Legal

Privacy Policy

Last Updated: June 2026 Version: 1.0 Data Privacy Framework: DPDP Act 2023
This Privacy Policy explains how Cyber Commandos, a division of Venu & Vinay, collects, uses, stores, processes, and protects personal data provided when using cybercommandos.in or engaging our services. We operate in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and, where applicable, the GDPR and other relevant data protection regulations.
DPDP Act 2023 GDPR (where applicable) IT Act, India

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing
  5. Data Sharing
  6. Retention and Deletion
  7. Security Measures
  8. Cookies and Tracking
  9. Your Rights
  10. Minors
  11. Changes to This Policy
  12. Contact and Grievances
01

Who We Are

For the purposes of the DPDP Act 2023 and, where applicable, the GDPR, the Data Fiduciary (Controller) is Cyber Commandos, a division of Venu & Vinay, a registered partnership firm of Chartered Accountants registered with the Institute of Chartered Accountants of India.

Data Fiduciary

Cyber Commandos / a division of Venu & Vinay

Address: No. 1, 4th Floor, Ashoka Pillar, 1st Block, 3rd Cross, Jayanagar, Bengaluru 560011, Karnataka, India

Privacy queries: hello@cybercommandos.in

Website: cybercommandos.in

02

Data We Collect

Information You Provide Directly

When you submit a contact form, gap analysis, service inquiry, or communicate with us, you may provide:

Data Type Why We Collect It Required?
NameIdentify and address you correctlyYes
Email addressDeliver reports; respond to inquiries; service communicationYes
Phone numberConsultation scheduling; urgent notificationsYes
Company nameScope gap analysis; tailor service recommendationsOptional
Job title / roleConfirm authority to engage servicesOptional
Revenue / company sizeRecommend the appropriate service tierOptional
Industry and target marketsIdentify applicable compliance frameworksOptional
Free-text responses and messagesRespond to your inquiry accuratelyAs submitted

Information Collected Automatically

When you visit our website, the following may be collected automatically:

  • IP address and approximate geographic location (country/city/other level)
  • Device type, operating system, and browser version
  • Pages visited, time on page, and navigation patterns
  • Referral source

What We Do Not Collect

We do not collect payment card data directly. If payment processing is introduced, it will be handled by a PCI DSS-compliant processor. We will not store raw payment data on our systems.

03

How We Use Your Data

We use your data only for purposes you would reasonably expect given the context in which it was collected:

  • Service delivery: Completing gap analyses, preparing compliance documentation, coordinating audits, and delivering contracted services.
  • Communication: Responding to inquiries, delivering reports, scheduling consultations, and providing updates on your active engagement.
  • Marketing (opt-in only): Sending compliance alerts, regulatory updates, and service information via email/ WhatsApp/ SMS/ other communication media, exclusively where you have explicitly opted in. Consent may be withdrawn at any time.
  • Analytics: Understanding how visitors use our website using privacy-first, aggregate analytics. No personal identifiers are used.
  • Legal compliance: Meeting obligations under the DPDP Act 2023, the IT Act, and applicable professional regulations governing CA firms in India.
  • Security: Protecting our systems, detecting fraud, and preventing unauthorised access.

We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

05

Data Sharing

What We Do Not Do

We do not sell your personal data. We do not share it with third parties for advertising purposes.

Parties We May Share Data With

  • Service delivery partners: Where specialist partners assist in fulfilling your engagement under our quality framework, the minimum data required for delivery may be shared. All such partners are bound by confidentiality and data protection obligations equivalent to our own.
  • Third-party certification bodies: Contact and company information required to coordinate your audit or certification process.
  • Technology providers: Infrastructure and operational tools (payment processors, etc.) who process data as processors under contractual obligations.
  • Legal or regulatory authorities: Where required by law, court order, or regulatory demand. We will notify you where legally permitted to do so.

International Data Transfers

Our primary data storage is within India. Where cloud service providers used by us maintain infrastructure outside India, we ensure appropriate safeguards are in place consistent with DPDP Act requirements. This section will be updated if our data residency practices change materially.

Third-Party Hosting Platforms

This website may be served via GoDaddy, Netlify, Google, and Cloudflare infrastructure, among others. Each of these platforms maintain their own privacy policy governing data processed through their network. By using this website, you acknowledge that data may transit these platform's infrastructure subject to their terms, privacy policies, disclaimers, and other conditions/ legal requirements.

06

Retention and Deletion

Retention Periods

  • Contact and inquiry data: 3 years from last interaction, unless earlier deletion is requested.
  • Gap analysis submissions: 3 years from submission, or the duration of an active engagement plus 12 months, whichever is longer.
  • Active client records: Duration of engagement plus 5 years, as required for professional and legal obligations applicable to CA firms in India.
  • Marketing opt-in records: Until consent is withdrawn, plus a reasonable period for compliance documentation.

Deletion Requests

You may request deletion of your personal data at any time by emailing hello@cybercommandos.in. We will respond within 30 days and complete deletion promptly, except where retention is required by law or legitimate professional obligation, in which case we will inform you of the basis for continued retention.

Compliance documentation and policies created during your engagement belong to you and are stored on your own systems. Deletion of your personal data from our records does not affect your ownership of those deliverables.

07

Security Measures

As a compliance delivery firm, our own data security practices are held to the standard we implement for clients. Measures in place include:

  • TLS encryption for all data in transit
  • Access controls limiting personal data access to authorised personnel only
  • Data minimisation: we collect only what is necessary for the stated purpose
  • Regular internal security reviews

No method of internet transmission is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authority as required by the DPDP Act and applicable law.

08

Cookies and Tracking

This website is designed to minimise unnecessary tracking.

Type Purpose Required?
EssentialSecurity, DDoS protection, CDN performanceYes - required for site function
AnalyticsPrivacy-first aggregate usage statistics. No personal identifiers.Optional
Session / preferenceRemember UI state or form progress within a sessionOptional

We do not use advertising cookies, retargeting pixels, or third-party marketing cookies.

Managing Cookies

You can control cookies through your browser settings. Blocking essential cookies may affect website functionality. Disabling non-essential cookies will not affect access to core content or services.

09

Your Rights

Under the DPDP Act 2023 and, where applicable, the GDPR, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you.

Right to Correction

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your data, subject to legal retention obligations.

Withdraw Consent

Withdraw marketing consent at any time without penalty.

Right to Nominate

Under the DPDP Act, nominate another person to exercise rights on your behalf.

Right to Grieve

Raise a complaint with us or with the Data Protection Board of India.

How to Exercise Your Rights

Email hello@cybercommandos.in with your name, company name, and a description of the right you wish to exercise. We will respond within 30 days as required by the DPDP Act. There is no charge for reasonable requests.

Grievance Escalation

If you are unsatisfied with our response, you may escalate to the Data Protection Board of India constituted under the DPDP Act 2023.

10

Minors

Our services are intended for businesses and for individuals who are at least 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has submitted personal data to us, please contact us at hello@cybercommandos.in and we will delete that data promptly.

11

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or applicable law. Updated versions will be posted on this page with a revised "Last Updated" date (see the top of the page).

Where changes materially affect how we process your personal data, we will notify you by email (where we hold your contact details) or by a prominent notice on this website, and will obtain fresh consent where required by law.

12

Contact and Grievances

For any privacy queries, rights requests, or data concerns:

Cyber Commandos / Privacy

Email: hello@cybercommandos.in

Address: No. 1, 4th Floor, Ashoka Pillar, 1st Block, 3rd Cross, Jayanagar, Bengaluru 560011, Karnataka, India

Website: cybercommandos.in

We respond to all privacy requests within 30 days as required by the DPDP Act 2023.

← Home Terms & Conditions → Disclaimer →