Learn how we collect, use, store, and safeguard information while maintaining the highest standards of privacy, security, and compliance.
This Privacy Policy applies to personal information processed by Botron Dynamics in connection with:
This policy does not apply to information processed by our enterprise and government clients about their own end users under separate data processing agreements, mission-specific security protocols, or contractual terms. Where such a governing agreement exists, it takes precedence over this policy for that processing activity. Additionally, certain processing of operational, technical, and mission data — such as satellite telemetry, launch vehicle telemetry, robotic sensor data, and vehicle navigation data — may not constitute personal data; such data is governed by the applicable client contract and export control requirements rather than this policy.
We collect information you voluntarily provide to us, including:
When you visit our website or use our platforms, we and our third-party service providers may automatically collect:
In the course of providing our Services to enterprise and government clients, we may receive and process:
We may receive information about you from third-party sources, including:
We do not purchase consumer data from data brokers for advertising targeting purposes.
We use the information described in Section 2 for the following purposes:
| Purpose | Types of information used |
|---|---|
| Service delivery and operations — providing, operating, maintaining, and improving our software platforms and engineering services; account management; and technical support. | Contact data, account credentials, platform telemetry, client data |
| Business development and engagement — responding to inquiries, preparing proposals and quotes, managing client relationships, and conducting demonstrations. | Contact data, business inquiry data, communications |
| Billing and financial administration — invoicing, payment processing, financial reporting, and tax compliance. | Contact data, billing data, purchase orders |
| Research and product development — developing and testing new software features, AI and ML models, robotics control algorithms, and autonomous navigation systems, using appropriately authorized, anonymized, or synthetic data. | Platform telemetry, anonymized/synthetic data, client data (as authorized) |
| Security and integrity — monitoring for security threats, detecting anomalies, preventing unauthorized access, maintaining system integrity and availability, and fulfilling our incident response obligations. | All categories above; platform telemetry and logs are particularly relevant |
| Legal, regulatory, and export control compliance — complying with applicable laws, responding to lawful government requests, conducting export control screening, and maintaining required regulatory records. | Contact data, identity data, compliance verification data |
| Recruitment — evaluating candidates, conducting background checks (where consented to), and managing the hiring process. | Recruitment data |
| Marketing and communications — sending service updates, security notices, and, where you have consented, news, event invitations, and product announcements. | Contact data, communication preferences |
We do not use personal information for automated individual decision-making that produces legal or similarly significant effects without human review and oversight, except in limited circumstances described in Section 12. We do not use personal information to serve third-party advertising through advertising networks.
Where applicable data protection law requires identification of a legal basis for processing personal data — including India's Digital Personal Data Protection Act, 2023 (DPDPA), the EU General Data Protection Regulation (GDPR), and the UK GDPR — we rely on one or more of the following lawful bases for each processing activity:
| Legal basis | When we rely on it |
|---|---|
| Consent | For optional marketing communications, non-essential cookies, and any processing where we have obtained your affirmative consent. Consent may be withdrawn at any time by contacting us or using the opt-out mechanism provided. |
| Contractual necessity | Where processing is necessary to perform our obligations under a contract with you or your organization, including operating client accounts, delivering Services, processing payments, and providing technical support. |
| Legitimate interests | For security monitoring, fraud prevention, improving our Services, business development, recruiting, and internal communications — where we have conducted a balancing assessment and determined that our interests are not overridden by your rights and freedoms. |
| Legal obligation | Where processing is necessary to comply with an applicable legal requirement, including export control and sanctions compliance, tax reporting, regulatory recordkeeping, and responding to lawful government or judicial orders. |
| Vital interests | In exceptional circumstances where processing is necessary to protect someone's life (e.g., safety-critical incident reporting in robotic or autonomous vehicle deployment environments). |
Where we rely on legitimate interests, you may have a right to object to the processing; see Section 11 for details. Where processing is based on consent, withdrawal of consent does not affect the lawfulness of processing undertaken before withdrawal.
Given the specialized nature of Botron Dynamics' work, the following additional notes apply to specific domains:
| Domain | Privacy-relevant notes |
|---|---|
| Satellites & Space Operations | Telemetry, orbital data, ground-station interaction logs, and command-and-control records are processed as operational data under client contracts, separate from this policy. Such data may be subject to strict export control and classification obligations. Personnel involved in accessing these systems may be subject to additional background screening under the applicable SOW. |
| Launch Systems | Launch vehicle state and telemetry data is safety-critical mission data processed under the applicable client agreement. To the extent mission data records include personnel authorizations, these are retained for the minimum period required by applicable regulatory authority. |
| Artificial Intelligence & ML | We do not knowingly use personal data submitted through our public website to train general-purpose AI models. Client-supplied training and evaluation datasets are governed by the relevant DPA and SOW. Where AI models generate outputs about individuals, we take reasonable steps to ensure such outputs are not used for automated consequential decisions without human review (see Section 12). |
| Cloud & Data Platforms | We implement role-based access control, encryption in transit and at rest, network segmentation, and access logging on all infrastructure hosting client data. Clients may request architecture documentation for their environment under an NDA. |
| Robotics | Sensor data — including depth cameras, LIDAR, force/torque sensors, and proximity sensors — processed by our robotics software in test or deployment environments may incidentally capture images or presence information of individuals in the vicinity. Such incidental capture is minimized by design where feasible, and is processed per the applicable deployment agreement. We do not build persistent identity profiles from incidental robotic sensor capture. |
| Autonomous Vehicles | Camera, LIDAR, GPS, and radar data processed by our autonomous vehicle software may capture identifiable data about pedestrians, other road users, and vehicle occupants. Where such data is processed in test programs, it is subject to data minimization, retention limits, and appropriate anonymization or deletion protocols per the applicable deployment agreement and applicable road transport regulations. |
We may disclose information to the following categories of recipients, in each case only to the extent necessary and subject to appropriate confidentiality and data protection obligations:
Botron Dynamics does not sell, rent, or lease personal information to third parties for their own marketing or commercial purposes, and has not done so. We do not share personal information with advertising networks for behavioral advertising targeting.
Our website and platforms use cookies and similar technologies. The table below summarizes the categories we use:
| Category | Purpose | Consent required? |
|---|---|---|
| Strictly necessary | Enable core website and platform functionality: authentication sessions, load balancing, security tokens, CSRF protection, and form session state. | No — these cannot be disabled without breaking functionality. |
| Functional / preferences | Remember your settings and preferences, such as language selection and display preferences. | Yes, for non-essential preferences. |
| Analytics | Understand how visitors interact with our site in aggregate — pages viewed, session length, bounce rates — to improve site performance and content. Data is aggregated and not used for individual profiling. | Yes — we use analytics cookies only with your consent. |
| Marketing / communications | We do not use third-party advertising cookies or retargeting pixels. Any first-party marketing cookies are limited to measuring the effectiveness of our own communications. | Yes — only with explicit consent. |
When you first visit our website, we present a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your preferences at any time by accessing the cookie settings tool (linked in the footer of our website). Additionally, you can control cookies through your browser settings — most browsers allow you to view, block, or delete cookies. Note that blocking strictly necessary cookies will impair site and platform functionality. Third-party browser extensions are also available that provide more granular cookie management.
We apply a defense-in-depth security approach to protect personal information and client data, consistent with the sensitivity of the information and the standards expected in mission-critical aerospace and technology software development. Our security measures include, at minimum:
Notwithstanding the foregoing, no security system is impenetrable. We cannot guarantee the absolute security of information transmitted over the internet or stored on our systems. You should use appropriate measures to protect your own systems and credentials.
In the event of a confirmed security breach that affects personal information or Client Data, we will: (a) notify affected individuals and/or clients without undue delay, and in any case within seventy-two (72) hours of confirmation of the breach where required by applicable law; (b) notify the relevant supervisory or regulatory authority where required by law; (c) provide available information about the nature and scope of the breach, categories and approximate number of affected records, likely consequences, and steps taken or proposed to address the breach; and (d) investigate and implement remediation measures promptly. Clients will be notified per the specific timeline and escalation procedures agreed in their applicable SOW or security addendum, which may require shorter notification periods for mission-critical environments.
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, regulation, or contract. The table below summarizes our general retention practices:
| Data category | General retention period | Basis |
|---|---|---|
| Client account and contact data | Duration of relationship plus 3 years after closure | Contract, legitimate interests (dispute resolution) |
| Financial and billing records | 7 years from the relevant tax year | Legal obligation (tax, accounting) |
| Platform access logs and audit trails | 12 months rolling (extended per SOW for regulated clients) | Security, legal obligation |
| Marketing communications data | Until consent withdrawn or opt-out received, plus 6 months | Consent |
| Recruitment data (unsuccessful candidates) | 6 months from decision, unless candidate consents to longer | Legitimate interests, consent |
| Export control compliance records | As required by applicable export control authority (typically 5–10 years) | Legal obligation |
| Client Data (operational/mission) | Per the applicable SOW or DPA; typically deleted or returned within 60 days of termination | Contract, legal obligation |
| Security incident records | 5 years from incident closure | Legal obligation, legitimate interests |
When data is no longer required, we securely delete or irreversibly anonymize it using industry-standard methods. We do not retain personal data in backup systems beyond our standard backup rotation schedule, unless required by law or ongoing legal proceedings.
Botron Dynamics is headquartered in India. We may process and store personal information in India and in other countries where our Subprocessors and cloud infrastructure providers operate, including countries within the European Economic Area, the United States, Singapore, and the United Kingdom. Where we transfer personal data to countries that have not been recognized as providing an equivalent level of data protection, we use appropriate safeguards, which may include:
Cross-border transfer of technical data, software, and certain operational information related to space, launch, or defense-adjacent systems may additionally be subject to export control restrictions as described in Section 14. In such cases, both the data protection transfer mechanism and the applicable export authorization must be in place before transfer.
You may request a copy of the transfer mechanisms used for cross-border data transfers involving your personal information by contacting us at the address in Section 19.
Depending on your location and applicable law, you may have the following rights regarding your personal information. We will respond to verifiable requests within the timeframe required by applicable law (typically thirty (30) days, with a possible extension of a further two months for complex requests).
Request a copy of the personal information we hold about you, including what categories we process and for what purposes.
Request correction of inaccurate or incomplete personal information. You may also update certain account information directly through the platform settings.
Request deletion of your personal information, subject to our legal obligations to retain certain records (e.g., tax, export control, audit). We will inform you of any exceptions that apply.
Request that we limit processing of your personal information in certain circumstances, such as while a dispute about its accuracy is resolved.
Object to processing based on our legitimate interests, including for direct marketing purposes. We will honor opt-out requests for marketing immediately.
Where processing is based on consent or contract and carried out by automated means, request a copy of your personal information in a structured, commonly used, machine-readable format.
Where processing is based on consent, withdraw your consent at any time. Withdrawal does not affect prior lawful processing based on that consent.
Request human review of any automated decision that produces legal or similarly significant effects concerning you (see Section 12).
Lodge a complaint with the relevant supervisory authority in your jurisdiction, such as the Data Protection Board of India, the ICO (UK), or a relevant EU supervisory authority.
To exercise any of these rights, please contact us using the information in Section 19. We may need to verify your identity before processing a request to prevent unauthorized access to your information. We will not discriminate against you for exercising your privacy rights. Requests from users acting on behalf of a legal entity (such as a corporate client's employee) may be subject to the terms of the applicable client agreement.
As a company that develops AI and ML systems, we take special care to address the privacy implications of these technologies in our own operations and products.
We may use AI-assisted tools internally for software development, code review, security analysis, and business operations. These tools do not have access to personal client data unless explicitly authorized under the applicable SOW. We do not use AI tools that train on client data for general model improvement without explicit written consent.
Where our AI and ML products process data that may include personal information (e.g., AI-assisted satellite imagery analysis, autonomous vehicle perception systems, or AI-powered anomaly detection for ground station operations):
We do not make solely automated decisions about individuals that produce legal or similarly significant effects (such as employment decisions or denial of services) based on personal information, without qualified human review and oversight. Where AI-assisted processes are used to support such decisions, a human reviewer retains final decision-making authority. Clients deploying our AI systems for consequential automated decisions are required under the applicable SOW to ensure appropriate human oversight and to comply with applicable legal requirements for automated processing, including rights of human review where required.
Our website and Services are designed for, and directed exclusively at, business entities, government institutions, research organizations, and professional individuals. They are not intended for use by children under the age of 18. We do not knowingly collect, process, or store personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete that information from our records. If you believe that a child has provided us with personal information, please contact us immediately at contact@botrondynamics.com.
For the purpose of export control compliance, we may collect and process the following information about clients, partners, personnel, and visitors:
This information is used solely for export control compliance verification, access control decisions, and required regulatory recordkeeping. It is not used for marketing or product development. Retention periods are dictated by applicable export control regulations, which generally require records to be maintained for a minimum of five (5) to ten (10) years. We may be required to disclose this information to relevant export control authorities upon request without prior notice to the affected individual.
Where we plan to introduce a new processing activity — particularly involving new technologies, large-scale processing of sensitive data, systematic monitoring, or AI-assisted processing that may produce significant effects on individuals — we conduct a Data Protection Impact Assessment (DPIA) before commencing that processing, where required by applicable law or identified as high-risk.
We also conduct DPIAs where clients engage us to process personal data through our AI platforms, robotics systems, or autonomous vehicle software, particularly where sensor data may capture individuals in the environment. Results of DPIAs that materially affect a client engagement will be shared with the relevant client where required and appropriate.
Where a DPIA identifies a high residual risk that cannot be mitigated through technical or organizational measures, we will consult the relevant supervisory authority before proceeding with the processing, as required by applicable law.
We engage third-party Subprocessors to support the delivery of our Services. All Subprocessors are required to: (a) process personal data only on our written instructions; (b) implement appropriate technical and organizational security measures equivalent to those described in Section 8; and (c) not engage further subprocessors without our prior consent and equivalent contractual protections.
We maintain a list of our material Subprocessors, including their name, country of operation, and the nature of data processing they perform. This list is available to clients under an active agreement upon written request. We will provide advance notice (of at least thirty (30) days, or as agreed in the applicable SOW) of any intended changes to our Subprocessor list that may affect client data, allowing clients to object to such changes in accordance with the applicable DPA or SOW.
Current categories of Subprocessors include cloud infrastructure and hosting providers, business productivity and collaboration software, security and monitoring tools, payment processing services, customer support and CRM platforms, and analytics providers. We do not engage Subprocessors in jurisdictions subject to comprehensive sanctions or embargo for the processing of client data.
Our website and platforms may contain links to, or integrations with, third-party websites, satellite ground station systems, launch service providers, cloud platforms, or partner portals. We are not responsible for the privacy practices, security, or content of those third-party services. We encourage you to review the privacy policies of any third-party service before providing personal information to it.
Where our Services integrate with third-party platforms or APIs at your direction (such as connecting our mission operations software to a third-party ground station operator's system), any data shared with that third-party integration is subject to the third party's own privacy and security terms. We are not the data controller for data processed by third parties in connection with such integrations.
We may update this Privacy Policy from time to time to reflect changes in our data practices, Services, applicable law (including evolving requirements under India's DPDPA, GDPR, and sector-specific regulations), or business operations. The updated policy will be posted at botrondynamics.com/legal/privacy with a revised version number and "Last updated" date.
For non-material changes (such as typographical corrections, reorganization, or clarifications that do not alter the substance of how we use personal information), the updated policy takes effect upon posting. For material changes — meaning changes that materially affect how we collect, use, or share personal information — we will provide at least thirty (30) days' advance notice through email to registered account contacts or through a prominent notice on our website, before the revised policy takes effect. Clients under active SOWs or DPAs will be individually notified of material changes that affect their engagement, and may negotiate updated DPA terms as necessary.
If you have questions, concerns, or requests regarding this Privacy Policy, our data practices, or you wish to exercise your privacy rights, please contact us through the following channels:
Botron Dynamics Pvt Ltd
General privacy enquiries: contact@botrondynamics.com
Legal and compliance: contact@botrondynamics.com
Security disclosures: contact@botrondynamics.com
Data rights requests: contact@botrondynamics.com
Website: botrondynamics.com
Grievance Officer (India — DPDPA): In accordance with India's Digital Personal Data Protection Act, 2023, and applicable Information Technology rules, you may raise grievances regarding this Privacy Policy or our data practices by writing to our designated Grievance Officer at contact@botrondynamics.com. We will acknowledge your grievance within three (3) business days and endeavor to resolve it within thirty (30) calendar days.
EU/UK Representative and DPO: If we appoint a Data Protection Officer (DPO) or EU/UK representative as required by applicable regulation, their contact details will be published here. In the interim, DPO-relevant inquiries may be directed to contact@botrondynamics.com.
Supervisory authority complaints: You have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction. For India, this is the Data Protection Board of India. For EU residents, the competent supervisory authority in your EU member state. For UK residents, the Information Commissioner's Office (ICO). We encourage you to contact us first so we can attempt to address your concern directly.