Legal
Privacy Policy
Effective date: 1 April 2025 · Last updated: 17 April 2026 ·
NetShine Technologies Pvt. Ltd.
Plain-language summary: We collect only what we need to provide our hospitality software platform. We never sell your data. You have full rights over your information under Indian law (DPDP Act 2023). This policy explains exactly what we collect, why, and how you can control it.
Who we are
NetShine Technologies Pvt. Ltd. ("NetShine", "we", "us", "our") operates the NetShine ONE hospitality operating cloud platform, available at www.netshine.one. We provide cloud-based property management, channel management, direct booking, pricing intelligence, and guest engagement software to hotels, resorts, restaurants, and hospitality groups.
For the purposes of the Digital Personal Data Protection Act, 2023 (DPDP Act), NetShine Technologies Pvt. Ltd. is the Data Fiduciary for personal data collected through our website and platform.
What data we collect
We collect personal data in two ways — data you give us directly, and data collected automatically when you use our website or platform.
Data you provide directly:
- Name, email address, phone number — when you fill in a contact, demo, or enquiry form
- Property name, city, and role — to route your enquiry to the right team
- Billing and payment details — processed securely through Razorpay or other payment gateways; we do not store card numbers
- Messages and notes — any information you include in enquiry or support forms
Data collected automatically:
- IP address and approximate location (city/country level)
- Browser type, device type, and operating system
- Pages visited, time spent, and navigation patterns (via Google Analytics)
- Cookies — explained in detail in the Cookies section below
Data from hotel operations (for platform customers):
- Guest reservation data uploaded by hotels — names, contact details, stay history
- This data is processed on behalf of the hotel (who is the Data Fiduciary for their guests) — NetShine acts as a Data Processor for this data
Why we collect it (lawful basis)
Under the DPDP Act 2023, we process your personal data only when we have a valid lawful basis:
- Your consent — for marketing emails, cookies, and non-essential communications. You can withdraw consent at any time.
- Contractual necessity — to create and manage your account, provide the NetShine ONE platform, and process payments
- Legitimate interest — to improve our platform, prevent fraud, and respond to security incidents
- Legal obligation — to comply with GST, income tax, and other applicable Indian laws
How we use your data
- To respond to your demo or enquiry request
- To create and manage your NetShine ONE account and subscription
- To deliver the platform services you have contracted for
- To send product updates, feature announcements, and support communications (you can unsubscribe any time)
- To improve our platform based on usage patterns and feedback
- To comply with GST invoicing and statutory financial reporting requirements
- To detect and prevent fraud, abuse, or security incidents
Who we share data with
We do not sell your personal data. We share it only with trusted service providers who help us operate:
- Mailgun — email delivery for transactional and marketing emails
- Google Analytics — anonymised website usage analytics
- Razorpay / payment gateways — secure payment processing
- DigitalOcean — cloud infrastructure and data hosting (data stored in India/Singapore regions)
- Google Workspace — internal team communication and document storage
All third-party processors are bound by data processing agreements and are required to handle your data in compliance with applicable law.
We may disclose personal data if required by Indian law, a court order, or government authority — we will notify you where legally permitted to do so.
Data storage and security
Your data is stored on secure cloud servers. We use the following measures to protect it:
- TLS/SSL encryption for all data in transit
- Encrypted storage for sensitive credentials
- Role-based access controls — only staff who need access to your data have it
- Regular security audits and vulnerability assessments
- Incident response procedures in case of a breach
In the event of a data breach that is likely to harm you, we will notify you and the relevant authorities as required under the DPDP Act 2023.
How long we keep your data
- Enquiry / contact data — up to 2 years from last interaction, unless you ask us to delete it sooner
- Customer account data — for the duration of your subscription and 3 years after termination, for statutory compliance
- GST and billing records — 8 years, as required under the GST Act
- Website analytics data — 26 months (Google Analytics default, anonymised)
Cookies
We use cookies to make our website work correctly and to understand how visitors use it. Here is what we use:
- Essential cookies — required for the website to function (session management, form security). Cannot be switched off.
- Analytics cookies — Google Analytics, to understand page visits and improve content. These are anonymised and you can opt out via browser settings or the Google Analytics opt-out browser add-on.
We do not use advertising cookies or sell cookie data to third parties. You can manage cookies in your browser settings at any time.
Your rights under Indian law (DPDP Act 2023)
As a data principal (person whose data we hold), you have the following rights:
- Right to access — request a summary of the personal data we hold about you
- Right to correction — ask us to correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data (subject to legal retention requirements)
- Right to withdraw consent — for any processing based on your consent, you can withdraw at any time without affecting prior processing
- Right to grievance redressal — raise a complaint with our Data Protection Officer and get a response within 30 days
- Right to nominate — nominate another person to exercise your rights on your behalf in case of death or incapacity
To exercise any of these rights, contact us at privacy@netshine.one. We will respond within 30 days.
Data of minors
Our platform is designed for business use by hospitality professionals. We do not knowingly collect personal data from anyone under 18 years of age. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.
Cross-border data transfers
Some of our service providers (Mailgun, Google Analytics) may process data outside India. Where this occurs, we ensure adequate safeguards are in place through contractual clauses and compliance with applicable data transfer regulations under the DPDP Act 2023.
Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top and notify active customers by email. We encourage you to review this page periodically.
Contact us
For any privacy-related questions, requests, or complaints:
You also have the right to lodge a complaint with the Data Protection Board of India once operational under the DPDP Act 2023.
