Legal

Privacy Policy

Last updated: April 3, 2026

Introduction

Cyber Secify Consulting Pvt Ltd ("Cyber Secify", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cybersecify.com, use our tools (including OpenEASD), or engage our services. This policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian data protection laws.

Information We Collect

Contact Form

When you submit our contact form, we collect your full name, email address, phone number (optional), company name (optional), service interest, and message. This information is used solely to respond to your inquiry and follow up on your request.

OpenEASD (Free External Attack Surface Discovery)

When you request a free security scan through our OpenEASD tool, we collect:

  • Full name and role (to identify the requester)
  • Work email (to deliver the report and verify authorization)
  • Company name and primary domain (to perform the requested scan)

We reject submissions from free email providers (Gmail, Yahoo, Outlook, etc.) to help verify that the requester is authorized to request a scan of the submitted domain. Scan results are stored for 90 days and then permanently deleted. We do not sell or share individual scan data with third parties. Anonymized, aggregated scan data may be used for security research and to improve our tools.

Service Engagements

When you engage our penetration testing, consulting, or other services, we collect information necessary to deliver those services, including your name, email, phone number, company details, and information about your security requirements.

Other Communications

We also collect information you provide when you communicate with us via email, WhatsApp, or phone, or subscribe to our communications.

Automatically Collected Information

When you visit our website, we may automatically collect certain information including your IP address, browser type, operating system, referring URLs, pages visited, and interaction data. We use this information to analyze website traffic and improve our services.

Information from Services

During penetration testing and security consulting engagements, we may access, process, and temporarily store technical information about your systems, applications, and infrastructure as defined in the engagement scope. This information is treated as strictly confidential and handled in accordance with the engagement agreement.

How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide requested services
  • Perform OpenEASD scans and deliver the resulting report to the email address provided
  • Deliver security assessments, reports, and recommendations under service engagements
  • Operate and improve our website, tools, and service offerings
  • Produce anonymized, aggregated research from OpenEASD scan data (individual results are never shared)
  • Communicate about our services and security insights
  • Comply with legal obligations and regulatory requirements
  • Protect against fraudulent or unauthorized activity

Use of AI and Automated Processing

We may use artificial intelligence and automated tools as part of our service delivery, website operations, and internal processes. This includes AI-assisted security testing, content creation, and data analysis. Automated processing of personal data is limited to what is necessary for the stated purposes and is subject to human oversight.

We do not use automated decision-making that produces legal effects or similarly significant effects on individuals without human review.

Legal Basis for Processing

We process your personal data based on one or more of the following grounds:

  • Consent: When you voluntarily provide your information through our forms, tools, or communications
  • Contractual necessity: When processing is necessary to perform our services under an engagement agreement
  • Legitimate interest: When processing is necessary for our legitimate business interests, such as improving our services and website
  • Legal obligation: When processing is required to comply with applicable laws

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

  • Trusted service providers who assist us in operating our website, delivering services, and conducting our business, provided they agree to keep your information confidential. These include:
    • Cloudflare (website hosting, CDN, and security). Cloudflare may process IP addresses, request headers, and other connection data as part of serving our website.
    • Resend (email delivery). Form submissions from our contact form and OpenEASD tool are processed through Resend's API to deliver emails. Resend temporarily processes the submitter's name and email address for delivery purposes.
  • Legal authorities when required by law, court order, or government regulation
  • Professional advisors such as lawyers and accountants, as necessary for our business operations

We do not transfer personal data outside India except where necessary for service delivery (such as email delivery through service providers with servers outside India) and with appropriate safeguards in place.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. As a cybersecurity company, we hold ourselves to the highest standards of data protection. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Specifically:

  • OpenEASD scan data: scan results and associated personal information are stored for 90 days from the date of the scan, then permanently deleted
  • Contact form submissions: retained for the duration of the business relationship or up to 24 months, whichever is longer, or until you request deletion
  • Pentest engagement data: retained as per the terms of the engagement contract; our copies of penetration test findings are securely deleted within 90 days of engagement completion unless otherwise agreed in writing
  • Consulting and other engagement data: retained for the duration of the engagement plus 36 months for legal and compliance purposes
  • Website analytics: aggregated and anonymized data may be retained indefinitely

Your Rights

Under the DPDP Act and applicable data protection laws, you have the following rights:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to correction: Request correction of inaccurate or incomplete personal data
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements
  • Right to withdraw consent: Withdraw your consent for data processing at any time
  • Right to grievance redressal: File a complaint about our data processing practices
  • Right to nominate: Nominate another person to exercise your rights in case of your death or incapacity

To exercise any of these rights, please contact us at privacy@cybersecify.com. We will respond to your request within 30 days.

Cookies

Our website does not use cookies. We use Cloudflare Analytics for website traffic analysis, which operates server-side without cookies or client-side tracking scripts. No personal data is collected for analytics purposes.

Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information.

Third-Party Links

Our website may contain links to third-party websites and tools. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies before providing any personal information.

Grievance Officer

In accordance with the DPDP Act, our Grievance Officer for data protection matters is:

Name: Ashok S Kamat
Email: privacy@cybersecify.com
Address: Bengaluru, Karnataka, India

You may contact the Grievance Officer for any complaints or concerns regarding our processing of your personal data. We will acknowledge your complaint within 48 hours and resolve it within 30 days.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated "Last updated" date. We encourage you to review this page periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@cybersecify.com
Address: Bengaluru, Karnataka, India