Privacy Policy

This Privacy Notice explains how Multistar Holdings Pvt Ltd (“Multistar”, “we”, “us”, or “our”) collects, uses, discloses, retains, and otherwise processes personal data in connection with the MultiSense industrial monitoring, diagnostics, and predictive-maintenance platform, including related devices, dashboards, websites, applications, APIs, and support channels.

This Privacy Notice is intended to function as an itemised notice for the purposes of applicable Indian data-protection law, including the Digital Personal Data Protection Act, 2023, and should be read together with the MultiSense Data Licensing and Machine Learning Consent Terms.

Use of the Services is not by itself treated as consent for optional processing activities such as machine-learning development, benchmarking, or data licensing where applicable law requires a separate legal basis or separate consent.

Depending on how the Services are used, we may process the following categories of personal data:

• account and profile information, including full name, work email address, work phone number, username, password hash, account role, designation, and organisation affiliation;
• billing and administration information, including invoicing details, tax information, subscription records, and payment-administration data;
• support and communications data, including tickets, requests, messages, and correspondence with us;
• device, browser, and usage metadata, including IP address, browser type, operating system, device type, session identifiers, access timestamps, approximate location, and dashboard activity metadata;
• site-linked or device-linked information to the extent it can reasonably be associated with an identifiable individual; and
• any additional personal data voluntarily submitted through forms, onboarding, support channels, or account configuration.

The Services also process operational and telemetry data that will often relate to machines rather than individuals, including vibration and acceleration measurements, RMS velocity, FFT or spectral data, detected RPM, temperature, fault indicators, defect indicators, device and gateway identifiers, firmware versions, system-health information, configuration settings, thresholds, deployment parameters, and related facility or operating-context information.

Most telemetry data describes equipment rather than people. Where such data is reasonably capable of being linked to an identifiable individual, customer site contact, named user, or other person, we treat it as personal data under this Privacy Notice.

Where we process personal data solely on behalf of a customer organisation and on that customer’s instructions for onboarding, hosting, account administration, support, monitoring, authentication, maintenance, and delivery of the Services, we may act in a processor or service-provider capacity to the extent recognised under applicable law.

Where we determine the purposes and means of processing for our own purposes, including product improvement, benchmarking, machine-learning development, commercial analytics, data licensing, fraud prevention, security intelligence, and transaction-readiness or business-transfer preparation, we may act as an independent data fiduciary or controller, as applicable under relevant law.

We may process personal data and related service data for the following purposes:

• service delivery and account administration, including registration, authentication, device provisioning, dashboard access, support, billing, diagnostics, and alerts;
• security and abuse prevention, including fraud monitoring, misuse detection, technical troubleshooting, and service-integrity protection;
• communications, including service-related notifications, support responses, security communications, and account notices;
• legal and compliance obligations, including recordkeeping, dispute management, legal process, tax administration, and enforcement of contractual rights;
• product improvement and analytics, including testing, validation, reliability analysis, service optimisation, and troubleshooting; and
• machine-learning development, benchmarking, and data licensing, to the extent permitted by law and the Terms, using anonymised data, aggregated data, and qualifying generalised contextual data, and only relying on personal data where an appropriate legal basis exists.

Where a specific processing activity requires consent under applicable law, that consent is requested separately through an appropriate consent flow.

We do not sell, rent, or trade personal data in identifiable form.

We may disclose personal data or related service data, as applicable and subject to law, to service providers engaged for hosting, communications, payment processing, analytics, support, security, and infrastructure; to competent authorities or other parties where required by law or necessary to protect rights or safety; and to transaction counterparties in connection with financing, merger, acquisition, restructuring, reorganisation, or sale of business or assets.

Subject to applicable law and the Terms, we may also use and disclose anonymised data, aggregated data, qualifying generalised contextual data, and derived materials such as machine-learning models, benchmarks, and reference datasets to the following categories of recipients:

• research institutions and academic partners;
• motor manufacturers, bearing manufacturers, original equipment manufacturers, and other industrial equipment partners;
• industrial IoT, monitoring, analytics, software, and integration partners;
• commercial artificial-intelligence, analytics, modelling, and data partners;
• investors, lenders, acquirers, successors, affiliates, and transaction counterparties; and
• other partners engaged for substantially similar industrial analytics, diagnostics, reliability, maintenance, research, or product-improvement purposes.

Recipients of qualifying non-identifying data are contractually prohibited from attempting to identify or re-identify any customer, site, asset, or individual.

Where a customer organisation or its authorised users submit personal data of employees, contractors, site contacts, or other individuals into the Services, the customer organisation remains responsible for ensuring that it has provided required notices and obtained any required permissions, consents, or authorisations for such submission under applicable law.

We expect customer organisations to minimise the personal data they place into the Services and not upload unnecessary personal contact details, free-text personal notes, or location-linked data where not operationally required.

Depending on the context and applicable law, we may process personal data for service delivery, compliance with law, security, fraud prevention, dispute handling, and other lawful purposes. Where we rely on consent from an individual data principal, such consent is requested through a separate and appropriately targeted notice-and-consent flow.

Organisational acceptance by a customer administrator does not, by itself, constitute valid consent on behalf of an individual data principal where law requires consent from that individual.

Where consent is sought, the consent request is accompanied by or linked to this Privacy Notice or another applicable itemised notice identifying the personal data concerned, the purposes of processing, recipient categories, rights mechanisms, grievance contact details, and the withdrawal mechanism.

We implement reasonable technical and organisational safeguards designed to protect data against unauthorised access, use, alteration, disclosure, loss, or destruction, including measures such as encryption in transit, access controls, role-based permissions, logging, and reasonable vulnerability-management practices.

No system can guarantee absolute security. Where required by applicable law, we will take appropriate action in response to a personal-data breach, including notifying competent authorities and affected persons where such notification is legally required.

We may process, host, store, or transfer data, including personal data where lawfully permitted, within or outside India using service providers, infrastructure providers, analytics providers, or other recipients located in different jurisdictions.

Such processing and transfer remain subject to applicable law. Where destination-specific restrictions, legal prohibitions, contractual safeguards, or supplementary measures are required, we may implement them, suspend affected transfers, or modify the relevant processing arrangement.

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected and processed, including to provide the Services, maintain security, comply with legal obligations, resolve disputes, enforce contracts, and maintain appropriate records.

By way of operational guidance:

• account and profile records are generally retained for the duration of the business relationship and a reasonable post-termination period;
• billing, invoicing, and tax records may be retained for the period required by applicable law;
• support, access, and security logs may be retained for a limited operational, audit, and security period proportionate to their purpose;
• consent and withdrawal records may be retained for as long as reasonably necessary to demonstrate compliance and resolve disputes; and
• anonymised data, aggregated data, qualifying generalised contextual data, and derived materials may be retained indefinitely to the extent permitted by law and consistent with their non-identifying character.

Subject to applicable law, relevant individuals may have the right to request the following:

• Access: a summary of the personal data processed about them and the processing activities undertaken.
• Correction: correction or completion of inaccurate or incomplete personal data.
• Erasure: erasure of personal data, subject to lawful retention requirements.
• Withdrawal of consent: where processing relies on consent.
• Nomination: nomination of another person to exercise rights in the event of death or incapacity.
• Grievance redressal: through the Grievance Officer and escalation mechanism described below.

Withdrawal of consent may be exercised as easily as consent was given and operates prospectively. Withdrawal does not affect processing already carried out lawfully before withdrawal and does not unwind data that has already been lawfully anonymised, aggregated, or transformed into qualifying derived materials in accordance with law and the Terms.

The Services are intended for business and industrial use and are not directed to children. We do not knowingly seek to collect or process personal data of children in connection with the Services except where expressly lawful, operationally necessary, and supported by an appropriate legal basis.

We may use cookies, local storage, SDK tools, and similar technologies for essential authentication, session continuity, user preferences, security, diagnostics, and service analytics. Browser-based cookie controls may be managed through applicable browser or device settings, although disabling essential cookies may affect service functionality.

For any rights request, privacy question, or grievance relating to this Privacy Notice or our handling of personal data, contact:

Shubham K.
Grievance Officer
Multistar Holdings Pvt Ltd
#14/5, R V Road 1st Cross, Near Minerva Circle, Bangalore – 560004
Email: shubham@multisense.in

We will address grievances and lawful rights requests in accordance with applicable law. If a grievance is not resolved through this process, the individual may have the right to escalate the matter to the Data Protection Board of India in accordance with applicable law.

For general (non-privacy) enquiries you may also reach us at info@multisense.in.

If Multistar is at any time classified or designated as a Significant Data Fiduciary under applicable law, Multistar may appoint an India-based Data Protection Officer and implement such additional governance, assessment, audit, and compliance measures as may then be required by law.

We may update this Privacy Notice from time to time to reflect changes in the Services, legal requirements, security practices, recipient categories, or processing purposes. For material changes, we may update the Last Updated date, publish a revised notice through the website or dashboard, notify registered users through appropriate channels, and obtain fresh consent where legally required before relying on materially changed optional processing.