Tech630 Software Private Limited, operating as Six30Labs (referred to as "Six30Labs", "we", "our" or "us"), is the developer and operator of a suite of cloud-based business applications including SYNC, Insight, Source (PMS) and HR Slate (collectively, the "Six30Labs Platform" or the "Platform"). Each application is also referred to individually by its product name.
This Privacy Policy describes how we collect, use, store, share, retain, and protect personal data when you access or use the Platform. It applies to all customer organisations (each, a "Customer") and to authorised users designated by a Customer (each, a "User") who interact with any of the products in the Platform.
Six30Labs sells the Platform on a business-to-business basis. We do not knowingly market or sell the Platform to individuals for personal use. If you are using the Platform as an individual employee, contractor, consultant, or representative of a Customer, your use is governed by the contract between Six30Labs and that Customer in addition to this Policy.
| Product | Purpose |
|---|---|
| SYNC | Collaborative project management platform for construction and infrastructure projects, including document management, forms and permits, minutes of meeting, daily reporting, and collaboration tools. |
| Insight | Automated project reporting platform covering budget, procurement, ACR, cashflow, design and construction status, risk, HSE, and statutory approvals. |
| Source | Procurement management system covering vendor management, tendering, awarding, and procurement reporting. |
| HR Slate | HR management platform covering profile, leave, timesheets, appraisals, joining and exit forms, asset tracking, travel authorisation, mentor-mentee assignment, and productivity tracking. |
Product-specific clauses, where they differ from the umbrella policy, are set out in the addenda at the end of this Part A.
| Term | Meaning |
|---|---|
| Personal Data | Information relating to an identified or identifiable individual. |
| Sensitive Personal Data | A subset of Personal Data treated with heightened protection under applicable law, including (where applicable) financial information, health information, and identity documents. |
| Customer Data | All data submitted by, on behalf of, or generated by a Customer or its Users through use of the Platform. |
| Processing | Any operation performed on Personal Data, including collection, storage, use, disclosure, retention, or deletion. |
| Data Fiduciary | The entity that determines the purpose and means of processing Personal Data, under the Digital Personal Data Protection Act, 2023 ("DPDPA"). |
| Data Processor | An entity that processes Personal Data on behalf of a Data Fiduciary. |
The categories of data we collect depend on the role of the User and the products in use. The table below sets out the typical categories.
| Category | Examples |
|---|---|
| Identification | Full name, designation, role, employee identifier. |
| Contact information | Official email address, official contact number. |
| Organisation details | Employer name, department, package or project assignment. |
| Authentication data | Password (stored as a one-way salted hash), SSO tokens, MFA secrets, session identifiers. |
| Category | Examples |
|---|---|
| Platform activity | Clicks, page views, search queries, navigation paths, time spent in modules. |
| Audit log entries | User actions on documents, forms, and other records, including viewing actions, with timestamps. |
| Feature interaction | Use of specific features such as document distribution, form submission, MOM creation, and timesheet filing. |
| Category | Examples |
|---|---|
| Project content (SYNC) | Files uploaded, drawings, specifications, forms, permits, minutes of meeting, daily reports, comments and annotations. |
| Reporting content (Insight) | Budget data, procurement records, ACR entries, cashflow data, risk register entries, HSE data. |
| Procurement content (Source) | Vendor information, tenders, quotations, purchase orders, procurement reports. |
| HR content (HR Slate) | Employee profile information, leave records, timesheets, appraisals, joining forms, identity and KYC documents, bank details, asset assignments, salary and compensation data. |
Important: HR Slate processes a broader range of sensitive Personal Data than the other products, including financial information and identity documents. Refer to the HR Slate Addendum at the end of this Part for additional safeguards.
| Category | Examples |
|---|---|
| Device information | IP address, browser type, operating system, device type, device identifier. |
| Connection metadata | Login timestamps, session length, geographic region (derived from IP). |
| Cookies | Minimal cookies are used solely for authentication, session management, and user preferences. No marketing, profiling, or third-party analytics cookies are set. |
We process Personal Data only for the following purposes:
| Purpose | Description |
|---|---|
| Service delivery | To provide, operate, and maintain the Platform; to authenticate Users; to enforce role-based access controls; to deliver notifications and emails connected to Platform activity. |
| Customer support | To investigate and resolve issues raised by Customers or Users through our in-house support channels. |
| Audit and compliance | To maintain immutable audit logs of Platform activity for security, compliance, and dispute-resolution purposes. |
| Security | To detect, prevent, and respond to fraud, abuse, unauthorised access, or other security incidents. |
| Service improvement | To analyse aggregate usage patterns in a fully anonymised form (with no Customer or User identifiers retained) for the purpose of improving the Platform. |
| Legal obligations | To comply with applicable laws, regulations, and lawful requests from authorities of competent jurisdiction. |
| Contractual obligations | To perform our obligations under the contract entered with each Customer. |
Under the DPDPA and other applicable laws, we rely on the following lawful bases:
The Platform is hosted on Microsoft Azure and/or Amazon Web Services (AWS), with the primary deployment region being Mumbai, India. Backups may be stored in additional regional zones within India for resilience and disaster recovery purposes.
Six30Labs may extend its operations to customers in the Middle East. Where a Middle East Customer uses the Platform, the Customer's data may be processed in or accessed from regional data centres or by support personnel located in jurisdictions outside India, subject in each case to:
[CONFIRM]: Confirm with legal counsel the specific cross-border transfer language required by the DPDPA Rules (when notified by the Central Government) and by any applicable Middle East jurisdiction laws (UAE Federal Decree-Law No. 45 of 2021, Saudi PDPL, etc.).
We maintain administrative, technical, and physical safeguards designed to protect Personal Data, including:
We engage a limited number of carefully selected third-party service providers ("Sub-Processors") to operate the Platform. Each Sub-Processor is bound by a written data-processing agreement with us. Our current Sub-Processors are:
| Sub-Processor | Service Provided | Location |
|---|---|---|
| Microsoft Azure | Cloud hosting, storage, compute, content delivery. | Mumbai, India (primary). |
| Amazon Web Services (AWS) | Cloud hosting, storage, compute, content delivery. | Mumbai, India (primary). |
| Auth0 | Authentication, identity management, multi-factor authentication, Single Sign-On. | Cloud-hosted; refer to Auth0 / Okta documentation for current regional locations. |
| SendGrid | Transactional email delivery (Platform notifications, password resets, invitations). | Cloud-hosted; refer to SendGrid / Twilio documentation for current regional locations. |
All other operational functions, including customer support and incident response, are performed by Six30Labs personnel directly. No third-party analytics, marketing-automation, or customer-relationship-management platforms are used in connection with the Platform.
We retain Customer Data only for as long as it is required for the purposes for which it was collected, or as required by applicable law.
During the term of the Customer's subscription, Customer Data is retained for the duration of active use of the Platform and is accessible to the Customer through the Platform's normal interfaces.
On termination or expiry of the contract between Six30Labs and a Customer, we will, at the Customer's option:
After the 90-day hand back period, we will permanently delete Customer Data from active production systems within thirty (30) days, subject to limited exceptions for backups and any data required to be retained by applicable law. Residual data in backups is overwritten in the ordinary course of backup-cycle rotation.
Audit log entries are an integral part of the Platform's security and compliance value proposition. Audit log entries are not user-editable and are not deleted on Customer instruction during the term. On termination, audit logs are returned or deleted together with the rest of the Customer Data, in accordance with section 6.2.
Under the DPDPA and other applicable laws, individuals whose Personal Data we process may have certain rights, including:
| Right | What it means |
|---|---|
| Right of access | To obtain confirmation of whether their Personal Data is being processed, and to access that Personal Data. |
| Right of correction | To request correction of inaccurate or incomplete Personal Data. |
| Right of erasure | To request deletion of their Personal Data, subject to applicable legal retention requirements. |
| Right to withdraw consent | To withdraw consent where processing is based on consent. |
| Right to grievance redress | To file a grievance with the Grievance Officer named in section 8 below. |
Where a User submits a data subject request directly to Six30Labs but the request relates to Personal Data processed on behalf of a Customer, we will refer the request to the relevant Customer, who is the Data Fiduciary, and assist the Customer in responding.
We will acknowledge data subject requests promptly and aim to respond substantively within thirty (30) days, or such other period as may be required by applicable law.
In accordance with the DPDPA and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we have designated a Grievance Officer for receiving and addressing data-protection-related complaints.
| Designation | Grievance Officer |
|---|---|
| Entity | Tech630 Software Private Limited (Six30Labs) |
| syncinsight@six30labs.io | |
| Response window | Acknowledgement within 7 working days; substantive response within 30 days. |
The Platform uses cookies and similar local-storage technologies only for the following purposes:
No third-party advertising, marketing, profiling, or analytics cookies are placed by the Platform. The Platform does not require a third-party cookie-consent banner under standard configurations, but Customers operating in jurisdictions that mandate explicit cookie consent (such as the EU under ePrivacy / GDPR) remain responsible for their own end-user consent obligations.
We may amend this Privacy Policy from time to time to reflect changes in law, in our products, or in our processing practices. When we make a material change, we will:
The provisions in this section apply in addition to the umbrella Privacy Policy and are specific to the named product. In the event of inconsistency, the provisions of the addendum prevail with respect to that product.
HR Slate processes a broader range of sensitive Personal Data than the other products in the Platform. The following additional provisions apply.
In addition to the categories listed in section 2 of the umbrella Policy, HR Slate may collect and process:
The Customer is the Data Fiduciary in respect of all HR Slate data relating to its employees. Six30Labs acts as a Data Processor. The Customer is responsible for:
Certain employee records (payroll, tax, statutory contributions, joining forms) must be retained for periods specified by law. The Customer is responsible for ensuring such retention. We will not delete such records during the active term of the Customer's subscription except on the Customer's instruction. On termination, we will assist the Customer in extracting the records before any deletion occurs.
SYNC processes project content shared between the Customer and its external stakeholders (contractors, consultants, clients). The following additional provisions apply.
When a Customer onboards an external stakeholder (contractor, consultant, client) onto SYNC, the Customer warrants that it has the lawful basis to share that individual's Personal Data with Six30Labs for the purposes of Platform access.
SYNC's audit log is immutable by design and cannot be edited or selectively deleted on user instruction during the term. This is a fundamental feature of the Platform's value proposition. The audit log records all User actions on documents and forms, including viewing actions, with timestamps and User identifiers. This functions for the Platform's integrity and is a feature about which all Users are notified during onboarding.
SYNC supports forwarding of forms (such as RFIs and TQs) to external email recipients who do not have SYNC accounts. The email and form content sent to such recipients leaves the Platform and is delivered by email; once delivered, that email is no longer subject to the Platform's access controls. The Customer remains responsible for the contents of such forwarded forms.
Insight processes derived and analytical data based on project content from SYNC and from direct entries in Insight.
Insight may generate aggregated and derived reports (e.g., budget variance, schedule progress, cashflow projections, risk severity scores) based on Customer Data. Such derived data is Customer Data and is treated in the same way as the source content under this Policy.
Six30Labs does not disclose Customer-specific reporting data to other Customers, even in aggregate form, except with the affected Customer's prior written consent.
Source processes procurement-related data, including vendor information.
Where vendor information includes Personal Data of vendor employees (e.g., contact persons, signatories), the Customer warrants that it has the lawful basis to share that Personal Data with Six30Labs for procurement-management purposes.
Vendor records entered by one Customer are not shared with or made available to any other Customer. There is no pooled, cross-Customer vendor database within Source.
Tech630 Software Private Limited, trading as Six30Labs, operates the SYNC platform at syncinsight.io.
Name, work email, company name, role, and voluntarily submitted content. Standard usage analytics via web tools.
To respond to demo requests; to provision SYNC accounts; relevant communications with consent; to improve the platform; legal obligations.
Project data uploaded to SYNC is owned by the client organisation. Six30Labs never accesses, shares, or uses project data for any purpose other than providing the contracted service.
ISO 27001 certified, SOC 2 compliant infrastructure. TLS 1.3 in transit, AES-256 at rest. Hosting region confirmed per Service Agreement.
Access, correct, or request deletion: privacy@six30labs.io.
Last updated: March 2026 · Tech630 Software Private Limited · Bengaluru, India
By accessing this website or using the SYNC platform, you agree to these Terms.
All content is the intellectual property of Tech630 Software Private Limited. Reproduction without written consent is prohibited.
Important: All UI mockups, screenshots, data, and figures shown are for illustrative purposes only and do not represent the actual, current, or final product.
All pricing is indicative and subject to a written Service Agreement. "Unlimited" claims are subject to fair use policy. Conditions apply.
Laws of India. Courts of Bengaluru, Karnataka.
Last updated: March 2026 · Tech630 Software Private Limited · Bengaluru, India
All screenshots, dashboard mockups, UI representations, data visualisations, project data, personnel names, company names, and financial figures shown on this website are created solely for illustrative and marketing purposes. They do not represent the actual, current, or final product.
All numerical values, project names, and personnel names shown in mockups are entirely fictional. Any resemblance to actual projects or individuals is coincidental.
Last updated: March 2026 · Tech630 Software Private Limited