Introduction
This Privacy Policy explains how SHATAK Infotech Pvt. Ltd. ("we", "us", "our") collects, uses and protects information when you or your organisation use Byld360 (the "Service"). It applies to all users of the web application, mobile experiences, APIs and related interfaces.
Byld360 is built for construction and infrastructure teams operating real sites. The information we handle is operational in nature — site activity, work logs, photos, procurement and machinery records — and we treat it with care appropriate to its business sensitivity.
Information we collect
We collect only the information needed to operate the Service for your organisation and the projects it runs.
- Account information — name, email, phone number, organisation, designation and the role assigned to you within the account.
- Authentication information — hashed credentials, session tokens, sign-in timestamps, IP and device fingerprints used for security.
- Operational content you or your team enter into the Service (site updates, work logs, materials, machinery, fuel, procurement and subcontractor records).
- Evidence files — photos, videos, voice notes and documents attached to operational records.
- Device and browser data — user agent, OS, screen size, language, time zone and connection signals used for reliability and continuity.
- Diagnostic data — error reports, performance traces and aggregated usage metrics.
User accounts and roles
Accounts in Byld360 are tied to an organisation. An administrator may invite teammates and assign roles such as owner, project lead, site engineer, accounts, procurement, store-keeper or read-only viewer. Each role determines which modules and records the user can see and act on.
Role assignments, role changes and user removals are recorded in the audit trail described below.
Site operations data
Daily logs, work progress, attendance, machinery deployment, material consumption, issues, weather notes and sign-off records you create are stored against the relevant project, site and zone. This data belongs to your organisation; we process it on your behalf to run the Service.
GPS and location data
When you explicitly capture a geo-tagged update, photo, attendance marker or asset movement, we collect the coordinates reported by your device. Location is captured per action — we do not run continuous background tracking.
Your browser or device will always ask for permission before location is read. You can decline; the related feature will fall back to a manual entry.
Work logs
Work logs include start and end timestamps, work type, quantity, measurement unit, assigned crew, supervisor sign-off, linked materials, machinery usage and any evidence attached. These records form the operational history of a project.
Photos, videos and evidence
Files you upload as evidence (photos, videos, PDFs, voice notes) are stored in encrypted object storage. EXIF metadata such as capture time and GPS may be retained when present so that the evidence is defensible during audits and disputes.
Asset and machinery information
Asset registers — machine identity, ownership, hour-meter readings, fuel issues, breakdowns, service records, deployments and utilisation — are stored to power the asset module and reports.
Procurement information
Purchase requests, purchase orders, goods receipts, vendor records, delivery proofs, invoices and reconciliation notes are stored to operate the procurement module and produce audit-ready trails.
Subcontractor information
Subcontractor scopes, rate cards, measurement sheets, running bills, deductions and retention are stored to operate the subcontractor billing module.
Communication records
Comments, mentions, action items, status changes and notifications generated inside the Service are stored against the originating record to preserve operational context.
Device and browser information
We collect basic device, browser and network signals to ensure the Service works well on the conditions found on actual sites — varying connectivity, older Android handsets and shared devices.
Analytics
We use first-party analytics to understand how features perform and where the Service slows down. Analytics events are aggregated and do not include the contents of your operational records.
How we use information
- To operate, maintain and improve the Service.
- To authenticate users and protect against unauthorised access.
- To preserve operational continuity across sessions and devices.
- To deliver notifications and reminders relevant to your work.
- To diagnose incidents and prevent abuse.
- To meet legal, tax and audit obligations.
Data retention
Operational content is retained for the duration of the customer relationship and as required by applicable law for accounting and audit. On termination, primary data is deleted within 90 days of request, except where retention is mandated by law. Encrypted backups are rotated and overwritten on a defined schedule.
Role-based access control
Every record in Byld360 is governed by row-level security tied to the user's role and project assignment. Administrative access to underlying infrastructure is restricted to a small set of engineers, granted on a need-to-know basis, and logged.
Data deletion requests
Administrators may delete projects, users, records and evidence from within the product. End users may request deletion of personal identifiers by writing to contact@shatakinfotech.com.
Security measures
We apply industry-standard controls including encryption in transit (TLS) and at rest, hashed credentials, scoped API keys, least-privilege engineering access, continuous monitoring and regular dependency scans.
The full breakdown lives on our Security page.
Audit trail and continuity logging
Important actions — record creation, edits, approvals, role changes, exports and deletions — are written to an append-only audit log. Continuity logging preserves your draft work locally so that connectivity drops on site do not cost progress.
Third-party services
We use a small set of carefully selected service providers to host infrastructure, send transactional email and run analytics. The current list is published on our Subprocessors page.
International processing
Operational data is primarily processed and stored in data centres located in India. Where a subprocessor processes data outside India, we ensure appropriate safeguards under applicable law.
Your rights
- Right to access the personal data we hold about you.
- Right to correct inaccurate personal data.
- Right to request deletion, subject to legal retention.
- Right to object to or restrict certain processing.
- Right to portability of personal data in a structured form.
- Right to lodge a complaint with the appropriate supervisory authority.
Children's privacy
The Service is intended for use by businesses and is not directed at children under 18. We do not knowingly collect personal data from children.
Changes to this policy
We may update this policy as the Service evolves. Material changes will be announced inside the product and reflected by the "last updated" date above.
Contact us
Privacy questions: contact@shatakinfotech.com. Legal: contact@shatakinfotech.com. Postal: SHATAK Infotech Pvt. Ltd., Girital Road, Kashipur (U.S. Nagar), Uttarakhand - 244713, India.
Byld360 is a software product and venture of SHATAK Infotech Pvt. Ltd.. For questions about this document, contact contact@shatakinfotech.com.
