Byld360

Trust

Data Processing Agreement

Last updated: 16 May 2026 · Byld360 by SHATAK Infotech

An enterprise-grade DPA suitable for procurement review and vendor onboarding. Available for execution alongside the master subscription agreement.

This document is provided for transparency. Please review with independent legal counsel before relying on it for production deployment or contractual purposes.

01

Parties and roles

This Data Processing Agreement ("DPA") is entered into between the customer organisation ("Controller") and SHATAK Infotech Pvt. Ltd. ("Processor"). It governs the processing of personal data carried out by the Processor when operating Byld360 on the Controller's behalf.

02

Subject matter and duration

The subject matter is the provision of Byld360 as a service. The duration of processing corresponds to the duration of the underlying subscription, plus any retention windows required by law.

03

Purpose and nature of processing

  • Authenticating users and managing role-based access.
  • Storing and retrieving operational records and evidence.
  • Generating reports, audit trails and notifications.
  • Operating support, diagnostics and incident response.
04

Categories of data and data subjects

  • Data subjects — Controller's employees, subcontractor staff, vendors and other individuals named in operational records.
  • Data categories — contact details, role, authentication metadata, work performed, attendance markers, location tags on captured evidence.
05

Controller obligations

The Controller is responsible for ensuring it has a lawful basis to process personal data uploaded to the Service, for providing notice to data subjects, and for managing role assignments within the Service.

06

Processor obligations

  • Process personal data only on documented Controller instructions.
  • Ensure personnel are bound by appropriate confidentiality obligations.
  • Implement and maintain the security measures described below.
  • Assist the Controller with data-subject requests and impact assessments.
  • Notify the Controller of personal-data breaches without undue delay.
07

Confidentiality

Personnel authorised to process personal data are bound by confidentiality undertakings. Access is granted on a least-privilege basis and reviewed periodically.

08

Security measures

Technical and organisational controls include TLS in transit, encryption at rest, isolated environments, network segmentation, access logs, change management, dependency scanning and incident response. The full list lives on the Security page.

09

Breach notification

On becoming aware of a personal-data breach affecting Controller data, the Processor will notify the Controller without undue delay and in any event within 72 hours, with sufficient information for the Controller to meet its own notification obligations.

10

Subprocessors

The Processor uses the subprocessors listed on the Subprocessors page. The Controller is notified of material changes with reasonable notice and may object on reasonable grounds.

11

International transfers

Where personal data is transferred outside India, the Processor ensures appropriate safeguards under applicable law, including contractual clauses with the subprocessor concerned.

12

Retention and deletion

On termination of the underlying subscription, the Processor will delete Controller personal data within 90 days, except where retention is required by law. Backups are overwritten on a defined rotation.

13

Audit rights

The Processor will, on reasonable notice, make available the information necessary for the Controller to verify compliance with this DPA, including summaries of independent assessments and responses to security questionnaires.

14

Liability

Liability under this DPA follows the limitations set out in the underlying Terms of Service.

15

Contact

DPA execution and questions: contact@shatakinfotech.com.

Byld360 is a software product and venture of SHATAK Infotech Pvt. Ltd.. For questions about this document, contact contact@shatakinfotech.com.