Privacy Policy

Last updated: 6 March 2026

Discom360 is a product of Stratalis Tech LLP ("we", "us", "our"). This Privacy Policy describes how we collect, use, store, and protect information when you access or use the Discom360 platform, including our website at discom360.com and any associated services, applications, or interfaces (collectively, the "Platform").

The Discom360 Platform serves the power distribution sector — a domain classified as critical national infrastructure. Our data practices are designed accordingly, with an emphasis on cybersecurity, operational integrity, and regulatory compliance.

1. Information We Collect

1.1 Information You Provide

When you register for an account, request a demo, or contact us, you may provide information such as your name, email address, phone number, organisation name, and job title. We collect only the information necessary to deliver the service you have requested.

1.2 Automatically Collected Information

When you access the Platform, we automatically collect certain technical and operational data. Given the critical infrastructure context in which Discom360 operates, this data collection is essential for maintaining platform security, detecting threats, and ensuring service integrity. Automatically collected information includes:

  • IP addresses — used for access authentication, geolocation-based security policies, threat detection, and forensic analysis in the event of a security incident.
  • Device identifiers — including browser type, operating system, hardware identifiers, and session tokens — used to enforce device-level access controls and detect unauthorised access attempts.
  • Location data — derived from IP geolocation or, where explicitly permitted by the user, from device GPS — used to enforce geographic access policies, support field operations, and correlate user activity with operational zones.
  • Usage and access logs — timestamps, pages visited, features accessed, API calls made, and actions performed — used for operational analytics, performance monitoring, anomaly detection, and regulatory audit compliance.

1.3 Metering and Operational Data

The Platform processes metering data, network telemetry, billing records, and other operational data on behalf of our DISCOM clients. This data is owned by the respective client and is processed by Discom360 solely in accordance with the terms of the applicable service agreement. We do not use client operational data for any purpose other than delivering the contracted service.

2. How We Use Collected Information

We use the information described above for the following purposes:

  • Platform security and cybersecurity — monitoring for intrusion attempts, brute-force attacks, credential abuse, and other threats to the integrity of critical infrastructure systems.
  • Service delivery and improvement — ensuring platform availability, diagnosing technical issues, and improving system performance.
  • Operational analytics — understanding usage patterns to optimise the user experience and inform product development.
  • Regulatory and compliance obligations — maintaining audit trails and records as required by applicable laws and regulations governing critical infrastructure and data protection.
  • Communication — responding to enquiries, providing service notifications, and sharing relevant product updates (with your consent where required).

3. Data Sharing

We do not sell, rent, or trade personal information to third parties. We may share information only in the following limited circumstances:

  • With authorised personnel of the DISCOM client organisation, in connection with the delivery of contracted services.
  • With infrastructure and hosting providers who process data on our behalf, subject to strict contractual data protection obligations.
  • When required by law, regulation, legal process, or enforceable governmental request.
  • To protect the rights, safety, or security of our users, the Platform, or the public — particularly in the context of threats to critical infrastructure.

4. Data Retention

We retain personal information for as long as necessary to fulfil the purposes described in this policy, comply with legal and regulatory obligations, and support legitimate operational and security needs. When data is no longer required, it is securely deleted or anonymised.

Metering and operational data is retained in accordance with the terms of each client's service agreement and applicable regulatory requirements.

5. Data Security

We implement industry-standard technical and organisational measures to protect the information we process, including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Role-based access control with least-privilege enforcement
  • Immutable audit logging of all administrative and data-access actions
  • Regular penetration testing and vulnerability assessments
  • Incident response procedures aligned with critical infrastructure security standards

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict the processing of your personal information. To exercise these rights, please contact us at legal@stratalis.in. We will respond to all legitimate requests within a reasonable timeframe and in accordance with applicable law.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or by email. Continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

8. Contact

For questions or concerns about this Privacy Policy or our data practices, please contact:

Stratalis Tech LLP
Email: legal@stratalis.in
Web: stratalis.in