Terms and Conditions

Preamble and Acceptance

1. Definitions

These Terms and Conditions (together with all Schedules and documents referred to herein, the “Terms” or “Terms of Use”) constitute an electronic record under the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, together with the rules made under each of them. This electronic record is generated by a computer system and does not require any physical, electronic, or digital signature.

These Terms also incorporate, where applicable to the User, the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK General Data Protection Regulation and the UK Data Protection Act 2018 (“UK GDPR”), the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”), the Brazilian General Data Protection Law (LGPD), the Personal Data Protection Law of the Kingdom of Saudi Arabia (“Saudi PDPL”), the Singapore Personal Data Protection Act 2012 (“PDPA”), the Protection of Personal Information Act, 2013 of South Africa (“POPIA”), the Personal Information Protection and Electronic Documents Act of Canada (“PIPEDA”), the Australian Privacy Act 1988, the New Zealand Privacy Act 2020, the Japanese APPI, the UAE Federal Decree-Law No. 45 of 2021, the Swiss revFADP, and any other applicable data-protection or privacy laws of the jurisdiction in which the User is established.

By accessing, browsing, registering for, subscribing to, or otherwise using the website www.bytephase.com (the “Website”), the BytePhase application, the BytePhase API, or any related product or service offered by BytePhase Technologies Private Limited (collectively, the “Services”), You agree to be bound by these Terms. If You do not agree, You must not access or use the Services.

These Terms form a legally binding agreement between You and BytePhase Technologies Private Limited and govern the relationship between the parties for the duration of Your use of the Services.

2. General Use of the Website and Services

2.1   Account Registration

To access certain features, You must register for an Account and provide accurate, complete, and current information. You are solely responsible for maintaining the confidentiality of Your login credentials and for all activities that occur under Your Account. You must notify Us immediately in writing of any unauthorized access to or suspected misuse of Your Account. BytePhase shall not be liable for any loss or damage arising from Your failure to safeguard Your credentials.

2.2   Eligibility

The Services are intended only for persons who are at least 18 years of age (or the age of legal majority in Your jurisdiction, whichever is higher) and competent to enter into a binding contract under applicable law. By using the Services, You represent and warrant that You meet these requirements. If You are using the Services on behalf of a business entity, You further represent that You are duly authorized to bind that entity to these Terms.

2.3   Modification of Terms

BytePhase reserves the right to modify, amend, or update these Terms from time to time. Updated Terms will be posted on the Website with a revised “Last Updated” date. Material changes will be notified to You by email or through an in-Service notice at least thirty (30) days in advance of taking effect. If You do not agree to a material change, You may terminate Your subscription before the change takes effect and receive a pro-rata refund of any prepaid Subscription Fees attributable to the unused period. Your continued use of the Services after the effective date of any change constitutes Your acceptance of the revised Terms.

2.4   Conflict

In the event of conflict between these Terms and any Schedule, order form, or jurisdiction-specific provision, the following order of precedence shall apply (descending): (a) any signed order form or master services agreement; (b) the jurisdiction-specific provisions in Section 9 applicable to the User; (c) the Schedules to these Terms; and (d) the body of these Terms.

3. Licence and Use of the Services

3.1   Grant of Licence

Subject to Your continued compliance with these Terms and the timely payment of all applicable fees, BytePhase grants You a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to access and use the Services for Your internal business operations during the term of Your subscription.

3.2   Restrictions and Acceptable Use

You shall not, and shall not permit any third party to:

  • Copy, modify, reverse engineer, decompile, disassemble, or create derivative works of the Services, except to the extent such restriction is prohibited by applicable law;
  • Resell, sublicense, lease, rent, or otherwise commercially exploit the Services;
  • Use the Services, or any data, know-how, or output derived from the Services, to develop or operate a product or service that competes with the Services;
  • Use any automated system (bots, scrapers, crawlers) to access the Services except where expressly authorised in writing;
  • Interfere with or disrupt the integrity or performance of the Services or attempt to gain unauthorized access to any part of the Services or related systems.

3.3   Prohibited Content

In compliance with Rule 3(1)(b) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and equivalent obligations under applicable laws of other jurisdictions, You shall not host, display, upload, modify, publish, transmit, store, update, or share any information that:

  • Belongs to another person and to which You do not have any right;
  • Is defamatory, obscene, pornographic, paedophilic, invasive of another’s privacy (including bodily privacy), insulting, harassing on the basis of gender, libellous, racially or ethnically objectionable, or otherwise inconsistent with or contrary to the laws in force;
  • Is harmful to children;
  • Infringes any patent, trademark, copyright, or other proprietary rights;
  • Violates any law for the time being in force;
  • Deceives or misleads the addressee about the origin of the message or knowingly communicates false or misleading information;
  • Impersonates another person;
  • Threatens the unity, integrity, defence, security, or sovereignty of any country, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence;
  • Contains software viruses or any other computer code, file, or program designed to interrupt, destroy, or limit the functionality of any computer resource;
  • Is patently false or misleading in nature, or is in the nature of misinformation;
  • Promotes terrorism, violent extremism, or any other content prohibited under applicable law.

BytePhase reserves the right to remove or disable access to any content that violates this Section, including the obligation to remove certain categories within twenty-four (24) hours of receiving a complaint where required by law.

3.4   Intellectual Property

BytePhase and its licensors own all right, title, and interest in and to the Services, including all underlying software, source code, designs, trademarks, logos, content, and documentation. Nothing in these Terms transfers any intellectual property right to You other than the limited licence expressly granted in Section 3.1. Any feedback or suggestions You provide may be used by BytePhase without obligation or compensation to You.

3.5   Customer Data

As between You and BytePhase, You retain ownership of all Customer Data. You grant BytePhase a worldwide, royalty-free, non-exclusive licence to host, store, process, transmit, and display Customer Data solely as necessary to provide the Services to You and to comply with applicable law. BytePhase shall not use Customer Data to train machine-learning models that benefit other customers, to build aggregated commercial datasets, or for any purpose other than providing the Services to You, without Your prior written consent. BytePhase may generate and use anonymised, de-identified, and aggregated information derived from Customer Data, provided such information cannot, by reasonable means, be used to identify You, Your end-customers, or any individual.

4. Subscription, Fees, and Payment

4.1   Subscription Plans

The Services are offered on a subscription basis under various pricing plans published on the Website. BytePhase may revise pricing from time to time, with revisions taking effect from the start of Your next billing cycle following at least thirty (30) days’ advance notice. If You do not agree to a price increase, You may terminate Your subscription before the new pricing takes effect.

4.2   Invoicing and Taxes

BytePhase will issue invoices in accordance with Your selected plan and Service usage. All Subscription Fees are exclusive of applicable taxes (GST, VAT, sales tax, withholding tax, and similar). Where required by law, You shall provide BytePhase with a valid tax registration certificate, GSTIN, VAT number, or equivalent identifier.

4.3   Payment Terms

All fees are payable in full by the due date specified on the invoice. Payments not received by the due date may attract interest at the rate of 1.5% per month (18% per annum) or the maximum rate permitted under applicable law, whichever is lower.

4.4   Refund Policy

Unless expressly stated otherwise in writing, all fees paid for the Services are non-refundable. The foregoing shall not apply to (a) any pro-rata refund expressly provided for in Section 2.3 (Modification of Terms) or Section 4.1 (Subscription Plans); (b) any refund credit due under the Service Level Agreement set out in Schedule A; or (c) any refund mandated by applicable consumer-protection law where the Services are materially deficient. Amounts paid for third-party services and consumables (SMS credits, email credits, voice calls, call recording, and similar) are strictly non-refundable.

4.5   Suspension for Non-Payment

BytePhase may suspend or terminate Your access if any undisputed invoice remains unpaid for more than thirty (30) days after the due date, provided that BytePhase has given You at least seven (7) days’ prior written notice of the impending suspension.

5. Free Trial

You may evaluate the Services under a free trial of up to thirty (30) days. The trial is provided “as is”, without warranty of any kind. BytePhase reserves the right to modify, suspend, or discontinue the trial offer at any time. At the end of the trial, You must subscribe to a paid plan to continue using the Services; otherwise, Your Account may be suspended or terminated.

6. Support and Service Availability

6.1   Help Desk

Before contacting support, You should make reasonable efforts to investigate and diagnose issues using the resources available on the Website. For technical assistance, You may contact Our support team at the email address published on the Website.

6.2   Service Level Agreement

BytePhase’s commitments regarding Service availability and uptime are set out in Schedule A (Service Level Agreement) to these Terms.

7. Communications

7.1   Transactional Messages

As part of providing the Services, BytePhase will send You and (where applicable) Your end-customers transactional messages by SMS, email, WhatsApp, or other channels. By accepting these Terms, You consent to receive such transactional communications.

7.2   Promotional Messages

BytePhase may send You promotional messages about new features, offers, or related products. You may opt out at any time by following the unsubscribe instructions or by writing to Our support team. Opting out of promotional messages will not affect Your receipt of transactional messages necessary for the operation of Your Account.

7.3   Communications to Your Customers — Your Compliance Obligations

You are solely responsible for ensuring that You have obtained all necessary consents from Your end-customers before using the Services to send communications to them. You agree to comply with all applicable laws relating to electronic communications, including:

  • TCCCPR 2018 and the TRAI DLT framework (India);
  • CAN-SPAM Act 2003 and the Telephone Consumer Protection Act (United States);
  • Canada’s Anti-Spam Legislation (CASL);
  • PECR 2003 (United Kingdom);
  • Directive 2002/58/EC (ePrivacy Directive) and national implementing laws (EU/EEA);
  • Spam Act 2003 (Australia) and Unsolicited Electronic Messages Act 2007 (New Zealand).

You shall obtain and maintain valid sender registrations, DLT template approvals, opt-in records, and consent logs as required. You shall indemnify BytePhase against any claim arising from communications sent by You or on Your behalf using the Services.

7.4   DLT and Sender Identifier Responsibility (India)

Where the Services are used to send communications to recipients in India, the Principal Entity registration on any Distributed Ledger Technology (DLT) platform, the registered Header (Sender ID), and the registered Content Templates shall, unless otherwise agreed in writing, be owned by and registered to You. You are responsible for any penalty imposed by TRAI or any access provider in respect of unregistered, scrubbed, or non-compliant traffic.

8. Data Protection — General Provisions

8.1   Roles of the Parties

With respect to Customer Data uploaded by You, BytePhase acts as a Processor and You act as the Controller. With respect to Your own Account information and the Personal Data of Your authorised users, BytePhase acts as the Controller. The applicable jurisdiction-specific provisions in Section 9 shall further define these roles.

8.2   Your Obligations as Controller

You represent and warrant that:

  • You have a valid lawful basis under applicable law (including, where required, free, specific, informed, unconditional, and unambiguous consent) for collecting and uploading Customer Data;
  • You will provide all required notices to Your end-customers regarding processing of their Personal Data, including the identity of BytePhase as a Processor;
  • You will respond to and honour all rights exercised by Data Subjects under applicable law (access, rectification, erasure, restriction, portability, objection, automated-decision rights), and will reasonably cooperate with BytePhase to facilitate such rights;
  • You will not upload special categories of Personal Data (health, racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic data, biometric data, sexual orientation, criminal convictions) beyond what is reasonably necessary;
  • You will not upload the Personal Data of any individual under the age of 18 years (or the age specified under applicable law) without first obtaining verifiable parental consent under DPDP Act Section 9, GDPR Article 8, and COPPA where applicable;
  • You shall not use the Services for tracking, behavioural monitoring, or targeted advertising directed at children.

8.3   Privacy Policy

Our collection, use, storage, and disclosure of Personal Data is further described in Our Privacy Policy, which is incorporated into these Terms by reference and forms an integral part of this agreement.

8.4   Data Storage and Security

BytePhase has implemented and shall maintain appropriate technical and organisational measures designed to protect Personal Data, including: (a) encryption in transit and at rest; (b) access controls and authentication; (c) periodic security assessments and vulnerability testing; (d) staff training and confidentiality obligations; (e) logging and monitoring; and (f) business continuity and disaster recovery procedures. Customer Data is stored on secure cloud infrastructure (currently AWS Mumbai region).

8.5   Optional Data Categories

The Services include optional features that allow You to store the following categories of information about Your end-customers and employees: (a) bank details, including account number, IFSC/SWIFT/IBAN code, and account holder name; (b) tax-related information, including PAN, GSTIN, VAT number, and equivalent identifiers; (c) identification documents and details; and (d) device information, including model name, model number, IMEI number, serial number, and device images. The decision to collect and store such information rests entirely with You, and You alone are responsible for the lawful basis, accuracy, and integrity of such data.

8.6   Personal Data Breach Notification

In the event BytePhase becomes aware of a Personal Data Breach affecting Customer Data, BytePhase shall notify You without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach. Such notification shall include, to the extent reasonably available: (a) the nature of the breach; (b) the likely consequences; (c) measures taken or proposed; and (d) the contact details of the appropriate point of contact. BytePhase shall reasonably cooperate with You to enable You to fulfil notification obligations to applicable supervisory authorities (Data Protection Board of India, EU/EEA supervisory authorities, UK ICO, California Privacy Protection Agency, ANPD, SDAIA, PDPC, IPC, OAIC, OPC) and Data Subjects.

9. International Data Protection — Jurisdiction-Specific Provisions

The provisions of this Section 9 apply, in addition to Section 8, to the extent that the User, the User’s end-customers, or the Personal Data processed under these Terms are subject to the data-protection law of the relevant jurisdiction.

9.1   European Union and EEA — GDPR

Where the User is established in the EU/EEA, or where Personal Data of Data Subjects in the EU/EEA is processed, the GDPR applies and:

  • You act as the “controller” and BytePhase acts as the “processor” within the meaning of Article 4 GDPR.
  • BytePhase shall process Personal Data only on Your documented instructions, including with regard to transfers to a third country or international organisation, unless required to do so by Union or Member State law.
  • BytePhase ensures that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • BytePhase shall take all measures required pursuant to Article 32 GDPR (security of processing).
  • BytePhase shall assist You by appropriate technical and organisational measures, insofar as possible, in fulfilling Your obligations to respond to requests from Data Subjects exercising their rights under Chapter III GDPR.
  • BytePhase shall assist You in ensuring compliance with Articles 32 to 36 GDPR (security, breach notification, DPIAs, prior consultation).
  • At Your choice, BytePhase shall delete or return all Personal Data after end of provision of services and delete existing copies, unless storage is required by Union or Member State law.
  • BytePhase shall make available to You all information necessary to demonstrate compliance with Article 28 GDPR and shall allow for and contribute to audits.
  • Data Subjects in the EU/EEA may lodge a complaint with their local supervisory authority and have the right to an effective judicial remedy under Articles 77 to 79 GDPR.

Where required under Article 27 GDPR, BytePhase shall designate an EU Representative. Current EU Representative: [TO BE FILLED if/when appointed].

9.2   United Kingdom — UK GDPR and Data Protection Act 2018

Where the User is established in the UK or where Personal Data of UK Data Subjects is processed, the UK GDPR and the Data Protection Act 2018 apply, and the obligations in Section 9.1 apply mutatis mutandis (with references to the EDPB read as references to the ICO). Cross-border transfers from the UK to India or any other third country shall be governed by the UK Addendum or the UK International Data Transfer Agreement.

Where required under Article 27 UK GDPR, BytePhase shall designate a UK Representative. Current UK Representative: [TO BE FILLED if/when appointed].

9.3   California — CCPA / CPRA

Where the User is a “business” within the meaning of CCPA/CPRA:

  • BytePhase acts as a “service provider” or “contractor” as defined under CCPA/CPRA.
  • BytePhase shall not (a) sell or share Personal Data; (b) retain, use, or disclose Personal Data for any purpose other than for the specific purpose of performing the Services; (c) retain, use, or disclose Personal Data outside the direct business relationship; or (d) combine Personal Data received from You with Personal Data from another source, except as permitted under CCPA/CPRA.
  • BytePhase shall provide the same level of privacy protection as is required of Businesses by CCPA/CPRA.
  • BytePhase shall notify You if it determines it can no longer meet its CCPA/CPRA obligations.
  • Sensitive Personal Information shall be processed only for limited purposes permitted under Section 1798.121 of the California Civil Code.
  • Consumers in California have the rights to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and not be discriminated against for exercising their rights.

9.4   Brazil — LGPD

Where the User is established in Brazil or where Personal Data of Data Subjects in Brazil is processed, the LGPD (Lei No. 13.709/2018) applies and the parties agree that You act as the “controller” (controlador) and BytePhase acts as the “operator” (operador). Data Subjects in Brazil have the rights set out in Article 18 LGPD, including confirmation, access, correction, anonymisation, blocking, deletion, portability, and revocation of consent. Complaints may be made to the Autoridade Nacional de Proteção de Dados (ANPD).

9.5   Kingdom of Saudi Arabia — PDPL

Where the User is established in the Kingdom of Saudi Arabia or where Personal Data of Data Subjects in Saudi Arabia is processed, the Saudi PDPL (Royal Decree M/19) and Implementing Regulations apply. You act as the “Controller” and BytePhase acts as the “Processor”. You acknowledge that certain categories of Personal Data may be subject to localisation requirements under Saudi law, and You shall not upload such data to the Services without first ensuring compliance.

9.6   Singapore — PDPA

Where the User is established in Singapore or where Personal Data of individuals in Singapore is processed, the Singapore PDPA 2012 applies. BytePhase acts as a “data intermediary” and shall comply with Sections 24 and 25 PDPA. You shall comply with all obligations of an “organisation” under PDPA, including consent, purpose limitation, notification, access and correction, accuracy, accountability, and the Do Not Call provisions of Part IX.

9.7   South Africa — POPIA

Where the User is established in South Africa or where Personal Information of Data Subjects in South Africa is processed, POPIA applies. You act as the “responsible party” and BytePhase acts as the “operator”. Complaints may be made to the Information Regulator of South Africa.

9.8   Canada — PIPEDA

Where the User is established in Canada or where Personal Information of individuals in Canada is processed, PIPEDA and applicable provincial privacy legislation (Quebec’s Law 25, Alberta PIPA, BC PIPA) apply. Complaints may be made to the Office of the Privacy Commissioner of Canada (OPC) or the relevant provincial regulator.

9.9   Australia and New Zealand

Where the User is established in Australia or New Zealand, the Privacy Act 1988 and Australian Privacy Principles, or the New Zealand Privacy Act 2020, apply. Complaints may be made to the OAIC or OPC.

9.10   Japan — APPI

Where the User is established in Japan, APPI applies. You act as a “Personal Information Handling Business Operator” and BytePhase acts as a recipient processing on Your behalf (entrustment under Article 27(5)(i) APPI). Complaints may be made to the PPC.

9.11   UAE, Switzerland, and Other Jurisdictions

Where the User is established in any other jurisdiction with applicable data-protection law (including the UAE under Federal Decree-Law No. 45 of 2021, Switzerland under the revFADP, and other jurisdictions), the parties shall comply with such law and execute any additional documentation reasonably required.

9.12   Cross-Border Data Transfers

You acknowledge that the Services are hosted on AWS infrastructure in the Mumbai (India) region. Where Personal Data of Data Subjects located in the EU/EEA, UK, or other jurisdictions imposing cross-border restrictions is transferred to India or any other third country, such transfer shall be made pursuant to one or more of the following lawful transfer mechanisms:

  • the SCCs (Module 2: Controller to Processor, or Module 3: Processor to Processor, as applicable) adopted under Implementing Decision (EU) 2021/914, hereby incorporated into these Terms by reference;
  • the UK Addendum or the UK International Data Transfer Agreement, for transfers from the UK;
  • the equivalent cross-border transfer mechanism prescribed by the law of the originating jurisdiction (including, for Switzerland, the SCCs supplemented by the requirements of the Swiss FDPIC).

Where the SCCs are incorporated, the parties agree: (a) Module 2 SCCs apply where You are controller and BytePhase is processor; (b) the optional docking clause shall apply; (c) Clause 9(a) Option 2 (general written authorisation for sub-processors with thirty (30) days’ notice) shall apply; (d) Clause 11(a) shall apply without the optional independent dispute resolution body language; (e) Clause 17 (Governing law) shall be governed by the law of the Republic of Ireland; (f) Clause 18 shall designate the courts of Ireland; and (g) Annexes I, II, III are set out in Schedule B.

10. Data Processing Terms

This Section 10 sets out the terms governing the processing of Personal Data by BytePhase as Processor on behalf of the User as Controller. Where any provision conflicts with the SCCs or any equivalent transfer mechanism incorporated under Section 9, the SCCs or such equivalent mechanism shall prevail.

10.1   Scope and Purpose of Processing

BytePhase shall process Customer Data (i) to provide the Services to You; (ii) to comply with applicable law; and (iii) to provide reasonable support and security operations. The duration of processing is the term of these Terms plus any post-termination retention period required by applicable law.

10.2   Documented Instructions

BytePhase shall process Customer Data only on Your documented instructions, constituted by these Terms, the Services configuration in Your Account, and any further written instructions reasonably given by You. BytePhase shall promptly inform You if, in its opinion, an instruction infringes applicable data-protection law.

10.3   Confidentiality of Personnel

BytePhase shall ensure that personnel authorised to process Customer Data are bound by a duty of confidentiality and have received appropriate training in data protection.

10.4   Security Measures

BytePhase shall implement and maintain appropriate technical and organisational measures as set out in Section 8.4 and Schedule B (Annex II of the SCCs).

10.5   Sub-processors

You provide BytePhase with general written authorisation to engage Sub-processors, subject to the following conditions:

  • BytePhase maintains a list of current Sub-processors at www.bytephase.com/legal/sub-processors (or such other URL as may be notified to You from time to time).
  • BytePhase shall give You at least thirty (30) days’ prior notice of the addition or replacement of any Sub-processor.
  • You may object on reasonable data-protection grounds within the notice period. If unresolved, You may terminate the affected portion of the Services without further charge, with a pro-rata refund of any prepaid Subscription Fees attributable to the unused period.
  • BytePhase shall impose on each Sub-processor data-protection obligations no less protective than those set out in this Section 10 and shall remain liable for the acts and omissions of its Sub-processors as if they were its own.

10.6   Assistance with Data Subject Rights

Taking into account the nature of the processing, BytePhase shall, to the extent reasonably possible, assist You by appropriate technical and organisational measures in fulfilling Your obligation to respond to requests for exercising Data Subject rights. If a Data Subject contacts BytePhase directly, BytePhase shall, unless prohibited by law, refer the Data Subject to You and notify You promptly.

10.7   Assistance with DPIA and Prior Consultation

BytePhase shall provide reasonable assistance to You in conducting Data Protection Impact Assessments and in consulting with supervisory authorities, where required by applicable law.

10.8   Return or Deletion of Customer Data

On termination of the Services, and at Your written election within thirty (30) days of termination, BytePhase shall return Customer Data in a commonly used machine-readable format (CSV, JSON, or PDF, as appropriate) or delete all Customer Data. In the absence of an election, BytePhase shall delete Customer Data within ninety (90) days of termination, except where retention is required by applicable law or for the establishment, exercise, or defence of legal claims. Backups containing Customer Data shall be purged in the ordinary course within a further ninety (90) days.

10.9   Audit Rights

BytePhase shall make available all information reasonably necessary to demonstrate compliance with this Section 10. Upon written request, and not more than once in any twelve (12)-month period (except where required by a supervisory authority or following a confirmed Personal Data Breach), BytePhase shall permit an audit of its data-protection practices, subject to: (a) the audit being conducted by You or a qualified independent auditor reasonably acceptable to BytePhase, bound by confidentiality; (b) at least sixty (60) days’ prior written notice, during normal business hours, in a manner that does not unreasonably interfere with operations; (c) BytePhase may satisfy the obligation by providing copies of relevant third-party audit reports (ISO/IEC 27001, SOC 2, or equivalent); and (d) cost borne by You, except where the audit reveals a material breach by BytePhase, in which case BytePhase shall bear the reasonable cost.

11. Sub-processors and Third-Party Services

A current list of Sub-processors is published at www.bytephase.com/legal/sub-processors. The Services may also integrate with, or rely on, third-party services (AWS, payment gateways, SMS gateways, WhatsApp Business Solution Providers, email service providers). Such third-party services are governed by their own terms and privacy policies, and BytePhase shall not be liable for any failure, error, or omission of such third parties beyond what is expressly set out in these Terms.

12. Sanctions, Export Controls, and Anti-Bribery

12.1   Sanctions Compliance

You represent and warrant that You and Your beneficial owners, directors, officers, employees, and authorised users (a) are not located in, organised under the laws of, or ordinarily resident in any country subject to comprehensive sanctions administered by OFAC, the UN Security Council, the EU, HM Treasury, or the Government of India; and (b) are not listed on any sanctions list (including the OFAC SDN List, EU Consolidated List, UK Sanctions List). You shall not use the Services in violation of any applicable sanctions law and shall not permit any sanctioned person to use the Services.

12.2   Export Controls

You shall comply with all applicable export-control laws, including the Foreign Trade (Development and Regulation) Act, 1992 of India, the U.S. Export Administration Regulations (15 CFR Parts 730-774), and Council Regulation (EU) 2021/821. You shall not export, re-export, or transfer the Services to any restricted destination, end-user, or end-use without obtaining all required authorisations.

12.3   Anti-Bribery and Anti-Corruption

Each party shall comply with all applicable anti-bribery and anti-corruption laws, including the Prevention of Corruption Act, 1988 of India, the U.S. Foreign Corrupt Practices Act of 1977, the UK Bribery Act 2010, and the OECD Convention on Combating Bribery of Foreign Public Officials. Neither party shall offer, give, request, or accept any undue financial or other advantage in connection with these Terms.

12.4   Modern Slavery and Human Rights

Each party shall comply with all applicable laws relating to modern slavery and human trafficking, including the UK Modern Slavery Act 2015 and the Australian Modern Slavery Act 2018, and shall take reasonable steps to ensure that operations and supply chain are free from slavery and human trafficking.

13. Confidentiality

Each party agrees to keep confidential any non-public information disclosed by the other party in connection with the Services. Confidential information includes business plans, customer lists, technical information, pricing, security architecture, and any information marked or reasonably understood to be confidential. Each party shall use the other party’s confidential information only for the purposes contemplated by these Terms and shall protect it with at least the same degree of care it uses to protect its own confidential information of like kind, but in no event less than reasonable care. This obligation survives termination for three (3) years, except for trade secrets, which survive indefinitely.

14. Disclaimer and Limitation of Liability

14.1   Disclaimer of Warranties

To the maximum extent permitted by law, the Services and Website are provided on an “as is” and “as available” basis, without any warranty, express or implied, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, accuracy, or uninterrupted operation. BytePhase does not warrant that the Services will meet Your specific requirements, that any defects will be corrected, or that the Services will be free from viruses or other harmful components.

14.2   Exclusion of Indirect Damages

To the maximum extent permitted by law, BytePhase, its directors, officers, employees, affiliates, agents, contractors, and licensors shall not be liable to You or any third party for any indirect, incidental, special, exemplary, punitive, or consequential damages, including loss of profits, loss of revenue, loss of data, loss of goodwill, or business interruption, even if BytePhase has been advised of the possibility of such damages.

14.3   Aggregate Liability Cap

Subject to Section 14.4, the aggregate liability of BytePhase under or in connection with these Terms, whether arising in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total Subscription Fees actually paid by You to BytePhase for the Services during the twelve (12) months immediately preceding the event giving rise to the claim.

14.4   Carve-Outs

Notwithstanding Sections 14.2 and 14.3, the limitations and exclusions in those Sections shall not apply to:

  • BytePhase’s indemnification obligations under Section 15.1 (Intellectual Property Indemnity);
  • BytePhase’s breach of Section 8 (Data Protection) or Section 9 (International Data Protection), where such breach gives rise to regulatory fines payable by You, in which case BytePhase’s aggregate liability shall not exceed two (2) times the cap in Section 14.3;
  • breach of Section 13 (Confidentiality);
  • death or personal injury caused by negligence;
  • fraud, fraudulent misrepresentation, gross negligence, or wilful misconduct;
  • any liability that cannot be excluded or limited under applicable law.

14.5   Statutory Rights

Nothing in these Terms shall exclude or limit any liability or right that cannot be excluded or limited under applicable law, including consumer-protection law.

15. Indemnification

15.1   BytePhase’s IP Indemnity

BytePhase shall defend You against any third-party claim alleging that the Services, as provided by BytePhase and used by You in accordance with these Terms, infringe a patent, copyright, trademark, or trade secret of such third party, and BytePhase shall indemnify You against damages and costs (including reasonable legal fees) finally awarded by a court of competent jurisdiction or agreed in settlement by BytePhase. BytePhase’s indemnification obligation does not apply to claims arising from (a) Customer Data; (b) use in combination with any product or service not provided by BytePhase, where the claim would not have arisen but for such combination; (c) Your modification of the Services; or (d) Your continued use of an allegedly infringing version after BytePhase has provided a non-infringing alternative. If the Services become, or in BytePhase’s reasonable opinion are likely to become, the subject of a claim of infringement, BytePhase may, at its option and expense: (i) procure for You the right to continue using the Services; (ii) modify the Services to make them non-infringing; or (iii) terminate the affected portion of the Services and refund any prepaid Subscription Fees attributable to the unused period. This Section 15.1 states BytePhase’s entire liability and Your sole and exclusive remedy for any claim of intellectual-property infringement.

15.2   Your Indemnity

You agree to indemnify, defend, and hold harmless BytePhase, its directors, officers, employees, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to: (a) Your breach of these Terms; (b) Your violation of any applicable law or third-party right; (c) Customer Data uploaded by You; (d) any communication sent by You or on Your behalf using the Services; or (e) any claim by a Data Subject relating to Your acts or omissions as Controller.

15.3   Indemnification Procedure

The indemnified party shall (a) promptly notify the indemnifying party of the claim; (b) give the indemnifying party sole control of the defence and settlement, provided that no settlement requiring an admission of liability or payment by the indemnified party shall be made without the indemnified party’s consent; and (c) provide reasonable cooperation at the indemnifying party’s expense.

16. Publicity

BytePhase may identify You as a customer and use Your name and logo in marketing materials, on the Website, and in customer lists, subject to Your reasonable trademark guidelines. You may withdraw this permission at any time by written notice to BytePhase.

17. Term and Termination

17.1   Term

These Terms commence on the date You first accept them and continue for so long as You use the Services or have an active Account, unless terminated earlier in accordance with this Section.

17.2   Termination for Convenience

Either party may terminate these Terms by giving the other party at least thirty (30) days’ written notice prior to the end of the then-current billing period.

17.3   Termination for Cause

A party may terminate these Terms with immediate effect by written notice if:

  • the other party breaches a material provision and fails to cure within thirty (30) days of receiving written notice (where the breach is capable of being cured);
  • You fail to pay any undisputed amount within thirty (30) days after the due date and after receiving written notice of non-payment;
  • the other party becomes insolvent, files for bankruptcy, enters into liquidation, or has a receiver appointed;
  • BytePhase determines, on the basis of specific evidence, that Your use of the Services violates applicable law or poses an imminent security threat;
  • a Force Majeure event under Section 20.2 continues for more than ninety (90) days.

17.4   Effect of Termination

Upon termination: (a) You shall immediately cease using the Services; (b) all accrued and outstanding charges shall become immediately due and payable; (c) BytePhase shall return or delete Customer Data in accordance with Section 10.8; and (d) the parties shall comply with continuing obligations under Section 17.5.

17.5   Survival

Provisions of these Terms that by their nature are intended to survive termination shall continue in effect, including (without limitation) Sections 1, 3.4, 8, 9, 10.8, 12, 13, 14, 15, 17.4, 17.5, 18, and 20.

18. Governing Law and Dispute Resolution

18.1   Governing Law

These Terms shall be governed by and construed in accordance with the laws of India, without regard to conflict-of-laws principles, except that: (a) for Users established in the EU/EEA, the SCCs incorporated under Section 9.12 shall be governed by the law of the Republic of Ireland; and (b) the application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.

18.2   Dispute Resolution — Indian Customers

For Users established in India, any dispute, controversy, or claim arising out of or relating to these Terms shall be referred to and finally resolved by arbitration under the Arbitration and Conciliation Act, 1996, before a sole arbitrator appointed by mutual agreement or, failing such agreement within thirty (30) days, appointed in accordance with the said Act. The seat and venue of arbitration shall be Pune, Maharashtra, and the language shall be English. Subject to the foregoing, the courts at Pune, Maharashtra shall have exclusive jurisdiction over any dispute, including any application for interim relief.

18.3   Dispute Resolution — International Customers

For Users established outside India, any dispute, controversy, or claim arising out of or relating to these Terms shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre (SIAC) in accordance with the SIAC Rules in force at the time. The seat of arbitration shall be Singapore. The tribunal shall consist of one (1) arbitrator. The language shall be English. The arbitral award shall be final and binding, and judgment may be entered in any court of competent jurisdiction. Either party may seek interim or conservatory measures from any court of competent jurisdiction.

18.4   Consumer Disputes

Nothing in this Section 18 shall prevent a Data Subject or consumer from exercising any non-waivable right to pursue a claim in their local courts or before a relevant supervisory or consumer-protection authority, where such right exists under applicable law.

19. Grievance Redressal and Data Protection Contacts

19.1   Grievance Officer (India — IT Rules 2021)

  • Designation: Grievance Officer
  • Email: support@bytephase.com
  • Telephone: 9970022111

The Grievance Officer shall acknowledge complaints within twenty-four (24) hours and shall endeavour to resolve them within fifteen (15) days of receipt.

20. General Provisions

20.1   Assignment

You may not assign or transfer Your rights or obligations under these Terms without Our prior written consent. BytePhase may assign these Terms to any affiliate or in connection with a merger, acquisition, corporate restructuring, or sale of all or substantially all of its assets.

20.2   Force Majeure

Neither party shall be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including acts of God, war, terrorism, civil unrest, pandemics, government actions, internet or telecommunications failures, cyber-attacks, or labour disputes. The affected party shall promptly notify the other party and shall use reasonable efforts to mitigate. If the Force Majeure event continues for more than ninety (90) days, either party may terminate.

20.3   Severability

If any provision is held to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it enforceable while preserving its original intent.

20.4   Waiver

The failure of either party to enforce any right or provision shall not be deemed a waiver. No waiver shall be effective unless made in writing and signed by an authorised representative of the waiving party.

20.5   Entire Agreement

These Terms (together with the Privacy Policy, the Sub-processor list, and any order forms or specific terms agreed in writing) constitute the entire agreement between You and BytePhase regarding the Services and supersede all prior or contemporaneous agreements, understandings, or representations on the subject matter.

20.6   No Partnership

Nothing in these Terms creates any agency, partnership, joint venture, employment, or fiduciary relationship between You and BytePhase.

20.7   Notices

All notices to BytePhase must be sent by email to legal@bytephase.com or by registered post to Our registered office address. Notices to You will be sent to the email address registered with Your Account or by general notification on the Website.

20.8   Language

These Terms are drawn up in English. Any translation provided is for convenience only, and the English version shall prevail in the event of conflict.

20.9   Counterparts and Electronic Acceptance

These Terms may be accepted by clicking “I agree” or any equivalent mechanism, which shall be deemed to constitute Your signature for the purposes of the Indian Information Technology Act, 2000, the EU eIDAS Regulation, the U.S. Electronic Signatures in Global and National Commerce Act, and other applicable electronic-signature laws.

21. Contact Us

For any questions, concerns, or feedback regarding these Terms or the Services, please contact:

BytePhase Technologies Private Limited

Office 402, Speciality Business Centre, 4th Floor, Opp. SKP Campus, Moze College Road, Balewadi, Pune – 411045, Maharashtra, India

Pune, Maharashtra 411027, India

  • CIN: U72900PN2020PTC192751
  • GSTIN: 27AAJCB1677J1ZC
  • General: support@bytephase.com
  • Website: www.bytephase.com

Schedule A — Service Level Agreement (SLA)

A.1   Uptime Commitment

BytePhase shall use commercially reasonable efforts to ensure that the Services are available at least ninety-nine point five percent (99.5%) of the time in any given calendar month, measured from BytePhase’s monitoring systems and excluding the Excluded Downtime defined in Section A.2.

A.2   Definitions

  • “Monthly Uptime Percentage” means: ((Total Minutes in Month − Downtime Minutes) / Total Minutes in Month) × 100, excluding Excluded Downtime.
  • “Downtime” means any period during which the core Services are wholly unavailable to You due to a fault attributable to BytePhase, as confirmed by BytePhase’s monitoring systems.
  • “Excluded Downtime” means downtime arising from: (a) scheduled maintenance announced at least forty-eight (48) hours in advance; (b) emergency maintenance for security or stability; (c) Force Majeure; (d) acts or omissions of You or Your users; (e) issues with third-party services or networks not under BytePhase’s direct control; (f) suspension or termination of the Services in accordance with these Terms.

A.3   Service Credits

If the Monthly Uptime Percentage falls below the commitment in Section A.1, You shall be entitled, on written request submitted within thirty (30) days of the end of the affected month, to a service credit calculated as follows:

Monthly Uptime Percentage Service Credit
Less than 99.5% but ≥ 99.0% 5% of monthly Subscription Fees
Less than 99.0% but ≥ 95.0% 10% of monthly Subscription Fees
Less than 95.0% 25% of monthly Subscription Fees

Service credits shall be applied against future Subscription Fees and shall not be redeemable for cash. Service credits are Your sole and exclusive remedy for any failure to meet the SLA, except where such failure constitutes a material breach giving rise to a right of termination under Section 17.3.

Schedule B — Data Processing Particulars and Security Measures

B.1   List of Parties

  • Data Exporter (Controller): the User identified in the Account.
  • Data Importer (Processor): BytePhase Technologies Private Limited, Part II, Wing B, Flat No. 14, Saisneh Park, Old Sangvi, Pune, Maharashtra 411027, India.

B.2   Description of Transfer

  • Categories of Data Subjects: the User’s end-customers, employees, and authorised users of the Services.
  • Categories of Personal Data: contact information (name, address, email, telephone), device information (model, IMEI, serial number, images), repair-job details, payment information, optional bank details and tax identifiers, and any other Personal Data the User chooses to upload.
  • Special categories of data: the User shall not upload special-category data except as expressly permitted under Section 8.2.
  • Frequency of transfer: continuous, on a transactional basis, for the duration of the User’s subscription.
  • Nature of processing: hosting, storage, transmission, display, backup, support, and analytics necessary to provide the Services.
  • Purpose of processing: to provide the cloud-based repair-shop management Services to the User.
  • Duration of processing: for the duration of the User’s subscription, plus the retention period set out in Section 10.8.

B.3   Competent Supervisory Authority

For Users established in the EU/EEA, the competent supervisory authority shall be determined in accordance with Clause 13 of the SCCs. For Users established in the UK, the competent supervisory authority is the Information Commissioner’s Office.

B.4   Technical and Organisational Security Measures

BytePhase has implemented the following technical and organisational measures (full details available on request, subject to confidentiality):

  • Encryption of Personal Data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
  • Role-based access control, multi-factor authentication for administrative access, and the principle of least privilege.
  • Network segmentation, firewalls, intrusion detection, and continuous monitoring.
  • Periodic vulnerability scans and penetration testing.
  • Logging and audit trails for security-relevant events.
  • Regular backups, with tested restore procedures and a documented business-continuity / disaster-recovery plan.
  • Secure software development life cycle, code review, and dependency scanning.
  • Mandatory data-protection and security training for personnel; written confidentiality undertakings.
  • Vendor risk management for Sub-processors, including due-diligence and contractual data-protection obligations.
  • Incident-response procedures aligned with the seventy-two (72)-hour breach-notification commitment in Section 8.6.

B.5   Sub-processors

Categories of Sub-processors include cloud hosting (Amazon Web Services), email and messaging providers, payment processors, customer-support tooling, and analytics.