EmpTrack AI — Terms and Conditions
Operator: EmpTrack AI, a workforce intelligence and Human Resource Management System (HRMS) platform founded and operated by Lakshay Devendra Porchattiwar (Founder & CEO) (the "Company", "EmpTrack AI", "we", "us", or "our").
Registered Office: 53B, Deepakamale Layout, Trilok Nagar, Duttawadi, Wadi, Nagpur - 440021, Maharashtra, India Grievance / Contact Email: user.support@emptrackai.online Governing Country: India
Effective Date: [Insert Date] Version: 1.0 Last Updated: [Insert Date] Platform Status: Under active development (beta / pre-release) — see Clause 17.4
Notice: These Terms and Conditions ("Terms") are a legally binding electronic agreement executed under the Information Technology Act, 2000 and the Indian Contract Act, 1872. They do not require a physical signature and are valid and enforceable as an electronic record under Section 10A of the Information Technology Act, 2000. Please read them carefully before accessing or using the Platform.
1. Definitions and Interpretation
1.1. "Platform" means the EmpTrack AI cloud-based Software-as-a-Service (SaaS) HRMS and workforce intelligence application, including all modules such as Employee Management, Attendance, Leave Management, Payroll, Recruitment, Performance Management, AI Analytics, AI Assistant, Document Management, Asset Management, Organization Management, Notifications, Employee Self-Service, Role-Based Access Control, Audit Logs, Email Automation, OTP Verification, Reporting, Workflow Automation, AI Insights, and Productivity Analytics, together with all associated websites, APIs, mobile or web interfaces, and documentation.
1.2. "Customer" (also "Subscriber", "you", "your") means the organization or individual that registers for, subscribes to, or uses the Platform, including its authorized administrators.
1.3. "Authorized User" means an employee, contractor, or representative of the Customer who is permitted by the Customer to access the Platform under the Customer's subscription.
1.4. "Data Principal" has the meaning given under the Digital Personal Data Protection Act, 2023 (DPDP Act) — the individual to whom personal data relates (for example, an employee or job applicant).
1.5. "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023, and includes "Sensitive Personal Data or Information" (SPDI) as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
1.6. "Data Fiduciary" and "Data Processor" carry the meanings assigned under the DPDP Act, 2023. In respect of employee and applicant data uploaded by the Customer, the Customer is the Data Fiduciary and EmpTrack AI acts as a Data Processor processing such data on the Customer's documented instructions.
1.7. "Content" means all data, text, documents, files, records, and information uploaded, generated, or stored on the Platform by the Customer or its Authorized Users.
1.8. "Other HRMS Tools" means any third-party human resource management, payroll, recruitment, or workforce management software, service, or platform other than EmpTrack AI. No reference in these Terms to other HRMS tools is intended to name, endorse, disparage, or compare against any specific third-party product.
1.9. "Applicable Law" means all laws, rules, and regulations of India applicable to the Platform, including but not limited to those listed in Clause 21.
1.10. Interpretation: headings are for convenience only; the singular includes the plural; and references to statutes include any amendment or re-enactment thereof.
2. Acceptance of Terms
2.1. By registering for, accessing, or using the Platform, you confirm that you have read, understood, and agree to be bound by these Terms, our Privacy Policy, Acceptable Use Policy, and any applicable Data Processing Agreement (DPA) and Service Level Agreement (SLA).
2.2. If you are accepting these Terms on behalf of an organization, you represent that you are duly authorized to bind that organization, and "you" refers to that organization.
2.3. If you do not agree to these Terms, you must not access or use the Platform.
2.4. Acceptance is recorded as an electronic record and forms a valid contract under Section 10A of the IT Act, 2000 and the Indian Contract Act, 1872.
3. Eligibility and Age
3.1. The Platform is intended for use by businesses and their Authorized Users who are at least 18 years of age and competent to contract under Section 11 of the Indian Contract Act, 1872.
3.2. The Platform is not directed at children. Consistent with the DPDP Act, 2023, EmpTrack AI does not knowingly process the personal data of a child (a person below 18 years of age) without verifiable consent of a parent or lawful guardian. The Customer warrants that it will not upload children's data to the Platform except where lawfully permitted and with the required consent obtained by the Customer.
4. Scope of Service and License Grant
4.1. Subject to these Terms and payment of applicable fees, EmpTrack AI grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Platform for its internal business HR operations during the subscription term.
4.2. The Platform is provided on a subscription (SaaS) basis. No copy of the software is sold or delivered to the Customer, and no ownership rights in the software are transferred.
4.3. This license does not permit the Customer to: (a) resell, rent, lease, or commercially exploit the Platform; (b) reverse engineer, decompile, or attempt to extract source code except to the extent permitted by law; (c) build a competing product; or (d) use the Platform to benchmark against other HRMS tools for public comparison without written consent.
5. Customer Accounts, Access, and Security Responsibilities
5.1. The Customer is responsible for maintaining the confidentiality of account credentials and for all activity under its account and those of its Authorized Users.
5.2. EmpTrack AI provides security controls including Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), One-Time Password (OTP) verification, and Audit Logs. The Customer agrees to configure and enforce these controls appropriately, applying the principle of least privilege.
5.3. The Customer must promptly notify EmpTrack AI of any unauthorized access, credential compromise, or suspected security incident affecting its account.
5.4. The Customer is responsible for the accuracy, legality, and lawful collection of all Content it uploads, including obtaining any consents required from Data Principals under the DPDP Act, 2023.
6. Acceptable Use
6.1. The Customer and its Authorized Users shall not use the Platform to:
- (a) upload, transmit, or store any content that is unlawful, defamatory, obscene, or that violates the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021;
- (b) infringe any intellectual property, privacy, or other rights of any third party;
- (c) introduce viruses, malware, or malicious code, or attempt to gain unauthorized access to the Platform or its systems (which would constitute offences under Sections 43, 43A, 65, and 66 of the IT Act, 2000, and, where applicable, related offences such as cheating and forgery under the Bharatiya Nyaya Sanhita, 2023);
- (d) use the Platform for unlawful surveillance, discrimination, or any purpose that violates employment or labour laws;
- (e) circumvent, disable, or interfere with security features, rate limits, or usage restrictions; or
- (f) misuse the AI features (see Clause 9), including attempts at prompt injection, model abuse, or extraction of training data.
6.2. EmpTrack AI reserves the right to suspend access, on notice where practicable, to prevent harm, comply with law, or protect the Platform and other customers.
7. Data Protection, Privacy, and the Right to Privacy
7.1. Constitutional foundation. EmpTrack AI recognizes that the right to privacy is a fundamental right under Article 21 of the Constitution of India, as affirmed by the Supreme Court in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017). The Platform is designed to respect informational privacy, data minimization, and purpose limitation consistent with this principle.
7.2. Roles. For personal data uploaded by the Customer (such as employee, applicant, and payroll data), the Customer is the Data Fiduciary and EmpTrack AI is the Data Processor, processing personal data only on the Customer's documented instructions, in accordance with the DPDP Act, 2023 and Clause 8 below.
7.3. Lawful basis and consent. The Customer is responsible for establishing a lawful basis (consent or legitimate/lawful use) for the personal data it processes through the Platform, and for providing required notices to Data Principals under Section 5 of the DPDP Act, 2023.
7.4. Data principal rights. EmpTrack AI will provide reasonable technical means to assist the Customer in honouring Data Principal rights under the DPDP Act, 2023, including the right to access, the right to correction and erasure, the right of grievance redressal, and the right to nominate.
7.5. Sensitive data. Where the Platform processes SPDI (such as financial/payroll information, and where applicable biometric or health data), EmpTrack AI applies the reasonable security practices required under the SPDI Rules, 2011 (Rule 8) and Section 43A of the IT Act, 2000.
7.6. Data minimization and retention. Personal data is retained only as long as necessary for the purposes for which it was collected or as required by law. Retention and deletion are governed by Clause 15.
7.7. Full details of processing are set out in our Privacy Policy and, for enterprise customers, a separate Data Processing Agreement (DPA), which are incorporated into these Terms by reference.
8. Data Processing Obligations of EmpTrack AI
As Data Processor, EmpTrack AI shall:
8.1. process personal data only on the Customer's documented and lawful instructions;
8.2. implement reasonable security practices and procedures as required under Section 43A of the IT Act, 2000 and the SPDI Rules, 2011, and consistent with recognized standards such as ISO/IEC 27001 (see Clause 10);
8.3. ensure that personnel authorized to process personal data are bound by confidentiality obligations;
8.4. not engage a sub-processor without informing the Customer, and shall impose equivalent data-protection obligations on any sub-processor;
8.5. assist the Customer, to the extent reasonable, in responding to Data Principal requests and regulatory obligations under the DPDP Act, 2023;
8.6. notify the Customer without undue delay upon becoming aware of a personal data breach, so that the Customer can meet its notification obligations (see Clause 11); and
8.7. on termination, delete or return personal data in accordance with Clause 15, subject to legal retention requirements.
9. Artificial Intelligence Features and Governance
9.1. Scope. The Platform includes AI-driven features such as AI Analytics, AI Assistant, AI Insights, and Productivity Analytics. These features generate suggestions, summaries, and analytics to support — not replace — human decision-making.
9.2. Human oversight. AI outputs are advisory. The Customer remains solely responsible for all HR decisions (including hiring, performance, and disciplinary actions). Meaningful human oversight must be applied before acting on any AI output, consistent with the principle of non-discrimination under Article 14 of the Constitution of India.
9.3. Fairness and non-discrimination. EmpTrack AI endeavours to design AI features to reduce bias; however, the Customer must independently ensure that its use of AI outputs complies with applicable equal-opportunity and labour laws and does not result in unlawful discrimination.
9.4. Transparency and limitations. AI outputs may be incomplete, inaccurate, or subject to "hallucination." No AI output constitutes legal, financial, or professional advice. The Customer must validate outputs before reliance.
9.5. AI security. EmpTrack AI applies controls to mitigate prompt injection, model abuse, and unauthorized data extraction. The Customer shall not attempt to exploit, reverse engineer, or misuse the AI features.
9.6. No unauthorized training. EmpTrack AI shall not use the Customer's personal or confidential Content to train generative AI models for the benefit of third parties without the Customer's consent, except for aggregated, de-identified, or anonymized data used to improve service quality.
10. Security Commitments — Your Data Is Safe
EmpTrack AI treats security as a core obligation, aligned with the "reasonable security practices" standard under Section 43A / SPDI Rules, 2011 and international best practice. Our safeguards include:
10.1. Encryption of data in transit (TLS) and at rest using industry-standard cryptography.
10.2. Access control through RBAC, MFA, OTP verification, and enforcement of least-privilege access.
10.3. Audit logging of critical activity to support accountability, digital evidence, and investigations (admissible as electronic records under Indian evidence law — see Clause 21).
10.4. Secure development and infrastructure, informed by frameworks such as OWASP and the NIST Cybersecurity Framework, including API security, rate limiting, and secrets management.
10.5. Backups, disaster recovery, and business continuity practices aligned with the goals of ISO 22301.
10.6. Alignment with recognized standards including ISO/IEC 27001 (information security), ISO/IEC 27701 (privacy information management), and SOC 2 control objectives, which the Company works toward and/or maintains as it scales. (Certification status is stated separately in the Company's Trust/Security documentation; nothing in these Terms should be read as a claim to a certification not yet obtained.)
10.7. Incident response procedures consistent with the CERT-In Directions dated 28 April 2022 issued under Section 70B(6) of the IT Act, 2000, including reporting of applicable cyber incidents to CERT-In within the prescribed timelines.
While EmpTrack AI implements strong safeguards, no system can guarantee absolute security. Security is a shared responsibility between EmpTrack AI and the Customer (see Clause 5).
11. Data Breach Notification
11.1. Upon becoming aware of a personal data breach, EmpTrack AI will notify the affected Customer without undue delay, providing available information to enable the Customer to assess and respond.
11.2. EmpTrack AI will report reportable cyber security incidents to CERT-In as required under the CERT-In Directions, 2022 (Section 70B, IT Act, 2000).
11.3. Where required under the DPDP Act, 2023, the Customer (as Data Fiduciary) is responsible for notifying the Data Protection Board of India and affected Data Principals; EmpTrack AI will provide reasonable assistance.
12. Intellectual Property Rights
12.1. Company IP. All rights, title, and interest in the Platform, including software, source code, design, trademarks, logos, and documentation, are and remain the exclusive property of EmpTrack AI, protected under the Copyright Act, 1957, the Trade Marks Act, 1999, and the Patents Act, 1970, as applicable.
12.2. Customer Content. The Customer retains all ownership of its Content. The Customer grants EmpTrack AI a limited license to host, process, and display Content solely to provide the Platform.
12.3. Feedback. Any feedback or suggestions the Customer provides may be used by EmpTrack AI without restriction or obligation.
12.4. Third-party and open-source components. The Platform may include third-party or open-source software used in compliance with their respective licenses. A list of such components and licenses is available on request.
12.5. The Customer shall not remove or alter any proprietary notices, and shall not use EmpTrack AI's trademarks without written permission.
13. Fees, Subscription, and Payment
13.1. Fees are as specified in the applicable subscription plan or order form. Unless stated otherwise, fees are exclusive of applicable taxes, including Goods and Services Tax (GST).
13.2. Subscriptions renew as per the selected plan. The Customer authorizes recurring charges where applicable.
13.3. Payment security. Where the Platform processes payments, applicable payment-card data handling follows PCI DSS standards; card data is handled by authorized payment processors and is not stored by EmpTrack AI beyond what is permitted.
13.4. Late or failed payment may result in suspension of access after reasonable notice.
14. Refunds and Cancellation
14.1. Refund and cancellation terms are governed by the Company's Refund Policy and the applicable subscription plan, and are consistent with the Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020.
14.2. Unless otherwise stated, fees for the current term are non-refundable except where required by Applicable Law.
15. Data Retention, Return, and Deletion
15.1. During the subscription, the Customer may export its Content using available tools.
15.2. On termination or expiry, EmpTrack AI will make Content available for export for a limited period ([e.g., 30 days]), after which it will delete or anonymize Content, subject to legal retention obligations.
15.3. Backup copies are deleted in the ordinary course of backup rotation.
15.4. Retention periods for specific record types (e.g., payroll, statutory records) may be governed by applicable labour, tax, and company law, and the Customer is responsible for specifying such requirements.
16. Confidentiality
16.1. Each party shall keep confidential the other party's non-public information and use it only to perform under these Terms.
16.2. Confidentiality obligations survive termination and are without prejudice to any separate Non-Disclosure Agreement (NDA).
16.3. Disclosure required by law or a competent authority is permitted, with notice to the other party where lawful.
17. Warranties and Disclaimers
17.1. EmpTrack AI warrants that it will provide the Platform with reasonable skill and care and in substantial conformity with its documentation.
17.2. Except as expressly stated, the Platform is provided on an "as is" and "as available" basis. To the maximum extent permitted by Applicable Law, EmpTrack AI disclaims all other warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement.
17.3. EmpTrack AI does not warrant that the Platform will be uninterrupted or error-free, or that AI outputs will be accurate or complete.
17.4. Development / Beta Status. The Customer acknowledges and agrees that the Platform is currently under active development and may be provided on a beta, pre-release, or continually evolving basis. As a result, features may be added, changed, or withdrawn; the Platform may contain bugs, errors, incomplete functionality, downtime, or interruptions; and outputs may be imperfect. To the maximum extent permitted by Applicable Law, during this development phase the Platform is provided strictly on an "as is" and "as available" basis, and the Customer is responsible for independently evaluating the Platform's suitability and testing it before relying on it for business-critical, statutory, or payroll operations.
17.5. Shared Responsibility Model. The parties operate under a shared-responsibility model, and each party is responsible for the matters within its own control:
- (a) EmpTrack AI is responsible for the security, maintenance, and lawful operation of the Platform infrastructure that is within its direct control, and for meeting its obligations as a Data Processor under Clause 8.
- (b) The Customer is responsible for its own acts and omissions, including the lawfulness, accuracy, and quality of the Content it uploads; obtaining all required consents and notices from Data Principals under the DPDP Act, 2023; managing Authorized User access, roles, and credentials; and its own use of the Platform and of AI outputs (including the human-oversight obligations in Clause 9).
Accordingly, each party shall bear responsibility for any loss, claim, damage, or liability to the extent it arises from that party's own acts, omissions, negligence, or breach. Neither party shall be liable for loss or damage caused by the other party's fault. This Clause 17.5 operates subject to, and does not enlarge liability beyond, Clause 18 (Limitation of Liability) and Clause 19 (Indemnification).
18. Limitation of Liability
18.1. To the maximum extent permitted by Applicable Law, neither party shall be liable for indirect, incidental, special, consequential, or punitive damages, or loss of profits, revenue, goodwill, or data.
18.2. EmpTrack AI's total aggregate liability arising out of or related to these Terms shall not exceed the total fees paid by the Customer to EmpTrack AI in the twelve (12) months preceding the event giving rise to the claim.
18.3. Nothing in these Terms excludes liability that cannot be excluded under Applicable Law, including liability arising from EmpTrack AI's obligations under Section 43A of the IT Act, 2000 where applicable.
19. Indemnification
19.1. The Customer shall indemnify and hold harmless EmpTrack AI against claims arising from: (a) the Customer's Content; (b) the Customer's breach of these Terms or Applicable Law; (c) the Customer's failure to obtain required consents from Data Principals; or (d) unlawful or discriminatory use of the Platform or AI outputs.
19.2. EmpTrack AI shall indemnify the Customer against third-party claims that the Platform, as provided, infringes the intellectual property rights of a third party in India, subject to the limitations in Clause 18.
20. Suspension, Termination, and Survival
20.1. Either party may terminate for material breach not cured within [30] days of written notice.
20.2. EmpTrack AI may suspend or terminate access for non-payment, unlawful use, or security risk.
20.3. On termination, the license granted ends and the Customer must cease use of the Platform. Clause 15 governs data return/deletion.
20.4. Survival. Clauses relating to Definitions, Intellectual Property, Confidentiality, Data Protection, Warranties/Disclaimers, Limitation of Liability, Indemnification, Governing Law, and any provision that by its nature should survive, shall survive termination.
21. Governing Law, Compliance, and Applicable Regulations
21.1. Governing law and jurisdiction. These Terms are governed by and construed in accordance with the laws of India. Subject to Clause 22, the courts of competent jurisdiction in India — at the seat of the Company's registered office at Nagpur, Maharashtra — shall have exclusive jurisdiction.
21.2. Applicable Indian legal framework. The Platform and these Terms are designed to align with, among others:
- the Constitution of India — in particular Article 21 (right to life and personal liberty, including the right to privacy per Puttaswamy, 2017) and Article 14 (equality before law / non-discrimination, relevant to fair AI use);
- the Information Technology Act, 2000 (including Sections 10A, 43, 43A, 65, 66, 70B, 72, 72A, and 79);
- the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
- the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021;
- the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules made thereunder (as notified by the Central Government);
- the CERT-In Directions dated 28 April 2022 (issued under Section 70B(6), IT Act, 2000);
- the Indian Contract Act, 1872;
- the Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020;
- the Copyright Act, 1957, the Trade Marks Act, 1999, and the Patents Act, 1970;
- India's new criminal codes effective 1 July 2024 — the Bharatiya Nyaya Sanhita, 2023 (BNS) (which replaced the Indian Penal Code, 1860, and covers offences such as cheating, forgery, and fraud including those committed by electronic means), the Bharatiya Nagarik Suraksha Sanhita, 2023 (BNSS) (which replaced the Code of Criminal Procedure, 1973), and the Bharatiya Sakshya Adhiniyam, 2023 (BSA) (which replaced the Indian Evidence Act, 1872, and governs the admissibility of electronic records). The substantive offence provisions of the IT Act, 2000 (Sections 43, 65, 66, etc.) continue to remain in force alongside the BNS; and
- applicable Indian labour, employment, and tax laws (including the four consolidated Labour Codes as and when brought into force) as relevant to HR and payroll processing.
Drafting note (to be removed before publication): The Digital Personal Data Protection Rules operationalizing the DPDP Act, 2023 were released in draft form in early 2025 and are being brought into force in phases. The Company should confirm the current notified/commenced provisions with its legal counsel and update the effective-compliance references accordingly.
21.3. Electronic signatures and records. Electronic acceptance and electronic/digital signatures are legally recognized under Sections 5 and 10A of the IT Act, 2000. Audit logs and electronic records maintained on the Platform are intended to be admissible as electronic evidence under the Bharatiya Sakshya Adhiniyam, 2023.
21.4. Cross-border data transfers. Any transfer of personal data outside India will be conducted in accordance with the DPDP Act, 2023 and any restrictions notified by the Central Government. The Customer will be informed of the location(s) where its data is hosted.
22. Dispute Resolution
22.1. The parties shall first attempt to resolve any dispute amicably through good-faith negotiation.
22.2. Failing resolution within [30] days, the dispute shall be referred to arbitration under the Arbitration and Conciliation Act, 1996, by a sole arbitrator, seated at Nagpur, Maharashtra, India, conducted in English. The award shall be final and binding.
22.3. Nothing prevents either party from seeking urgent interim relief from a competent court in India.
23. Grievance Redressal
23.1. In compliance with the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the grievance-redressal expectations of the DPDP Act, 2023, EmpTrack AI has designated a Grievance Officer / Data Protection Contact:
- Name: Lakshay Devendra Porchattiwar
- Designation: Founder & CEO / Grievance Officer & Data Protection Contact
- Email: user.support@emptrackai.online
- Address: 53B, Deepakamale Layout, Trilok Nagar, Duttawadi, Wadi, Nagpur - 440021, Maharashtra, India
23.2. Grievances relating to data or content will be acknowledged within [48 hours] and resolved within the timelines prescribed under Applicable Law.
24. Changes to the Terms
24.1. EmpTrack AI may update these Terms to reflect changes in law, technology, or the Platform. Material changes will be notified to the Customer by email or through the Platform with reasonable prior notice.
24.2. Continued use after the effective date of updated Terms constitutes acceptance. If the Customer does not agree, it may terminate before the changes take effect.
25. General Provisions
25.1. Entire Agreement. These Terms, together with the Privacy Policy, Acceptable Use Policy, DPA, SLA, and any order form, constitute the entire agreement and supersede prior understandings.
25.2. Severability. If any provision is held invalid, the remaining provisions remain in full force.
25.3. Waiver. Failure to enforce any provision is not a waiver of it.
25.4. Assignment. The Customer may not assign these Terms without EmpTrack AI's consent. EmpTrack AI may assign to an affiliate or successor.
25.5. Force Majeure. Neither party is liable for delays or failures caused by events beyond reasonable control, including natural disasters, war, government action, or large-scale internet/infrastructure failures.
25.6. Notices. Notices shall be sent to the email or registered address on record and are deemed received on delivery.
25.7. Relationship. The parties are independent contractors; nothing creates a partnership, agency, or joint venture.
26. Contact
EmpTrack AI Founder & CEO: Lakshay Devendra Porchattiwar Email: user.support@emptrackai.online Registered Office: 53B, Deepakamale Layout, Trilok Nagar, Duttawadi, Wadi, Nagpur - 440021, Maharashtra, India
Legal Disclaimer: This document is a professionally structured template aligned with Indian law as of its drafting date. It is provided for informational and operational purposes and does not constitute legal advice. Before publishing or relying on these Terms, EmpTrack AI should have them reviewed and finalized by a qualified advocate/attorney licensed in India, and should complete all bracketed placeholders (entity name, address, contact details, jurisdiction city, retention periods, and certification status).