Effective 22 April 2026 · Version 2.0

Privacy Policy

This Privacy Policy explains how Cyfriq collects, uses and protects personal data. It applies to data we collect about visitors to cyfriq.com, prospects, customers and contacts of our customers — when Cyfriq is acting as the Data Fiduciary (under the DPDP Act 2023) or Data Controller (under the GDPR). For personal data we process on behalf of our enterprise customers, we act as a Data Processor and that processing is governed by the applicable Data Processing Agreement.

1. Who we are

Cyfriq is headquartered in Chennai, Tamil Nadu. For queries about this Policy, contact our Data Protection Officer at privacy@cyfriq.com.

2. What we collect

2.1 Information you give us

Contact details (name, work email, phone, company, role) when you submit an enquiry, register for an event, or engage our sales team.
Account credentials and profile data when you become a Cyfriq customer user.
Communication history (support tickets, emails, meeting notes).
Billing and tax information (when you are a customer).

2.2 Information collected automatically

Device and browser metadata, IP address, language preferences, pages visited on our website.
Product telemetry limited to operational health and security purposes — this never includes Customer Data.

3. Why we collect it

To respond to enquiries and provide the Services you've requested.
To administer your account and process payments.
To keep the Services secure, detect abuse, and prevent fraud.
To send product updates, security advisories and — only with your consent — marketing communications.
To comply with legal obligations (including the DPDP Act, tax law, anti-money-laundering rules).

4. Legal bases

We process personal data on the following legal bases: (a) to perform a contract with you; (b) for our legitimate interests in running, improving and securing our business; (c) with your consent (where required); (d) to comply with legal obligations.

5. How we share data

We share personal data only with:

Sub-processors — vetted third parties bound by data-processing agreements. See our current list at security.html#subprocessors.
Professional advisors — lawyers, auditors, accountants under professional confidentiality.
Law enforcement and regulators — when legally required and after validating the request.
Successors in interest — in the event of a merger, acquisition or sale of assets, under standard confidentiality protections.

We do not sell personal data. We do not share personal data with advertising networks for cross-site tracking.

6. Where data is stored

Customer Data processed by the Cyfriq Services is stored on AWS ap-south-1 (Mumbai, India) by default. Corporate and marketing data (prospect CRM, support tickets, etc.) may be processed in other regions by our sub-processors, under contractual safeguards that satisfy DPDP Act cross-border requirements.

7. Retention

We retain personal data only as long as needed to fulfil the purposes set out above or as required by law. Typical retention periods:

Prospect and sales-enquiry data: up to 24 months from last contact, then deleted.
Customer account data: for the duration of the subscription plus 90 days thereafter.
Security and audit logs: up to 5 years (tamper-proof WORM log).
Tax and accounting records: 7 years, as required by Indian law.

8. Your rights

Subject to local law, you have the right to access, correct and erase your personal data; to object to or restrict processing; to data portability; and to withdraw consent. Under the DPDP Act, you may nominate another person to exercise rights on your behalf. To exercise any right, email privacy@cyfriq.com. We respond within 30 days (or 90 days for DPDP grievance redressal) and will not charge a fee for reasonable requests.

9. Cookies & analytics

We use a minimal set of first-party cookies for essential site functionality and privacy-preserving analytics. See our Cookie Policy for the full list. We do not use third-party ad-network cookies.

10. Children

The Services are not directed at individuals under 18. We do not knowingly collect data from children. If you believe a child has provided personal data, email privacy@cyfriq.com and we will delete it.

11. Contact us

Cyfriq
Attn: Data Protection Officer
Chennai, Tamil Nadu · India
Email: privacy@cyfriq.com

We may update this Policy from time to time. Material changes will be notified to customers in advance. The "Effective" date above always reflects the current version.