Terms & Conditions

A company incorporated under the laws of India, with its registered office at Molina Apartment, 1st Floor, 32/10 Chandi Ghosh Road, Kolkata, West Bengal 700040, India (hereinafter referred to as "Service Provider", "we", "us", or "our");

As detailed in the Order Form (hereinafter referred to as "Client", "you", or "your").

Service Provider and Client may be referred to individually as a "Party" and collectively as the "Parties."

Service Provider is engaged in the business of providing cloud storage services; and

Client desires to avail the Services from the Service Provider, and the Service Provider agrees to provide such Services, subject to the terms and conditions set forth herein.

In consideration of the mutual covenants and agreements contained herein, the Parties agree as follows:

All statutes, laws, rules, regulations, ordinances, orders, codes, and guidelines of India, including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and all rules, notifications, and policies made thereunder, as amended from time to time.

All data, information, files, and content uploaded, stored, or processed by or on behalf of the Client using the Services.

Any unauthorized access, acquisition, disclosure, alteration, or destruction of Client Data.

The Digital Personal Data Protection Act, 2023.

The date specified in the Order Form from which the Services commence.

The document or online order specifying the Services to be provided, pricing, and other commercial terms, incorporated herein by reference.

Have the meaning ascribed to it under the DPDPA.

The cloud storage services as described in the Order Form and this Agreement.

The service level commitments attached as Annexure A.

Any individual authorized by the Client to use the Services.

Provider acknowledges and agrees that, as between the Parties, the Client retains all right, title, and interest in and to all Client Data. Service Provider does not acquire any rights in the Client Data, other than the limited license to host, store, and process the Client Data as necessary to provide the Services.

Provider shall implement and maintain appropriate technical and organizational security measures to protect Client Data, in accordance with Section 43A of the IT Act, 2000 (read with the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules, 2011) and the DPDPA, 2023. These measures are designed to:

(a) Ensure the security and confidentiality of Client Data.

(b) Protect against any anticipated threats or hazards to the security or integrity of Client Data.

(c) Protect against unauthorized access, use, or disclosure of Client Data.

(d) Ensure the proper and safe disposal of Client Data.

Limiting the generality of Clause 3.2, Service Provider's security measures shall include, at a minimum:

(a) Encryption of Client Data in transit using secure TLS protocols and at rest using AES-256 encryption or equivalent.

(b) Implementation of robust firewalls and intrusion detection/prevention systems.

(c) Logical access controls and strict principle of least privilege for its personnel.

(d) Regular security testing and vulnerability assessments.

The purposes of the DPDPA, the Client is the Data Fiduciary the Service Provider is the Data Processor. The Client shall be responsible for ensuring that it has a lawful basis for processing Personal Data and has provided necessary notices and obtained valid consent, where required, before transferring such data to the Service Provider.

Provider shall process Personal Data contained within Client Data only for the purpose of providing the Services and in accordance with this Agreement and the Client's lawful instructions. Service Provider shall not process, transfer, or share such Personal Data for any other purpose.

Provider shall, taking into account the nature of the processing, assist the Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Client's obligation to respond to requests from Data Principals for exercising their rights under the DPDPA.

The event of a Data Breach, Service Provider shall:

(a) Notify the Client without undue delay, and in any event, within 24 (twenty four) hours of becoming aware of the breach.

(b) Provide all necessary information and cooperation to the Client to enable the Client to meet its obligations to report the breach to the Data Protection Board of India and to the affected Data Principals, as required under the DPDPA.

(c) Take immediate steps to contain, investigate, and mitigate the effects of the Data Breach.

Primary data centers used to store and process Client Data are located in Kolkata, West Bengal, India. Service Provider may transfer and process Client Data in other jurisdictions, provided that such transfers are made in compliance with the cross-border data transfer requirements under the DPDPA.

Compliance with the IT Act, 2000, Service Provider has appointed a Grievance Officer. The contact details are provided in Clause 13.6.