Pestle Back to App

Legal Information

Compliance, security, and legal documentation for Pestle services

Last Updated: January 28, 2026

Quick Links

Privacy Policy Terms of Service Data Retention Policy Cookie Policy Data Processing Agreement Security Practices Sub-processors

Data Retention Policy

Pestle retains your data in accordance with our contractual obligations, legal requirements, and your instructions.

Retention Periods

Data Category Retention Period Basis
Account Information Duration of account + 90 days Contract
Compliance Data Duration of account + 90 days Contract
Evidence & Attachments Duration of account + 90 days Contract
Audit Logs 7 years Legal/Compliance
Billing Records 7 years Tax/Legal
Security Logs 12 months Security
Usage Analytics 24 months Legitimate Interest
Support Tickets 3 years Service Quality
Marketing Preferences Until opt-out + 30 days Consent

Data Deletion

Account Closure: Data deletion initiated within 30 days. Full deletion completes within 90 days.
Backup Retention: Backups containing deleted data are purged within 90 days.
Legal Holds: Data subject to legal holds may be retained beyond standard periods.

Data Export

Before account closure, you can export your data in standard formats (JSON, CSV, PDF) through the platform's export feature.

Cookie Policy

Pestle uses cookies and similar technologies to provide, secure, and improve our Services.

Required Essential Cookies

Authentication

Keeps you logged in during your session

Security

CSRF protection and fraud prevention

Preferences

Language and timezone settings

Optional Functional Cookies

Enhance your experience: dashboard preferences, table configurations, onboarding feature tracking.

Aggregated Analytics Cookies

Help us understand usage: pages visited, features used, time spent, page load times. All analytics data is aggregated and anonymized.

Managing Cookies

Control cookies through your browser settings. Note that disabling essential cookies will prevent you from using the Services.

Chrome | Firefox | Safari | Edge
We honor Do Not Track browser signals by disabling non-essential analytics when detected.

Data Processing Agreement

For customers who require a Data Processing Agreement (DPA) for GDPR or other regulatory compliance.

Standard DPA Covers:

Scope and nature of processing
Data subject categories and data types
Obligations of the processor
Obligations of the controller
Sub-processor arrangements
International data transfers
Security measures
Data breach notification procedures
Audit rights
Data deletion and return

Obtaining a DPA

Enterprise customers can request a signed DPA by contacting sales@pestle.in. Our standard DPA is included in enterprise agreements.

Security Practices

Pestle implements comprehensive security measures to protect your data.

Certifications & Compliance

SOC 2 Type II

Annual security audit

ISO 27001

Information security management

GDPR

Compliant data processing

HIPAA

BAA available (Enterprise)

Technical Security

Encryption: TLS 1.3 in transit, AES-256 at rest
Access Control: RBAC, MFA, SSO
Infrastructure: SOC 2 compliant cloud
Network: WAF, DDoS protection

Operational Security

Employee Security

Background checks, security training, least privilege access

Vulnerability Management

Regular scanning, penetration testing, bug bounty

Incident Response

Documented procedures, 24-hour breach notification

Business Continuity

Disaster recovery, geographic redundancy

Sub-processors

Pestle uses the following sub-processors to provide our Services:

Sub-processor Purpose Location
Amazon Web Services
 Cloud infrastructure hosting USA/EU
Stripe
 Payment processing USA
SendGrid
 Transactional email USA
Sentry
 Error monitoring USA
Intercom
 Customer support USA

We notify customers of new sub-processors at least 30 days before engagement. Enterprise customers can subscribe to sub-processor update notifications.

GDPR Information

Your Data

You are the data controller; Pestle is the data processor.

Account Data

Pestle is the data controller for account and billing information.

Legal Bases for Processing

Contract

Processing necessary to provide the Services

Legitimate Interest

Security, fraud prevention, service improvement

Legal Obligation

Tax records, audit logs

Consent

Marketing communications, optional analytics

Data Subject Rights

EU residents can exercise their rights by contacting sales@pestle.in or through the platform's privacy settings.

Contact Legal Team

For legal inquiries, DPA requests, or compliance questions:

Email

sales@pestle.in

Phone

+91 897 702 5287

Address

Trendz Pride 5th Floor, Plot No 20/127, Survey No.79, Road No 1, Patrika Nagar, Madhapur, Hyderabad, Shaikpet, Telangana, India, 500081