Privacy Policy

A. Types of Information Collected

CDOT Secured UMDM user registration and device management requires the following personal information:

1. Location

This data is required to provide Services to the User and for maintaining and supporting the user account.

Additionally, the following device-related information is collected for device management purposes:

• Device type, model, and manufacturer
• Operating system version (iOS, Android, Windows)
• Unique device identifiers (Serial number, device ID)
• Hardware specifications (memory, storage capacity)
• Network information (IP address, MAC address)
• Device status (battery level, storage usage, security status)
• Installed applications list
• Device location (when enabled by administrator)

User specific encrypted data is collected and stored on secure servers. Device information, application data, and management policies are accessed by the platform to provide MDM services. The application login data, device profile and configuration settings are collected to provide platform services. The Legal basis for the processing of this data is our legitimate interest to provide services and to communicate with you.

B. Purpose of Collection and Use of Information

C-DOT collects the personal information for the purposes of operating, delivering, improving, customizing and helping the users to access and utilize the platform in an efficient manner. The data may also be collected and used for sending notices or other communications, enhancing user experience and for other legitimate purposes permitted by applicable law. The information is used to authenticate accounts and activity, detect, investigate, and prevent malicious conduct or unsafe experiences, address security threats and protect public safety.

The personal data collected is used to communicate with the user regarding platform updates and changes to terms of use and policies from time-to-time. The information is also used to respond to the user from C-DOT when contacted.

Device information is used to:

• Enroll and configure devices according to organizational policies
• Monitor device compliance and security posture
• Distribute and manage applications on enrolled devices
• Enforce security policies and settings
• Execute remote management commands as authorized by administrators
• Generate analytics and compliance reports
• Provide technical support and troubleshooting

C. Information Retention

The personal data is required to provide the platform services to the User and is retained for that purpose. The information is also retained to comply with applicable law or respond to valid legal process, including from law enforcement or government agencies, to investigate or participate in civil discovery, litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of the platform Terms of Service or policies.

In case of any cancellation or withdrawal of user registration or device unenrollment, as the case may be, the information collected from the user is retained for a period of one year (365) days thereafter. C-DOT will not retain personal information in identifiable form when the purpose(s) for which the personal information was collected have been achieved and, there is no legal or business need to retain such personally identifiable information.

Specific data retention periods:

• Account Information: Duration of active subscription + 365 days
• Device Enrollment Data: Until device is unenrolled + 365 days
• Usage Logs: 24 months
• Security Event Logs: 24 months (for audit purposes)
• Support Communications: 36 months after case closure

D. Disclosure of Personal Information

Within C-DOT, the access controls are applied to limit the recipients of personal data and is strictly restricted on a "need to know" basis. C-DOT technical staff in-charge of the CDOT Secured UMDM Operations have access to user data as necessary for the legitimate purposes of our data retention and processing.

Important: For enterprise deployments, your organization (the enterprise customer) is the Data Controller for end user device data. C-DOT acts as a Data Processor. Your organization determines what data is collected and how it is used within the Service. Device data and usage information is accessible to authorized administrators within your organization.

No personal data will be disclosed by C-DOT except as described herein or as required by law. C-DOT may share personal information in response to a request for information by a competent authority or third party if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation or legal process.

The information may also be shared with law enforcement officials, government authorities as necessary to comply with legal process or meet national security requirements; protect the rights, property, or safety of C-DOT or its users or the general public.

We do not sell your personal data to third parties.

E. Security Practices

C-DOT takes reasonable and appropriate steps to protect the personal information entrusted to it and treat the information securely in accordance with this Privacy Statement. C-DOT implements physical, technical, and organizational safeguards designed to protect user information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

The following security and safety measures ensure the confidentiality of the user data:

• Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Built-in certificates and secure authentication (SSL Pinning)
• Multi-factor authentication (MFA) for administrator accounts
• Role-based access control (RBAC) with principle of least privilege
• Encrypted device storage and secure data transmission
• Network security: Firewalls, intrusion detection/prevention systems
• Certificate-based device enrollment for enhanced security
• Secure APIs with token-based authentication
• Multi-tenant architecture with strict data segregation
• Device compliance monitoring and policy enforcement
• Remote wipe and lock capabilities for lost/stolen devices
• Audit logging and monitoring of all administrative actions
• Regular security assessments and vulnerability testing
• Employee background checks and confidentiality agreements
• Incident response procedures and security breach protocols

C-DOT strives to limit the types and categories of personal data that is collected from, and processed on behalf of, the users to include only information which is necessary to achieve the purpose(s) for which it was collected and the personal data is not used for any additional purpose(s) which are incompatible with their initial collection purpose.

While we implement reasonable security measures to protect your Personal Data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials.

F. Miscellaneous

User Rights

The users can review the information any time they had provided and ensure that any personal information found to be inaccurate or deficient shall be corrected or amended as feasible. The users also have the right to withdraw the consent for providing of Personal data at any time to C-DOT and C-DOT reserves its rights to terminate the platform services to such user thereafter.

Subject to applicable law, users have the following rights:

• Right to Access: Request a copy of your Personal Data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your Personal Data under certain circumstances
• Right to Withdraw Consent: Withdraw consent for data processing
• Right to Lodge a Complaint: File a complaint with the relevant data protection authority

Note for Enterprise Users: If you are an end user whose device is managed by an enterprise organization, your employer/organization is the Data Controller for your device data. Please direct rights requests related to device management data to your organization's administrator.

Policy Updates

The users shall be notified in case of any updates to the Privacy policy terms. Notwithstanding the users are also advised to check the Privacy policy page from time-to-time for any such updates or modifications. Changes are effective when posted. Your continued use after changes constitutes acceptance of the revised policy.

Regulatory Compliance

C-DOT complies with applicable data protection laws including India's Digital Personal Data Protection Act, 2023 (DPDPA), GDPR (for EU/EEA users), and other relevant regulations. For users in the European Union or United Kingdom, we ensure appropriate safeguards are in place including Standard Contractual Clauses for international data transfers.

Contact Information

In case of any grievance with regard to CDOT Secured UMDM and this Privacy policy, kindly email at:

We aim to respond to all privacy-related inquiries within 5 business days.