Privacy Policy

Last updated: January 29, 2026

1. Introduction

Welcome to Atlas, a subscription management platform operated by Droot Consulting Private Limited ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Atlas, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring the security of your personal information.

Company Information:
Droot Consulting Private Limited
Product: Atlas
Email: info@droot.in

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Name and email address
  • Password (stored using secure hashing algorithms)
  • Company name and business information
  • Contact details

2.2 Customer Data

As a tenant using Atlas, you may input customer information including:

  • Customer names, email addresses, and phone numbers
  • Billing and shipping addresses
  • Tax identification numbers (GSTIN, PAN, VAT, etc.)
  • Company information
  • Payment preferences

This customer data is stored securely and is isolated per tenant. We act as a data processor for this information on your behalf.

2.3 Payment Information

Payment processing is handled by third-party payment gateways (Razorpay and PayU). We do not store full credit card numbers or complete payment card details. Payment information is encrypted and processed securely through our payment gateway partners in compliance with PCI DSS standards.

2.4 Usage Data and Analytics

We collect information about how you use Atlas, including:

  • Feature usage and interactions
  • API usage and performance metrics
  • Error logs and debugging information
  • Device information and browser type
  • IP addresses and location data

2.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns
  • Improve service performance

You can control cookies through your browser settings, though this may affect service functionality.

2.6 API Usage Data

When you use our API, we collect:

  • API key identifiers (hashed)
  • Request timestamps and endpoints accessed
  • Response codes and performance metrics
  • IP addresses of API requests

3. How We Use Information

3.1 Service Provision

We use your information to:

  • Provide and maintain the Atlas platform
  • Process transactions and manage subscriptions
  • Generate invoices and handle billing
  • Manage multi-tenant data isolation
  • Authenticate users and manage access

3.2 Multi-Tenant Data Isolation

Atlas uses a multi-tenant architecture where each organization's data is isolated using tenant IDs. We implement strict access controls to ensure data separation and prevent cross-tenant data access.

3.3 Payment Processing

Payment information is processed securely through our payment gateway partners (Razorpay and PayU). We facilitate payment transactions but do not store complete payment card information.

3.4 Communication

We use your contact information to:

  • Send service-related notifications
  • Respond to your inquiries and support requests
  • Send important updates about the service
  • Send marketing communications (with your consent)

3.5 Analytics and Improvements

We analyze usage data to:

  • Improve service functionality and performance
  • Identify and fix bugs
  • Develop new features
  • Understand user needs and preferences

4. Data Sharing and Disclosure

4.1 Payment Gateway Partners

We share payment information with our payment gateway partners (Razorpay and PayU) to process transactions. These partners are PCI DSS compliant and handle payment data according to their own privacy policies.

4.2 Service Providers

We may share information with trusted service providers who assist in operating our platform:

  • MongoDB: Database hosting and management
  • Resend: Email delivery services
  • Hosting providers: Infrastructure and cloud services

These providers are contractually obligated to protect your information and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Court orders or legal processes
  • Government requests
  • Enforcement of our Terms of Service
  • Protection of rights, property, or safety

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership.

5. Data Storage and Security

5.1 Encryption

We implement multiple layers of encryption:

  • Encryption at Rest: Sensitive data is encrypted using AES-256-CBC encryption
  • Encryption in Transit: All data transmission uses HTTPS/TLS protocols
  • API Keys: Stored using SHA-256 hashing
  • Passwords: Stored using bcrypt hashing algorithms

5.2 Database Security

Our MongoDB database is secured with:

  • Access controls and authentication
  • Network isolation and firewalls
  • Regular security updates
  • Backup and disaster recovery procedures

5.3 Multi-Tenant Isolation

We ensure data isolation through:

  • Tenant ID filtering on all queries
  • Role-based access control (RBAC)
  • Middleware enforcement of tenant boundaries
  • Regular security audits

5.4 Security Measures

We maintain security through:

  • Regular security assessments
  • Vulnerability scanning and patching
  • Incident monitoring and response
  • Employee security training
  • Audit logging of system access

6. Data Retention

6.1 Account Data

We retain your account information for as long as your account is active or as needed to provide services. After account termination, we may retain certain information for legal, regulatory, or business purposes.

6.2 Customer Data

Customer data managed through Atlas is retained according to your instructions and business needs. You control the retention period for customer data within your tenant account.

6.3 Payment Records

Payment transaction records are retained for a minimum of 7 years as required by Indian tax and accounting regulations.

6.4 Deletion Requests

You may request deletion of your data at any time. We will honor such requests subject to legal and regulatory requirements. Some data may be retained in anonymized form for analytics purposes.

7. Your Rights

Under Indian IT Act and GDPR (where applicable), you have the following rights:

7.1 Right to Access

You have the right to request access to your personal information and receive a copy of the data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

7.3 Right to Erasure

You have the right to request deletion of your personal information, subject to legal and regulatory requirements.

7.4 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

7.5 Right to Object

You can object to processing of your personal information for certain purposes, such as direct marketing.

7.6 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

7.7 Exercising Your Rights

To exercise any of these rights, please contact us at info@droot.in. We will respond to your request within 30 days.

8. Cookies and Tracking

8.1 Types of Cookies

We use the following types of cookies:

  • Essential Cookies: Required for service functionality
  • Authentication Cookies: Maintain your login session
  • Preference Cookies: Remember your settings
  • Analytics Cookies: Help us understand usage patterns

8.2 Cookie Management

You can manage cookies through your browser settings. Disabling cookies may affect service functionality.

9. International Data Transfers

Your data may be stored and processed in servers located outside India. We ensure appropriate safeguards are in place for international data transfers, including:

  • Standard contractual clauses
  • Adequacy decisions where applicable
  • Compliance with applicable data protection laws

By using Atlas, you consent to the transfer of your information to facilities located outside India.

10. Children's Privacy

Atlas is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Grievance Officer

In accordance with Indian IT Rules, 2011, we have appointed a Grievance Officer. For any privacy-related concerns or complaints, please contact:

Grievance Officer
Droot Consulting Private Limited
Email: info@droot.in
Response Time: Within 30 days

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending email notifications for significant changes

Your continued use of Atlas after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Droot Consulting Private Limited
Email: info@droot.in
Address: 508, AVS City Square, Rajnagar Extension, Ghaziabad, Uttar Pradesh, India - 201017

Privacy PolicyTerms & ConditionsSecurity PolicyHome