Skip to Content

Privacy Policy | Zenshift


Effective Date: June 20, 2025

1. Introduction

Zenshift (“we,” “us,” or “our”) is committed to protecting the privacy of clients, website visitors, and other users who interact with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) in India.

2. Scope and Applicability

This Policy applies to all personal data collected by Zenshift through our website, client onboarding processes, marketing activities, and any communication channels (email, phone, chat). It covers “Data Principals” (individuals to whom the data relates) and “Data Fiduciaries” (entities processing the data) as defined under the DPDP Act.

3. Categories of Data Collected

  • Personal Identification Information: Name, email address, phone number, organization, billing address.
  • Technical Data: IP address, browser type, operating system, device identifiers, and usage logs collected via cookies and similar technologies.
  • Transactional Data: Billing information, payment transaction records, service usage history.
  • Communications Data: Correspondence records and content of inquiries made to our support or sales teams.

4. Legal Basis for Processing

Under the DPDP Act, we process personal data based on:

  • Consent: Explicit permission obtained during onboarding.
  • Contractual Necessity: Processing to perform contractual obligations (e.g., billing, service delivery).
  • Legal Compliance: To comply with Indian laws (e.g., GST requirements, IT Act).
  • Legitimate Interests: For fraud prevention, marketing analysis, and improving service quality.

5. Purposes of Processing

  • To onboard and manage client accounts.
  • To communicate updates, newsletters, and promotional offers (with opt-out option).
  • To analyze service usage for performance monitoring and improvement.
  • To comply with statutory obligations (e.g., tax filings, record retention).
  • To manage billing, invoicing, and refund requests.

6. Data Sharing and Disclosure

  • Within Zenshift: Shared with authorized employees (sales, billing, technical) on a need-to-know basis.
  • Third-Party Service Providers: Razorpay, Stripe, AWS, Google Cloud, email platforms.
  • Legal Authorities: Disclosed to comply with court orders, investigations, or regulatory requirements.
  • Marketing Partners: Shared only if explicit consent is obtained.

7. Data Retention

  • Client Data: Retained for the duration of engagement plus 7 years.
  • Marketing Data: Retained until consent is withdrawn or up to 3 years.
  • Usage Logs: Retained for 12 months.

8. Data Security Measures

  • SSL/TLS encryption for data in transit.
  • Encryption of sensitive data at rest.
  • Role-based access and multi-factor authentication.
  • Regular security assessments and patch management.

9. Rights of Data Principals

  • Access, rectify, erase, restrict processing.
  • Withdraw consent.
  • Lodge complaints with the Data Protection Board of India.

10. Cookies and Tracking Technologies

We use cookies for user experience, traffic analysis, and targeted marketing. Manage cookies via browser settings. Third-party cookies are governed by their privacy policies.

11. Cross-Border Data Transfers

Personal data may be transferred to cloud servers outside India (e.g., AWS, Google Cloud) under safeguards compliant with DPDP Act.