Legal Document

Privacy Policy

Effective Date: January 1, 2025 | Last Updated: January 1, 2025

Effective Date: January 1, 2025  |  Last Updated: January 1, 2025

1. Introduction

Dreamtree Global (“we,” “our,” or “us”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our software products, ERP solutions, cloud platforms, and related services (collectively, the “Services”).

This Policy applies to all clients, users, employees, and partners who interact with our Services. By accessing or using our Services, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when setting up your account, configuring our software, or communicating with us, including:

  • Business and organizational details (company name, industry, size, tax ID)
  • Contact information (names, email addresses, phone numbers, business addresses)
  • Account credentials (usernames, encrypted passwords)
  • Billing and payment information (credit card details, bank account information, invoicing data)
  • Configuration data and preferences you set within our ERP or software modules
  • Support requests, correspondence, and feedback you submit

2.2 Data Generated Through Use of Our Services

As you and your organization use our Services, we collect operational and transactional data, including:

  • Financial records entered into ERP modules (accounts, ledgers, invoices, payroll)
  • Supply chain and inventory data
  • HR and workforce management data (with appropriate access controls)
  • CRM data (customer contacts, sales pipelines, interaction histories)
  • Usage logs, activity timestamps, and feature interaction data
  • System-generated audit trails and compliance records

2.3 Automatically Collected Technical Information

When you access our Services, our systems automatically collect:

  • IP addresses, device identifiers, and browser/client type
  • Operating system and software version information
  • Access times, pages viewed, and navigation paths
  • Error logs and crash reports
  • Performance metrics and diagnostics data

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Delivering, operating, and maintaining our software and ERP Services
  • Processing transactions, billing, and providing customer support
  • Configuring and customizing the Services to your organizational requirements
  • Ensuring data security, preventing fraud, and monitoring for unauthorized access
  • Generating aggregated analytics to improve product performance and user experience
  • Complying with applicable laws, regulations, and contractual obligations
  • Sending service notifications, security alerts, and administrative communications
  • Providing software updates, patches, and new feature releases
  • Conducting research and development to enhance our product offerings

4. Legal Basis for Processing (GDPR / Applicable Law)

Where applicable law requires a legal basis for processing personal data, we rely on one or more of the following:

  • Contractual necessity: Processing required to fulfil our agreement with you
  • Legitimate interests: Improving our Services, ensuring security, and fraud prevention
  • Legal obligation: Compliance with applicable laws and regulatory requirements
  • Consent: Where you have explicitly provided consent, which may be withdrawn at any time

5. Data Sharing and Disclosure

5.1 Service Providers and Sub-Processors

We may share your data with trusted third-party vendors who assist in delivering our Services, including cloud infrastructure providers, payment processors, security firms, and analytics providers. All sub-processors are bound by data processing agreements consistent with this Policy.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice within our platform if such a transfer materially affects how your data is processed.

5.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of our users and the public.

5.4 No Sale of Personal Data

We do not sell, rent, or trade your personal data or your end-users’ personal data to third parties for marketing or any other commercial purposes.

6. Data Storage and Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • AES-256 encryption for data at rest and TLS 1.2+ for data in transit
  • Role-based access controls (RBAC) and multi-factor authentication (MFA)
  • Regular security audits, vulnerability assessments, and penetration testing
  • ISO 27001-aligned information security management practices
  • Disaster recovery and business continuity procedures
  • Employee security training and background screening

Your data may be stored and processed in data centers located in India (Bengaluru, Karnataka) and other jurisdictions as required. Where data is transferred across jurisdictions, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms are in place.

7. Data Retention

We retain personal data for as long as necessary to:

  • Provide the Services and honour our contractual commitments
  • Comply with applicable legal, tax, and regulatory retention requirements
  • Resolve disputes, enforce agreements, and maintain audit records

Upon termination of your subscription or upon your request, we will delete or anonymize your data within 90 days, unless we are required by law to retain it for a longer period. ERP financial data may be retained for up to 7 years as required by accounting and tax regulations in applicable jurisdictions.

8. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal data:

Right Description
Access Request a copy of the personal data we hold about you.
Rectification Request correction of inaccurate or incomplete data.
Erasure Request deletion of your personal data, subject to legal obligations.
Portability Receive your data in a structured, machine-readable format.
Restriction Request that we restrict the processing of your data.
Objection Object to processing based on legitimate interests.
Withdraw Consent Withdraw previously given consent at any time without affecting prior processing.

To exercise any of these rights, please contact our Data Protection Officer (DPO) at privacy@dreamtreeglobal.com. We will respond within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

Our web-based platforms and portals use cookies and similar technologies to maintain session authentication, remember your preferences, and analyze usage patterns. You may configure your browser to refuse cookies; however, certain features of our Services may not function properly without them.

We do not use tracking technologies for cross-site advertising. Any analytics data collected is used solely to improve our own Services.

10. Third-Party Integrations

Our ERP and software solutions may integrate with third-party services such as payment gateways, tax compliance platforms, logistics providers, and communication tools. When you enable such integrations, your data may be shared with those third parties under their own privacy policies. We encourage you to review the privacy practices of any third-party service you connect with our platform.

11. Children’s Privacy

Our Services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or industry standards. When we make material changes, we will:

  • Post the revised Policy on our website and within the platform
  • Update the “Last Updated” date at the top of this document
  • Notify clients via email or in-app notification for significant changes

Your continued use of our Services after the effective date of any update constitutes acceptance of the revised Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer: Dreamtree-Org Privacy Team

Company: Dreamtree Global (Dreamtree-Org2122)

Address: 2nd Floor, 235, 13th Cross Rd, Binnamangala, 2nd Stage, Indiranagar, Bengaluru, Karnataka 560038, India

Email: privacy@dreamtreeglobal.com

Website: www.dreamtreeglobal.com

This document constitutes the official Privacy Policy of Dreamtree Global. Version 1.0 • Effective January 1, 2025