+91 (830) 904-8324 [email protected]
BOOK CONSULTATION →
Legal

Privacy Policy

We believe privacy is a fundamental right. This policy explains exactly how InfoKavach collects, uses, and protects your personal information — in plain language.

DPDP Act 2023 Aligned
Effective Date: 13 May 2025
Last Updated: 13 May 2025
Jurisdiction: India (DPDP Act 2023)
Controller: InfoKavach Technologies Pvt. Ltd.

1. Introduction

Welcome to InfoKavach's Privacy Policy. InfoKavach Technologies Pvt. Ltd. ("InfoKavach", "we", "us", or "our") is a cybersecurity company headquartered in Gachibowli, Hyderabad, Telangana, India. We offer cybersecurity consulting, managed security services, AI-driven security tools (Kavach AI), and certification training through our Academy and ExamPrep platforms.

This Privacy Policy describes how we collect, use, disclose, store, and safeguard your personal data when you visit infokavach.com or any of our affiliated platforms (academy.infokavach.com, examprep.infokavach.com), engage with our services, or communicate with us.

By using our website or services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services and contact us to have your data removed.

This policy applies to all InfoKavach platforms and brands — including InfoKavach Academy, Kavach AI, and InfoKavach ExamPrep — unless those platforms publish a separate, dedicated privacy policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact & enquiry data: Name, email address, phone number, company name, job title, and message content when you complete our contact form, book a consultation, or request a product demo.
  • Account data: Username, password (stored as a hashed value), and profile details when you register for InfoKavach Academy or ExamPrep.
  • Payment data: Billing name, address, and payment card details when purchasing courses or subscriptions. We do not store full card numbers — payments are processed by PCI-DSS compliant third-party gateways.
  • Course & exam activity: Answers, scores, progress records, and completion certificates on our learning management and exam preparation platforms.
  • Business information: When engaging our enterprise cybersecurity services, we may collect organisational details, network environment descriptions, and scope-of-work information necessary to deliver the service.

2.2 Information Collected Automatically

  • Device & technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, and time zone.
  • Usage data: Pages visited, time spent, links clicked, referral URLs, and navigation paths on our websites.
  • Log data: Server logs capturing IP addresses, request timestamps, HTTP status codes, and bandwidth consumed.
  • Location data: Approximate geographic location derived from your IP address (country/city level only — we do not access precise GPS location).

2.3 Collection Methods

We collect the above information through:

  • Web forms on our websites
  • Cookies, web beacons, pixel tags, and local storage (see Section 6)
  • Third-party analytics services (e.g., Google Analytics)
  • Email communication and calendar integrations
  • API integrations when you connect third-party tools

3. How We Use Your Information

We use collected data for the following purposes:

  • Service delivery: Providing cybersecurity assessments, SOC monitoring, consulting engagements, and managed services you have requested.
  • Account management: Creating and maintaining your Academy or ExamPrep account, tracking course progress, and issuing completion certificates.
  • Communication: Responding to enquiries, sending appointment confirmations, project updates, and support correspondence.
  • Marketing & outreach: Sending newsletters, event invitations, and promotional content — only with your explicit consent, and always with a one-click unsubscribe option.
  • Product improvement: Analysing usage patterns to improve website usability, feature design, and service quality.
  • Security & fraud prevention: Monitoring for suspicious activity, protecting our infrastructure, and verifying identities where required.
  • Legal compliance: Meeting our obligations under applicable Indian law, including the Digital Personal Data Protection Act 2023 (DPDP Act), the Information Technology Act 2000, and sector-specific regulations.
  • AI feature operation: Powering personalised recommendations, threat pattern analysis, and intelligent learning paths within Kavach AI and ExamPrep (see Section 5 for full AI disclosure).

Under India's Digital Personal Data Protection (DPDP) Act 2023 and, where applicable, the EU General Data Protection Regulation (GDPR) for European data subjects, we process your personal data on the following grounds:

  • Consent: Where you have given free, specific, informed, and unambiguous consent — such as signing up for marketing emails or enabling optional analytics cookies.
  • Contract performance: Processing necessary to perform a contract with you (e.g., delivering a cybersecurity engagement you have commissioned, or managing your Academy subscription).
  • Legitimate interests: Where our legitimate business interests do not override your fundamental rights — for example, website security monitoring, fraud prevention, and improving our services.
  • Legal obligation: Where we must process data to comply with Indian law, court orders, or regulatory requirements.

You have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. AI & Automated Processing

Kavach AI — Our AI-Powered Security Platform

InfoKavach operates Kavach AI, an AI-driven cybersecurity intelligence product. When you use Kavach AI or AI-assisted features within our platform, the following applies:

5.1 How We Use AI

  • Threat detection & analysis: Machine learning models analyse log data and network telemetry to identify anomalies and potential threats. This processing operates on data you provide as part of your service scope.
  • Personalised learning: The ExamPrep platform uses AI to adapt question difficulty, recommend study topics, and predict exam readiness based on your practice history.
  • Content recommendations: Our Academy platform may suggest courses or resources based on your profile and learning activity.
  • Customer support: AI-assisted chatbots or ticketing triage may be used to route queries. A human agent is always available upon request.

5.2 Automated Decision-Making

We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing without human review. Where AI tools provide recommendations (e.g., risk scores, exam readiness indicators), these are advisory only and reviewed by qualified InfoKavach personnel before any consequential action is taken.

5.3 Third-Party AI Services

We may use third-party large language model (LLM) APIs or AI infrastructure providers to power certain features. When doing so:

  • We ensure data processing agreements (DPAs) are in place with all AI providers.
  • We do not transmit identifiable client security data to third-party AI models without explicit consent and appropriate data sanitisation.
  • We will update this section if we materially change our AI vendor relationships.

5.4 Generative AI & Prompt Data

If you interact with any generative AI feature on our platforms, your prompts and inputs may be processed to generate responses. We do not use your individual prompts to train our AI models. Aggregated, anonymised interaction data may be used to improve service quality.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate our websites effectively. Cookies are small text files placed on your device.

Types of Cookies We Use

  • Strictly necessary cookies: Required for core website functionality (session management, login state, cookie consent preference). Cannot be disabled.
  • Analytics cookies: Used by Google Analytics and similar tools to collect aggregated, anonymised data about how visitors use our site. Enabled only with your consent.
  • Functional cookies: Remember your preferences (language, region) to personalise your experience.
  • Marketing cookies: Used to display relevant advertisements on third-party platforms. We minimise the use of marketing trackers and only deploy them with your explicit consent.

Managing Cookies

You can manage cookie preferences at any time through our Cookie Consent banner (shown on first visit) or your browser settings. Note that disabling strictly necessary cookies may impair website functionality. For detailed cookie information, see our Cookie Policy.

7. Sharing of Information

We do not sell, rent, or trade your personal information to third parties. We may share data in the following limited circumstances:

7.1 Service Providers (Data Processors)

We engage trusted third-party vendors who process data on our behalf under written data processing agreements:

  • Cloud hosting and infrastructure providers (e.g., AWS, Azure, or Google Cloud)
  • Payment processors (PCI-DSS certified gateways)
  • Email delivery services (for transactional and marketing communications)
  • Analytics platforms (Google Analytics, Hotjar — anonymised data only)
  • Customer support and CRM tools
  • AI and LLM API providers (under strict DPAs — see Section 5)

7.2 Business Transfers

In the event of a merger, acquisition, or sale of all or part of InfoKavach's business, your data may be transferred to the acquiring entity. We will notify you by email and/or a prominent website notice prior to any such transfer and give you the option to object or request deletion.

7.3 Legal Obligations

We may disclose your information if required by law, court order, government authority, or to protect the rights, property, or safety of InfoKavach, our clients, or the public.

7.4 With Your Consent

In any other circumstance, we will share your data only with your explicit prior consent.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact enquiry data: Up to 2 years from the last interaction, unless a service relationship is established.
  • Account data (Academy / ExamPrep): For the duration of your active account plus 3 years after account closure or last login.
  • Service engagement data: For the duration of the engagement plus a minimum of 5 years as required by applicable accounting and regulatory laws in India.
  • Marketing preferences & consent records: Until consent is withdrawn or for 3 years from the date of consent, whichever comes first.
  • Server logs and analytics data: Up to 14 months, then aggregated or deleted.
  • Payment transaction records: Minimum 7 years as required by Indian tax law.

When data is no longer needed, we securely delete or anonymise it in accordance with our Data Retention Schedule.

9. Security Measures

As a cybersecurity company, we apply industry-leading standards to protect the data entrusted to us:

  • Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256.
  • Access controls: Least-privilege access principles, multi-factor authentication (MFA), and role-based access controls (RBAC) govern internal system access.
  • Penetration testing: Our own infrastructure undergoes regular VAPT by our certified team and periodic third-party audits.
  • ISO 27001 practices: Our internal security programme is aligned with ISO 27001 information security management standards.
  • Staff training: All InfoKavach personnel receive mandatory security awareness training and are bound by confidentiality agreements.
  • Vendor security: All third-party processors are assessed for security maturity before engagement.

Despite these measures, no system is completely immune to security breaches. If a breach occurs that affects your data, we will notify you as required by law (see Section 14).

10. International Data Transfers

InfoKavach is headquartered in India. Your data is primarily stored and processed within India. Where we use cloud service providers or AI vendors with servers located outside India, we ensure:

  • Appropriate contractual safeguards (Standard Contractual Clauses or equivalent) are in place.
  • The receiving country or organisation provides an adequate level of data protection.
  • Such transfers are conducted in accordance with the DPDP Act 2023 cross-border transfer provisions once notified by the Indian government.

For EU/EEA data subjects, we comply with GDPR Chapter V requirements for international data transfers.

11. Your Rights

You have the following rights over your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or sooner where required by law).

Access

Request a copy of the personal data we hold about you and information on how it is used.

Correction

Request that inaccurate or incomplete personal data be corrected or updated.

Erasure ("Right to be Forgotten")

Request deletion of your personal data where there is no compelling reason for continued processing.

Data Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

Withdraw Consent

Withdraw previously given consent for marketing or analytics at any time without penalty.

Object to Processing

Object to processing based on legitimate interests or direct marketing, including profiling.

Restrict Processing

Request that we limit how we use your data while a complaint or review is underway.

Nominate a Representative

Under the DPDP Act 2023, nominate another person to exercise your rights on your behalf.

Grievance Officer (DPDP Act): In compliance with the Information Technology Act 2000 and the DPDP Act 2023, our designated grievance officer can be reached at [email protected]. We will acknowledge your grievance within 48 hours and resolve it within 30 days.

12. Children's Privacy

InfoKavach's services are designed for cybersecurity professionals, enterprises, and adult learners. Our services are not intended for individuals under the age of 18 (or under 13 in jurisdictions with specific child privacy laws).

We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data without appropriate consent, please contact us immediately at [email protected] and we will delete that information promptly.

Under the DPDP Act 2023, we treat any user we have reason to believe is a child (under 18) with heightened protection and will obtain verifiable parental consent before any processing.

13. Third-Party Links & Integrations

Our website and platforms may contain links to third-party websites, tools, or embedded content (such as YouTube videos, LinkedIn posts, or integrated APIs). We are not responsible for the privacy practices of these external sites.

We encourage you to review the privacy policies of any third-party service you access through our platforms. This Privacy Policy applies solely to information collected by InfoKavach.

14. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, InfoKavach will:

  • Report the breach to the Data Protection Board of India within the timeframe prescribed by the DPDP Act 2023 (and to relevant EU supervisory authorities within 72 hours where GDPR applies).
  • Notify affected individuals without undue delay when the breach is likely to result in high risk to your rights — clearly describing the nature of the breach, the data affected, and steps we are taking.
  • Maintain an internal breach register and conduct post-incident reviews to prevent recurrence.

15. Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our services, applicable law, or industry best practices (including evolving AI regulations). The "Last Updated" date at the top of this page reflects when the most recent revision was made.

For material changes — such as significant changes to how we use your data, introduction of new AI processing, or changes to data sharing practices — we will provide advance notice by:

  • Posting a prominent notice on our website homepage, and
  • Sending an email notification to registered users at least 14 days before the change takes effect.

Continued use of our services after the effective date of a revised policy constitutes your acceptance of the updated terms.

16. Contact & Grievance Redressal

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us through any of the following channels:

If you are not satisfied with our response to your grievance, you have the right to lodge a complaint with the Data Protection Board of India (once constituted under the DPDP Act 2023) or, for EU/EEA residents, your local data protection supervisory authority.

This Privacy Policy was last reviewed by the InfoKavach Legal & Compliance team on 13 May 2025. It is intended to be read alongside our Cookie Policy and Terms of Service.