Privacy Policy
Last Updated: May 24, 2026. Designed to align with India’s Digital Personal Data Protection (DPDP) Act, 2023, US state-level privacy acts, and other applicable global requirements.
1. Introduction & Scope
RR Cyberstanc LLP and Cyberstanc Corp. (“Cyberstanc”, “we”, “us”, or “our”) are committed to protecting your privacy and ensuring the security of your personal data. Our privacy practices are structured to align with India’s **Digital Personal Data Protection (DPDP) Act, 2023**, US state-level data protection laws (including California's privacy regulations), and other applicable federal and state requirements in our operating jurisdictions.
This Privacy Policy describes how we collect, use, process, and protect information collected through:
- Our corporate website (cyberstanc.com).
- Direct business communications, event registrations, and demo requests.
- Telemetry and configurations processed by our platform deployments (Vortex SOC, Scrutiny EDR, Scrutiny DLP, and Vortex SEG).
Note on Roles (Data Controller vs. Processor):
For visitors of this website and marketing contacts, CyberStanc acts as the Data Fiduciary (Controller). For our enterprise products deployed on client infrastructures, our clients act as the Data Fiduciaries, and CyberStanc acts as the Data Processor, acting strictly on client instructions.
2. Data We Collect
Depending on your interaction with CyberStanc, we may collect the following categories of information:
A. Information Provided Voluntarily
- Contact details: Name, professional email address, phone number, company name, job title, and geographic location when you submit forms, request demos, or enquire about our partner network.
- Communications: Message contents, feedback, and support inquiries sent to us.
B. Automatically Collected Information
- Usage Details: IP addresses, browser types, device information, operating system, and details about your navigation patterns on our website (collected via cookies and analytical scripts).
C. Product Telemetry & Security Analysis (Processor Scope)
When deploying Scrutiny EDR, Scrutiny DLP, Vortex SOC, or Vortex SEG, the platform processes system telemetry to detect cyber threats:
- Endpoint logs: Process lineages, file hashes, executables, connection states, and threat anomalies (Scrutiny EDR).
- Data flows: Classification labels, sensitive content patterns (e.g., PII, financial strings) to prevent unauthorized exfiltration (Scrutiny DLP).
- Email logs: Sender, recipient, subject line metadata, and email headers (Vortex SEG).
3. Data Sovereignty & Residency
CyberStanc supports deployment models that help customers meet data residency, sovereignty, and operational control requirements:
- Regional Hosting Options: Cloud-based security analytics, client portals, telemetry databases, and operational logs can be hosted in approved regional data centers based on customer and regulatory requirements.
- Controlled Cross-Border Flows: We do not transfer telemetry, metadata, or threat intelligence logs across borders unless permitted by contract, applicable law, or explicit client instruction.
- Air-Gapped Options: For defense, critical infrastructure, and highly regulated environments, we offer fully air-gapped on-premise deployments where no data leaves the client’s physical boundary.
4. Processing & Legal Basis
We process your personal data under the following legal bases recognized by the DPDP Act, 2023 and other local laws:
| Purpose | Legal Ground |
|---|---|
| Answering demo requests and product inquiries | Legitimate Interest (taking steps at the user's request prior to entering into a contract). |
| Protecting network security and preventing threat incidents | Legitimate interest / Specified Public Interest in cybersecurity defense. |
| Fulfilling contractual agreements with customers | Performance of a contract / Employment or operational mandate. |
| Compliance with legal mandates, CERT-In security reporting, or US regulatory requirements | Legal obligation under the Indian Information Technology Act and rules, as well as applicable US state and federal regulations. |
6. User Rights (DPDP & US Privacy Laws)
Depending on your jurisdiction (such as India under the DPDP Act, 2023, or various US states under local state privacy acts), you hold specific rights regarding the personal data we process. You may exercise these by contacting us:
- Right to Access & Portability: Request details of the personal data currently being processed, processing activities, or obtain a portable copy of your data.
- Right to Correction & Erasure: Ask us to correct, update, complete, or delete your personal data (unless retention is mandated by law or contract).
- Right to Opt-Out: Request that we do not process your data for targeted advertising or sales purposes (we do not sell your personal data).
- Right to Nominate/Representation: You may nominate another individual to exercise your rights on your behalf in accordance with applicable local regulations.
7. Retention & Cybersecurity
As a cyber security platform, we implement state-of-the-art technical and organizational safeguards:
- Security Standards: We maintain ISO 27001, SOC 2 Type II readiness standards. All data is encrypted in-transit (TLS 1.3) and at-rest (AES-256).
- Retention Limitation: We retain website-collected marketing data only as long as necessary to fulfill business interactions, typically up to 24 months from the last active communication. Product telemetry is retained in accordance with individual customer SLAs.
8. Grievance Redressal
In compliance with the DPDP Act, 2023 and IT Act rules, CyberStanc has appointed a designated Grievance Officer. For any complaints, data rights requests, or questions:
Grievance & Data Protection Officer
RR Cyberstanc LLP / Cyberstanc Corp.
Addresses:
Registered: B 174, Upper Ground Floor Flat No. A 1, Devli Road, New Delhi, Delhi, India - 110062
Corporate Office: Buzz by Spacetime, 275, Main Westend Marg, Saidulajab, Saket, New Delhi - 110030
US Office: 8 The Green Ste R, Dover, DE 19904, United States