Privacy Policy

Your Data
Protected
With Transparency
and Trust

Learn how we collect, use, store, and safeguard information while maintaining the highest standards of privacy, security, and compliance.

Botron Dynamics Pvt Ltd — Legal

Privacy Policy

Effective date: June 24, 2026  •  Last updated: June 24, 2026

Botron Dynamics Pvt Ltd ("Botron Dynamics," "we," "us," or "our"), incorporated under the Companies Act, 2013 (India), designs and develops mission-critical software systems for satellite operations, space and launch systems, artificial intelligence, cloud infrastructure, data platforms, robotics, and autonomous vehicles. This Privacy Policy explains how we collect, use, process, disclose, store, and safeguard information when you visit our website at botrondynamics.com, engage with our products and platforms, interact with us in connection with potential or active engagements, or otherwise communicate with us.

1. Scope and applicability

This Privacy Policy applies to personal information processed by Botron Dynamics in connection with:

  • Our corporate website at botrondynamics.com and associated subdomains;
  • Client portals, telemetry dashboards, APIs, simulation environments, and software platforms we operate in connection with satellite, launch systems, AI, cloud, data, robotics, and autonomous vehicle solutions;
  • Communications with us through email, contact forms, telephone, video conferencing, and in-person meetings, including at trade events, conferences, demonstrations, and pilot deployments;
  • Our recruitment, vendor onboarding, and partner qualification processes; and
  • Marketing, business development, and investor communications.

This policy does not apply to information processed by our enterprise and government clients about their own end users under separate data processing agreements, mission-specific security protocols, or contractual terms. Where such a governing agreement exists, it takes precedence over this policy for that processing activity. Additionally, certain processing of operational, technical, and mission data — such as satellite telemetry, launch vehicle telemetry, robotic sensor data, and vehicle navigation data — may not constitute personal data; such data is governed by the applicable client contract and export control requirements rather than this policy.

2. Information we collect

2.1 Information you provide directly

We collect information you voluntarily provide to us, including:

  • Contact and identity data: full name, professional title, employing organization or agency, work and personal email addresses, phone numbers, and postal addresses. Where required by export control compliance (Section 14), we may also collect nationality, citizenship, and country of residence.
  • Business inquiry data: information you submit through contact forms, RFP/RFQ responses, partnership applications, demonstration requests, or engagement with our sales and technical teams, including the nature of your requirements, technical specifications, timelines, and budget parameters.
  • Account credentials: usernames, passwords (stored as salted cryptographic hashes — never in plaintext), multi-factor authentication device details, and API access credentials for registered platform users.
  • Recruitment data: resumes, cover letters, work and educational history, professional references, background check results (where legally permitted and consented to), skills assessments, and interview notes.
  • Payment and billing data: billing address, tax identification numbers (GST/PAN), purchase order references, and bank account details for invoicing. Full payment card numbers are processed exclusively by PCI-DSS-compliant third-party payment processors; we do not store raw card data.
  • Communications and correspondence: content of emails, support tickets, meeting notes, and other communications with our teams, which we retain for the purposes described below.

2.2 Information collected automatically

When you visit our website or use our platforms, we and our third-party service providers may automatically collect:

  • Device and network data: IP address, approximate geolocation (city/country level), browser type and version, operating system, device type and identifiers, screen resolution, and internet service provider.
  • Usage and interaction data: pages visited, links clicked, referral URLs, search queries on our site, session duration, features accessed, and navigation paths.
  • Platform telemetry: for registered users of our software platforms (including mission operations dashboards, fleet management consoles, robotics control interfaces, and data pipeline tools), we collect system logs, API call metadata, feature usage patterns, performance metrics, error and diagnostic data, and session timestamps. This data is used to operate, secure, and improve the platform.
  • Cookies and tracking technologies: as detailed in Section 7 below.

2.3 Client and partner engagement data

In the course of providing our Services to enterprise and government clients, we may receive and process:

  • Operational and mission data: telemetry streams, orbital mechanics data, launch vehicle state vectors, ground station interaction logs, robotic system sensor outputs, and autonomous vehicle navigation data. This data is primarily technical and non-personal, but may in limited circumstances incidentally contain personal information (e.g., location of a vehicle operator) and is handled per the applicable client agreement and export control regime.
  • AI and machine learning datasets: where clients supply datasets for AI model training, fine-tuning, evaluation, or inference operations, such datasets may include structured or unstructured data that contains personal information. These datasets are processed strictly in accordance with the applicable Data Processing Agreement (DPA) and SOW, and as described in Section 12 below.
  • Personnel data for access provisioning: names, email addresses, and organizational roles of the client's authorized Users who access our platforms, necessary for account management, security monitoring, and audit trail purposes.

2.4 Information from third-party sources

We may receive information about you from third-party sources, including:

  • Business data providers and trade directories, used to research potential enterprise or government clients;
  • Professional networking platforms, where you or your organization have made information publicly available, in connection with business development or recruitment;
  • Government screening databases and export control authority records, for compliance verification purposes (Section 14); and
  • References provided by other organizations or individuals in connection with recruitment, partnership qualification, or supplier due diligence.

We do not purchase consumer data from data brokers for advertising targeting purposes.

3. Purposes and how we use information

We use the information described in Section 2 for the following purposes:

PurposeTypes of information used
Service delivery and operations — providing, operating, maintaining, and improving our software platforms and engineering services; account management; and technical support. Contact data, account credentials, platform telemetry, client data
Business development and engagement — responding to inquiries, preparing proposals and quotes, managing client relationships, and conducting demonstrations. Contact data, business inquiry data, communications
Billing and financial administration — invoicing, payment processing, financial reporting, and tax compliance. Contact data, billing data, purchase orders
Research and product development — developing and testing new software features, AI and ML models, robotics control algorithms, and autonomous navigation systems, using appropriately authorized, anonymized, or synthetic data. Platform telemetry, anonymized/synthetic data, client data (as authorized)
Security and integrity — monitoring for security threats, detecting anomalies, preventing unauthorized access, maintaining system integrity and availability, and fulfilling our incident response obligations. All categories above; platform telemetry and logs are particularly relevant
Legal, regulatory, and export control compliance — complying with applicable laws, responding to lawful government requests, conducting export control screening, and maintaining required regulatory records. Contact data, identity data, compliance verification data
Recruitment — evaluating candidates, conducting background checks (where consented to), and managing the hiring process. Recruitment data
Marketing and communications — sending service updates, security notices, and, where you have consented, news, event invitations, and product announcements. Contact data, communication preferences

We do not use personal information for automated individual decision-making that produces legal or similarly significant effects without human review and oversight, except in limited circumstances described in Section 12. We do not use personal information to serve third-party advertising through advertising networks.

5. Sector-specific data notes

Given the specialized nature of Botron Dynamics' work, the following additional notes apply to specific domains:

Satellites & Space Launch Systems Artificial Intelligence Cloud & Data Robotics Autonomous Vehicles
DomainPrivacy-relevant notes
Satellites & Space Operations Telemetry, orbital data, ground-station interaction logs, and command-and-control records are processed as operational data under client contracts, separate from this policy. Such data may be subject to strict export control and classification obligations. Personnel involved in accessing these systems may be subject to additional background screening under the applicable SOW.
Launch Systems Launch vehicle state and telemetry data is safety-critical mission data processed under the applicable client agreement. To the extent mission data records include personnel authorizations, these are retained for the minimum period required by applicable regulatory authority.
Artificial Intelligence & ML We do not knowingly use personal data submitted through our public website to train general-purpose AI models. Client-supplied training and evaluation datasets are governed by the relevant DPA and SOW. Where AI models generate outputs about individuals, we take reasonable steps to ensure such outputs are not used for automated consequential decisions without human review (see Section 12).
Cloud & Data Platforms We implement role-based access control, encryption in transit and at rest, network segmentation, and access logging on all infrastructure hosting client data. Clients may request architecture documentation for their environment under an NDA.
Robotics Sensor data — including depth cameras, LIDAR, force/torque sensors, and proximity sensors — processed by our robotics software in test or deployment environments may incidentally capture images or presence information of individuals in the vicinity. Such incidental capture is minimized by design where feasible, and is processed per the applicable deployment agreement. We do not build persistent identity profiles from incidental robotic sensor capture.
Autonomous Vehicles Camera, LIDAR, GPS, and radar data processed by our autonomous vehicle software may capture identifiable data about pedestrians, other road users, and vehicle occupants. Where such data is processed in test programs, it is subject to data minimization, retention limits, and appropriate anonymization or deletion protocols per the applicable deployment agreement and applicable road transport regulations.

6. Disclosure of information

6.1 Categories of recipients

We may disclose information to the following categories of recipients, in each case only to the extent necessary and subject to appropriate confidentiality and data protection obligations:

  • Service providers and Subprocessors: third parties that provide hosting and cloud infrastructure, analytics, payment processing, email and communications, customer support tooling, and security monitoring services, engaged under data processing agreements that require them to maintain confidentiality and process data only on our documented instructions. See Section 16 for our Subprocessor disclosure policy.
  • Clients and partners: where you interact with us on behalf of a client or partner, we may share relevant information with that client or partner in connection with the engagement.
  • Regulators and government authorities: regulatory bodies, tax authorities, export control authorities, and law enforcement where required by law, court order, or regulatory directive. We may also disclose information to comply with mandatory reporting obligations applicable to aerospace, space, and defense-adjacent activities.
  • Professional advisors: legal, accounting, audit, insurance, and other professional advisors engaged to assist with specific matters, subject to professional confidentiality obligations.
  • Successors in business: in connection with a merger, acquisition, restructuring, financing, or sale of all or substantially all of our assets, subject to customary confidentiality protections, and with notice to affected individuals where required by law.
  • Safety and security disclosures: where we have a genuine good-faith belief that disclosure is necessary to prevent imminent physical harm, protect safety of individuals, or respond to a security incident involving systems where human safety could be at risk.

6.2 No sale of personal data

Botron Dynamics does not sell, rent, or lease personal information to third parties for their own marketing or commercial purposes, and has not done so. We do not share personal information with advertising networks for behavioral advertising targeting.

7. Cookies and tracking technologies

7.1 Types of cookies used

Our website and platforms use cookies and similar technologies. The table below summarizes the categories we use:

CategoryPurposeConsent required?
Strictly necessary Enable core website and platform functionality: authentication sessions, load balancing, security tokens, CSRF protection, and form session state. No — these cannot be disabled without breaking functionality.
Functional / preferences Remember your settings and preferences, such as language selection and display preferences. Yes, for non-essential preferences.
Analytics Understand how visitors interact with our site in aggregate — pages viewed, session length, bounce rates — to improve site performance and content. Data is aggregated and not used for individual profiling. Yes — we use analytics cookies only with your consent.
Marketing / communications We do not use third-party advertising cookies or retargeting pixels. Any first-party marketing cookies are limited to measuring the effectiveness of our own communications. Yes — only with explicit consent.

7.2 Cookie controls

When you first visit our website, we present a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your preferences at any time by accessing the cookie settings tool (linked in the footer of our website). Additionally, you can control cookies through your browser settings — most browsers allow you to view, block, or delete cookies. Note that blocking strictly necessary cookies will impair site and platform functionality. Third-party browser extensions are also available that provide more granular cookie management.

8. Data security and safeguards

8.1 Technical and organizational measures

We apply a defense-in-depth security approach to protect personal information and client data, consistent with the sensitivity of the information and the standards expected in mission-critical aerospace and technology software development. Our security measures include, at minimum:

  • Encryption of data in transit using TLS 1.2 or higher across all client-facing interfaces and APIs;
  • Encryption of personal data and client data at rest using AES-256 or equivalent cryptographic standards;
  • Role-based access control (RBAC) and principle-of-least-privilege access to all production systems and data;
  • Multi-factor authentication for all Botron Dynamics personnel with administrative access to production infrastructure;
  • Logical and, where applicable, physical isolation of client data environments on multi-tenant infrastructure;
  • Continuous security monitoring, network intrusion detection, and anomaly alerting;
  • Regular vulnerability assessments and patch management processes;
  • Annual penetration testing of production systems by qualified third-party security firms;
  • Documented incident response procedures; and
  • Annual security awareness training for all personnel with access to personal data or client systems.

Notwithstanding the foregoing, no security system is impenetrable. We cannot guarantee the absolute security of information transmitted over the internet or stored on our systems. You should use appropriate measures to protect your own systems and credentials.

8.2 Breach response

In the event of a confirmed security breach that affects personal information or Client Data, we will: (a) notify affected individuals and/or clients without undue delay, and in any case within seventy-two (72) hours of confirmation of the breach where required by applicable law; (b) notify the relevant supervisory or regulatory authority where required by law; (c) provide available information about the nature and scope of the breach, categories and approximate number of affected records, likely consequences, and steps taken or proposed to address the breach; and (d) investigate and implement remediation measures promptly. Clients will be notified per the specific timeline and escalation procedures agreed in their applicable SOW or security addendum, which may require shorter notification periods for mission-critical environments.

9. Data retention and deletion

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, regulation, or contract. The table below summarizes our general retention practices:

Data categoryGeneral retention periodBasis
Client account and contact data Duration of relationship plus 3 years after closure Contract, legitimate interests (dispute resolution)
Financial and billing records 7 years from the relevant tax year Legal obligation (tax, accounting)
Platform access logs and audit trails 12 months rolling (extended per SOW for regulated clients) Security, legal obligation
Marketing communications data Until consent withdrawn or opt-out received, plus 6 months Consent
Recruitment data (unsuccessful candidates) 6 months from decision, unless candidate consents to longer Legitimate interests, consent
Export control compliance records As required by applicable export control authority (typically 5–10 years) Legal obligation
Client Data (operational/mission) Per the applicable SOW or DPA; typically deleted or returned within 60 days of termination Contract, legal obligation
Security incident records 5 years from incident closure Legal obligation, legitimate interests

When data is no longer required, we securely delete or irreversibly anonymize it using industry-standard methods. We do not retain personal data in backup systems beyond our standard backup rotation schedule, unless required by law or ongoing legal proceedings.

10. International data transfers

Botron Dynamics is headquartered in India. We may process and store personal information in India and in other countries where our Subprocessors and cloud infrastructure providers operate, including countries within the European Economic Area, the United States, Singapore, and the United Kingdom. Where we transfer personal data to countries that have not been recognized as providing an equivalent level of data protection, we use appropriate safeguards, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO, as applicable;
  • Binding corporate rules where applicable;
  • Adequacy decisions where the destination country has been recognized by the relevant authority; or
  • Other transfer mechanisms permitted under applicable data protection law.

Cross-border transfer of technical data, software, and certain operational information related to space, launch, or defense-adjacent systems may additionally be subject to export control restrictions as described in Section 14. In such cases, both the data protection transfer mechanism and the applicable export authorization must be in place before transfer.

You may request a copy of the transfer mechanisms used for cross-border data transfers involving your personal information by contacting us at the address in Section 19.

11. Your privacy rights and choices

Depending on your location and applicable law, you may have the following rights regarding your personal information. We will respond to verifiable requests within the timeframe required by applicable law (typically thirty (30) days, with a possible extension of a further two months for complex requests).

Right of access

Request a copy of the personal information we hold about you, including what categories we process and for what purposes.

Right to rectification

Request correction of inaccurate or incomplete personal information. You may also update certain account information directly through the platform settings.

Right to erasure

Request deletion of your personal information, subject to our legal obligations to retain certain records (e.g., tax, export control, audit). We will inform you of any exceptions that apply.

Right to restrict processing

Request that we limit processing of your personal information in certain circumstances, such as while a dispute about its accuracy is resolved.

Right to object

Object to processing based on our legitimate interests, including for direct marketing purposes. We will honor opt-out requests for marketing immediately.

Right to data portability

Where processing is based on consent or contract and carried out by automated means, request a copy of your personal information in a structured, commonly used, machine-readable format.

Right to withdraw consent

Where processing is based on consent, withdraw your consent at any time. Withdrawal does not affect prior lawful processing based on that consent.

Right not to be subject to automated decisions

Request human review of any automated decision that produces legal or similarly significant effects concerning you (see Section 12).

Right to lodge a complaint

Lodge a complaint with the relevant supervisory authority in your jurisdiction, such as the Data Protection Board of India, the ICO (UK), or a relevant EU supervisory authority.

To exercise any of these rights, please contact us using the information in Section 19. We may need to verify your identity before processing a request to prevent unauthorized access to your information. We will not discriminate against you for exercising your privacy rights. Requests from users acting on behalf of a legal entity (such as a corporate client's employee) may be subject to the terms of the applicable client agreement.

12. AI, machine learning, and automated decisions

As a company that develops AI and ML systems, we take special care to address the privacy implications of these technologies in our own operations and products.

12.1 Our internal use of AI

We may use AI-assisted tools internally for software development, code review, security analysis, and business operations. These tools do not have access to personal client data unless explicitly authorized under the applicable SOW. We do not use AI tools that train on client data for general model improvement without explicit written consent.

12.2 AI in our products

Where our AI and ML products process data that may include personal information (e.g., AI-assisted satellite imagery analysis, autonomous vehicle perception systems, or AI-powered anomaly detection for ground station operations):

  • Processing is governed by the applicable client DPA and SOW;
  • We require clients to provide the necessary legal basis for any personal data within training or inference datasets;
  • We implement data minimization and purpose limitation by design in our AI systems; and
  • We provide clients with documentation about the nature and limitations of AI model outputs, consistent with responsible AI deployment practices.

12.3 Automated decision-making

We do not make solely automated decisions about individuals that produce legal or similarly significant effects (such as employment decisions or denial of services) based on personal information, without qualified human review and oversight. Where AI-assisted processes are used to support such decisions, a human reviewer retains final decision-making authority. Clients deploying our AI systems for consequential automated decisions are required under the applicable SOW to ensure appropriate human oversight and to comply with applicable legal requirements for automated processing, including rights of human review where required.

13. Children's privacy

Our website and Services are designed for, and directed exclusively at, business entities, government institutions, research organizations, and professional individuals. They are not intended for use by children under the age of 18. We do not knowingly collect, process, or store personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete that information from our records. If you believe that a child has provided us with personal information, please contact us immediately at contact@botrondynamics.com.

14. Export control and regulatory compliance

Because Botron Dynamics develops software and technology for satellites, launch systems, propulsion, guidance and navigation, advanced robotics, and related space and defense-adjacent domains, certain technical data, software, and services may be subject to export control and dual-use technology regulations in India and other applicable jurisdictions, including the SCOMET list under India's Foreign Trade Policy, the U.S. EAR and ITAR (where applicable), and EU dual-use regulations.

For the purpose of export control compliance, we may collect and process the following information about clients, partners, personnel, and visitors:

  • Nationality and citizenship information for personnel who will access controlled technical data, as required by applicable export licensing conditions, technology control plan requirements, or deemed export rules;
  • Organizational ownership and control information to verify that clients and partners are not foreign-controlled entities for purposes of export licensing;
  • End-use and end-user certifications required before sharing controlled technical data or granting access to controlled software platforms; and
  • Denied party screening data — names and organizational identifiers checked against applicable restricted party lists maintained by relevant authorities.

This information is used solely for export control compliance verification, access control decisions, and required regulatory recordkeeping. It is not used for marketing or product development. Retention periods are dictated by applicable export control regulations, which generally require records to be maintained for a minimum of five (5) to ten (10) years. We may be required to disclose this information to relevant export control authorities upon request without prior notice to the affected individual.

15. Data protection impact assessments

Where we plan to introduce a new processing activity — particularly involving new technologies, large-scale processing of sensitive data, systematic monitoring, or AI-assisted processing that may produce significant effects on individuals — we conduct a Data Protection Impact Assessment (DPIA) before commencing that processing, where required by applicable law or identified as high-risk.

We also conduct DPIAs where clients engage us to process personal data through our AI platforms, robotics systems, or autonomous vehicle software, particularly where sensor data may capture individuals in the environment. Results of DPIAs that materially affect a client engagement will be shared with the relevant client where required and appropriate.

Where a DPIA identifies a high residual risk that cannot be mitigated through technical or organizational measures, we will consult the relevant supervisory authority before proceeding with the processing, as required by applicable law.

16. Subprocessors

We engage third-party Subprocessors to support the delivery of our Services. All Subprocessors are required to: (a) process personal data only on our written instructions; (b) implement appropriate technical and organizational security measures equivalent to those described in Section 8; and (c) not engage further subprocessors without our prior consent and equivalent contractual protections.

We maintain a list of our material Subprocessors, including their name, country of operation, and the nature of data processing they perform. This list is available to clients under an active agreement upon written request. We will provide advance notice (of at least thirty (30) days, or as agreed in the applicable SOW) of any intended changes to our Subprocessor list that may affect client data, allowing clients to object to such changes in accordance with the applicable DPA or SOW.

Current categories of Subprocessors include cloud infrastructure and hosting providers, business productivity and collaboration software, security and monitoring tools, payment processing services, customer support and CRM platforms, and analytics providers. We do not engage Subprocessors in jurisdictions subject to comprehensive sanctions or embargo for the processing of client data.

18. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, Services, applicable law (including evolving requirements under India's DPDPA, GDPR, and sector-specific regulations), or business operations. The updated policy will be posted at botrondynamics.com/legal/privacy with a revised version number and "Last updated" date.

For non-material changes (such as typographical corrections, reorganization, or clarifications that do not alter the substance of how we use personal information), the updated policy takes effect upon posting. For material changes — meaning changes that materially affect how we collect, use, or share personal information — we will provide at least thirty (30) days' advance notice through email to registered account contacts or through a prominent notice on our website, before the revised policy takes effect. Clients under active SOWs or DPAs will be individually notified of material changes that affect their engagement, and may negotiate updated DPA terms as necessary.

19. Contact, grievance, and data protection officer

If you have questions, concerns, or requests regarding this Privacy Policy, our data practices, or you wish to exercise your privacy rights, please contact us through the following channels:

Botron Dynamics Pvt Ltd

General privacy enquiries: contact@botrondynamics.com

Legal and compliance: contact@botrondynamics.com

Security disclosures: contact@botrondynamics.com

Data rights requests: contact@botrondynamics.com

Website: botrondynamics.com

Grievance Officer (India — DPDPA): In accordance with India's Digital Personal Data Protection Act, 2023, and applicable Information Technology rules, you may raise grievances regarding this Privacy Policy or our data practices by writing to our designated Grievance Officer at contact@botrondynamics.com. We will acknowledge your grievance within three (3) business days and endeavor to resolve it within thirty (30) calendar days.

EU/UK Representative and DPO: If we appoint a Data Protection Officer (DPO) or EU/UK representative as required by applicable regulation, their contact details will be published here. In the interim, DPO-relevant inquiries may be directed to contact@botrondynamics.com.

Supervisory authority complaints: You have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction. For India, this is the Data Protection Board of India. For EU residents, the competent supervisory authority in your EU member state. For UK residents, the Information Commissioner's Office (ICO). We encourage you to contact us first so we can attempt to address your concern directly.