Cybercyko Technologies Pvt Ltd — Legal
Privacy
Policy
Cybercyko Technologies Pvt Ltd (“Cybercyko”, “we”, “our”, “us”) respects your privacy and is committed to protecting personal data processed in connection with our website cybercyko.com and our products including Cybercyko Wallet.
Introduction
This Policy explains how we collect, use, disclose, transfer and secure personal information. It complies with India's Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
By accessing our Services, you agree to this Policy.
Definitions
| Term | Meaning |
|---|---|
| Personal Data | Any data about an identifiable individual. |
| Sensitive Personal Data (SPDI) | Includes passwords, financial information, biometric data, health information, and any data declared sensitive under applicable law. |
| Data Principal | The individual to whom the data relates. |
| Data Fiduciary | Cybercyko Technologies Pvt Ltd. |
| Processing | Any operation performed on Personal Data such as collection, storage, use, disclosure, or deletion. |
Information We Collect
We collect Personal Data through direct interactions, automated technologies, and third-party integrations.
a. Information You Provide
- Name, company, designation, email address, and contact number.
- Login credentials and authentication details.
- Support requests, feedback, or communications.
- Billing or contractual data (for enterprise clients).
b. Information Collected Automatically
- Device identifiers, IP address, browser type, operating system.
- Access logs, timestamps, geolocation (approximate).
- Usage metrics, API calls, session length, and error diagnostics.
c. Information from Third Parties
- Data provided by client organisations using our IAM platform.
- Data from analytics providers, marketing partners, or authentication sources (e.g., OAuth, SAML IdP).
We collect only data necessary for the purposes stated below.
Purpose and Legal Basis of Processing
| Purpose | Legal Basis |
|---|---|
| Provide and operate our IAM solutions, manage user accounts | Performance of Contract |
| Authenticate users, authorise access, and ensure system security | Legitimate Interest / Contract |
| Provide customer support and technical assistance | Contract / Legitimate Interest |
| Conduct R&D, testing, AI-based analytics on anonymised data | Legitimate Interest / Consent |
| Send service updates, notifications, or marketing (opt-in) | Consent |
| Ensure compliance with legal and regulatory obligations | Legal Obligation |
| Detect, prevent and investigate security breaches or fraud | Legitimate Interest |
Data Retention
We retain Personal Data only for as long as required for lawful purposes or as mandated by regulation.
| Data Category | Typical Retention Period |
|---|---|
| Account & login logs | 90 days to 1 year |
| Support tickets & communications | 12 months after closure |
| Client contractual records | 7 years post-termination |
| Analytics & telemetry data | 180 days (aggregated afterwards) |
| Marketing data | Until consent withdrawal |
Disclosure and Sharing of Information
We may share Personal Data only under strict contractual and legal safeguards:
- Service Providers: Hosting, cloud (AWS/Azure), email, analytics, and security vendors under NDAs.
- Business Partners / Resellers: To deliver joint solutions with proper consent.
- Legal Authorities: If required by law, court order, or government regulation.
- Corporate Transactions: During merger, acquisition, or asset transfer with prior notice.
We never sell Personal Data to any third party.
Cross-Border Transfers
Data may be processed or stored on servers located outside India. Cybercyko ensures adequate safeguards including:
- Contractual clauses ensuring equivalent data protection.
- Encryption of data in transit and at rest.
- Access restriction to authorised personnel only.
Data Security
Cybercyko implements Reasonable Security Practices and Procedures, consistent with ISO 27001 and SOC 2 Type II standards:
- Multi-layered network, application and data security controls.
- Role-based access and MFA.
- Continuous monitoring and periodic vulnerability assessments.
- Regular employee privacy and security training.
- Incident-response and breach-notification mechanisms.
Data Breach Notification
In the unlikely event of a data breach that impacts your Personal Data, Cybercyko will:
- 1.Investigate and contain the breach immediately.
- 2.Notify affected users and the Data Protection Board of India (if required) within statutory timelines.
- 3.Provide guidance on remedial actions.
Your Rights
As a Data Principal, you have the right to:
- Access your Personal Data held by us.
- Correct or update inaccurate data.
- Erase data no longer necessary for processing.
- Withdraw consent for data processed based on consent.
- Request information about data-sharing and processing.
Requests can be sent to info@cybercyko.com
Third-Party Links and Integrations
Our Services may contain links or integrations to external websites or identity providers (e.g., Google Workspace, Azure AD, Okta). Cybercyko is not responsible for the privacy practices of such third parties. Please review their respective policies.
Children's Privacy
Our Services are intended for persons aged 18 and above. We do not knowingly collect data from minors. If such information is inadvertently received, we will delete it promptly.
Updates to this Policy
Cybercyko may modify or update this Policy from time to time. Material changes will be communicated via:
- Updated "Effective Date" on this page.
- Email notice (if you maintain an active account).
Continued use of the Services after such updates constitutes acceptance of the revised Policy.
Governing Law and Jurisdiction
This Policy shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes shall be subject to the exclusive jurisdiction of the courts at Andhra Pradesh, India.
Contact and Grievance Redressal
In accordance with Rule 5(9) of the SPDI Rules and Section 13 of the DPDP Act 2023, a Grievance Officer has been appointed to address concerns related to personal data processing.
Grievance Officer
We will acknowledge your grievance within 48 hours and endeavour to resolve it within 30 days of receipt, in accordance with applicable law.
