Stop managing IT in 10 different tools.

One tenant-isolated workspace for monitoring, assets, tickets, vendors, Git, and more—including a full VAPT module for engagements, scans, and audit-ready reports.

New · Release 2026.04 — Multi-tenant audit exports & SLA dashboards now live See changelog →

Privacy Policy

Infronest | www.infronest.com
Last updated: May 23, 2026
This Policy has been drafted in compliance with the Digital Personal Data Protection Act, 2023 (hereinafter 'DPDP Act' or 'DPDPA'), the Digital Personal Data Protection Rules, 2025 (hereinafter 'DPDP Rules'), the Information Technology Act, 2000 (hereinafter 'IT Act') and its amendments, and other applicable data protection and cybersecurity regulations in India.
By accessing our website, engaging our services, or submitting your personal information to us in any form, you acknowledge that you have read, understood, and consent to the practices described in this Policy. If you do not agree with any part of this Policy, please discontinue use of our website and services immediately.
Infronest ("we", "our", or "us") operates the Infronest Enterprise Operations Platform, available as a web application, desktop application (Windows, macOS, Linux), and mobile application (Android, iOS), and provides IT infrastructure management services. This Privacy Policy explains how we collect, use, store, and protect your personal data.

Notice

As a Data Fiduciary, Infronest is required to provide a clear and plainly worded privacy notice each time personal data is collected on the basis of consent. This notice must explain what personal data is being collected, the specific purposes for which it will be processed, the ways in which a Data Principal may exercise their rights, and the procedure for lodging complaints with the Data Protection Board of India. The notice must be made available in English or in any of the 22 languages listed in the Eighth Schedule of the Constitution of India, ensuring accessibility for all users.
The DPDP Rules, 2025 strengthen these requirements further by mandating that every privacy notice be self-contained and independently comprehensible — meaning a user must be able to understand it without reference to any other document. The Rules also specify the required content of such a notice, which must include the information set out in this Policy.

Verifiable Consent

The DPDP Act, 2023 mandates that before processing the personal data of a child or a person with a disability, a Data Fiduciary must obtain verifiable consent from a parent or lawful guardian. The Act further prohibits any form of processing that is likely to cause harm to the Data Principal, and expressly bans the behavioural monitoring or targeting of advertising directed at children.
The DPDP Rules expand upon these protections by specifying the manner in which such parental or guardian verification must be carried out. However, the Rules also recognise that certain specific processing activities may be undertaken without obtaining prior parental consent, as follows:
  • Child protection duties: Processing only to the extent necessary to fulfil a legal protection function
  • Subsidy, benefit, or service issuance: Processing only as necessary for the provision of the relevant benefit or service
  • Email account creation: Processing limited strictly to account creation and the use of email services
  • Real-time location tracking: Processing only where necessary for the safety or security of the child
  • Blocking of harmful content: Processing only to the extent required to prevent access to content, services, or advertising that is detrimental to children
  • Child verification or due diligence: Processing only as necessary to carry out the required verification or confirmation
These exceptions define specific, bounded circumstances, such as child protection functions, the issuance of government subsidies or services, and email account creation, where the obligation to obtain prior parental consent does not apply, provided the processing remains strictly limited to the stated purpose.
Infronest is an enterprise B2B platform intended for professional use only. We do not knowingly collect personal data from individuals under 18 years of age, and our services are not directed at children.

Significant Data Fiduciary (SDF)

The DPDP Act, 2023 introduces the designation of a Significant Data Fiduciary (SDF) — a classification that the Government of India may apply to any Data Fiduciary based on an assessment of the volume and sensitivity of personal data it processes, as well as the risks associated with such processing. Entities designated as SDFs are subject to heightened obligations, including periodic data protection impact assessments and appointment of a Data Protection Officer.
The DPDP Rules further strengthen oversight of SDFs by requiring them to periodically share significant observations, findings, and identified compliance gaps with the Data Protection Board of India, thereby ensuring ongoing regulatory visibility and accountability.

Citizens' Rights

The DPDP Act, 2023 meaningfully empowers individuals as Data Principals. The following rights are specifically conferred:
  • Right to access information about personal data being processed and the purposes thereof
  • Right to correction of inaccurate or incomplete personal data, and erasure of data no longer required
  • Right to grievance redressal through a clearly defined mechanism
  • Right to nominate another individual to exercise data rights in the event of death or incapacity
The DPDP Rules reinforce these protections by requiring that Data Principals be able to submit requests through a publicly accessible mechanism — such as a website or application — using an identifier provided by the Data Fiduciary. Data Fiduciaries are further obligated to clearly publish the details of how such requests may be submitted, and to address all grievances within 90 days of receipt.

Breach Notification

The DPDP Act, 2023 defines a personal data breach as any unauthorised or accidental compromise of the confidentiality, integrity, or availability of personal data. Upon becoming aware of a breach, a Data Fiduciary is required to promptly notify the Data Protection Board of India and the affected Data Principals, providing sufficient detail to enable timely protective action.
The DPDP Rules expand on this obligation by requiring that such notification be made without any delay upon the Data Fiduciary becoming aware of the breach. In addition, the Data Fiduciary must submit a comprehensive detailed report to the Board within 72 hours of awareness, or within such extended period as may be approved by the Board in the circumstances.

Reasonable Safeguards

The DPDP Act, 2023 requires all organisations acting as Data Fiduciaries to implement appropriate technical and organisational security measures to protect personal data at every stage of processing. These safeguards must be proportionate to the nature of the data being processed and the risks associated with its processing. Importantly, the responsibility for data protection is not diminished when personal data is processed by a third-party data processor on the organisation's behalf — the Data Fiduciary remains accountable for ensuring that adequate safeguards are maintained throughout the data lifecycle.

1. Scope and Applicability

This Policy applies to:
  • All individuals who visit, browse, or use our website at www.infronest.com
  • Prospective, current, or former clients who engage Infronest for IT infrastructure management services or use the Infronest Enterprise Operations Platform
  • Business representatives, vendors, partners, or contractors who share personal data with us in the course of commercial engagement
  • Any individual whose personal data is processed by Infronest in connection with its business operations
This Policy is applicable to digital personal data collected online or collected offline and subsequently digitised, in accordance with the DPDP Act, 2023.

2. Personal Data We Collect

Infronest may collect the following categories of personal data, depending on the nature of your interaction with us:
Data Provided Directly by You
  • Identity information: Full name, job title, designation, and organisation name
  • Contact information: Email address, telephone number, postal or registered office address
  • Professional information: Industry, company size, IT infrastructure requirements, and service preferences
  • Communication records: Enquiries, support tickets, feedback, and correspondence via email, chat, or contact forms
  • Financial information: Billing details, payment references, and invoicing information (processed through secure payment gateways; we do not store card or banking credentials directly)
  • Account data: Name, email address, role, and department — provided during platform registration
  • Server/IT data you enter: Asset records, server configurations, ticket content, and technical configurations — stored on your organisation's tenant-isolated instance
Data Collected Automatically
  • Technical data: IP address, browser type and version, operating system, device identifier, screen resolution, platform type (web/desktop/mobile), OS version, and app version
  • Usage data: Pages visited, time spent on pages, features used, session duration, click-through behaviour, and navigation patterns
  • Cookie and tracking data: Session identifiers, preference cookies, and analytics cookies (subject to your cookie preferences)
  • Crash reports: Anonymous error logs to diagnose bugs (no personal data included)
  • Push notification tokens: Device tokens used to deliver alerts when you grant notification permissions
Data from Third Parties
  • Business intelligence and lead data received from partners, referral channels, or publicly available professional directories
  • Data shared by clients for the purpose of service delivery, including technical configurations, network diagrams, and system credentials (processed strictly under confidentiality obligations)

3. Legal Basis and Purpose of Processing

Infronest processes personal data on the following lawful bases, as recognised under the DPDP Act, 2023:
  • Consent: Where you have explicitly provided your consent for processing for a specific, disclosed purpose — such as receiving marketing communications or subscribing to our newsletter
  • Contractual Necessity: Where processing is required to perform a contract to which you are a party, or to take pre-contractual steps at your request — such as onboarding you as a client or delivering agreed services
  • Legal Obligation: Where processing is necessary for compliance with a legal or regulatory obligation applicable to Infronest under Indian law
  • Legitimate Interest: Where processing is necessary for Infronest's legitimate business interests, provided such interests are not overridden by your rights and interests — such as fraud prevention, business analytics, and internal reporting

4. Specific Purposes of Processing

Your personal data may be processed for the following specific purposes:
  • To respond to your enquiries and provide pre-sales information
  • To deliver, manage, and support IT infrastructure services and the Infronest Enterprise Operations Platform contracted with you
  • To authenticate users and maintain sessions securely
  • To generate and issue invoices, process payments, and maintain financial records
  • To communicate service updates, maintenance windows, and technical alerts
  • To send marketing and promotional communications (only where you have opted in)
  • To improve our website, service offerings, and user experience through analytics
  • To diagnose crashes and improve platform reliability
  • To comply with statutory, regulatory, and legal obligations
  • To investigate complaints, resolve disputes, and enforce our contractual rights
  • To prevent fraud, unauthorised access, and other security threats

5. Data Sharing and Disclosure

Infronest does not sell, rent, or trade your personal data to third parties. We may, however, share personal data in the following limited circumstances:
  • Service Providers and Data Processors: We engage third-party vendors for cloud hosting, payment processing, customer support, and analytics. These entities access personal data solely to perform services on our behalf and are contractually bound to process data only in accordance with our instructions and applicable law
  • Legal and Regulatory Authorities: We may disclose personal data when required to do so by law, court order, governmental directive, or regulatory body — including under provisions of the IT Act, 2000, the DPDP Act, 2023, or as directed by law enforcement agencies
  • Business Transfers: In the event of a merger, acquisition, corporate restructuring, or sale of assets, your personal data may be transferred to the successor entity, subject to equivalent data protection obligations
  • With Your Consent: We may share personal data with third parties for purposes not listed above if you have provided explicit consent for such sharing
All third-party data processors engaged by Infronest are subject to appropriate data processing agreements that ensure compliance with the DPDP Act, 2023 and applicable standards.

6. Cross-Border Data Transfers

Infronest may transfer personal data outside the territory of India in the course of service delivery, cloud operations, or vendor management. Any such transfer shall be conducted only to countries or territories notified by the Central Government of India as permissible destinations under the DPDP Act, 2023, or subject to such contractual safeguards as are required by applicable law.
We implement appropriate technical and organisational measures to ensure that your personal data receives a level of protection equivalent to that afforded under the DPDP Act wherever it is processed.

7. Data Retention

Infronest retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following general retention principles apply:
  • Client data: Retained for the duration of the contractual engagement and for a period of 5 years thereafter, or as required by applicable statutory obligations (e.g., under the Companies Act, 2013, or Income Tax Act, 1961)
  • Website usage data: Retained for up to 12 months, unless a longer period is required for legal or security purposes
  • Marketing communications data: Retained until you withdraw your consent or unsubscribe
  • Legal and compliance records: Retained for the period prescribed by applicable law
Upon expiry of the applicable retention period, personal data shall be securely deleted or anonymised in a manner that renders identification of the Data Principal impossible.

8. Data Storage, Security & Platform Architecture

Infronest implements industry-standard technical and organisational security measures to safeguard your personal data from unauthorised access, disclosure, alteration, loss, or destruction. Our security practices include, but are not limited to:
  • Organisation data stored on your private server or a dedicated, tenant-isolated cloud instance
  • Encryption of data in transit using TLS/SSL protocols and at rest using AES-256 encryption
  • JWT authentication, HTTPS/TLS encryption, and role-based access controls (RBAC) limiting data access to authorised personnel on a need-to-know basis
  • Passwords hashed using Argon2
  • Regular vulnerability assessments, penetration testing, and security audits
  • Incident detection and response mechanisms with defined escalation protocols
  • Employee training on data protection and information security best practices
  • Compliance with ISO/IEC 27001 information security management principles
In the event of a personal data breach that is likely to result in risk to the rights of Data Principals, Infronest shall notify the Data Protection Board of India within 72 hours of becoming aware of such breach, and shall notify affected Data Principals as required under the DPDP Act, 2023 and DPDP Rules, 2025.

9. Push Notifications

If you grant notification permissions on mobile or desktop, we may send server alerts, ticket updates, and security warnings. You can revoke permission at any time in your device settings.

10. Cookies and Tracking Technologies

Our website and platform use cookies and similar tracking technologies to enhance user experience, analyse traffic, and personalise content. The types of cookies we use include:
  • Strictly Necessary Cookies: Essential for the operation of the website and cannot be disabled
  • Performance and Analytics Cookies: Collect anonymised data about how visitors use our website, enabling us to improve its functionality
  • Functionality Cookies: Remember your preferences and personalise your experience
  • Marketing Cookies: Used to deliver relevant advertisements — deployed only with your explicit consent
On the Infronest platform, we use sessionStorage (cleared on browser or app close) for authentication tokens, and localStorage for user preferences such as theme and language. No third-party tracking cookies are used on the platform.
You may manage your cookie preferences through your browser settings or through our cookie consent manager. Please note that disabling certain cookies may affect the functionality of our website.

11. Third-Party Links and Services

Our website may contain hyperlinks to third-party websites, platforms, or services that are not operated or controlled by Infronest. This Privacy Policy does not apply to such third-party websites. We encourage you to review the privacy policies of any third-party site you visit. Infronest accepts no responsibility or liability for the privacy practices or content of third-party websites.

12. Rights of Data Principals

As a Data Principal under the DPDP Act, 2023, you are entitled to exercise the following rights with respect to your personal data:
  • Right to Access Information (Section 11, DPDP Act): You have the right to obtain confirmation as to whether Infronest processes your personal data, and to receive a summary of the data being processed and the purposes thereof
  • Right to Correction and Erasure (Section 12, DPDP Act): You have the right to request correction of inaccurate or outdated personal data, and to request erasure of personal data that is no longer necessary for the stated purpose, subject to applicable legal obligations
  • Right to Grievance Redressal (Section 13, DPDP Act): You have the right to have your grievances addressed by Infronest's designated Grievance Officer within a reasonable timeframe
  • Right to Nominate (Section 14, DPDP Act): You have the right to nominate any individual to exercise your data rights in the event of your death or incapacity
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw such consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal
To exercise any of the above rights, please submit a written request to our Grievance Officer at the contact details specified in Section 13 of this Policy. We will respond to your request within a reasonable period and in any event not exceeding the timelines prescribed under applicable law.
If you are a user of an organisation's Infronest workspace, you may also contact your organisation's Infronest administrator to assist with data access or correction requests relating to your workspace account.

13. Grievance Redressal and Contact

Infronest has designated a Grievance Officer to address concerns, complaints, or requests relating to this Privacy Policy or the processing of your personal data. If you have any queries, concerns, or wish to exercise your rights as a Data Principal, please contact:
  • Designation: Data Protection & Compliance Officer
  • Email: privacy@infronest.com
  • Working Hours: Monday to Friday, 10:00 AM – 6:00 PM IST
  • Registered office:
    Infronest Technologies Pvt. Ltd.
    Shop No-121, Satyam Plaza
    Shaheed Major Vikash Yadav Marg, Civil Lines
    Gurugram, Haryana 122001, India
    GSTIN: 06AAICI9364G1Z9
  • GSTIN: 06AAICI9364G1Z9
We shall endeavour to respond to your grievance within 30 (thirty) days of receipt. If you are dissatisfied with our response, you may escalate your complaint to the Data Protection Board of India, once constituted and operational under the DPDP Act, 2023.

14. Applicable Legal Framework

This Privacy Policy is governed by and construed in accordance with the laws of India, including but not limited to:
  • The Digital Personal Data Protection Act, 2023 (DPDPA) — India's primary legislation governing the collection, processing, and protection of digital personal data
  • The Digital Personal Data Protection Rules, 2025 — operative rules notified on 13 November 2025, providing procedural guidance for DPDPA compliance (full compliance deadline: 13 May 2027)
  • The Information Technology Act, 2000 (IT Act) and the Information Technology (Amendment) Act, 2008
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 — applicable to the extent not superseded by the DPDP Act
  • ISO/IEC 27001:2022 — International Standard for Information Security Management Systems
  • National Cyber Security Policy (NCSP), 2013 and subsequent guidelines issued by CERT-In
Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of courts in Gurugram, India.

15. Amendments to this Policy

Infronest reserves the right to amend, update, or revise this Privacy Policy at any time to reflect changes in law, technology, or our business practices. Material changes to this Policy will be communicated via a prominent notice on our website and, where required under applicable law, by direct notification to affected Data Principals.
Your continued use of our website or services following the publication of an updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically to stay informed of how we protect your personal data. Changes will also be reflected by the "Last updated" date above and, where appropriate, via in-app announcement.
© 2026 Infronest Technologies Pvt. Ltd. All rights reserved.