Privacy Policy
Quick Navigation
Last Updated: December 27, 2024
Introduction
This Privacy Policy explains how ThreatX ("we," "our," or "us") collects, uses, processes, and protects your personal information. We comply with Indian laws and regulations such as the Information Technology Act, 2000, the Digital Personal Data Protection Act, CERT-In guidelines, and relevant rules addressing data privacy and security.
1. Definitions and Interpretation
- Personal Data: Information relating to an identified or identifiable person ("Data Principal").
- Sensitive Personal Data: May include passwords, financial data, health data, official identifiers, biometric data, etc.
- Data Fiduciary: ThreatX, acting as the entity determining how and why personal data is processed.
- Data Processor: Any third party processing data on behalf of ThreatX, under contract.
- Consent: A free, specific, informed, and unambiguous indication of a Data Principal's wishes, allowing processing of their personal data.
- Services: All cybersecurity, AI, marketplace, and related offerings provided by ThreatX.
2. Legal Framework Compliance
2.1 Applicable Laws
- Information Technology Act, 2000
- Digital Personal Data Protection Act
- Information Technology (Reasonable Security Practices) Rules, 2011
- Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
- CERT-In Directions and Guidelines
- RBI Guidelines on Digital Payment Security Controls, 2021 (if applicable)
2.2 CERT-In Compliance
- We retain logs of ICT systems for at least 180 days within India.
- We store KYC records for 5 years after account closure.
- We follow the 6-hour incident reporting requirement for certain cyber events.
- Systems are synchronized with official Network Time Protocol (NTP) servers.
3. Data Collection and Processing
ThreatX collects personal data directly from users, automatically through platform usage, or from third-party integrations. We only process personal data necessary for providing services or to meet legal obligations.
3.1 Categories of Personal Data
- Name, contact details, and professional information
- Account credentials and authentication data
- Financial or transactional data (where relevant)
- IP addresses, usage logs, and device details
3.2 Use of Collected Data
- To provide, maintain, and improve ThreatX services
- To personalize user experience and deliver relevant content
- To detect, prevent, and respond to security threats or illegal activities
- To comply with lawful requests from authorities or to meet legal requirements
4. Data Storage and Security
ThreatX employs technical and organizational measures to protect personal data from unauthorized access, alteration, and deletion.
- Encryption at rest and in transit (e.g., AES-256, TLS 1.2+)
- Access controls with multi-factor authentication for sensitive systems
- Regular vulnerability scanning and penetration testing
- Secure backup and recovery mechanisms
While we strive to safeguard user data, no method of electronic storage or transmission is completely secure. Users are encouraged to protect their own credentials and networks.
5. Cross-Border Transfers
Where it is necessary to transfer personal data outside India, ThreatX implements lawful mechanisms such as Standard Contractual Clauses or equivalent safeguards. We inform users if their data is subject to cross-border transfer and ensure compliance with relevant Indian regulations.
6. User Rights and Controls
You may exercise your rights to access, correct, or delete your personal data under applicable Indian data protection laws. You can also withdraw consent where processing relies on it.
To make such a request, please contact our Data Protection Officer (DPO) via the details provided in the “Contact Information” section below. We will respond within legally mandated timeframes.
7. Specialized Processing Activities
ThreatX may use artificial intelligence or automated decision-making for threat detection and analysis. Where such processing significantly impacts individuals, we provide users with the option to request human review of any automated decision.
We handle any sensitive personal data (e.g., advanced threat telemetry) in accordance with applicable Indian cybersecurity guidelines.
8. Incident Response and Reporting
In the event of a data breach or security incident, ThreatX follows its internal Incident Response Plan aligned with CERT-In guidelines:
- Incidents are classified and escalated to our security team
- Users and authorities are notified if legally required (within 6 hours for critical incidents)
- We investigate, remediate, and take steps to prevent future occurrences
9. Children Privacy
The ThreatX Platform is not intended for minors under 18 years of age. We do not knowingly collect personal data from children without parental or guardian consent. If you suspect that a child has provided data without consent, please contact us so we can delete it.
10. Updates and Communications
We may update this Privacy Policy periodically to address operational, legal, or regulatory changes. We will notify you of any significant modifications via email or by posting a notice on the Platform.
Please review this page periodically to stay informed about how we protect your personal data.
Additional Policies
For more specialized or additional policies (e.g., Data Processing, Security Policy, etc.), see our Other Policies section.
Contact Information
If you have questions about this Privacy Policy or wish to exercise your rights:
Data Protection Officer (DPO)
Email: privacy@threatx.com
Phone: [Indian Contact Number]
Address: [Registered Office Address in India]
Grievance Officer
Email: grievance@threatx.com
Response Time: Within 24 hours of receiving the complaint