Privacy Policy

1. What Data We Collect

Account Information

When you register for an IMAST 360 account, we collect your name, email address, phone number, company name, job title, billing address, and payment information.

Usage Data

We automatically collect information about how you interact with our services, including features accessed, actions performed, timestamps, frequency of use, and performance metrics. This helps us understand usage patterns and improve the platform.

Device and Technical Information

We collect information about the devices you use to access IMAST 360, including IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.

Customer Data

You may upload or input data into the platform as part of using our services ("Customer Data"). This may include contact records, sales data, distribution records, loyalty program data, and analytics configurations. You control what Customer Data is entered, and you retain full ownership of it.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to collect information about your browsing behavior. For full details, please see our Cookie Policy.

2. How We Use Your Data

We use the information we collect for the following purposes:

• Service delivery: To provide, maintain, and operate the IMAST 360 platform and fulfill our contractual obligations to you
• Product improvement: To analyze usage patterns, identify issues, and develop new features and enhancements
• Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance
• Communications: To send service-related notices, updates, security alerts, and administrative messages
• Billing: To process payments, send invoices, and manage your subscription
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues
• Legal compliance: To comply with applicable laws, regulations, and legal processes

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Performance of a contract: Processing necessary to provide the services you have subscribed to
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, ensuring security, and preventing fraud, provided these interests are not overridden by your rights
• Consent: Where we rely on your consent for specific processing activities (e.g., marketing communications, non-essential cookies), you may withdraw consent at any time
• Legal obligation: Processing necessary to comply with applicable laws and regulations

4. Data Sharing

IMAST does not sell, rent, or trade your personal data or Customer Data to third parties for their own commercial purposes. We share data only in the following circumstances:

• Service providers: We engage trusted third-party service providers who process data on our behalf under strict data processing agreements (DPAs). These providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.
• Legal requirements: We may disclose data when required by law, regulation, legal process, or governmental request
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to the same privacy protections
• With your consent: We may share data with third parties when you have given explicit consent

5. Data Retention

We retain your personal data and Customer Data for as long as your account is active and as needed to provide you with our services. Specific retention periods include:

• Active accounts: Data is retained for the duration of your subscription
• After account deletion: Customer Data is deleted within 90 days of receiving a valid deletion request
• Billing records: Retained for 7 years as required by Indian tax and accounting regulations
• Audit logs: Retained for a minimum of 1 year for security and compliance purposes
• Backups: Customer Data in backups is purged within 30 days of deletion from production systems

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to data portability: Receive your personal data in a structured, machine-readable format
• Right to restriction: Request that we limit the processing of your personal data under certain circumstances
• Right to object: Object to processing based on legitimate interests, including profiling
• Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, contact us at privacy@imast.in. We will respond to your request within 30 days.

7. Children's Privacy

IMAST 360 is a business-to-business platform designed for use by organizations and their authorized employees. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected data from a person under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@imast.in.

8. International Data Transfers

IMAST's primary data infrastructure is hosted on AWS in Mumbai, India. Customer Data is stored and processed within India by default. We do not routinely transfer Customer Data outside of India.

In limited cases where data may need to be processed by sub-processors located outside India (for example, for specific third-party integrations you enable), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), data processing agreements, and verification of adequate security practices.

9. Cookies

We use cookies and similar tracking technologies to operate our services, remember your preferences, and understand how you use our platform. For comprehensive information about the types of cookies we use, their purposes, and how to control them, please refer to our Cookie Policy.

10. Security Measures

We implement robust technical and organizational measures to protect your data, including:

• AES-256 encryption for data at rest
• TLS 1.2+ encryption for data in transit
• Role-based access controls and multi-factor authentication
• 24/7 security monitoring, intrusion detection, and automated alerting
• Regular penetration testing and vulnerability assessments

For detailed information about our security practices, visit our Security page.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by email (sent to the address associated with your account) and by posting a prominent notice on our platform at least 30 days before the changes take effect. We encourage you to review this policy periodically.

12. Contact and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: privacy@imast.in
• Data Protection Officer: dpo@imast.in
• General legal: legal@imast.in

IMAST Operations Private Limited, Indore, Madhya Pradesh, India