1. Terms of Use
Effective Date: June 10, 2026
These Terms of Use (“Terms”) govern your access to and use of the software-as-a-service platform upasth.in (“Platform”), operated by Vsolwit Industries Private Limited (“Company”, “We”, “Us”, “Our”). By accessing, registering on, or using the Platform in any capacity, you (“User”, “Customer”, “You”) agree to be bound by these Terms. If you do not agree, you must not use the Platform.
1.1 Acceptance & Eligibility
By using the Platform, you represent and warrant that:
- You are at least 18 years of age and legally competent to enter into a binding contract under the Indian Contract Act, 1872.
- If accepting on behalf of an organisation, you have the authority to bind that organisation to these Terms.
- You are not prohibited by any applicable law from using the Platform.
- All information you provide during registration and use is accurate and current.
1.2 License Grant
Subject to these Terms and timely payment of applicable Subscription Fees, the Company grants you a limited, non-exclusive, non-transferable, revocable licence to access and use the Platform solely for your internal business purposes in managing attendance, payroll, leave, and HR operations for your organisation. This licence does not permit you to:
- Sub-licence, resell, or provide the Platform as a service to third parties.
- Copy, reverse engineer, decompile, or disassemble any part of the Platform.
- Remove or alter any proprietary notices or labels.
- Use the Platform to develop a competing product.
- Share login credentials across multiple users or organisations.
1.3 User Accounts & Access
Each organisation is assigned a unique Identifier prefix (e.g., ‘IN’ for a specific employer) and employee codes in the format [Identifier]-[XXXX]. You are responsible for:
- Maintaining the confidentiality of all credentials, including Employee Codes, passwords, and OTPs.
- All activities that occur under your account.
- Immediately notifying the Company of any unauthorised access at contact@vsolwit.com.
The Platform supports a maximum of two (2) administrator accounts per subscribing organisation. The Company reserves the right to disable any account found in breach of these Terms.
1.4 Subscription, Billing & Cancellation
Access to the Platform is provided on a subscription basis. The following billing terms apply:
- Subscription fees are invoiced monthly and are due within seven (7) calendar days of invoice generation.
- Subscription fees are non-refundable once invoiced for a billing period, except as required by applicable law.
- Cancellation requests require thirty (30) working day’s advance written notice to contact@vsolwit.com.
- The Company may suspend Services if payment is overdue by more than 45 calendar days following a 30 calendar days written notice.
- Prices are subject to revision once per year with 30 calendar days’ prior notice.
1.5 Acceptable Use
You agree not to use the Platform to:
- Upload, transmit, or store any unlawful, defamatory, or infringing content.
- Introduce malware, viruses, or any harmful code.
- Harvest data, execute automated scripts, or probe system vulnerabilities.
- Violate any applicable local, national, or international law or regulation.
- Impersonate any person or misrepresent your affiliation with any organisation.
- Attempt to gain unauthorised access to other accounts, systems, or data.
1.6 Intellectual Property
All intellectual property rights in the Platform, including software, algorithms, interfaces, content, trademarks, and documentation, are and shall remain the exclusive property of the Company. Nothing in these Terms transfers any ownership of such rights to you. Your right is limited to the licence granted herein.
1.7 Warranties & Disclaimer
The Company warrants that it will provide the Platform with reasonable skill and care. However:
- The Platform is provided on an ‘as is’ and ‘as available’ basis.
- The Company does not warrant that the Platform will be error-free, uninterrupted, or entirely free from defects.
- The Company does not provide legal, financial, accountancy, or taxation advice through the Platform.
- Compatibility with third-party systems (e.g., biometric hardware, legacy HRMS) is subject to additional configuration and is not guaranteed by default.
1.8 Limitation of Liability
To the maximum extent permitted by applicable law, the Company’s aggregate liability for any claims arising out of or relating to these Terms or the Platform shall not exceed the total subscription fees paid by you in the three (3) months immediately preceding the event giving rise to the claim. In no event shall the Company be liable for indirect, incidental, consequential, special, or punitive damages, including loss of profits, data, or business opportunity.
1.9 Indemnification
You agree to indemnify, defend, and hold harmless the Company and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, or expenses (including legal fees) arising out of or related to your use of the Platform, your violation of these Terms, or your infringement of any third-party rights.
1.10 Termination
The Company may suspend or terminate your access to the Platform immediately and without notice if you breach these Terms, fail to pay fees, or engage in conduct that the Company reasonably considers harmful or unlawful. Upon termination, all licences granted herein cease immediately. Data export obligations and post-termination data retention are governed by the Data Processing Agreement (Section 5 of this document).
1.11 Governing Law & Dispute Resolution
These Terms shall be governed by and construed in accordance with the laws of India. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts in Jaipur, Rajasthan, India. The parties shall first attempt to resolve any dispute through good-faith negotiation before initiating legal proceedings.
1.12 Amendments
The Company reserves the right to modify these Terms at any time. Amendments will be notified via registered email or in-platform notification at least 30 days prior to taking effect. Continued use of the Platform after the effective date of any amendment constitutes acceptance of the revised Terms.
1.13 Contact
Vsolwit Industries Private Limited
D-240, Jagdamba Nagar, Behind Heerapura Power House, Ajmer Road, Jaipur, Rajasthan – 302021
contact@vsolwit.com
2. Privacy Policy
Effective Date: June 10, 2026
This Privacy Policy (“Policy”) describes how Vsolwit Industries Private Limited (“Company”, “We”, “Us”) collects, processes, stores, and shares personal data in connection with the upasth.in platform (“Platform”), in accordance with the Digital Personal Data Protection Act, 2023 (“DPDPA”), and other applicable Indian laws and regulations. By using the Platform, you consent to the collection and use of information in accordance with this Policy.
2.1 Who This Policy Applies To
This Policy applies to:
- Administrators and HR managers of subscribing organisations who use the admin dashboard.
- Employees of subscribing organisations who use the employee app or web portal.
- Managers who access the Platform for team oversight and approvals.
- Visitors to the upasth.in website who browse without creating an account.
2.2 Data We Collect
2.2.1 Data Provided by Subscribing Organisations (Employers)
When an organisation subscribes to the Platform, we collect:
- Organisation name, business address, GST/PAN details.
- Administrator name, email ID, and contact number.
- Employee profile data uploaded by the employer.
- Scanned or uploaded copies of Verification documents (stored securely).
2.2.2 Attendance & Location Data
The Platform collects the following data during employee clock-in/clock-out events:
- GPS coordinates of the employee at the time of attendance log.
- Attendance type classification: Office In, Remote (WFH) In, or Remote (On-site) In.
- Date and time stamp of each punch.
- Selfie photograph taken at the time of check-in (retained for 2 months and then automatically deleted or compressed as per configuration).
- Device metadata (OS type, app version, IP address).
2.2.3 Leave & Payroll Data
- Leave applications, balances, and approval records.
- Salary slip data and payroll computation inputs.
- Regularisation requests and approvals.
2.2.4 Usage Data (Automatic Collection)
- Login and logout timestamps.
- Pages accessed and features used.
- Browser type, operating system, device identifiers.
- Session duration and error logs.
2.3 How We Use Your Data
We use the collected data for the following purposes:
- Providing and improving the Platform services.
- Verifying employee identity and preventing proxy attendance.
- Generating payroll, salary slips, and attendance reports.
- Processing leave and regularisation requests.
- Sending notifications (push, email, or SMS) related to attendance, payroll, and HR events.
- Enabling manager approvals and HR workflows.
- Complying with applicable laws and responding to lawful requests by public authorities.
- Security monitoring, fraud prevention, and system integrity checks.
2.4 Legal Basis for Processing
We process personal data on the following legal bases:
- Contractual necessity: to fulfil our obligations under the subscription agreement with employers.
- Legitimate interests: for security, fraud prevention, and improving the Platform.
- Legal obligation: to comply with Indian labour, tax, and data protection laws.
- Consent: where specifically obtained (e.g., for biometric data collection or marketing communications).
2.5 Data Sharing & Disclosure
We do not sell your personal data. We may share data with:
- Subscribing Organisations (Employers): Employee data is accessible to authorised HR/admin personnel of the employing organisation.
- Service Providers: Trusted third-party vendors who assist with cloud hosting, SMS gateways, email delivery, and analytics, subject to strict data processing agreements.
- Law Enforcement: When required by applicable law, court order, or government authority.
- Business Transfers: In the event of merger, acquisition, or asset sale, personal data may be transferred to the successor entity.
We require all third-party processors to maintain appropriate technical and organisational measures to protect personal data.
2.6 Data Retention
We retain personal data for as long as necessary to fulfil the purposes outlined in this Policy:
- Active employee data: Retained for the duration of employment plus 2 months post-deactivation, after which it is exported to the employer admin and deleted from the Platform.
- Attendance selfie photographs: Retained for 2 months from the date of capture, then deleted or compressed.
- Payroll records: Retained as required by applicable tax and labour laws (minimum 8 years).
- Usage/access logs: Retained for 90 days.
- Deleted account data: Purged within 60 days of account deactivation, unless legally required to retain.
2.7 Your Rights (Under DPDPA 2023)
As a Data Principal, you have the following rights:
- Right of Access: Request confirmation of whether your personal data is being processed and obtain a copy.
- Right to Correction: Request rectification of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data, subject to legal obligations.
- Right to Grievance Redressal: Lodge a complaint with our Grievance Officer.
- Right to Nominate: Nominate another individual to exercise your rights in case of incapacity.
To exercise any of the above rights, submit a Data Request Form (available on the Platform) or write to:
Data Protection Officer: Amit Dabral
D-240, Jagdamba Nagar, Behind Heerapura Power House, Ajmer Road, Jaipur, Rajasthan – 302021
Email: amit@vsolwit.com
2.8 Data Security
We implement appropriate technical and organisational security measures including:
- TLS encryption for data in transit.
- AES-256 encryption for data at rest.
- Role-based access controls (RBAC).
- Regular security audits and vulnerability assessments.
- Multi-factor authentication for administrative access.
Notwithstanding these measures, no method of data transmission or storage is 100% secure. In the event of a personal data breach, we will notify affected parties in accordance with the DPDPA 2023.
2.9 Children’s Data
The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at contact@vsolwit.com.
2.10 Changes to This Policy
We may update this Policy from time to time. We will notify registered users via email or in-platform notification prior to material changes taking effect. Continued use of the Platform constitutes acceptance of the updated Policy.
2.11 Grievance Officer
Name: Amit Dabral
Address: D-240, Jagdamba Nagar, Behind Heerapura Power House, Ajmer Road, Jaipur, Rajasthan – 302021
Email: amit@vsolwit.com
3. Cookie Policy
Effective Date: June 10, 2026
This Cookie Policy explains how Vsolwit Industries Private Limited (“Company”, “We”, “Us”) uses cookies and similar tracking technologies when you access or use the upasth.in platform (“Platform”) and our public marketing website (upasth.in). By continuing to use the Platform or website, you consent to the use of cookies as described in this Policy.
3.1 What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website or use a web application. They help websites remember your preferences, keep you logged in, and understand how you interact with the service. Cookies may be set by us (“first-party cookies”) or by third-party services we use (“third-party cookies”).
3.2 Types of Cookies We Use
3.2.1 Strictly Necessary Cookies
These cookies are essential for the Platform to function and cannot be switched off in our systems. They are usually set in response to actions made by you such as setting your privacy preferences, logging in, or filling in forms. These include:
- Session authentication tokens (to keep you logged in during an active session).
- CSRF protection tokens (to prevent cross-site request forgery attacks).
- Load balancing cookies (to distribute traffic across servers).
3.2.2 Functional Cookies
These cookies enable the Platform to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. These include:
- User preference cookies (to remember your language, timezone, and display settings).
- Remember-me tokens (if you opt in to staying logged in across sessions).
3.2.3 Analytics Cookies
These cookies allow us to count visits and understand how users move around the Platform so we can measure and improve performance. We use:
- Google Analytics (for aggregate usage statistics on our public website).
- Internal analytics (for feature usage tracking within the Platform, using anonymised or pseudonymised data).
3.2.4 Advertising / Targeting Cookies
These cookies may be set through our public website by advertising partners to build a profile of your interests and show relevant advertisements on other sites. We do not use advertising cookies within the authenticated Platform. On our public marketing site, these may include retargeting pixels from platforms such as Google Ads or LinkedIn Ads.
3.3 Cookie Duration
- Session cookies: Deleted when you close your browser.
- Persistent cookies: Remain on your device for a set period (typically 7 to 30 days for authentication tokens, up to 2 years for analytics).
3.4 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to refuse, delete, or be notified when cookies are set. Please note that disabling strictly necessary cookies will impair the functionality of the Platform (e.g., you may not be able to log in). To manage cookies:
- Google Chrome: Settings → Privacy and Security → Cookies and other site data.
- Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data.
- Safari: Preferences → Privacy → Manage Website Data.
- Microsoft Edge: Settings → Privacy, search, and services → Cookies.
For opt-out of Google Analytics tracking specifically, you may install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.
3.5 Changes to This Cookie Policy
We may update this Cookie Policy periodically. We will notify you of material changes via email or in-platform notification. The updated policy will be effective from the date noted at the top of this document.
3.6 Contact
For questions regarding our use of cookies, contact us at:
contact@vsolwit.com
4. Disclaimer
Effective Date: June 10, 2026
This Disclaimer governs your use of the upasth.in platform (“Platform”) and associated services provided by Vsolwit Industries Private Limited (“Company”, “We”, “Us”). Please read it carefully. By using the Platform, you acknowledge and accept the following limitations and disclaimers.
4.1 General Disclaimer
The Platform and all content, features, and services provided through it are offered on an ‘AS IS’ and ‘AS AVAILABLE’ basis, without warranties of any kind, either express or implied. To the fullest extent permitted by applicable Indian law, the Company expressly disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, and title.
4.2 No Professional Advice
Nothing contained on the Platform constitutes legal, financial, accounting, tax, or HR compliance advice. Any information provided is for general operational purposes only. You should consult qualified professionals before making decisions based on outputs, reports, or data generated by the Platform.
4.3 Technology Limitations
The Platform uses technologies including geolocation services and selfie-based attendance verification. The Company does not warrant that:
- GPS coordinates captured are 100% accurate in all environments (e.g., indoor locations, areas with poor satellite signal).
- Facial recognition or selfie verification is infallible or free from false positives or negatives.
- The Platform will be free from delays, disruptions, errors, omissions, or interruptions caused by third-party services, internet connectivity, or device limitations.
4.4 Third-Party Services
The Platform may integrate with or reference third-party services, tools, or platforms (e.g., cloud storage providers, SMS gateways, payment processors). The Company is not responsible for the availability, accuracy, security, or content of such third-party services. Use of third-party integrations is governed by the respective third-party’s terms of service.
4.5 Accuracy of Information
While we strive to maintain accurate and up-to-date information, the Company makes no representations or warranties regarding the accuracy, completeness, timeliness, or reliability of any data, reports, or outputs generated by the Platform. Users are responsible for verifying the accuracy of data entered into the Platform.
4.6 Limitation of Liability
In no event shall the Company, its directors, officers, employees, or agents be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of, or inability to use, the Platform — even if the Company has been advised of the possibility of such damages.
The Company’s aggregate liability for any claims arising from use of the Platform shall not exceed the total amount paid by the Customer in subscription fees in the three (3) months immediately preceding the claim.
4.7 Force Majeure
The Company shall not be liable for any failure or delay in performance resulting from events beyond its reasonable control, including acts of God, natural disasters, pandemic, war, government orders, power outages, internet disruptions, or third-party service failures.
4.8 Amendments
The Company reserves the right to modify or update this Disclaimer at any time. Any changes will be effective upon posting to the Platform or notification via email. Continued use of the Platform following such notification constitutes your acceptance of the updated Disclaimer.
5. Data Processing Agreement
Effective Date: June 10, 2026
This Data Processing Agreement (“DPA”) forms part of the subscription agreement between Vsolwit Industries Private Limited (“Processor”) and the subscribing organisation (“Customer”, “Data Fiduciary”) using the upasth.in platform (“Platform”). This DPA governs how the Processor processes personal data on behalf of the Data Fiduciary in accordance with the Digital Personal Data Protection Act, 2023 (“DPDPA”).
5.1 Roles & Responsibilities
- The Customer (Employer) acts as the Data Fiduciary and determines the purposes and means of processing employee personal data.
- Vsolwit Industries Private Limited acts as the Data Processor and processes personal data only on documented instructions from the Data Fiduciary.
5.2 Scope of Processing
The Processor shall process the following categories of personal data on behalf of the Data Fiduciary:
- Employee identification data (name, employee code, contact information).
- Biometric-adjacent data (selfie photographs for attendance verification).
- Location data (GPS coordinates at check-in/check-out).
- Attendance and leave records.
- Payroll and salary data.
- Device metadata and usage logs.
5.3 Processor Obligations
The Processor agrees to:
- Process personal data only on documented instructions from the Data Fiduciary, unless required by applicable law.
- Ensure that persons authorised to process personal data are bound by confidentiality obligations.
- Implement appropriate technical and organisational security measures in accordance with Section 5.5.
- Not engage sub-processors without prior written authorisation from the Data Fiduciary. Where sub-processors are engaged, they are bound by equivalent data protection obligations.
- Assist the Data Fiduciary in responding to Data Principal rights requests (access, correction, erasure, grievance redressal) within the timeframes specified under the DPDPA.
- Notify the Data Fiduciary of any personal data breach within 72 hours of becoming aware of it, where feasible.
- At the choice of the Data Fiduciary, delete or return all personal data upon termination of the subscription agreement, in accordance with Section 5.7.
- Provide the Data Fiduciary with all information necessary to demonstrate compliance with this DPA.
5.4 Data Fiduciary Obligations
The Data Fiduciary (Customer) agrees to:
- Ensure that the processing of personal data on the Platform is lawful and that all necessary consents from Data Principals (employees) have been obtained prior to onboarding.
- Provide accurate and complete instructions for processing.
- Notify the Processor promptly of any changes to processing requirements or applicable legal obligations.
- Maintain records of Data Principal consents in accordance with the DPDPA.
5.5 Security Measures
The Processor shall implement and maintain the following security measures:
- AES-256 encryption for data at rest.
- TLS 1.2 or higher for data in transit.
- Role-based access control (RBAC) limiting data access to authorised personnel only.
- Regular vulnerability assessments and penetration testing.
- ISO 27001-aligned information security management practices.
- Audit logs of access and processing activities, retained for 90 days.
5.6 Data Localisation
All personal data processed under this DPA shall be stored exclusively within the territory of India. The Processor shall not transfer any personal data outside India without the prior written consent of the Data Fiduciary and in compliance with applicable Indian data localisation requirements.
5.7 Data Retention & Deletion Upon Termination
Upon termination or expiry of the subscription agreement:
- The Processor shall, within 60 working days, either securely delete or return all personal data processed on behalf of the Data Fiduciary, at the Data Fiduciary’s election.
- The Data Fiduciary will be provided with an export of all employee data in a machine-readable format (CSV or JSON) before deletion.
- Backups containing personal data will be purged within 60 working days of the termination date.
- Certain data may be retained longer if required by applicable law (e.g., payroll records under tax statutes).
5.8 Governing Law
This DPA shall be governed by the laws of India. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts in Jaipur, Rajasthan.
6. Employee Consent Policy (Biometric & Location Data)
Effective Date: June 10, 2026
This Employee Consent Policy (“Policy”) explains how Vsolwit Industries Private Limited (“Company”, “We”) collects, uses, and manages biometric and location data from employees of organisations subscribing to the upasth.in platform (“Platform”). This Policy is provided to employees in fulfilment of the consent requirements under the Digital Personal Data Protection Act, 2023 (“DPDPA”) and other applicable laws.
6.1 What Data Is Collected
Through the upasth.in mobile application and web portal, the following data is collected from employees:
- Selfie photograph at clock-in and clock-out: A photograph of your face is captured at the time of each attendance mark. This is used to verify employee identity and prevent proxy attendance.
- GPS location coordinates: Your geographic location (latitude and longitude) is recorded at the moment of attendance punch. This is used to classify attendance type (Office In, WFH, Remote On-site) and verify attendance at designated locations.
- Device metadata: Information including device operating system, app version, and IP address is collected for security and audit purposes.
6.2 Purpose of Collection
The data described above is collected solely for the following purposes:
- Verifying employee identity at the time of attendance marking.
- Preventing fraudulent or proxy attendance.
- Classifying attendance type and location for HR and payroll processing.
- Generating attendance reports for your employing organisation.
- Maintaining an audit trail for compliance and grievance resolution.
6.3 How Data Is Processed
- Selfie photographs are used for attendance verification at the time of capture. They are retained for a maximum of 2 months from the date of capture, after which they are automatically deleted or compressed.
- GPS data is recorded only at the moment of check-in or check-out and is not used for continuous or real-time location tracking.
- All data is transmitted using TLS encryption and stored using AES-256 encryption on servers located in India.
- Access to this data is restricted to authorised HR administrators and managers of your employing organisation, subject to role-based access controls.
6.4 Your Consent
By installing the upasth.in employee application, registering on the Platform, or logging your first attendance punch, you provide your informed consent to the collection and processing of your selfie photograph and GPS location as described in this Policy.
If your employer has onboarded you to the Platform, your employer (as Data Fiduciary) is responsible for ensuring that your consent has been obtained in compliance with the DPDPA prior to your onboarding.
6.5 Your Rights as an Employee
Under the DPDPA 2023 and this Policy, you have the following rights:
- Right of Access: You may request a summary of the personal data the Company holds about you.
- Right to Correction: You may request correction of inaccurate or outdated personal data.
- Right to Erasure: You may request deletion of your personal data, subject to the Company’s legal and contractual obligations to your employer.
- Right to Withdraw Consent: You may withdraw your consent for the collection of biometric and location data at any time. However, please note that withdrawal of consent may affect your ability to use the attendance features of the Platform and may have employment-related consequences as determined by your employer.
- Right to Grievance Redressal: You may lodge a complaint with the Grievance Officer listed in Section 6.8.
To exercise any of these rights, please submit a request through the upasth.in employee portal or contact your employer’s HR administrator.
6.6 Data Sharing
Your biometric and location data will be shared with:
- Your employing organisation’s authorised HR/admin personnel, for attendance management and payroll processing.
- Authorised managers within your organisation, for team attendance oversight.
- Law enforcement or regulatory authorities, where required by applicable law or court order.
We will not sell or share your personal data with any third party for marketing or commercial purposes.
6.7 Biometric Data Deletion on Account Deactivation
Upon deactivation of your employee account (e.g., upon resignation, termination, or removal by your employer):
- Your active employee profile and associated attendance data will be exported to your employer’s admin and deactivated on the Platform within 2 months.
- Selfie photographs and biometric verification templates, if stored, will be permanently deleted from the Platform within 30 days of account deactivation.
- Payroll records may be retained for a longer period as required by applicable law.
6.8 Grievance Officer
For any concerns or complaints regarding the collection or use of your biometric or location data, please contact:
Grievance Officer: Amit Dabral
Email: amit@vsolwit.com
Address: D-240, Jagdamba Nagar, Behind Heerapura Power House, Ajmer Road, Jaipur, Rajasthan – 302021
We will acknowledge your complaint within 48 hours and endeavour to resolve it within 30 days.