Loading...
Terms

Terms of Service & EULA

Version 1.0 Effective 26 June 2026 Last updated 26 June 2026
Important notice

Please read these Terms carefully before proceeding

This End-User Licence Agreement and Terms of Service (the “Agreement”) is a legally binding contract between you (the “User” or “Tenant”) and Xtrius Consulting Services Private Limited (the “Company”). By accessing or using the Company’s web-based platform and associated software (the “Service”, ColdIQ™) in any manner, you acknowledge that you have read, understood, and agree to be bound by these Terms and the Company’s Privacy Policy. By using the Service you represent that you are at least eighteen (18) years of age and have the legal capacity and authority to bind yourself or your organisation. If you do not agree to these Terms, you are not granted a licence to use the Service and must immediately discontinue all access.

Section 1

Definitions

Defined terms (1.1–1.15)
  • Affiliate — an entity that controls, is controlled by, or is under common control with a party (“control” = ownership of more than 50% of the voting interest).
  • Agreement — this EULA and Terms of Service, together with all Annexures (DPA, SLA, Acceptable Use Policy), the applicable Statement of Work, and any executed amendments.
  • Authorised User — a natural person the Tenant has authorised in writing to use the Service within the limits of the applicable SOW.
  • Confidential Information — non-public information disclosed by a party (WMS configurations, source code, business plans, customer data, technical know-how) identified as, or reasonably understood to be, confidential.
  • Data Fiduciary — the Tenant, as the entity that determines the purpose and means of processing personal data under the DPDP Act, 2023.
  • Data Principal — the natural person to whom the personal data relates (including Authorised Users and Tenant clients).
  • Data Processor — the Company, processing digital personal data on behalf of and per the documented instructions of the Data Fiduciary.
  • Effective Date — the date on which the User first accesses or uses the Service, or as otherwise specified.
  • Intellectual Property Rights — all patents, copyrights, trademarks, trade secrets, database and moral rights, registered or unregistered, worldwide.
  • MSA — the Master Services Agreement between the Company and the Tenant establishing the overall commercial framework.
  • Personal Data Breach — any unauthorised or unlawful access, acquisition, disclosure, alteration, destruction, or loss of personal data, as defined under the DPDP Act, 2023.
  • Service — the B2B web-based platform and PWA, WMS modules, APIs, and documentation, as described in Annexure A.
  • SOW — a Statement of Work, Order Summary, or Order Form executed under the MSA specifying scope, milestones, usage limits, and fees.
  • Tenant — the legal entity that has executed an MSA and SOW to use the Service for its internal business operations.
  • User / You — the natural person who is an Authorised User of the Tenant.
Section 2

Acceptance & Eligibility

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Agreement. Your right to access the Service is strictly conditioned on your unconditional acceptance. If you accept on behalf of a Tenant or other entity, you represent that you have the authority to bind it. You represent that you are at least eighteen (18) years of age and have full legal capacity to contract under the laws of India.

Where you act as an Authorised User on behalf of a Tenant, you additionally warrant that: you are duly authorised under a valid and subsisting MSA; the Tenant has complied with all payment and tax obligations under the MSA and applicable SOW; and your use is within the technical and usage limits of the applicable SOW.

To be finalized by counsel — free-trial / demo carve-out

This EULA assumes a Tenant that has executed an MSA and SOW. A self-service demo or free-trial user who signs up online has not executed an MSA/SOW, so the references in Sections 2–3 to a “valid and subsisting MSA” and SOW usage limits do not yet apply to them. A trial / demo carve-out clause (scope, duration, data-handling, and conversion terms for self-signup demo accounts) is pending counsel input and is intentionally not drafted here.

Section 3

Scope of Licence

Subject to your continued compliance and prompt payment of all applicable fees under the relevant SOW, the Company grants the Tenant a revocable, non-exclusive, non-transferable, non-sublicensable, and limited licence to access and use the Service solely for the Tenant’s internal business operations during the Subscription Term. The rights are conditioned on adherence to the Usage Metrics in the SOW (authorised user counts, designated environments, geographic territories); exceeding these limits is prohibited without prior written authorisation and may incur supplemental or overage fees.

Restrictions. Except as expressly permitted or required by law, you shall not, and shall not permit any third party to: (a) sublicense, sell, resell, rent, lease, transfer, or assign the Service, or make it available to any third party; (b) modify, translate, adapt, or create derivative works; (c) reverse-engineer, decompile, disassemble, or derive the source code or internal structure; (d) frame or mirror the Service, or circumvent any security or usage-tracking mechanism; (e) use the Service to build a competitive product or conduct unauthorised benchmarking; or (f) remove or obscure any proprietary notices, trademarks, or copyright markings.

Reservation of rights. The Service is licensed, not sold. Except for the limited rights in this Section, the Company and its licensors retain all right, title, and interest in the Service and its Intellectual Property Rights. No implied licences are granted.

Section 4

Service Levels & Uptime

The Company will use commercially reasonable efforts to provide 99.9% System Uptime per calendar month on a 24×7 basis. “Excused Downtime” (scheduled maintenance; third-party infrastructure outages such as AWS or Google Cloud; Force Majeure; or the Tenant’s own acts or configurations) is excluded from the calculation.

Support incidents are acknowledged and remediated per the Service Level Targets in Annexure C. If the Company misses the 99.9% monthly target, the Tenant’s sole and exclusive remedy is a Service Credit of 5% of the monthly subscription fee for every 0.5% shortfall below target, capped at 30% of the monthly fee, applied against future invoices only (not refundable as cash). To be eligible, the Tenant must lodge a written claim within fifteen (15) days of the end of the affected month.

Scheduled maintenance is typically performed on Sundays between 02:00 and 06:00 IST; the Company endeavours to give at least forty-eight (48) hours’ notice for planned downtime expected to exceed thirty (30) minutes. Emergency maintenance for critical security vulnerabilities may be performed without prior notice, with the Company informing the Tenant as soon as practicable.

Section 5

Confidentiality & Non-Disclosure

The receiving party shall hold the disclosing party’s Confidential Information in strict confidence, apply at least the same reasonable degree of care it uses for its own similar information, and use it solely to exercise its rights or perform its obligations under this Agreement. Disclosure is permitted only to Representatives (Affiliates, employees, contractors, advisors, directors) with a bona-fide need to know who are bound by confidentiality obligations at least as restrictive; the receiving party remains liable for their breaches.

These obligations do not apply to information that is or becomes public through no fault of the receiving party, was rightfully held before disclosure, is independently developed, or is rightfully obtained from a third party. If compelled by legal process, the receiving party shall give prompt written notice (where permitted) so the disclosing party may seek a protective order; nothing prevents the Company from disclosing information as mandated by the RBI, SEBI, or other competent Indian regulator. On request or termination, Confidential Information is returned or securely destroyed and destruction certified. Confidentiality obligations survive for three (3) years after termination.

Section 6

User Obligations & Acceptable Use

You are solely responsible for the confidentiality of your authentication credentials and for all activity under your account. You agree to provide accurate registration information, log out at the end of each session, and immediately notify the Company of any suspected unauthorised access or compromise.

You shall use the Service in compliance with all applicable laws, including the DPDP Act, 2023 (for any personal data), applicable export-control and sanctions laws, and the Prevention of Corruption Act, 1988. Without prejudice to the Acceptable Use Policy (Annexure D), you shall not (and shall not facilitate any third party to): transmit malware or malicious code; engage in phishing, spoofing, or identity theft; attempt unauthorised access to systems, databases, or networks; infringe the IP, privacy, or publicity rights of others; process data unlawfully or contrary to the relevant Data Fiduciary’s instructions; conduct unauthorised benchmarking; or use bots, scrapers, or crawlers to harvest data. The Tenant remains fully and vicariously liable for the acts and omissions of its Authorised Users.

Section 7

Data Protection (DPDP Act, 2023)

For all digital personal data processed under this Agreement, the Tenant acts as Data Fiduciary and the Company acts as Data Processor. The Tenant is solely responsible for a valid lawful basis and for obtaining consents from Data Principals. The Company processes personal data (such as names, verified mobile numbers, and email addresses) strictly for the Permitted Purpose of WMS functionality, warehouse and inventory management, GSTIN-based invoice generation, and payment-acknowledgement recording.

The Company does not collect or process Aadhaar numbers, PAN, or any government-issued tax identifier other than GSTIN, and does not process payment transactions. Processing rests on consent, contractual necessity, or legitimate use under Section 7 of the DPDP Act. Data Principals’ rights of access, correction, and erasure may be exercised via the Grievance Officer (Section 15); grievances are acknowledged within 24 hours with a formal response within the 30-day statutory timeline.

To be finalized by counsel — government-ID claim vs optional KYC

The platform’s optional client/depositor KYC fields let the Tenant enter Aadhaar / PAN / Ration-Card identifiers, which the Service stores on the Tenant’s behalf (Data-Processor role). This must be reconciled with the no-government-ID statement above and the Privacy Policy “Excluded identifiers” clause — either scope the exclusion to the Company’s own account data or disclose the optional KYC processing. Pending counsel.

Security, breach & residency

The Company implements industry-standard safeguards: AES-256 encryption at rest; TLS 1.2 or higher (targeting TLS 1.3) with Perfect Forward Secrecy in transit; mandatory strong authentication and RBAC for privileged access; and regular vulnerability assessments and penetration testing under the Principle of Least Privilege.

Breach notification & residency

On confirmation of a Personal Data Breach, the Company notifies the Tenant without undue delay (within 24 hours of detection) and assists in notifying the Data Protection Board of India and affected Data Principals within 72 hours, as mandated by Section 8(6) of the Act.

All digital personal data collected under this Agreement is stored and processed on secured cloud infrastructure located in Singapore. This constitutes a cross-border transfer under the DPDP Act, 2023; the Tenant acknowledges the transfer and confirms it has obtained, or shall obtain, any necessary consent from its Data Principals. No onward transfer from Singapore occurs without the Tenant’s written consent and applicable legal authority.

Retention & destruction. Personal data is retained only while it serves a legitimate business or legal purpose (e.g., financial records for 7 years). On termination, accounts and data are deactivated within fifteen (15) days and all digital personal data is permanently destroyed within sixty (60) days using firmware-based erasure so it cannot be reconstructed.

Section 8

Intellectual Property

The Company and its licensors retain all right, title, and interest (including all IP Rights) in the Service and its underlying technology — WMS business logic and modules, proprietary algorithms, software code, APIs, and user interfaces. As between the parties, the Tenant retains all rights in its Tenant Data and grants the Company a worldwide, non-exclusive, royalty-free, limited licence to host, copy, transmit, display, and use Tenant Data solely to provide and maintain the Service, address technical problems, and comply with the Tenant’s instructions or law (extending to authorised Sub-processors such as AWS and Google Cloud). Any Feedback you provide is assigned to the Company (or licensed to it perpetually if assignment is ineffective). The Service may incorporate open-source components governed by their respective licences. The Company will defend the Tenant against third-party claims that the unmodified Service infringes a valid Indian patent or copyright, subject to prompt notice and the stated exclusions.

Section 9

Payment, Fees & Taxation

The Tenant shall pay the subscription fees, one-time implementation charges, and other costs set out in the relevant SOW or Order Summary. All fees are invoiced by the Company; actual payment collection and remittance occur entirely outside the Service. The Service records only whether an invoice has been acknowledged as paid, the amount recorded as received, and the resulting outstanding balance — it does not process, initiate, or facilitate any financial transaction or transfer.

Unless an SOW states otherwise, undisputed invoices are payable Net thirty (30) days. Overdue undisputed amounts accrue interest at 1.5% per month (compounded), or the maximum permitted rate, whichever is lower. All fees are exclusive of GST and other statutory levies, which are added at prevailing rates; the Tenant must provide a valid GSTIN to enable Input Tax Credit. The Company warrants that it is a registered taxpayer and shall file its monthly GST returns in a timely manner as required under the Central Goods and Services Tax Act, 2017, to ensure the Tenant’s ability to claim relevant tax credits. Payments are made in full without set-off or deduction, except where a deduction (e.g., TDS under the Income Tax Act, 1961) is required by law. The Company may revise fees at the start of a renewal term on at least sixty (60) days’ written notice; continued use after the effective date constitutes acceptance.

Section 10

Warranties & Disclaimers

Each party warrants that it is validly existing and has the authority to enter into and perform this Agreement, and will comply with applicable laws including the DPDP Act, 2023. The Company warrants that, for ninety (90) days from initial deployment, the Service will perform in material accordance with its functional specifications; the Tenant’s sole and exclusive remedy for breach is for the Company to use commercially reasonable efforts to remediate the non-conformity.

Except for that limited warranty, the Service is provided on an “as is” and “as available” basis, with all faults and without warranty of any kind to the maximum extent permitted by law. The Company disclaims all other warranties, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement, and does not warrant that the Service will be uninterrupted, secure, or error-free, or that all defects will be corrected within a specific timeframe except as stipulated in the SLA. Nothing excludes any right or liability that cannot lawfully be excluded under Indian law.

Section 11

Limitation of Liability & Indemnity

To the maximum extent permitted by law, neither party is liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including loss of profits, revenue, data, business interruption, or goodwill, regardless of the theory of liability and even if advised of the possibility. Subject to the exclusions below, each party’s total aggregate liability is limited to the total fees paid or payable by the Tenant in the twelve (12) months preceding the event giving rise to the claim.

The cap does not apply to: death or personal injury from gross negligence; fraud, fraudulent misrepresentation, or criminal negligence; the Tenant’s obligation to pay undisputed fees and GST; wilful misconduct or intentional breach of confidentiality; or infringement of the other party’s IP Rights. The Company is the principal employer of its personnel and bears their wages and statutory remittances; the engagement of such personnel creates no employer-employee relationship between them and the Tenant, and no right of employment in the Tenant’s organisation accrues to Company staff by virtue of this Agreement. The Tenant shall indemnify the Company (and its directors Sandeep Kumar Yadav Chowla and Venugopal Raju Lakamraju, officers, and employees) against third-party claims arising from the Tenant’s breach, misuse, infringing Tenant Data, or violation of Indian law. The Company shall indemnify the Tenant against claims that the unmodified Service infringes a registered Indian patent, copyright, or trademark, subject to prompt notice, sole control of defence, and reasonable cooperation.

Section 12

Term & Termination

This Agreement commences on the Effective Date and runs for the initial Subscription Term in the applicable SOW, then automatically renews for successive one-year periods unless either party gives written non-renewal notice at least sixty (60) days before the end of the then-current term. Either party may terminate for cause on written notice for an uncured material breach (thirty (30) days’ cure), insolvency, or cessation of business; either party may terminate for convenience on sixty (60) days’ notice (the Tenant remaining liable for accrued undisputed fees).

On termination: all licence rights revert to the Company; the Tenant ceases use and certifies revocation of credentials; the Company issues a final invoice payable within fifteen (15) days; each party returns or destroys the other’s Confidential Information; and the Company performs the statutory data purge per Section 7. Provisions that by their nature survive (Definitions, Confidentiality, Retention & Deletion, IP, Warranty Disclaimer, Limitation of Liability & Indemnity, and General Provisions) survive termination.

Section 13

Dispute Resolution & Governing Law

This Agreement is governed by the laws of the Republic of India, without regard to conflict-of-law principles. Subject to arbitration, the parties submit to the exclusive jurisdiction of the courts at Hyderabad, Telangana. The parties shall first attempt to resolve any Dispute through good-faith negotiations, escalating to senior management within ten (10) days of a written notice, with a thirty (30) day negotiation period.

If unresolved, the Dispute is referred to binding arbitration under the Arbitration and Conciliation Act, 1996, before a sole arbitrator mutually appointed (failing which, appointed by the competent court). The seat and venue are Hyderabad, Telangana, India, and the language is English. The award is final and binding; each party bears its own costs. Either party may still seek interim injunctive relief from a court to protect its Confidential Information or IP Rights. The parties continue performing their obligations during any dispute-resolution proceedings.

Section 14

General Provisions

Force Majeure. Neither party is liable for delay or failure (other than payment) caused by events beyond its reasonable control (acts of God, fire, flood, epidemic, government action, war, civil unrest, labour disputes, or persistent telecom/internet failures); the affected party gives prompt notice and mitigates, and if the event continues beyond ninety (90) days either party may terminate the affected SOW. The Company may audit the Tenant’s compliance with usage limits on ten (10) business days’ notice, no more than once a year during normal business hours; the Company bears the audit costs, but if the audit reveals a material non-compliance (a discrepancy of 5% or more in usage fees) the Tenant shall immediately remit the underpaid fees and reimburse the Company for all reasonable audit expenses. The Tenant may not assign without consent; the Company may assign in a merger, acquisition, or sale of assets. Notices are given by hand, registered post/courier, or confirmed email. Amendments require a signed writing, except that the Company may unilaterally update these Terms for DPDP/statutory compliance on thirty (30) days’ notice (continued use = acceptance). No waiver is implied; invalid provisions are severed; this Agreement (with the MSA, SOWs, and Annexures A–D) is the entire agreement, with the order of precedence: SOW, Annexures, main body, then MSA. Electronic signatures are valid under the Information Technology Act, 2000.

Section 15

Grievance Redressal & Statutory Notices

In accordance with Section 11(4) of the DPDP Act, 2023, and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Company has established a formal mechanism for redressing grievances about the processing of personal data and use of the Service. Any Data Principal or User may register a complaint or exercise statutory rights by writing to the designated Grievance Officer. The Company acknowledges within twenty-four (24) hours and provides a resolution or status update within thirty (30) days.

Grievance Officer — Xtrius Consulting Services Private Limited
Name
[To be finalized by counsel]
Designation
Grievance Officer
Organisation
Xtrius Consulting Services Private Limited
Registered address
Ghatkesar, Hyderabad, Telangana, India
Email
[To be finalized by counsel]
Annexure A

Service Description & Technical Specifications

Read the Service Description

ColdIQ is a cloud-based Warehouse Management System (WMS) purpose-built for cold-storage operators, temperature-controlled logistics providers, and bonded-warehouse facilities. It manages depositor accounts, commodity inventory, storage-slot allocation, inward/outward stock movements, invoice generation, payment-acknowledgement recording, and statutory bond compliance through a unified web platform and PWA. ColdIQ is accessed entirely via a web browser; it is not a native mobile app and is not on any app store.

Core functional modules: client & commodity management; slot & space management with temperature-zone enforcement (frozen −18°C, chilled 0–4°C, ambient 8–15°C); stock & inventory control (gate entry, goods-receipt notes, delivery orders, lot/expiry tracking, stock-take); a GST-compliant billing & tariff engine (storage rent per pallet/MT/CBM/day, handling charges, e-invoice/e-way-bill via NIC API); bond & statutory compliance registers under the Customs Act, 1962 and the Warehousing (Customs) Regulations, 2016; reporting & analytics; and integrations/APIs (ERP, NIC, optional IoT temperature sensors, SMS/WhatsApp/email notifications). The Service records payment acknowledgements only and does not collect, process, or transfer funds; no Aadhaar, PAN, or other government-issued identity document is collected for billing.

Hosting & infrastructure. All data is stored and processed on ISO 27001-certified cloud infrastructure located in Singapore, constituting a cross-border transfer from India to Singapore; disaster recovery is standard (RPO 4 hours, RTO 8 hours). Three environments are provided — Development, UAT, and Production — with scope per the applicable SOW. Out of scope (unless stated in an SOW): physical cold-chain logistics; actual payment collection or fund transfers; customs brokerage; temperature-sensor hardware; and integrations with systems not listed in the module catalogue.

Annexure B

Data Processing Agreement (DPA)

Read the Data Processing Agreement

This DPA forms an integral part of the Agreement and governs the processing of digital personal data under the DPDP Act, 2023.

Roles & instructions. The Tenant is the Data Fiduciary and determines the purpose and means of processing, warranting a valid lawful basis (e.g., consent) for all processing. The Company is the Data Processor and processes personal data strictly on the Tenant’s documented instructions for the Permitted Purpose of service delivery, software engineering, and automated billing; the Company will inform the Tenant if, in its opinion, an instruction violates the DPDP Act.

Sub-processors. The Tenant gives a general written authorisation for the Company to engage Sub-processors (e.g., AWS, Google Cloud). The Company executes agreements imposing equivalent or more restrictive obligations, remains vicariously liable for them, maintains a list available on request, and gives at least thirty (30) days’ notice of additions or replacements (during which the Tenant may object on reasonable grounds).

Breach management. On a confirmed Personal Data Breach, the Company notifies the Tenant without undue delay and no later than twenty-four (24) hours after becoming aware, and assists in notifying the Data Protection Board of India within seventy-two (72) hours per Section 8(6). Notifications include the nature of the breach, the categories and approximate number of affected Data Principals, likely consequences, and remediation taken or proposed.

Residency & cross-border transfers. All such personal data is stored and processed on secured cloud infrastructure in Singapore — a cross-border transfer from India to Singapore under the DPDP Act, 2023, for which the Tenant, as Data Fiduciary, accepts responsibility for a valid lawful basis (including explicit consent where required). No onward transfer beyond Singapore occurs except as required by law, with the Tenant’s written authorisation, or with the Data Principal’s explicit consent; any onward transfer is subject to appropriate safeguards such as Standard Contractual Clauses (SCCs).

Annexure C

Service Level Agreement (SLA)

Read the Service Level Agreement

This SLA sets out the Company’s performance metrics and support obligations and is subject to the main Agreement and any executed SOW.

Incident response. The Company remediates incidents per the priority levels, acknowledgement SLAs, and resolution targets below; timelines run from the moment a ticket is registered through the Designated Support Portal or authenticated API endpoint, performed with industry-standard skill and care.

  • P1 — Critical (total Service unavailability): acknowledge in 2 hours, target resolution 4 hours, updates every 4 hours.
  • P2 — High (substantial degradation of core features): acknowledge in 4 hours, target resolution 8 hours, updates every 2 business days.
  • P3 — Medium (non-critical impairment / partial defect): acknowledge in 8 hours, target resolution 24 hours, weekly updates.
  • P4 — Low (cosmetic defects / general inquiries): acknowledge in 24 hours, target resolution 72 hours, addressed in a future release.

Uptime methodology. System Uptime = (Total Minutes in Month − Downtime Minutes) / Total Minutes in Month × 100, with 99.9% warranted per month. “Downtime Minutes” exclude scheduled maintenance and Excused Downtime (third-party infrastructure failures, Force Majeure, or Tenant acts/omissions). A four-level escalation hierarchy (Support Operations → Senior Engineering → Engineering Leadership & Account Management → Managing Director) applies, and the Company provides a Service Level Performance Report within five (5) business days after each month (actual uptime vs. target, incident volume by priority, MTTR, and any Service Credits).

Annexure D

Acceptable Use Policy (AUP)

Read the Acceptable Use Policy

This AUP establishes behavioural standards for all Users and Tenants; adherence is a material condition of the licence under Section 3. In addition to the restrictions in Section 6, you are strictly prohibited from using the Service for:

  • Unlawful or harmful content — uploading or distributing content that is unlawful, defamatory, obscene, or that infringes the IP, publicity, or privacy rights of any third party.
  • Security probing — probing, scanning, or testing the vulnerability of any connected system or network, or circumventing security or authentication measures.
  • System interference — conduct designed to interfere with or disrupt the integrity or performance of the Service or any third-party data within it.
  • Deceptive practices — misrepresenting identity or affiliation, or impersonating any person or entity, including the Company.
  • Prohibited communications — transmitting unsolicited bulk communications, unauthorised advertising, “spam,” chain letters, or fraudulent solicitation.
  • Data harvesting — mining, harvesting, or automated collection of personal identifiers, metadata, or credentials without express, informed consent.
  • Circumvention of safeguards — disabling or interfering with security features, DRM, or usage-tracking mechanisms that enforce licence limits.

The Company may (but is not obliged to) monitor usage for compliance. Any violation is a material breach that may result in immediate suspension or termination without prior notice or liability, without prejudice to other remedies including injunctive relief.

Error