1. Who We Are

Intrigsoft Pvt Ltd is a private limited company incorporated under the laws of Sri Lanka. We develop and license Dioschub, an internal AI assistant platform designed for enterprise use. Our registered address and contact details are set out in Section 12 of this Policy.

2. Scope of This Policy

This Policy applies to personal data that Intrigsoft Pvt Ltd processes in connection with:

Subscription management — data processed via Paddle when Operators purchase, renew, or cancel a Dioschub subscription.
Licensing — data processed by our license server to issue, validate, and revoke software licences.
Support communications — data you share when you contact us for technical support or sales enquiries.
Our website and administrative interfaces — any personal data collected when you visit our website or access the Dioschub admin UI hosted by us.

This Policy does not cover:

Data that Operators or their employees process within a self-hosted Dioschub installation. Operators are independent data controllers for their own deployments.
Third-party services that Operators choose to connect to Dioschub (e.g. LLM providers, identity providers, MCP tool servers).

3. Data We Collect

3.1 Subscription and Payment Data

When an Operator purchases a Dioschub subscription through Paddle, Paddle collects and processes payment information on our behalf. We receive from Paddle the following data in connection with the subscription:

Billing contact name and email address
Company name and billing address
Paddle customer ID and subscription ID
Subscription status, plan tier, and renewal dates
Transaction records (amounts and dates, not full card numbers)

Paddle acts as a Merchant of Record and is the primary data controller for payment card data. We do not receive or store raw card details.

3.2 Licence Activation Data

Our licence server records the following when a Dioschub licence is issued or validated:

Licence key and associated subscription ID
Operator domain or deployment identifier provided at activation
Activation timestamp and IP address of the activating server
Licence status changes (issued, suspended, revoked)

3.3 Support and Communications Data

When you contact us by email or through a support channel, we collect:

Your name and email address
The content of your message and any attachments you provide
Correspondence history

3.4 Website and Technical Data

When you visit our website or administrative interfaces we may collect standard web server logs including:

IP address and approximate geolocation derived from it
Browser type and operating system
Pages visited and timestamps
Referrer URL

We use this data solely for security monitoring and aggregate analytics. We do not use it to build individual profiles.

4. How We Use Your Data

We use the data described above for the following purposes:

Contract performance — to fulfil our obligations under the Dioschub Subscription Agreement, including issuing licences, processing payments, and providing support.
Licence management — to issue, validate, suspend, and revoke licences in response to subscription events from Paddle.
Communications — to respond to support requests, send subscription-related notifications (renewal reminders, invoices, policy updates), and, where you have opted in, product announcements.
Security and fraud prevention — to detect and prevent unauthorised licence use, abuse of the platform, and fraudulent transactions.
Legal compliance — to meet our obligations under Sri Lankan law and, where applicable, international data protection regulations.
Service improvement — aggregate, anonymised analysis of support trends to improve our documentation and product.

5. Legal Basis for Processing

Where data protection law requires us to identify a legal basis, we rely on the following:

Contract — processing subscription, billing, and licence data is necessary to perform the contract with the Operator.
Legitimate interests — security monitoring, fraud prevention, and aggregate analytics, where our interests are not overridden by your rights.
Legal obligation — retaining transaction records as required by Sri Lankan tax and commercial law.
Consent — for optional marketing communications, where we rely on explicit opt-in.

6. Data Sharing and Third Parties

6.1 Paddle

We use Paddle (Paddle.com Market Ltd, UK) as our payment processor and Merchant of Record. Paddle processes payment and subscription data under its own Privacy Policy and acts as an independent data controller for payment card information. We share Operator billing data with Paddle solely to process transactions and manage subscriptions.

6.2 Infrastructure Providers

Our licence server and website may be hosted on cloud infrastructure provided by third-party providers. These providers process data on our behalf as data processors under appropriate agreements.

6.3 Legal Disclosure

We may disclose personal data if required to do so by applicable law, court order, or a lawful request from a government authority in Sri Lanka or another jurisdiction with legal authority over us.

6.4 No Sale of Data

We do not sell, rent, or trade personal data to any third party for their own marketing purposes.

7. International Data Transfers

As an Sri Lanka-based company using cloud infrastructure and Paddle (a UK-registered company), personal data may be transferred to and stored in countries outside Sri Lanka. When such transfers occur, we take steps to ensure an adequate level of data protection, including relying on standard contractual clauses or the recipient country’s adequacy status where applicable.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

Subscription and billing records — retained for seven (7) years from the end of the subscription period to meet tax and accounting obligations.
Licence activation logs — retained for the duration of the active licence plus two (2) years for audit purposes.
Support correspondence — retained for three (3) years from the date of resolution.
Web server logs — retained for ninety (90) days for security monitoring, then deleted.

When retention periods expire, data is securely deleted or anonymised.

9. Security

We implement industry-standard technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

Encrypted transmission (TLS) for all communications between your browser, Paddle, and our licence server
Access controls limiting data access to authorised personnel only
Regular security reviews of our infrastructure

No method of transmission over the internet is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify affected parties as required by applicable law.

10. Your Rights

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

Access — to request a copy of the personal data we hold about you.
Rectification — to request correction of inaccurate or incomplete data.
Erasure — to request deletion of your data where we no longer have a lawful basis to retain it.
Restriction — to request that we limit processing in certain circumstances.
Objection — to object to processing based on legitimate interests.
Data portability — to receive your data in a structured, machine-readable format.
Withdrawal of consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us as set out in Section 12. We will respond within thirty (30) days. We may ask you to verify your identity before fulfilling the request.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top and, where required, notify Operators by email. Continued use of the Dioschub subscription following the effective date of a revised Policy constitutes acceptance of the changes.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your personal data, please contact:

Intrigsoft Pvt Ltd

Sri Lanka

Email: privacy@intrigsoft.com

We will acknowledge your request within five (5) business days and aim to resolve it within thirty (30) days.