Privacy Policy

1. Scope and Application

This Privacy Policy applies to all users of our Services, including clients who reach us for prototyping services, customers who integrate devices or applications, end-users of those applications or devices, device owners, and visitors to our websites or portals.

This Privacy Policy also applies to personal data processed on behalf of our customers (i.e., data that you upload or that your devices generate). In such cases, we act as a processor under the customer's direction unless otherwise agreed to in a separate data processing agreement.

This Privacy Policy does not govern third-party services or components that integrate with the Services. For third parties, their own privacy terms will apply.

2. Definitions

• Personal Data/Personal Information: information that identifies, relates to, describes, or can be associated with an individual (directly or indirectly).
• Device Data/Telemetry Data: data generated by devices, such as status readings, data streams, logs, diagnostics, usage metrics, etc.
• Service Data: data (including but not limited to Device Data) processed or stored by the Platform to provide the Services.
• Customer/Client: an entity subscribing to the Services and using the Platform to manage devices, users, or applications.
• End User: a person using a device or application linked to the Platform via a Customer.
• Aggregate / Anonymous Data: data that has been de-identified or aggregated so that it no longer identifies any individual.
• Third-party: a person or entity other than you, or us, including but not limited to our contractors/affiliates and social media platforms.

3. Information We Collect

We collect various categories of information from or about you (or via your devices) when you use our Services:

3.1 Information You Provide

• Account/profile data: Name, email address, phone number, company name, mailing address, job title, username/password, preferences, and similar contact or professional information.
• Billing and payment information: For paid plans, we or our third-party payment processors may collect billing address, credit card, or bank information (or direct debit) to process payments. We do not store full payment card data ourselves.
• User content: files, images, text, logs, metadata, firmware, configuration, scripts, or other material you upload, provide, or generate via the Platform.
• Customer support, feedback, or communications: when you contact us for support, submit surveys, or provide feedback, we may collect the contact details you provide and any other information you include.
• Marketing and preferences: mailing preferences, opt-in/opt-out status for communications, event registrations, newsletters.
• Other information: We may collect information that is not specifically listed here but will be used according to our Privacy Policy or as otherwise disclosed at the time of collection.

3.2 Information Collected Automatically

• Device telemetry and usage logs: Sensor readings, status updates, error logs, operational metrics, alerts, firmware version, uptime, connectivity events, etc.
• Technical and diagnostic data: IP addresses, device identifiers, MAC addresses, OS/firmware versions, connectivity metadata, timestamps, usage statistics, performance metrics, crash reports.
• Usage analytics: This includes information regarding how the Services are used, which features are accessed, frequency, interaction logs, pages visited, API calls, and performance metrics.
• Cookies, web beacons, and similar technologies: On our websites or portals, we may use cookies, local storage, tracking pixels, or analytics tools to collect device/browser identifiers, usage logs, referrer data, and related metadata.

3.3 Information from Third-Party Sources

Our Services may include links to third-party websites, integrations, plugins, or embedded content (such as social media). We do not control third parties’ privacy practices. Once you leave our Services or interact with third-party content, the privacy policies of those third parties apply. You are encouraged to review them before using such services.

• Affiliates and partners: We may receive information about you from our affiliates, partners, or vendors (e.g., identity verification providers, marketing partners).
• Public sources: We may gather business contact or profile data from public directories or publicly available sources.
• Third-party APIs/integrations: If you authorize integration with third parties (e.g., social login, identity providers), we may receive information from them (subject to your permissions).
• Data provided by others: For instance, when other users purchase Services on your behalf, they may provide us with your personal data, including, but not limited to, your name and contact information.

4. Legal Bases, Purposes, and Use of Information

4.1 Legal Basis

Depending on your jurisdiction, we rely on one or more of the following as lawful grounds for processing personal data:

• Consent given by you when you agree to our policy and use our Services.
• Performance of contractual obligations to deliver the Services you request.
• Legitimate interest to improve our products, direct marketing, maintain security to ensure functionality of Services, and provide you with excellent customer service.
• Compliance with our legal obligations.

4.2 Uses of Collected Information

We may use personal and device data for the following:

• Process transactions, fulfill orders, and maintain the Services, including prototyping, operation, authentication, provisioning, device management, firmware updates, dashboards, APIs.
• Deliver customer support and respond to inquiries
• To optimize performance, reliability, capacity, user experience, and security.
• To detect, prevent, and mitigate fraud, abuse, security risks, or operational issues.
• To communicate with you through updates, alerts, support responses, and announcements.
• To offer, upgrade, or develop new features and enhancements.
• To comply with legal obligations or respond to lawful requests from authorities or courts.
• To enforce our Terms of Service or other agreements.
• To send marketing or promotional communications, subject to your consent, where required.
• To aggregate or anonymize data to derive insights, statistics, usage patterns, and metrics.
• To carry out internal audits, research, and business intelligence.

Note: If we process data on behalf of a Customer in the capacity of a processor, we only process it according to the instructions given by the Customer, subject to contractual agreements.

5. Sharing, Disclosure, and Transfer of Information

We do not sell or rent your personal data. We may share or disclose information in the following scenarios:

5.1 With Service Providers and Subprocessors

We may engage third-party service providers and subprocessors, including, but not limited to, analytics vendors, shipping and logistics partners, email providers, customer support vendors, and monitoring or logging services, to perform services on our behalf. We require them to abide by confidentiality, security, and data protection obligations and process data only as instructed.

5.2 With Customers/Authorized Parties

We may disclose End-User data to a Customer (or the entity that owns or operates the end-user’s device or application) per the terms of their agreement. Customers may access data generated by their own devices or users.

5.3 Aggregate / De-identified Data

We may share aggregated or anonymized data (which does not identify individuals) with third parties for benchmarking, research, or marketing purposes without restriction.

5.4 Business Transfers

In connection with a merger, acquisition, sale, or asset transfer, we may transfer data (including personal data) to the acquiring entity, subject to confidentiality and data protection assurances.

5.5 Compliance, Legal Process, and Protection of Rights

We may disclose personal data to respond to lawful requests by public authorities (such as court orders, subpoenas), to investigate or prevent illegal activity, to enforce our rights, or to protect the rights, property, or safety of Protonest Connect, customers, or others.

5.6 International Transfers

We are headquartered in Sri Lanka, and all data, including personal data, will be transferred to or processed in Sri Lanka with potentially different data protection laws. Where required, we use appropriate safeguards according to the jurisdiction of the Customer to ensure adequate protection of personal data. By using the Services, you consent to such transfers under the terms of this policy.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy or as otherwise permitted or required by applicable law.

For data processed for customers, we follow the customer's retention instructions (subject to legal requirements). After termination or expiration of customer service, customers may request deletion or return of data. Unless otherwise instructed, we may retain some data for backup, compliance, or legitimate business purposes, subject to anonymization where feasible. Further, log, diagnostic, and audit data may be purged periodically according to internal schedules.

If legal obligations (such as tax, compliance, or litigation) require longer retention, we may retain specific data accordingly but limit access and usage.

7. Security and Protection of Information

We implement and maintain reasonable technical, organizational, and administrative safeguards to protect the confidentiality, integrity, and availability of personal data, including:

• Encryption in transit (TLS) and at rest, where feasible
• Audit, logging, intrusion detection, and monitoring
• Regular security assessments, penetration testing, and vulnerability management
• Secure software development practices, patching, and updates
• Incident response plans and breach notification procedures

However, please note that we cannot assure you of absolute security. You acknowledge that data transmission over the Internet involves risks, and you are responsible for appropriate safeguards.

8. Children’s Privacy

Our Services are not directed to persons under the age of 18 (or the equivalent minimum age under applicable laws). We do not knowingly collect personal data from children under that age without parental consent. If we learn that we have collected such information improperly, we will take steps to delete such data.

9. Your Rights and Choices

Depending on your jurisdiction, you may have one or more of the following rights regarding your personal data:

• Access / Portability: Request a copy of the personal data we hold about you.
• Correction / Rectification: Request correction of inaccurate or incomplete information.
• Deletion / Erasure: Request deletion of personal data (subject to legal or contractual retention obligations).
• Restriction / Objection: Request limitations on processing or object to specific processing (e.g., direct marketing).
• Withdraw Consent: Where processing is based on consent, withdraw it (without affecting prior processing).
• Data Portability: Request transfer of data to another provider (where technically feasible).
• Lodge a Complaint: With applicable supervisory authorities.

To exercise these rights, you may contact us using the details below. We will respond within applicable legal timeframes.

Please note that we may require identity verification and relevant permissions (in the case you handle the platform on behalf of a client) to ensure the security of data, and may deny requests in limited circumstances (such as when the law requires retention or for security).

You also have choices about:

• Cookie/tracking preferences: We use cookies and similar tracking technologies to enhance functionality, analyze performance, and personalize content. You may disable or block cookies via browser settings (though some features may not work). A more detailed cookie policy will be provided soon. By continuing to use the site, you consent to our use of cookies.
• Marketing communications: you may opt out or unsubscribe from promotional emails or communications.
• Integrations/authorizations: manage third-party consents or revoke permissions you previously granted.

10. California Consumer Privacy

If you are a California resident, you may have rights under California Civil Code Section 1798.83 (“Shine the Light” law) to request information about how we share your personal information with third parties for their direct marketing purposes. You may ask, once per calendar year, that we provide (i) a list of the categories of personal information we have disclosed to third parties or affiliates for direct marketing purposes, and (ii) the names and addresses of those third parties. To make such a request, please contact us by the email address provided at the end of this document, with the subject line “Your California Privacy Rights”. Please note that we do not disclose personal information to third parties for their direct marketing purposes without your consent.

11. Changes to this Policy

We may update this policy over time. If we make material changes, you will be notified and the updated version will be posted with a revised effective date. Continued use of the Services after the changes constitutes acceptance.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact:

If you believe we have violated applicable data protection laws, you may lodge a complaint with your local supervisory authority.