Design Link — Privacy Policy

Version: 2.0 Effective Date: 25 June 2026 (Interim Operator Version) Last updated: 8 July 2026 (self-service nominee mechanism — §6)

Interim Operator Note (June 2026). Until incorporation of a successor entity (Design Link LLP, Design Link Pvt Ltd, or equivalent), the Design Link platform is operated by MSCON Design Private Limited (CIN: U70100DL2019PTC343932; GSTIN: 07AAMCM3424B1ZS), having its registered office in Delhi, India. All references to "Design Link" refer to the platform, brand, and trademark of MSCON Design Private Limited.

MSCON Design Private Limited ("we", "us") operates the Design Link design operations platform (web app, mobile app, and APIs) (the "Service"). This Privacy Policy explains what personal data we collect, why, how long we keep it, and the rights you have under India's **Digital Personal Data Protection Act, 2023 (DPDP Act)**.

This policy is a starting point and should be reviewed by qualified legal counsel before publication.

1. Who is the Data Fiduciary

For personal data processed through the Service, the Data Fiduciary is MSCON Design Private Limited, Delhi, India. Where your employer (the firm that licenses Design Link) determines how your data is used, that firm is the Data Fiduciary and MSCON Design Private Limited acts as a Data Processor on its behalf.

2. Personal Data We Collect

designation, department, date of joining, profile photo.

Google sign-in identifiers (where used).

check-in/out times, leave requests, messages, minutes of meeting, uploaded documents and photos.

you check in or out of attendance, to verify presence at a site. Location is not tracked in the background.

notification token, IP address, and audit-log entries (action, timestamp, IP, user agent) for security and accountability.

3. Purposes of Processing

We process personal data to: provide and secure the Service; authenticate users; record attendance, tasks, and timesheets; deliver notifications; generate performance and project reports for your firm's administrators; provide customer support; comply with legal obligations; and detect and prevent fraud or abuse.

We rely on your consent and on the legitimate uses permitted by the DPDP Act (including provision of a service you have requested and employment-related processing by your firm).

4. Storage Location

Personal data is stored on infrastructure located in India. Backups are encrypted and retained on Indian infrastructure. We do not transfer personal data outside India except to sub-processors that meet equivalent protection standards and only where permitted by law.

5. Data Retention

deletion and the associated personal data is purged within 30 days (see Section 6), except data we must retain to comply with law (e.g. statutory payroll/tax records) or to resolve disputes.

within the backup retention window.

6. Your Rights

Under the DPDP Act you have the right to:

can generate a personal-data export yourself from within the app; we build it in the background and email you a secure download link (valid 72 hours) to a ZIP containing your data as JSON and CSV, a plain-language PDF summary, and your uploaded files. Encrypted fields (e.g. Aadhaar/bank details) are decrypted for you, the owner. Organisation administrators can likewise export the whole firm's data.

death or incapacity. You can make, change, or withdraw a nomination yourself from Profile → Privacy & Data → Nominee. Your nominee's name and email are encrypted at rest, and your nominee confirms their designation via a link we email them. A nomination does not give your nominee access to your account — it records who we contact to exercise your rights when the law allows. On a death or incapacity event, your nominee exercises those rights by contacting our Grievance Officer (Section 9) with proof, and we transfer account ownership only after a documented two-person review.

You can exercise the access/export, deletion, and nomination rights directly in the app (Profile → Privacy & Data). Any right you cannot complete in the app can be exercised by contacting us (Section 9). We respond within the timelines required by law.

7. Security Measures

We protect personal data with: password hashing, TLS in transit, tenant isolation between firms, role-based access control, CSRF protection on web sessions, signed/expiring tokens, append-only audit logging, encrypted database backups, and least-privilege server hardening. No method of transmission or storage is 100% secure, but we work to protect your data and to notify the Data Protection Board and affected users of a breach as required by the DPDP Act.

8. Children's Data

The Service is intended for use by employees and authorised users of licensee firms and is not directed at children. We do not knowingly process the personal data of children.

9. Contact — Data Protection

For privacy questions, rights requests, or grievances, contact our Data Protection point of contact:

You can also raise a grievance via our Grievance & Data Protection page.

10. Grievance Officer

In accordance with the DPDP Act, 2023 and the Information Technology Act, 2000, we have designated a Grievance Officer to receive and address complaints about the processing of your personal data:

Response SLA. We acknowledge grievances within 72 hours of receipt and aim to resolve them within 30 days, as required by law. If you are not satisfied with the resolution, you may escalate to the **Data Protection Board of India**.

11. Sub-processors

We engage the following third-party sub-processors to provide the Service. Each is engaged under a written contract with confidentiality and data-protection obligations. Primary storage of Customer Data remains on infrastructure in India (Section 4); the processors below receive only the limited data needed for their stated function.

Sub-processorFunctionLocation
Anthropic (Claude API)AI assistant / chat featuresUnited States
Voyage AIText embeddings for AI Chat code searchUnited States
SentryError monitoring and diagnosticsUnited States
CloudflareContent delivery, DNS, DDoS protectionUnited States
Google (Gmail SMTP / Workspace)Transactional email deliveryUnited States / India
Postmark (ActiveCampaign)Inbound support-email parsing — engaged only if inbound email-to-ticket is enabled for your firmUnited States
RazorpayPayment processing (paid subscriptions)India

We will update this list and notify you of material changes before engaging a new sub-processor that processes your personal data.

12. Changes to this Policy

We may update this policy from time to time. Material changes will be notified in-app or by email. The "Last updated" date above reflects the latest revision.


Design Link™ is a product of MSCON Design Private Limited CIN: U70100DL2019PTC343932 | GSTIN: 07AAMCM3424B1ZS | Delhi, India © 2026 MSCON Design Private Limited. All rights reserved.