1. INTRODUCTION
ServerSage CloudTech Pvt. Ltd. ("ServerSage", "Company", "we", "our", or "us") is committed to protecting the privacy and security of the personal and business information entrusted to us by our customers, resellers, partners, vendors, visitors, and users of our services.
This Privacy Policy explains how we collect, use, process, store, disclose, transfer, retain, and protect information when you use our website, customer portal, reseller portal, cloud infrastructure, hosting services, managed IT services, business applications, or communicate with us.
This Policy has been prepared in accordance with applicable laws of India including, where applicable:
- Information Technology Act, 2000
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- Digital Personal Data Protection Act, 2023 (DPDP Act)
- CERT-In Directions
- Applicable RBI and Payment Aggregator requirements
- Other applicable laws and regulations.
2. OUR COMPANY DETAILS
Company Name
ServerSage CloudTech Pvt. Ltd.
Registered Office
- HD-102, 13th Floor
- WeWerk 247 Park
- Lal Bahadur Shastri Road
- Gandhi Nagar
- Vikhroli West
- Mumbai – 400079
- Maharashtra
- India
CIN
U62011MH2023PTC414675
GSTIN
- 27ABMCS2111C1ZQ
- Support Email
- support@serversage.com
- Privacy Officer
- privacy@serversage.com
- Legal
- legal@serversage.com
- Website
- https://www.serversage.com
3. SCOPE OF THIS POLICY
This Privacy Policy applies to:
- Visitors to our website
- Customers
- Resellers
- Partners
- Vendors
- Job applicants
- Authorized Users
- Employees using customer portals
- Individuals contacting our support team
- Individuals participating in sales discussions
- Individuals completing KYC or eKYC verification
This Policy applies whether information is collected through:
- Website
- Customer Portal
- Support Portal
- Mobile devices
- Telephone
- Live Chat
- Sales Meetings
- Support Tickets
- API Integrations
- Payment Gateways
4. SERVICES COVERED
This Privacy Policy applies to all ServerSage services including but not limited to:
- Cloud Hosting
- VPS Hosting
- Windows VPS
- Linux VPS
- Dedicated Servers
- Bare Metal Servers
- GPU Servers
- Tally on Cloud
- Cloud Backup
- Disaster Recovery
- Business Email Hosting
- Microsoft 365
- Google Workspace
- SSL Certificates
- Domain Registration
- Managed Services
- Infrastructure Monitoring
- Professional Services
- Migration Services
- Remote Desktop Hosting
- File Sharing Services
- Colocation Services
- Network Services
5. INFORMATION WE COLLECT
Depending upon the services you use, we may collect the following categories of information.
Personal Information
- Full Name
- Company Name
- Designation
- Email Address
- Mobile Number
- Office Telephone
- Billing Address
- Shipping Address
- Country
- State
- City
- Postal Code
Business Information
- GST Number
- Company Registration Number
- CIN
- PAN
- Authorized Signatory
- Purchase Orders
- Billing Contacts
- Technical Contacts
Technical Information
- IP Address
- Browser Type
- Device Type
- Operating System
- Login History
- User Activity
- Server Logs
- Firewall Logs
- Authentication Logs
- API Requests
- Error Logs
Payment Information
When making payments we may collect
- Invoice Number
- Transaction ID
- Payment Status
- Bank Reference
- Payment Gateway Reference
- UPI Transaction Reference
We do not intentionally store:
- Credit Card Numbers
- Debit Card Numbers
- CVV
- UPI PIN
- Internet Banking Passwords
Such information is processed directly by RBI-compliant payment service providers.
6. CUSTOMER KYC & eKYC
To protect our infrastructure and comply with legal, contractual, anti-fraud, cybersecurity and regulatory requirements, ServerSage may require Know Your Customer (KYC) or electronic Know Your Customer (eKYC) verification before activating, renewing or continuing certain services.
Depending on the type of customer and services requested, we may collect and verify one or more of the following:
- Permanent Account Number (PAN)
- Aadhaar verification through legally permitted and authorized verification mechanisms
- GSTIN
- Certificate of Incorporation
- Partnership Deed
- LLP Registration Certificate
- Trust Registration
- Government-issued identity documents
- Address proof
- Authorized signatory details
- Board Resolution or Authorization Letter (where applicable)
Identity verification information is collected solely for legitimate business purposes such as fraud prevention, account security, contractual compliance, customer identification, service eligibility and compliance with applicable laws.
Where Aadhaar-based verification is used, it will be performed only through legally authorized methods and with the customer's consent where required by law. ServerSage does not require customers to send full Aadhaar details over unsecured communication channels such as ordinary email or chat.
ServerSage reserves the right to request additional verification information where necessary and may delay, suspend or refuse activation of services if identity cannot be satisfactorily verified or if submitted information appears inaccurate, incomplete or fraudulent.
7. HOW WE COLLECT INFORMATION
ServerSage may collect information directly from you, automatically through your use of our services, or from trusted third-party sources where permitted by law.
7.1 Information You Provide
Information may be collected when you:
- Register an account
- Request a quotation
- Purchase a service
- Submit KYC documentation
- Open a support ticket
- Contact our sales team
- Participate in surveys
- Subscribe to newsletters
- Apply for reseller programs
- Attend webinars or events
- Request technical assistance
7.2 Automatically Collected Information
When you access our website or services, we may automatically collect:
- Browser information
- Device identifiers
- Operating system
- Language preferences
- Session identifiers
- IP addresses
- Login timestamps
- Authentication events
- User activity logs
- Diagnostic information
- Performance metrics
- Security logs
7.3 Third-Party Sources
We may receive information from:
- Payment gateway providers
- Credit verification agencies (where applicable)
- Government databases where legally permitted
- Fraud prevention partners
- Domain registrars
- Identity verification service providers
- Business verification services
- Publicly available company records
8. PURPOSE OF COLLECTING INFORMATION
ServerSage collects personal and business information only for legitimate business purposes.
These include:
Account Creation
- Creating customer accounts
- Managing subscriptions
- Maintaining reseller accounts
- Managing administrative users
Service Delivery
- Provisioning cloud infrastructure
- Deploying VPS
- Configuring Dedicated Servers
- Providing Managed Services
- Activating Backup Services
- Email hosting setup
- Microsoft 365 provisioning
- Google Workspace provisioning
Billing
- Invoice generation
- GST compliance
- Payment reconciliation
- Subscription renewals
- Credit notes
- Refund processing
Technical Support
- Resolving support requests
- Monitoring service health
- Investigating incidents
- Remote troubleshooting
- Security investigations
Security
- Preventing fraud
- Preventing identity theft
- Detecting suspicious activities
- Detecting unauthorized access
- Detecting malware
- Detecting abuse
- Protecting customer infrastructure
Legal Compliance
- Tax compliance
- Regulatory compliance
- Court orders
- Law enforcement requests
- CERT-In obligations (where applicable)
- Contractual obligations
9. LEGAL BASIS FOR PROCESSING
Where required by applicable law, ServerSage processes personal information on one or more of the following legal bases:
- Customer consent
- Performance of a contract
- Compliance with legal obligations
- Protection of legitimate business interests
- Fraud prevention
- Security monitoring
- Establishment, exercise, or defence of legal claims
10. PAYMENT PROCESSING
Payments made to ServerSage may be processed through authorized payment service providers including payment gateways, banks, and financial institutions.
Payment processing may involve:
- Credit Cards
- Debit Cards
- UPI
- Net Banking
- NEFT
- RTGS
- IMPS
- International Cards
- SWIFT Transfers (where applicable)
Payment information is processed securely by the respective payment service provider. ServerSage does not knowingly store sensitive authentication data such as CVV, card PINs, UPI PINs, or Internet Banking passwords.
Payment providers may independently collect and process information in accordance with their own privacy policies.
11. COOKIES
ServerSage uses cookies and similar technologies to improve website functionality and user experience.
Cookies help us:
- Remember login sessions
- Maintain user preferences
- Improve website performance
- Analyse website traffic
- Enhance security
- Prevent fraudulent access
- Measure marketing effectiveness
Cookies do not generally identify individuals directly but may be associated with user accounts when necessary to provide services.
Users may control cookie settings through their browser preferences. Disabling cookies may affect certain website features.
12. WEBSITE ANALYTICS
We may use analytics tools to understand how visitors interact with our website.
Analytics information may include:
- Pages visited
- Time spent on pages
- Device information
- Browser type
- Country
- Referral source
- Navigation patterns
- Website performance
Analytics data is primarily used to improve our website, products, documentation, and customer experience.
13. EMAIL COMMUNICATIONS
ServerSage may send emails relating to:
- Service activation
- Invoice generation
- Payment reminders
- Renewal notices
- Security alerts
- Incident notifications
- Maintenance notifications
- Support updates
- Product announcements
- Policy updates
Customers may unsubscribe from promotional communications where legally permitted. However, operational, billing, legal, and security communications may continue as they are necessary for providing the Services.
14. CUSTOMER SUPPORT RECORDS
When you contact our support team, we may record and retain information including:
- Support tickets
- Email correspondence
- Live chat transcripts
- Telephone call details (where applicable)
- Remote support session logs
- Diagnostic information
- Screenshots provided by the customer
- Files voluntarily uploaded for troubleshooting
This information helps us resolve issues, improve support quality, maintain audit trails, and ensure service continuity.
15. SERVER LOGS
To maintain the security, availability, and integrity of our infrastructure, ServerSage may collect and retain operational logs generated by our systems.
These logs may include:
- Authentication logs
- System logs
- Firewall logs
- VPN logs
- Web server logs
- Mail server logs
- API access logs
- Database access logs
- Security event logs
- Infrastructure monitoring logs
Operational logs are used for system administration, performance monitoring, troubleshooting, incident response, fraud prevention, and compliance with applicable legal obligations.
16. INFORMATION SHARING AND DISCLOSURE
ServerSage values customer trust and does not sell or rent personal information to third parties for their independent marketing purposes.
We may disclose or share information only in the circumstances described below.
16.1 Service Providers
We may share information with carefully selected service providers who assist us in delivering our services, including:
- Payment Gateway Providers
- Banking Partners
- Identity Verification Providers
- Cloud Infrastructure Providers
- Domain Registrars
- SSL Certificate Authorities
- Email Delivery Providers
- SMS Service Providers
- Customer Support Platforms
- Monitoring Platforms
- Security Service Providers
- Accounting and Auditing Firms
Such service providers are contractually required to protect the confidentiality and security of customer information and may use it only for the purposes for which it has been shared.
16.2 Legal Requirements
We may disclose customer information where required by:
- Applicable laws
- Court Orders
- Government Authorities
- Law Enforcement Agencies
- Regulatory Authorities
- CERT-In Directions
- Tax Authorities
- Financial Regulators
ServerSage will only disclose information that is reasonably necessary to comply with such legal obligations.
16.3 Business Transfers
If ServerSage undergoes:
- Merger
- Acquisition
- Corporate Restructuring
- Business Transfer
- Asset Sale
- Insolvency Proceedings
customer information may be transferred to the successor organization subject to appropriate confidentiality and security obligations.
16.4 Protection of Rights
We may disclose information where necessary to:
- Protect customer accounts
- Prevent fraud
- Investigate abuse
- Enforce agreements
- Protect intellectual property
- Respond to cyber incidents
- Defend legal claims
- Protect public safety
17. DATA RETENTION
ServerSage retains information only for as long as necessary to fulfil the purposes described in this Policy or to comply with applicable legal, contractual, accounting, taxation, security, and regulatory requirements.
Typical retention periods may include:
Information Type
Typical Retention
- Customer Account Information
- Duration of relationship + legal retention period
- Billing Records
- As required under applicable tax laws
- GST Records
- As required under GST regulations
- Support Tickets
- Up to 7 years
- Server Logs
- Based on operational and security requirements
- Security Logs
- As required for security monitoring
- KYC Documents
- As required by law or business necessity
- Contracts
- During contract term and applicable limitation periods
Retention periods may be extended where required by legal proceedings, investigations, audits, or regulatory directions.
18. DATA SECURITY
Protecting customer information is a core responsibility of ServerSage.
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, destruction, or misuse.
Our security measures may include:
- Role-Based Access Control (RBAC)
- Multi-Factor Authentication (MFA)
- Strong Password Policies
- Encryption of sensitive data where appropriate
- Secure Data Centres
- Firewalls
- Intrusion Detection and Prevention Systems
- Endpoint Protection
- Anti-Malware Solutions
- Continuous Infrastructure Monitoring
- Security Event Logging
- Backup and Disaster Recovery
- Vulnerability Management
- Patch Management
- Secure Development Practices
- Employee Confidentiality Obligations
Although we strive to maintain industry-standard security practices, no system connected to the Internet can be guaranteed to be completely secure.
Customers are encouraged to implement appropriate security controls within their own environments.
19. CUSTOMER RESPONSIBILITIES
Customers are responsible for:
- Protecting account credentials
- Maintaining strong passwords
- Enabling Multi-Factor Authentication where available
- Keeping contact information up to date
- Maintaining their own backups unless managed backup services have been purchased
- Promptly reporting suspected unauthorized access
- Ensuring authorized users comply with applicable policies
- Protecting confidential information stored within their own systems
Failure to implement appropriate security practices may increase the risk of unauthorized access for which ServerSage may not be responsible.
20. CROSS-BORDER DATA TRANSFERS
Certain services offered by ServerSage may involve processing or storage of information outside India where customers choose infrastructure located in other jurisdictions or where trusted service providers operate internationally.
Where cross-border processing occurs, ServerSage will take reasonable measures to ensure that appropriate contractual, organizational, and technical safeguards are implemented consistent with applicable legal requirements.
21. CUSTOMER RIGHTS
Subject to applicable law, customers may request:
- Access to their personal information
- Correction of inaccurate information
- Updating account details
- Withdrawal of consent where processing is based on consent
- Deletion of information where legally permissible
- Restriction of processing in appropriate circumstances
- Information regarding categories of personal data processed
Certain requests may be declined where ServerSage is legally required to retain information or where doing so would adversely affect the rights of other individuals or the security of our services.
Requests may be submitted to:
privacy@serversage.com
22. THIRD-PARTY WEBSITES
Our website may contain links to websites operated by third parties.
ServerSage is not responsible for the privacy practices, security measures, or content of such external websites.
Customers are encouraged to review the privacy policies of third-party websites before providing personal information.
23. CHILDREN'S PRIVACY
ServerSage services are intended primarily for businesses and individuals who are legally capable of entering into binding contracts.
We do not knowingly collect personal information directly from children without appropriate legal authorization.
If we become aware that personal information has been collected from a child in violation of applicable law, reasonable steps will be taken to delete such information.
24. CHANGES TO THIS PRIVACY POLICY
ServerSage may revise this Privacy Policy periodically to reflect:
- Changes in applicable law
- New products and services
- Security improvements
- Business operations
- Regulatory requirements
- Customer feedback
Updated versions will be published on our website with a revised "Effective Date."
Continued use of the Services after publication of the revised Policy constitutes acceptance of the updated Privacy Policy.
25. CONTACT INFORMATION
For questions, requests, or concerns regarding this Privacy Policy or the processing of personal information, please contact:
Privacy OfficerServerSage CloudTech Pvt. Ltd.HD-102, 13th Floor, WeWerk 247 Park,Lal Bahadur Shastri Road, Gandhi Nagar,Vikhroli West, Mumbai – 400079, Maharashtra, India
Email: privacy@serversage.comLegal: legal@serversage.comSupport: support@serversage.com
Website: https://www.serversage.com
26. GOVERNING LAW
This Privacy Policy shall be governed by and construed in accordance with the laws of India.
Any disputes arising out of or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts located in Mumbai, Maharashtra, India, unless otherwise required by applicable law.