Home/Legal & Policy

Legal & Policy Documents

Vsolwit Industries Private Limited·Effective Date: June 10, 2026·Jaipur, Rajasthan – 302021

Contents

1. Terms of Use

Effective Date: June 10, 2026

These Terms of Use (“Terms”) govern your access to and use of the software-as-a-service platform upasth.in (“Platform”), operated by Vsolwit Industries Private Limited (“Company”, “We”, “Us”, “Our”). By accessing, registering on, or using the Platform in any capacity, you (“User”, “Customer”, “You”) agree to be bound by these Terms. If you do not agree, you must not use the Platform.

1.1 Acceptance & Eligibility

By using the Platform, you represent and warrant that:

  • You are at least 18 years of age and legally competent to enter into a binding contract under the Indian Contract Act, 1872.
  • If accepting on behalf of an organisation, you have the authority to bind that organisation to these Terms.
  • You are not prohibited by any applicable law from using the Platform.
  • All information you provide during registration and use is accurate and current.

1.2 License Grant

Subject to these Terms and timely payment of applicable Subscription Fees, the Company grants you a limited, non-exclusive, non-transferable, revocable licence to access and use the Platform solely for your internal business purposes in managing attendance, payroll, leave, and HR operations for your organisation. This licence does not permit you to:

  • Sub-licence, resell, or provide the Platform as a service to third parties.
  • Copy, reverse engineer, decompile, or disassemble any part of the Platform.
  • Remove or alter any proprietary notices or labels.
  • Use the Platform to develop a competing product.
  • Share login credentials across multiple users or organisations.

1.3 User Accounts & Access

Each organisation is assigned a unique Identifier prefix (e.g., ‘IN’ for a specific employer) and employee codes in the format [Identifier]-[XXXX]. You are responsible for:

  • Maintaining the confidentiality of all credentials, including Employee Codes, passwords, and OTPs.
  • All activities that occur under your account.
  • Immediately notifying the Company of any unauthorised access at contact@vsolwit.com.

The Platform supports a maximum of two (2) administrator accounts per subscribing organisation. The Company reserves the right to disable any account found in breach of these Terms.

1.4 Subscription, Billing & Cancellation

Access to the Platform is provided on a subscription basis. The following billing terms apply:

  1. Subscription fees are invoiced monthly and are due within seven (7) calendar days of invoice generation.
  2. Subscription fees are non-refundable once invoiced for a billing period, except as required by applicable law.
  3. Cancellation requests require thirty (30) working day’s advance written notice to contact@vsolwit.com.
  4. The Company may suspend Services if payment is overdue by more than 45 calendar days following a 30 calendar days written notice.
  5. Prices are subject to revision once per year with 30 calendar days’ prior notice.

1.5 Acceptable Use

You agree not to use the Platform to:

  • Upload, transmit, or store any unlawful, defamatory, or infringing content.
  • Introduce malware, viruses, or any harmful code.
  • Harvest data, execute automated scripts, or probe system vulnerabilities.
  • Violate any applicable local, national, or international law or regulation.
  • Impersonate any person or misrepresent your affiliation with any organisation.
  • Attempt to gain unauthorised access to other accounts, systems, or data.

1.6 Intellectual Property

All intellectual property rights in the Platform, including software, algorithms, interfaces, content, trademarks, and documentation, are and shall remain the exclusive property of the Company. Nothing in these Terms transfers any ownership of such rights to you. Your right is limited to the licence granted herein.

1.7 Warranties & Disclaimer

The Company warrants that it will provide the Platform with reasonable skill and care. However:

  • The Platform is provided on an ‘as is’ and ‘as available’ basis.
  • The Company does not warrant that the Platform will be error-free, uninterrupted, or entirely free from defects.
  • The Company does not provide legal, financial, accountancy, or taxation advice through the Platform.
  • Compatibility with third-party systems (e.g., biometric hardware, legacy HRMS) is subject to additional configuration and is not guaranteed by default.

1.8 Limitation of Liability

To the maximum extent permitted by applicable law, the Company’s aggregate liability for any claims arising out of or relating to these Terms or the Platform shall not exceed the total subscription fees paid by you in the three (3) months immediately preceding the event giving rise to the claim. In no event shall the Company be liable for indirect, incidental, consequential, special, or punitive damages, including loss of profits, data, or business opportunity.

1.9 Indemnification

You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, or expenses (including legal fees) arising out of or related to your use of the Platform, your violation of these Terms, or your infringement of any third-party rights.

1.10 Termination

The Company may suspend or terminate your access to the Platform immediately and without notice if you breach these Terms, fail to pay fees, or engage in conduct that the Company reasonably considers harmful or unlawful. Upon termination, all licences granted herein cease immediately. Data export obligations and post-termination data retention are governed by the Data Processing Agreement (Section 5 of this document).

1.11 Governing Law & Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of India. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts in Jaipur, Rajasthan, India. The parties shall first attempt to resolve any dispute through good-faith negotiation before initiating legal proceedings.

1.12 Amendments

The Company reserves the right to modify these Terms at any time. Amendments will be notified via registered email or in-platform notification at least 30 days prior to taking effect. Continued use of the Platform after the effective date of any amendment constitutes acceptance of the revised Terms.

1.13 Contact

Vsolwit Industries Private Limited
D-240, Jagdamba Nagar, Behind Heerapura Power House, Ajmer Road, Jaipur, Rajasthan – 302021
contact@vsolwit.com

2. Privacy Policy

Effective Date: June 10, 2026

This Privacy Policy (“Policy”) describes how Vsolwit Industries Private Limited (“Company”, “We”, “Us”) collects, processes, stores, and shares personal data in connection with the upasth.in platform (“Platform”), in accordance with the Digital Personal Data Protection Act, 2023 (“DPDPA”), and other applicable Indian laws and regulations. By using the Platform, you consent to the collection and use of information in accordance with this Policy.

2.1 Who This Policy Applies To

This Policy applies to:

  • Administrators and HR managers of subscribing organisations who use the admin dashboard.
  • Employees of subscribing organisations who use the employee app or web portal.
  • Managers who access the Platform for team oversight and approvals.
  • Visitors to the upasth.in website who browse without creating an account.

2.2 Data We Collect

2.2.1 Data Provided by Subscribing Organisations (Employers)

When an organisation subscribes to the Platform, we collect:

  • Organisation name, business address, GST/PAN details.
  • Administrator name, email ID, and contact number.
  • Employee profile data uploaded by the employer.
  • Scanned or uploaded copies of Verification documents (stored securely).

2.2.2 Attendance & Location Data

The Platform collects the following data during employee clock-in/clock-out events:

  • GPS coordinates of the employee at the time of attendance log.
  • Attendance type classification: Office In, Remote (WFH) In, or Remote (On-site) In.
  • Date and time stamp of each punch.
  • Selfie photograph taken at the time of check-in (retained for 2 months and then automatically deleted or compressed as per configuration).
  • Device metadata (OS type, app version, IP address).

2.2.3 Leave & Payroll Data

  • Leave applications, balances, and approval records.
  • Salary slip data and payroll computation inputs.
  • Regularisation requests and approvals.

2.2.4 Usage Data (Automatic Collection)

  • Login and logout timestamps.
  • Pages accessed and features used.
  • Browser type, operating system, device identifiers.
  • Session duration and error logs.

2.3 How We Use Your Data

We use the collected data for the following purposes:

  • Providing and improving the Platform services.
  • Verifying employee identity and preventing proxy attendance.
  • Generating payroll, salary slips, and attendance reports.
  • Processing leave and regularisation requests.
  • Sending notifications (push, email, or SMS) related to attendance, payroll, and HR events.
  • Enabling manager approvals and HR workflows.
  • Complying with applicable laws and responding to lawful requests by public authorities.
  • Security monitoring, fraud prevention, and system integrity checks.

2.4 Legal Basis for Processing

We process personal data on the following legal bases:

  • Contractual necessity: to fulfil our obligations under the subscription agreement with employers.
  • Legitimate interests: for security, fraud prevention, and improving the Platform.
  • Legal obligation: to comply with Indian labour, tax, and data protection laws.
  • Consent: where specifically obtained (e.g., for biometric data collection or marketing communications).

2.5 Data Sharing & Disclosure

We do not sell your personal data. We may share data with:

  • Subscribing Organisations (Employers): Employee data is accessible to authorised HR/admin personnel of the employing organisation.
  • Service Providers: Trusted third-party vendors who assist with cloud hosting, SMS gateways, email delivery, and analytics, subject to strict data processing agreements.
  • Law Enforcement: When required by applicable law, court order, or government authority.
  • Business Transfers: In the event of merger, acquisition, or asset sale, personal data may be transferred to the successor entity.

We require all third-party processors to maintain appropriate technical and organisational measures to protect personal data.

2.6 Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this Policy:

  • Active employee data: Retained for the duration of employment plus 2 months post-deactivation, after which it is exported to the employer admin and deleted from the Platform.
  • Attendance selfie photographs: Retained for 2 months from the date of capture, then deleted or compressed.
  • Payroll records: Retained as required by applicable tax and labour laws (minimum 8 years).
  • Usage/access logs: Retained for 90 days.
  • Deleted account data: Purged within 60 days of account deactivation, unless legally required to retain.

2.7 Your Rights (Under DPDPA 2023)

As a Data Principal, you have the following rights:

  • Right of Access: Request confirmation of whether your personal data is being processed and obtain a copy.
  • Right to Correction: Request rectification of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal obligations.
  • Right to Grievance Redressal: Lodge a complaint with our Grievance Officer.
  • Right to Nominate: Nominate another individual to exercise your rights in case of incapacity.

To exercise any of the above rights, submit a Data Request Form (available on the Platform) or write to:

Data Protection Officer: Amit Dabral
D-240, Jagdamba Nagar, Behind Heerapura Power House, Ajmer Road, Jaipur, Rajasthan – 302021
Email: amit@vsolwit.com

2.8 Data Security

We implement appropriate technical and organisational security measures including:

  • TLS encryption for data in transit.
  • AES-256 encryption for data at rest.
  • Role-based access controls (RBAC).
  • Regular security audits and vulnerability assessments.
  • Multi-factor authentication for administrative access.

Notwithstanding these measures, no method of data transmission or storage is 100% secure. In the event of a personal data breach, we will notify affected parties in accordance with the DPDPA 2023.

2.9 Children’s Data

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at contact@vsolwit.com.

2.10 Changes to This Policy

We may update this Policy from time to time. We will notify registered users via email or in-platform notification prior to material changes taking effect. Continued use of the Platform constitutes acceptance of the updated Policy.

2.11 Grievance Officer

Name: Amit Dabral
Address: D-240, Jagdamba Nagar, Behind Heerapura Power House, Ajmer Road, Jaipur, Rajasthan – 302021
Email: amit@vsolwit.com

4. Disclaimer

Effective Date: June 10, 2026

This Disclaimer governs your use of the upasth.in platform (“Platform”) and associated services provided by Vsolwit Industries Private Limited (“Company”, “We”, “Us”). Please read it carefully. By using the Platform, you acknowledge and accept the following limitations and disclaimers.

4.1 General Disclaimer

The Platform and all content, features, and services provided through it are offered on an ‘AS IS’ and ‘AS AVAILABLE’ basis, without warranties of any kind, either express or implied. To the fullest extent permitted by applicable Indian law, the Company expressly disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, and title.

4.2 No Professional Advice

Nothing contained on the Platform constitutes legal, financial, accounting, tax, or HR compliance advice. Any information provided is for general operational purposes only. You should consult qualified professionals before making decisions based on outputs, reports, or data generated by the Platform.

4.3 Technology Limitations

The Platform uses technologies including geolocation services and selfie-based attendance verification. The Company does not warrant that:

  • GPS coordinates captured are 100% accurate in all environments (e.g., indoor locations, areas with poor satellite signal).
  • Facial recognition or selfie verification is infallible or free from false positives or negatives.
  • The Platform will be free from delays, disruptions, errors, omissions, or interruptions caused by third-party services, internet connectivity, or device limitations.

4.4 Third-Party Services

The Platform may integrate with or reference third-party services, tools, or platforms (e.g., cloud storage providers, SMS gateways, payment processors). The Company is not responsible for the availability, accuracy, security, or content of such third-party services. Use of third-party integrations is governed by the respective third-party’s terms of service.

4.5 Accuracy of Information

While we strive to maintain accurate and up-to-date information, the Company makes no representations or warranties regarding the accuracy, completeness, timeliness, or reliability of any data, reports, or outputs generated by the Platform. Users are responsible for verifying the accuracy of data entered into the Platform.

4.6 Limitation of Liability

In no event shall the Company, its directors, officers, employees, or agents be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of, or inability to use, the Platform — even if the Company has been advised of the possibility of such damages.

The Company’s aggregate liability for any claims arising from use of the Platform shall not exceed the total amount paid by the Customer in subscription fees in the three (3) months immediately preceding the claim.

4.7 Force Majeure

The Company shall not be liable for any failure or delay in performance resulting from events beyond its reasonable control, including acts of God, natural disasters, pandemic, war, government orders, power outages, internet disruptions, or third-party service failures.

4.8 Amendments

The Company reserves the right to modify or update this Disclaimer at any time. Any changes will be effective upon posting to the Platform or notification via email. Continued use of the Platform following such notification constitutes your acceptance of the updated Disclaimer.

5. Data Processing Agreement

Effective Date: June 10, 2026

This Data Processing Agreement (“DPA”) forms part of the subscription agreement between Vsolwit Industries Private Limited (“Processor”) and the subscribing organisation (“Customer”, “Data Fiduciary”) using the upasth.in platform (“Platform”). This DPA governs how the Processor processes personal data on behalf of the Data Fiduciary in accordance with the Digital Personal Data Protection Act, 2023 (“DPDPA”).

5.1 Roles & Responsibilities

  • The Customer (Employer) acts as the Data Fiduciary and determines the purposes and means of processing employee personal data.
  • Vsolwit Industries Private Limited acts as the Data Processor and processes personal data only on documented instructions from the Data Fiduciary.

5.2 Scope of Processing

The Processor shall process the following categories of personal data on behalf of the Data Fiduciary:

  • Employee identification data (name, employee code, contact information).
  • Biometric-adjacent data (selfie photographs for attendance verification).
  • Location data (GPS coordinates at check-in/check-out).
  • Attendance and leave records.
  • Payroll and salary data.
  • Device metadata and usage logs.

5.3 Processor Obligations

The Processor agrees to:

  1. Process personal data only on documented instructions from the Data Fiduciary, unless required by applicable law.
  2. Ensure that persons authorised to process personal data are bound by confidentiality obligations.
  3. Implement appropriate technical and organisational security measures in accordance with Section 5.5.
  4. Not engage sub-processors without prior written authorisation from the Data Fiduciary. Where sub-processors are engaged, they are bound by equivalent data protection obligations.
  5. Assist the Data Fiduciary in responding to Data Principal rights requests (access, correction, erasure, grievance redressal) within the timeframes specified under the DPDPA.
  6. Notify the Data Fiduciary of any personal data breach within 72 hours of becoming aware of it, where feasible.
  7. At the choice of the Data Fiduciary, delete or return all personal data upon termination of the subscription agreement, in accordance with Section 5.7.
  8. Provide the Data Fiduciary with all information necessary to demonstrate compliance with this DPA.

5.4 Data Fiduciary Obligations

The Data Fiduciary (Customer) agrees to:

  • Ensure that the processing of personal data on the Platform is lawful and that all necessary consents from Data Principals (employees) have been obtained prior to onboarding.
  • Provide accurate and complete instructions for processing.
  • Notify the Processor promptly of any changes to processing requirements or applicable legal obligations.
  • Maintain records of Data Principal consents in accordance with the DPDPA.

5.5 Security Measures

The Processor shall implement and maintain the following security measures:

  • AES-256 encryption for data at rest.
  • TLS 1.2 or higher for data in transit.
  • Role-based access control (RBAC) limiting data access to authorised personnel only.
  • Regular vulnerability assessments and penetration testing.
  • ISO 27001-aligned information security management practices.
  • Audit logs of access and processing activities, retained for 90 days.

5.6 Data Localisation

All personal data processed under this DPA shall be stored exclusively within the territory of India. The Processor shall not transfer any personal data outside India without the prior written consent of the Data Fiduciary and in compliance with applicable Indian data localisation requirements.

5.7 Data Retention & Deletion Upon Termination

Upon termination or expiry of the subscription agreement:

  • The Processor shall, within 60 working days, either securely delete or return all personal data processed on behalf of the Data Fiduciary, at the Data Fiduciary’s election.
  • The Data Fiduciary will be provided with an export of all employee data in a machine-readable format (CSV or JSON) before deletion.
  • Backups containing personal data will be purged within 60 working days of the termination date.
  • Certain data may be retained longer if required by applicable law (e.g., payroll records under tax statutes).

5.8 Governing Law

This DPA shall be governed by the laws of India. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts in Jaipur, Rajasthan.

© 2026 Vsolwit Industries Private Limited. All rights reserved.
upasth.in is a registered product of Vsolwit Industries Pvt. Ltd.