Privacy Policy - Workspace by AntCloud

1. Introduction

Ant E-Sports Private Limited (referred to as "Company," "we," "us," "our," or "Workspace") operates www.workspace.antcloud.co, a Virtual Desktop Infrastructure (VDI) platform (the "Service"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access and use our Service[1].

Registered Address: Ant E-Sports Private Limited, Delhi, India

Compliance: This Privacy Policy complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) and associated rules[2], as well as other applicable laws and regulations governing data protection in India.

2. Definitions

Data Fiduciary: Ant E-Sports Private Limited acts as the Data Fiduciary in relation to personal data processing under the DPDP Act[3].

Data Principal: You, the user or subscriber of the Workspace Service.

Personal Data: Any information relating to an identified or identifiable individual, including but not limited to name, email address, IP address, device information, usage patterns, and any data you store or process through the Service[2].

Sensitive Personal Data: Personal data including but not limited to financial information, health data, biometric data, or any data you designate as sensitive[1].

Processing: Any operation performed on personal data, including collection, storage, use, analysis, transmission, and deletion[2].

3. Information We Collect

We collect personal data in the following categories:

3.1 Information You Provide Directly

Account Information: Name, email address, phone number, organization details, billing address, and payment information during registration and account setup[1]
Subscription and Profile Data: Workspace preferences, profile settings, two-factor authentication methods, and security questions
Communication Data: Messages, feedback, support tickets, and communications with our customer support team
Content and Files: Any data, files, documents, or information you upload, store, process, or transmit through the Service[2]

3.2 Information Collected Automatically

Usage Data: Login times, session duration, features accessed, pages viewed, and interactions with the platform[3]
Device Information: Device type, operating system, browser type, unique device identifiers, mobile network information, and device settings
Network Information: IP address, MAC address, connection type, bandwidth usage, and network protocol information[2]
Location Data: Approximate geographic location based on IP address (not precise GPS)
Authentication Data: Login timestamps, failed authentication attempts, and security-related logs
Performance Data: Application performance metrics, error logs, and diagnostic information[1]

3.3 Information from Third Parties

Payment Processors: Payment status, transaction details, and billing information from authorized payment gateways
Identity Verification Services: Verification status and KYC related information from authorized third-party providers (if applicable)
Business Partners: Information shared with us by your organization or employer for enterprise deployments

4. Legal Basis for Processing

Under the DPDP Act, we process personal data based on the following legal grounds[3][2]:

4.1 Explicit Consent

We obtain your free, specific, informed, unconditional, and unambiguous consent before collecting and processing personal data[2]. Consent is provided through clear affirmative action (e.g., checkbox confirmation, explicit opt-in) and not through pre-ticked boxes or bundled permissions[1].

Consent Notice:

When you register for Workspace, you will receive a comprehensive consent notice specifying:

What personal data is being collected
The purposes for which it is being processed
How long your data will be retained
Your rights regarding your personal data
How to withdraw consent

4.2 Performance of Contract

We process personal data necessary to provide, maintain, and support the Service under your subscription agreement[3].

4.3 Legitimate Interests

Limited processing is conducted for:

Fraud prevention and security hardening[1]
Maintaining platform integrity and stability
Compliance with legal obligations
Protecting the rights, privacy, and safety of our users and the Company

4.4 Legal Compliance

We process personal data when required by law, court orders, or government authority requests[2].

5. Purpose of Data Processing

We process your personal data exclusively for the following specified purposes[2]:

Service Delivery: Providing, maintaining, updating, and supporting the Workspace VDI platform
Account Management: Creating and managing your account, authentication, and access control
Billing and Payments: Processing subscriptions, billing, invoicing, and payment collection
Communication: Sending service-related notifications, updates, security alerts, and responding to your inquiries
Security and Fraud Prevention: Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues[1]
Performance Monitoring: Analyzing platform performance, identifying bugs, and optimizing service quality
Legal Compliance: Meeting regulatory requirements and responding to legal inquiries
Customer Support: Providing technical assistance, troubleshooting, and resolving issues
Platform Improvement: Conducting research, analytics, and service enhancement
Audit and Logging: Maintaining records for security, compliance, and operational purposes[3]

Restriction: We do not process personal data for purposes other than those specified above without obtaining fresh, explicit consent[2].

6. Data Retention

We retain personal data based on the purpose of processing and applicable legal requirements[1]:

Data Category	Retention Period	Justification
Account Information	Duration of subscription + 1 year	Billing, dispute resolution, DPDP compliance
Usage and Activity Logs	12 months	Security audit trails, performance analysis
Authentication Logs	90 days	Security monitoring and incident response
Customer Support Records	3 years	Dispute resolution, service improvement
Financial/Billing Data	7 years	Tax compliance, accounting standards, GST regulations
Deleted Account Data	30 days	Recovery option, data integrity verification
Content Uploaded by Users	As long as account active, 30 days after deletion	User choice, service delivery

Secure Deletion: Upon deletion or retention period expiration, personal data is permanently destroyed using industry-standard cryptographic erasure methods or secure overwriting[2].

7. Data Security

We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction[1][3]:

7.1 Technical Safeguards

Data Encryption: End-to-end encryption for data in transit (TLS 1.3+) and at-rest encryption using AES-256 or equivalent standards[2]
Access Control: Role-based access control (RBAC) and principle of least privilege limiting data access to authorized personnel only[3]
Multi-Factor Authentication (MFA): Mandatory MFA for administrator accounts and optional MFA for user accounts
Network Security: Firewalls, intrusion detection/prevention systems, and regular penetration testing
Secure Coding: Regular code reviews, static analysis, and security testing[1]
Vulnerability Management: Regular security audits, patch management, and security updates
Secure Session Management: Session timeouts, secure cookie handling, and protection against session hijacking
Data Minimization: Pseudonymization and masking of sensitive data where possible[2]

7.2 Organizational Safeguards

Personnel Training: Security awareness training for all employees handling personal data
Access Agreements: Confidentiality and non-disclosure agreements with all personnel and contractors[3]
Incident Response: Documented incident response and data breach remediation procedures
Third-Party Assessment: Regular security assessments of service providers and processors
Data Governance: Clear data handling policies and procedures

7.3 Limitations

While we implement industry-standard security measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security of your personal data[1].

8. Data Sharing and Third Parties

8.1 We May Share Personal Data With

Service Providers and Processors: Cloud infrastructure providers (AWS, Azure, GCP), payment processors, analytics providers, and support service providers who process data on our behalf under data processing agreements[2][3]
Business Partners: Your organization (for enterprise deployments) with your consent
Legal Authorities: Government agencies, law enforcement, or courts when required by legal process or for legal compliance[1]
Professional Advisors: Legal counsel, auditors, and accountants for compliance and legal purposes
Successor Organizations: In case of merger, acquisition, or business transfer, with your notification

8.2 We DO NOT Sell Personal Data

We do not sell, rent, lease, or otherwise disclose personal data to third parties for marketing purposes without explicit consent[2].

8.3 Data Processing Agreements

All third-party processors and service providers are bound by written Data Processing Agreements (DPA) that comply with DPDP Act requirements and impose equivalent data protection obligations[3].

9. Your Rights and Choices

Under the DPDP Act, you have the following fundamental rights regarding your personal data[2][1]:

9.1 Right to Access

You have the right to request access to personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request[3].

How to Exercise: Send a written request to privacy@antcloud.co with the subject "Right to Access - [Your Name]"

9.2 Right to Correction

You may request correction of inaccurate or incomplete personal data. We will update your information within 30 days[2].

How to Exercise: Submit corrections through your account settings or contact privacy@antcloud.co

9.3 Right to Erasure

You have the right to request erasure ("right to be forgotten") of your personal data when:

Data is no longer necessary for the purpose collected
You withdraw consent and no other legal basis exists[1]
Processing is unlawful
Erasure is required by law

Limitations: We may retain data if legally required or for legitimate security and compliance purposes[3].

How to Exercise: Send written request to privacy@antcloud.co with subject "Right to Erasure - [Your Name]"

9.4 Right to Withdraw Consent

You may withdraw consent for data processing at any time. Withdrawal does not affect the lawfulness of processing before withdrawal but may impact service delivery[2].

How to Exercise: Submit withdrawal request through account settings or email privacy@antcloud.co

9.5 Right to Grievance Redressal

If you believe we have violated your privacy rights, you have the right to lodge a grievance with us. We will respond within 30 days[1].

How to Exercise: Submit grievance to grievance@antcloud.co with detailed description

9.6 Right to Nomination

You may nominate a person to exercise your rights in case of your death or incapacity[3].

How to Exercise: Register nomination through account settings or contact privacy@antcloud.co

9.7 Right to Restrict Processing

You may request restriction of processing in specific circumstances, limiting our use of your data[2].

9.8 Additional Choices

Communication Preferences: Manage email and notification settings through your account dashboard
Cookies: Configure cookie preferences (though some cookies are essential for service functionality)
Advertising: Opt-out of targeted marketing communications[1]
Data Portability: Request your data in a portable, standard format

10. Cookies and Tracking Technologies

10.1 Cookie Types

We use the following types of cookies[2]:

Cookie Type	Purpose	Duration	Consent Required
Essential Cookies	Session management, authentication, security	Session/1 year	No
Performance Cookies	Analytics, user behavior analysis	12 months	Yes
Functional Cookies	Remember preferences, language settings	1 year	Yes
Marketing Cookies	Targeted advertising, remarketing campaigns	2 years	Yes

10.2 Cookie Management

You can manage cookie preferences through:

Browser Settings: Most browsers allow cookie rejection or deletion
Account Preferences: Configure tracking settings in your account dashboard
Do Not Track: If your browser sends DNT signals, we respect such preferences

Note: Rejecting essential cookies may impair platform functionality[3].

10.3 Similar Tracking Technologies

We may use pixels, web beacons, and similar technologies for analytics and security purposes[1].

11. Cross-Border Data Transfers

11.1 Transfer Restrictions

Under the DPDP Act, transfer of personal data outside India is restricted. We transfer personal data to countries outside India only when:[2]

Explicitly permitted under DPDP Act Schedule 2 (notified countries)
You provide explicit consent for transfer
The recipient country provides adequate data protection equivalent to DPDP Act requirements[3]

11.2 Current Transfer Locations

We currently store and process data primarily within India. Where transfer outside India is necessary, we transfer to countries approved by the Government of India or equivalent jurisdictions[1].

11.3 Data Localization

Our primary data centers and servers are located in India. Backup copies may be maintained in secure, notified locations for disaster recovery and business continuity[2].

12. Data Breach Notification

12.1 Breach Detection and Response

In the event of a data breach involving unauthorized access, disclosure, or loss of personal data, we will[3]:

Investigate the breach to determine scope, affected data, and impact
Notify Data Principals without unreasonable delay (typically within 72 hours) via email to the registered email address
Notify Authorities to the Data Protection Board of India if required by law[1]
Document the breach, response actions, and remediation measures

12.2 Breach Notification Content

Breach notifications will include:

Description of the breach and data affected
Likely consequences of the breach
Measures taken or proposed to address the breach and minimize harm[2]
Contact information for our grievance redressal team

12.3 Mitigation Measures

Following any breach, we will implement enhanced security measures to prevent recurrence[3].

13. Children's Privacy

The Workspace Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children[1]. If we learn that personal data from individuals under 18 has been collected, we will:

Delete such data promptly
Notify the parent/guardian
Comply with all applicable laws regarding children's privacy[2]

If you believe we have collected data from a child, please contact privacy@antcloud.co immediately.

14. International Privacy Standards

While primarily compliant with DPDP Act, our practices also align with[1]:

GDPR Standards: For users in EU/EEA jurisdictions
ISO 27001: Information security management standards
SOC 2 Type II: Service organization controls for security and confidentiality[3]

15. Contact Information

15.1 Data Fiduciary

Ant E-Sports Private Limited

Address: Delhi, India

Email: privacy@antcloud.co

Grievance Email: grievance@antcloud.co

Response Time: We aim to respond to all requests within 30 days[2].

15.2 Data Protection Officer (If Applicable)

Contact details for our Data Protection Officer (when appointed) will be updated in this Privacy Policy[1].

15.3 Regulatory Grievance

For unresolved privacy concerns, you may lodge a grievance with: Data Protection Board of India (when established)

16. Policy Updates

We reserve the right to update this Privacy Policy to reflect:

Changes in our data practices
Regulatory requirement updates
Technology improvements
Other operational reasons[2]

Notification: We will notify you of material changes via email or platform notification at least 30 days before implementation[1].

Continued Use: Your continued use of the Service following policy updates constitutes acceptance of modified terms[3].

17. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of India, specifically:

Digital Personal Data Protection Act, 2023
Information Technology Act, 2000
General Contract Law principles[2]

Jurisdiction: Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of courts in Delhi, India[1].

Dispute Resolution: Before initiating legal proceedings, we encourage resolution through:

Good faith discussion and negotiation
Grievance redressal mechanism (within 30 days)
Mediation or arbitration (if agreed)[3]

18. Compliance Checklist

This Privacy Policy ensures compliance with[2][1]:

✓ DPDP Act 2023 and DPDP Rules 2025
✓ Information Technology Act, 2000
✓ Indian Contract Act, 1872
✓ ISO/IEC 27001 Information Security Standards
✓ Data minimization and purpose limitation principles
✓ Security and breach notification requirements
✓ User rights and consent mechanisms[3]

19. Acknowledgment

By accessing and using the Workspace Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy[1].