not stored on our servers.
- Project and technical data: requirements documents, credentials you choose to share for integrations, API keys (when you provision them), repository access details, and deployment configurations for custom software, mobile apps, ERP, fintech, CRM, and API projects.
- Hosting and domain data: domain names searched or registered, DNS records, WHOIS contact details (unless privacy protection is purchased), server hostnames, and migration assistance information.
- API usage data: application identifiers, callback URLs, sandbox/live environment settings, and integration metadata required to provision travel, identity, communication, recharge, and financial APIs.
3.2 Information collected automatically
- Device and log data: IP address, browser type, operating system, referring URLs, pages viewed, timestamps, and error logs.
- Cookies and similar technologies: session identifiers, authentication tokens, analytics identifiers, and preference cookies (see Section 6).
- API and infrastructure telemetry: request volume, latency, error rates, and security events for services you consume.
3.3 Information from third parties
We may receive information from payment gateways (e.g. Razorpay, Stripe, PayU), domain registries, cloud and hosting providers, analytics platforms, and CRM or marketing tools you connect to our lead-capture flows, solely to fulfil orders, prevent fraud, and improve service delivery.
4. How We Use Your Information
We use personal information for the following purposes:
- Responding to inquiries, providing quotations, and delivering software development and consulting services;
- Provisioning, billing, renewing, and supporting hosting, VPS, cloud hosting, and domain registration services;
- Activating, monitoring, and billing API subscriptions and usage-based plans;
- Operating client area, developer portal, knowledge base, and support ticketing systems;
- Processing payments, issuing invoices, managing refunds and chargeback responses in accordance with our policies;
- Sending service announcements, security alerts, and—where permitted—marketing communications (you may opt out);
- Detecting fraud, abuse, unauthorized access, and violations of our Terms & Conditions;
- Improving website performance, product features, and customer experience through analytics;
- Complying with legal, tax, and regulatory obligations in India and jurisdictions where we operate.
We do not sell your personal data to third parties for their independent marketing purposes.
5. Legal Basis for Processing
Depending on context, we process personal information based on:
- Contract performance: to deliver services you purchase or request under a statement of work, hosting order, domain order, or API agreement;
- Legitimate interests: securing our systems, improving Services, and communicating about your account, balanced against your rights;
- Consent: where required for newsletters, non-essential cookies, or optional integrations;
- Legal obligation: tax records, fraud prevention, and responses to lawful government requests.
7. Third Parties and Data Sharing
We may share personal information with:
- Payment processors: Razorpay, Stripe, PayU, and other PCI-DSS compliant gateways that process card, UPI, net banking, and wallet transactions on our behalf;
- Infrastructure providers: cloud hosts, data centres, CDN providers, and email/SMS gateways used to deliver hosting, APIs, and notifications;
- Domain and registry partners: for registration, transfer, DNS, and WHOIS services;
- Professional advisers: lawyers, accountants, and auditors under confidentiality obligations;
- CRM and productivity tools: when you configure integrations (e.g. lead sync to your CRM);
- Law enforcement or regulators: when required by applicable law or to protect rights, safety, and security.
Third-party services are governed by their own privacy policies. We require processors handling personal data on our behalf to implement appropriate contractual and security safeguards.
8. Payment Data Handling
Online payments for hosting, domains, API plans, software milestones, and subscriptions are processed through certified third-party payment gateways. When you pay:
- Card, UPI, and banking details are entered on the payment gateway's secure hosted page or encrypted fields—we do not store full card numbers, CVV, or UPI PINs;
- We may store transaction IDs, payment status, amount, currency (INR or as quoted), invoice numbers, and masked card identifiers (e.g. last four digits) for reconciliation, support, and chargeback handling;
- Payment gateways may use fraud detection, 3-D Secure, and RBI-aligned authentication flows for Indian transactions;
- Refunds, when approved under our Cancellation Policy, are initiated back to the original payment method where technically possible, typically within 7–14 business days after approval.
For questions about a specific transaction, contact [email protected] with your invoice or order ID.
9. Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy:
- Active accounts and services: for the duration of the relationship plus a reasonable transition period;
- Invoices and tax records: as required under Indian tax and commercial laws (often up to eight years or as mandated);
- Support tickets and project files: typically up to three years after closure unless a longer period is agreed in your contract or required for disputes;
- Marketing leads: until you opt out or request deletion, subject to legitimate business record needs;
- Server and API logs: rolling retention (e.g. 30–180 days) unless extended for security investigations.
When retention ends, we delete or anonymize data where feasible. Backups may persist for a limited period before overwrite.
10. Data Security
We implement reasonable technical and organizational measures appropriate to the nature of our Services, including:
- TLS/SSL encryption for data in transit on production websites and portals;
- Hashed password storage and role-based access controls for administrative systems;
- Firewalling, network segmentation, and monitoring for hosting and API infrastructure;
- Restricted access to production databases and secrets on a need-to-know basis;
- Vendor due diligence for payment and cloud providers maintaining industry certifications.
No method of transmission or storage is 100% secure. You are responsible for safeguarding your account credentials, API keys, and integration secrets. Report suspected breaches to [email protected] without delay.
11. International Data Transfers
Our primary operations and data processing are oriented toward India. Where we use global cloud or SaaS providers, data may be processed in other countries with safeguards such as standard contractual terms, provider certifications, and encryption. By using Services that rely on such providers, you acknowledge that cross-border transfers may occur to deliver the service.
12. Your Rights and Choices
Subject to applicable law, you may have the right to:
- Request access to personal information we hold about you;
- Request correction of inaccurate or incomplete data;
- Request deletion where we have no overriding legal or contractual basis to retain it;
- Withdraw consent for optional processing (e.g. marketing emails via unsubscribe links);
- Object to or restrict certain processing where legally applicable;
- Lodge a grievance with us at [email protected].
We may need to verify your identity before fulfilling requests. Some data cannot be deleted while an active hosting subscription, domain registration, API balance, or legal hold applies.
13. Children's Privacy
Our Services are directed at businesses and adults. We do not knowingly collect personal information from children under 18. If you believe a minor has provided data to us, contact us and we will take appropriate steps to delete it.
14. Changes to This Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be posted on this page; continued use of the Services after changes constitutes notice of the updated Policy where permitted by law.
15. Governing Law and Jurisdiction
This Policy is governed by the laws of India. Courts in India shall have exclusive jurisdiction over disputes arising from this Policy, subject to any mandatory consumer protections or arbitration clauses in your separate service agreement.
16. Contact Us
For privacy questions, requests, or complaints:
- Email: [email protected]
- Phone: 03369029854
- Company: Brahm Byte Technologies
- Website: www.brahmbyte.com
Related documents: Terms & Conditions · Cancellation Policy