Privacy Policy
Last updated: April 2025
System 3 Net Technologies Pvt. Ltd ("S3", "we", "us") operates system3.net and provides managed technology services. This policy explains how we collect, use, and protect information about clients and visitors.
Information we collect
- Contact information provided through our website forms (name, email, company, phone)
- Technical data related to services we operate on your behalf (server logs, monitoring data)
- Communications between you and our team (email, call records for support purposes)
- Website analytics data (page visits, referral sources — anonymised, no cross-site tracking)
How we use your information
- To provide, operate, and support the services you have engaged us for
- To respond to enquiries and schedule consultations
- To send service-related communications (maintenance notices, SLA reports, invoices)
- To improve our services — we do not sell or share your data with third parties for marketing
Data storage and jurisdiction
All client data processed through S3 managed services is stored on S3-owned and S3-operated servers, housed in secured co-location facilities in India. S3 controls all hardware and software handling your data — facility providers have no access to S3 systems or client data. We do not transfer personal data outside India without explicit written consent. Our infrastructure is subject to Indian law and jurisdiction only.
Data retention
We retain client data for the duration of the service engagement and for a period of three years thereafter for accounting and legal compliance purposes, unless a shorter period is requested in writing. Service monitoring logs are retained for 90 days by default.
Your rights
Under the Digital Personal Data Protection Act 2023 (DPDP Act), you have the right to access, correct, and request deletion of personal data we hold about you. To exercise these rights, contact us at the address below.
Terms of Service
Last updated: April 2025
These terms govern the provision of technology services by System 3 Net Technologies Pvt. Ltd (CIN: U72900DL2001PTC112522) to clients who have entered into a service agreement with us. By engaging our services, you agree to these terms.
Services
S3 provides managed technology services including but not limited to: private email hosting (S3 SecureMail), private cloud infrastructure, AI transformation consulting, and data centre field services. The specific services, scope, and pricing applicable to your engagement are defined in your individual Statement of Work (SOW) or Service Agreement.
Payment terms
Invoices for recurring services are issued monthly in advance. Project-based work is invoiced as defined in the relevant SOW. Payment is due within 15 days of invoice date. Accounts overdue by more than 30 days may result in service suspension.
Acceptable use
- Services must not be used for unlawful purposes or to transmit content that violates applicable Indian law
- You are responsible for the activity of users operating under your account
- Attempts to compromise the security of shared infrastructure are grounds for immediate termination
Limitation of liability
S3's liability under any service agreement is limited to the fees paid by you in the three months preceding the event giving rise to the claim. We are not liable for indirect, consequential, or incidental damages. This limitation does not apply to liability arising from gross negligence or wilful misconduct.
Termination
Either party may terminate a service agreement with 30 days written notice. Termination for breach may be immediate. Upon termination, we will provide reasonable assistance to migrate your data and services to your designated replacement provider.
Governing law
These terms are governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts of Delhi.
SLA Policy
Last updated: April 2025
This Service Level Agreement applies to managed services provided by S3. Specific SLA commitments applicable to your engagement are confirmed in your Service Agreement. The tiers below reflect our standard commitments by service plan.
Uptime commitments — S3 SecureMail
| Plan | Monthly uptime target | Measurement window |
|---|
| Starter | 99.5% | Calendar month |
| Business | 99.9% | Calendar month |
| Compliance | 99.9% | Calendar month |
Incident response times
| Priority | Definition | Response time | Resolution target |
|---|
| P1 — Critical | Service completely unavailable | 2 hours (Compliance), 4 hours (Business) | 4 hours |
| P2 — High | Service significantly degraded | 4 hours | Next business day |
| P3 — Medium | Partial impact, workaround available | Next business day | 3 business days |
| P4 — Low | Requests, minor issues | 2 business days | Weekly sprint |
Rack & Stack field response
| Engagement type | Response time |
|---|
| Managed retainer clients — P1 break-fix | 90 minutes (Delhi NCR) |
| Managed retainer clients — P2 break-fix | 4 hours (Delhi NCR) |
| Ad-hoc / non-retainer call-out | Best effort, subject to availability |
Service availability credits
Service credits apply when S3's managed infrastructure is unavailable outside of a notified maintenance window — that is, an unplanned outage caused by factors within S3's control. Credits are calculated as a percentage of the Monthly Recurring Charge (MRC) for the affected service in the affected month.
Note: Scheduled maintenance is communicated at least 48 hours in advance and does not qualify for service credits. Credits do not apply to outages caused by factors outside S3's reasonable control (see Exclusions below).
| Duration of unplanned service unavailability | Service credit (% of affected MRC) |
|---|
| Below 15 minutes | No credit |
| 15 minutes to 1 hour | 5% of MRC |
| 1 hour to 4 hours | 10% of MRC |
| 4 hours to 12 hours | 20% of MRC |
| 12 hours to 24 hours | 30% of MRC |
| Over 24 hours | 50% of MRC (maximum in any calendar month) |
Maximum credits in any calendar month: 50% of MRC for the affected service. Credits are the Customer's sole and exclusive remedy for service availability failures.
Credit claim process
- Notify S3 within 5 business days of any unplanned outage to open a support ticket
- Submit a written credit request within 30 days of the outage — failure to do so voids eligibility
- S3 will verify the outage against monitoring records before issuing credits
- Credits appear as a deduction on the next invoice following verification
- Credits are not redeemable for cash and may not be transferred
- Unused credits expire on termination of the relevant service
Exclusions
SLA commitments do not apply to downtime caused by: scheduled maintenance (notified 48 hours in advance), circumstances beyond our reasonable control (force majeure), actions by the client or third parties outside our control, or internet routing issues outside our infrastructure.
Data Residency Policy
Last updated: April 2025
S3 operates on a Bharat-first data residency model. This document describes where your data is stored, how it is protected, and our commitments regarding international data transfer.
Where your data is stored
All primary data processed through S3 managed services — including email messages, attachments, archived communications, virtual machine data, and client configuration — is stored on S3-owned servers housed in secured, ISO-certified co-location facilities in India.
Backup data is replicated within India only. We do not replicate client data to infrastructure outside India as part of our standard service.
Jurisdiction
Data stored on S3 infrastructure is subject to Indian law exclusively. S3 is incorporated in India (CIN: U72900DL2001PTC112522), privately held, and wholly Indian-owned — we are not a subsidiary of any foreign entity. Our data is not subject to the US CLOUD Act, EU GDPR, or any other foreign legislation that could compel access to your data without an Indian court order.
Sub-processors
S3 does not use sub-processors who handle client data. All data processing is performed exclusively by the S3 team on S3-owned equipment. We do not route your data through third-party SaaS platforms, scanning services, or foreign cloud providers.
DPDP Act compliance posture
S3's infrastructure is designed to support your compliance with the Digital Personal Data Protection Act 2023. Our data residency model, access controls, and encryption standards are aligned with the Act's requirements for significant data fiduciaries. However, compliance with the DPDP Act depends on how you configure and use our services. We recommend working with your Data Protection Officer and legal counsel to confirm your organisation's specific obligations.
Data access controls
- Mailbox data is encrypted per-user — S3 team members cannot read your email without your credentials
- All storage volumes are encrypted at the block level as an additional layer
- Access to client infrastructure is restricted to named S3 engineers, logged, and auditable
- Client data is never used for S3 training, analytics, or any purpose other than service delivery
Data portability and deletion
On termination of services, we will export your data in standard formats (MBOX for email, standard archive for other data) and provide it to you within 15 business days. We will then securely delete your data from S3 systems within 30 days of confirmed receipt by you, unless retention is required by Indian law.