Privacy Policy

Last Updated: February, 27 2026

This Privacy Policy describes how Sidekick (the “Service”), accessible at trysidekick.com and web.trysidekick.com, collects, uses, discloses, and protects personal data.

Sidekick is operated by Ghaas Technologies Pvt. Ltd. References to “we”, “us”, or “our”
in this Privacy Policy refer to Ghaas Technologies Pvt. Ltd., the entity responsible for
operating the Service.

This Privacy Policy applies to personal data processed through our website and
application (collectively, the “Service”). It does not apply to information collected offline
or through third-party websites or services not controlled by us.

  1. Data Controller and Contact Information

    Ghaas Technologies Pvt. Ltd.
    Address: A3-103, Plaza at 106, Sector 106, Gurugram, 122006, India
    Email: contact@trysidekick.com

    For the purposes of applicable data protection laws, Ghaas Technologies Pvt. Ltd.acts as the data controller for personal data relating to account management, billing, and
    customer relationship management for users of the Service.

    Where the Service is used to process data on behalf of enterprise customers, we act as a
    data processor, and the relevant customer acts as the data controller.

  2. Legal Basis for Processing

    We process personal data in accordance with the GDPR and other applicable data
    protection laws on one or more of the following lawful bases:

  • Contractual necessity, where processing is required to provide the Service;

  • Legitimate interests, including operating, maintaining, improving, and securing the Service, provided such interests are not overridden by user rights;

  • Consent, where required by law for specific processing activities; and

  • Legal obligations, where processing is necessary to comply with applicable laws
    or regulatory requirements.


  1. Categories of Personal Data We Process

    3.1. Data You Provide

    We may process personal data that you voluntarily provide when using the
    Service, including:
    - account and contact information (such as name, email address, company
    details);
    - communications and correspondence with us; and
    - configuration or settings information provided through the Service.


    3.2. Data Collected Automatically

    When you access or use the Service, we may process certain information
    automatically, including:
    - technical data relating to your device, browser, or connection;
    - usage and interaction data relating to how the Service is accessed and
    used; and
    - information collected through cookies or similar technologies.

    We may maintain limited technical logs for operational, security, and troubleshooting purposes, including in connection with the development or testing of new features. Such logs are designed to minimise the storage of personal data and are not intended to persistently store the content of third-party messages or records beyond what is necessary to provide and support the Service.

    3.3. Customer Data

    Where you connect third-party business systems or upload data through the
    Service, we may process personal data relating to your end users or contacts
    (“Customer Data”). In such cases:
    - you remain the data controller for Customer Data; and
    - We act as a data processor, processing Customer Data solely to provide the
    Service.

    The processing of Customer Data is governed by our Terms of Service and any
    applicable data processing terms.

    3.4. Data We Do Not Intentionally Collect

    The Service is not designed for the processing of special category personal data (such as health, biometric, or other sensitive information). Users are advised not to intentionally submit such data through the Service, and any such processing would occur solely at the direction and responsibility of the user.
    The Service is designed to minimise data storage and is designed not to store or retain the content of third-party messages or records beyond what is necessary to provide the
    requested functionality, including any transient processing required to deliver the Service.

  2. How We Use Personal Data

    We process personal data for the following purposes:
    - to provide, operate, and maintain the Service;
    - to configure, support, and administer user accounts;
    - to communicate with users and provide customer support;
    - to monitor, secure, and improve the Service;
    - to analyse usage patterns and develop new features or functionality;
    - to comply with legal obligations and enforce our terms; and
    - for other compatible purposes permitted under applicable law.

    Certain features of the Service may involve the temporary processing of data from
    integrated third-party platforms in order to provide specific functionality. Such data is processed solely for that purpose and is not persistently retained beyond what is
    necessary to deliver the Service. Where third-party services are used in connection with
    Service functionality, appropriate contractual and legal safeguards are applied.

    4.1 AI and Machine Learning

    We do not use Customer Data or personal data submitted through the Service to train artificial intelligence or machine learning models.

  3. Data Sharing and Sub-Processors

    We do not sell, rent, or trade personal data. We may share personal data with third-party service providers who assist us in operating and supporting the Service (“Sub-Processors”), such as providers of:
    - cloud infrastructure and hosting;
    - analytics and monitoring services;
    - communications and email services;
    - customer support tools; and
    - security and operational services.

    All Sub-Processors are engaged under written agreements requiring them to process
    personal data only on our instructions and to implement appropriate data protection
    safeguards. Information about our Sub-Processors may be provided separately or upon
    request. We maintain an up-to-date list of Sub-Processors and will provide notice of
    material changes where required under applicable data protection laws.

    We may also disclose personal data:
    - where required by applicable law, regulation, or valid legal process;
    - to protect our rights, users, or the public; or
    - in connection with a merger, acquisition, restructuring, or sale of assets.

  4. International Data Transfers

    Personal data may be processed in countries outside the European Economic Area or the United Kingdom that may not provide an equivalent level of data protection.
    Where required, we rely on appropriate safeguards for such transfers, including:
    - Standard Contractual Clauses approved by the European Commission; and
    - where applicable, the UK International Data Transfer Agreement (IDTA) or the
    UK Addendum to the EU Standard Contractual Clauses.

    These safeguards are supplemented by appropriate technical and organisational measures designed to ensure that personal data remains protected to a standard essentially equivalent to that required under applicable data protection laws. Further information about these safeguards may be provided upon request.

  5. Data Retention

    We retain personal data only for as long as necessary to fulfil the purposes for which it
    was collected, including to comply with legal, accounting, or reporting obligations.

    Retention periods vary depending on the nature of the data, the purpose of processing,
    and applicable legal requirements. When personal data is no longer required, it is
    securely deleted or retained only in a limited operational form (such as system identifiers) in accordance with our data retention and deletion practices.

  6. Data Security

    We implement appropriate technical and organisational measures designed to protect
    personal data against unauthorised or unlawful access, loss, misuse, alteration, or
    disclosure. These measures are proportionate to the nature of the personal data processed, the purposes of processing, and the risks presented, and are reviewed and updated periodically.

    Our security practices are designed to be appropriate to the nature of the personal data
    processed and the risks associated with such processing, and include, where appropriate, measures relating to access controls, data protection, monitoring, and incident response. Access to personal data is restricted to authorised personnel on a need-to-know basis and subject to confidentiality obligations.

    While no method of transmission or storage can be guaranteed to be completely secure, we are committed to maintaining reasonable and appropriate safeguards to protect personal data and to continuously improving our security posture.

  7. Your Data Protection Rights

    Depending on your location and subject to applicable data protection laws (including the GDPR), you may have certain rights in relation to your personal data. These rights may include the right to:
    - Access your personal data and obtain information about how it is processed;
    - Rectify inaccurate or incomplete personal data;
    - Request erasure of your personal data, where permitted by law;
    - Restrict or object to the processing of your personal data in certain circumstances;
    - Request data portability, allowing you to receive your personal data in a
    structured, commonly used, and machine-readable format; and
    - Withdraw consent, where processing is based on consent, at any time (without
    affecting the lawfulness of processing carried out prior to withdrawal).

    Requests to exercise these rights may be submitted by contacting us at
    contact@trysidekick.com. We will respond to such requests in accordance with
    applicable legal requirements and within the timeframes prescribed by law. In certain
    cases, we may need to verify your identity before fulfilling a request.

    You may also have the right to lodge a complaint with a relevant data protection
    supervisory authority if you believe that our processing of your personal data does not
    comply with applicable law.

  8. Cookies and Similar Technologies

    We use cookies and similar technologies to operate and maintain the Service, ensure its security and functionality, analyse how the Service is used, and enhance user experience. These technologies help us understand usage trends, remember user preferences, and improve the performance and reliability of the Service.

    Cookies may be set by us or by third-party service providers that support analytics,
    performance monitoring, or other Service-related functionality. The use of such
    technologies is limited to purposes that are consistent with this Privacy Policy and
    applicable data protection laws.

    Where required by law, users are provided with choices regarding the use of cookies
    through our cookie management tools or website settings. You may manage or update
    your cookie preferences at any time through these tools or by adjusting your browser
    settings. Please note that disabling certain cookies may affect the availability or
    functionality of parts of the Service.

  9. . Data Breach Notification

    In the event of a personal data breach that is likely to result in a risk to the rights and
    freedoms of individuals, we will assess the breach without undue delay.

    Where we act as a data controller, we will notify the relevant data protection supervisory
    authority and, where required by applicable law, affected individuals, in accordance with
    legal requirements.

    Where we act as a data processor, we will notify the relevant data controller without
    undue delay after becoming aware of the breach and provide reasonable assistance to
    enable the controller to comply with its notification obligations under applicable data
    protection laws.

    Any notification or communication will include appropriate information regarding the
    nature of the breach, the likely consequences, and the measures taken or proposed to
    address the breach and mitigate its potential effects. We maintain internal procedures
    designed to support the identification, investigation, and management of personal data
    breaches.

  10. Children’s Privacy

    The Service is not intended for use by individuals under the age of 18. We do not
    knowingly collect or process personal data relating to children. If we become aware that
    personal data relating to a child has been processed inadvertently, we will take
    appropriate steps to delete such data in accordance with applicable law.

  11. Third-Party Links

    The Service may contain links to third-party websites or services that are not operated or controlled by us. This Privacy Policy applies only to the processing of personal data by us in connection with the Service. We are not responsible for the privacy practices, content, or data handling practices of any third-party websites or services. We encourage you to review the privacy policies of such third parties before providing them with personal data.

  12. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in legal
    requirements, regulatory guidance, or our data processing practices. Where changes are material, we will provide notice through the Service or by other appropriate means. The updated Privacy Policy will apply from the date it is made available, and we encourage you to review it periodically.

  13. Further Information

    Additional technical, security, or operational information relating to our data processing
    practices may be made available upon request, including in connection with customer due diligence, security assessments, or contractual discussions. Any such information will be shared subject to appropriate confidentiality obligations, where applicable.

  14. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

    Ghaas Technologies Pvt. Ltd.
    Email: contact@trysidekick.com
    Address: A3-103, Plaza at 106, Sector 106, Gurugram, 122006, India