At Dott Connect Private Limited (“Dott”, “DCPL”, “we”, “us”, or “our”), the protection of information is fundamental to the design, development, and operation of our platforms. We recognise that the data processed through our systems—including multi-rater feedback, employee engagement insights, and learning and development records—is often sensitive in nature and critical to the trust placed in us by our clients.

Accordingly, we have implemented a combination of technical, organisational, and procedural safeguards designed to ensure the confidentiality, integrity, and availability of such information across all our services, including Dott 360, Dott Sense, and Elyevate (ELA).

Confidentiality by Design

Our platforms are specifically designed for environments in which confidentiality and controlled access are essential. This is particularly relevant in the context of 360° feedback programs and employee engagement surveys, where the integrity of responses and the protection of participant identity are critical to the effectiveness of the program.

Access to information is governed through structured role-based controls, ensuring that users are granted access only to the data necessary for their designated function. In addition, program-level configurations enable the enforcement of confidentiality safeguards such as aggregation thresholds and anonymisation mechanisms, thereby preventing the identification of individual respondents where confidentiality is intended.

These controls are designed to ensure that information is disclosed only on a need-to-know basis and in an appropriate and authorised format.

Information Security Framework

Dott maintains a layered information security framework incorporating preventive, detective, and corrective controls.

Data transmitted through the Platform is protected using secure communication protocols, including encryption in transit (HTTPS/TLS). Where appropriate, data is also protected at rest using industry-standard encryption mechanisms.

Access to systems and data is governed by role-based access control (RBAC) principles and the concept of least privilege. Users, administrators, and internal personnel are granted access strictly in accordance with their roles and responsibilities, with segregation of duties applied to sensitive operations.

Authentication and session management mechanisms are implemented to ensure secure access, including credential protection, session control, and, where required, additional verification measures.

Platform-Level Safeguards

Security controls are implemented across each of our platforms in a manner consistent with the nature of the data processed.

In Dott 360, confidentiality is maintained through configurable anonymity thresholds, controlled visibility of feedback responses, and structured aggregation of data to prevent identification of individual respondents. Access to detailed or raw data is restricted based on user roles and program configuration.

In Dott Sense, survey responses are typically processed and presented in aggregated formats. Where anonymity is enabled, individual-level responses are not disclosed. Segmentation and reporting are configured to ensure that confidentiality is preserved.

In Elyevate (ELA), learner data, including course progress, assessments, and participation records, is stored securely and is accessible only to authorised users based on defined roles, such as learners, trainers, or administrators.

Infrastructure and Operational Security

The Platform is deployed on secure infrastructure environments designed to support data protection, availability, and operational resilience. Access to infrastructure is controlled, and systems are subject to monitoring, maintenance, and security hardening practices.

We implement processes for monitoring system activity, maintaining logs, and detecting anomalous or suspicious behaviour. In the event of a security incident, we follow structured procedures for identification, escalation, containment, and remediation, along with post-incident review.

Third-Party and Vendor Management

Where third-party service providers are engaged to support the delivery of our services, such providers are subject to appropriate due diligence prior to onboarding. Access to data by such providers is limited to what is necessary for the performance of their functions.

We require such providers to adhere to contractual obligations relating to confidentiality, data protection, and security. Where applicable, such providers are expected to maintain security standards consistent with the nature of the services provided.

Compliance and Security Alignment

Dott’s practices are designed to align with applicable legal and regulatory requirements, including the Information Technology Act, 2000 (India) and applicable rules, as well as globally recognised data protection principles.

Our information security framework is structured in alignment with industry-recognised standards, including the principles of ISO/IEC 27001, covering key areas such as access control, data protection, risk management, monitoring, and incident response.

We continuously review and strengthen our controls, processes, and governance mechanisms as part of our ongoing security and compliance programme, including progression toward formal certification.

Data Confidentiality Commitment

Dott is committed to maintaining the confidentiality of all data processed through its platforms. This includes, in particular, the protection of:

• feedback providers in 360° feedback programs;
• respondents in engagement and experience surveys; and
• learners and participants in development programmes delivered through ELA.

Our systems and processes are designed to ensure that such data is protected against unauthorised access, misuse, or disclosure, and that access to insights and reports is appropriately controlled.

Customer Assurance and Support

We recognise that security and compliance are critical considerations for our clients. Accordingly, we support enterprise customers by providing, where required:

• Data Processing Agreements (DPA);
• responses to security and compliance questionnaires;
• relevant documentation to support internal risk assessments; and
• assistance during audit and due diligence processes.

Continuous Improvement

Information security is an ongoing process. Dott continually evaluates and enhances its security controls, systems, and processes in response to evolving threats, technological developments, and regulatory expectations.

Contact

For security-related queries, compliance documentation, or further information, please contact:

Dott Connect Private Limited
privacy@dottinc.com