Privacy Policy & DPDP Alignment
Last updated: May 6, 2026 | Compliant with India DPDP Act (2023)
At CyberTeck Technologies Private Limited ("CyberTeck", "we", "us", or "our"), data privacy, sovereignty, and trust are the cornerstones of our operational mission. This Privacy Policy details how we protect, process, and respect the privacy of our enterprise partners, CISOs, and operational stakeholders in strict accordance with the Digital Personal Data Protection (DPDP) Act of 2023.
1. Collection and Safeguarding of Personal Data
In securing our corporate platform and administering CyberTeck OS consoles, we may collect the following classifications of processing data:
- Enterprise Identity Credentials: Usernames, corporate email domains, single sign-on (SSO) indicators, and public encryption keys to authenticate analyst log sessions securely.
- Security Posture Telemetry Logs: Dynamic server IP addresses, unpatched network port counts, active attack signatures, and simulated vulnerability files which are processed solely to calculate corporate risk indices.
- Consent Management Data: Explicit logs recording the grant, modification, or revocation of consent details to fulfill Section 6 and Section 8 provisions of the DPDP Act.
2. Processing Framework and Purpose
Sovereign personal data of Indian citizens is processed strictly based on the following statutory pillars:
- Sovereign Consent: Data is handled purely based on explicit, clear, and revocable consent objects delivered during enterprise signup.
- Legitimate Uses: Information processing required for incident isolation, security forensic reporting, or fulfilling emergency directives from CERT-In.
3. Data Residency and Mumbai Sovereignty
In accordance with Indian regulatory mandates, all primary data storage, database backups, audit records, and security logs are hosted exclusively on highly secure AWS and GCP localized sovereign cloud infrastructure within the Mumbai, India geographic boundaries. We enforce absolute physical and digital data isolation from foreign access clusters.
4. Right to Access, Correct, and Erase
Under Section 11 and Section 12 of the DPDP Act, stakeholders and data principals maintain absolute rights to access, correct, or request the irrevocable erasure of their collected personal data traces. To initiate these operations, please contact our local Data Protection Officer (DPO) at dpo@cyberteck.in.