Privacy Policy | CIDR Platform

1. Introduction & Applicability

CIDR operates out of Symbiosis Centre for Entrepreneurship & Innovation, Pune, Maharashtra. This Privacy Policy is published in accordance with the provisions of the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and aligns with the core principles of the Digital Personal Data Protection Act, 2023 ("DPDP Act").

2. Lawful Processing & Consent

We collect cloud telemetry and personal account information strictly on the basis of clear, informed consent or legitimate necessity to provide threat detection services. Under the DPDP Act, you have the right to withdraw consent, seek correction of inaccurate data, and request the erasure of your personal data at any point.

3. Data Security & Incident Reporting

As a cybersecurity vendor, we maintain rigorous ISMS standards compliant with CERT-In (Indian Computer Emergency Response Team) guidelines. All data is encrypted using AES-256 for data at rest and TLS 1.3 for data in transit. In the unlikely event of a cyber incident, we are bound by CERT-In directions to report prescribed cybersecurity incidents within 6 hours.

4. Grievance Officer

In accordance with the IT Rules, the contact details of our Grievance Officer are specifically designated to address any discrepancies and grievances with respect to the processing of your personal data. You may contact us via our Contact page or at our administrative headquarters in Pune.