Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 15, 2026

1. About Cyberaube

Cyberaube Technologies ("we," "us," or "our") is a startup cybersecurity services provider based in Nagpur, Maharashtra, India. We are a lean team of cybersecurity specialists (currently under 10 employees) focused on delivering enterprise-grade security solutions.

Our Services:

  • Cybersecurity Staffing: Contract and permanent placements for SOC analysts, SIEM engineers, IAM specialists, and security architects
  • Managed Security Services: 24/7 support for SIEM and IAM platforms (QRadar, Splunk, CyberArk, Okta, IBM Security Verify, SailPoint, ForgeRock)
  • Professional Implementation: Deployment, migration, and integration of security platforms
  • Cybersecurity Consultation: Risk assessments, DPDP Act compliance advisory, SEBI compliance, and security strategy for enterprises

This Privacy Policy explains how we collect, use, protect, and handle your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and Digital Personal Data Protection Rules, 2025.

Our Commitment: As a provider of DPDP compliance advisory services, we maintain the highest standards of data protection and lead by example.

2. Contact Information

Cyberaube Technologies
Registered Office: Nagpur, Maharashtra, India
Email: contact@cyberaube.com
Website: https://cyberaube.com

Privacy Contact (Designated Person for Data Protection Matters)

As a startup with under 10 employees, we are not required to appoint a Data Protection Officer under the DPDP Act. However, in accordance with Rule 9 of the DPDP Rules, 2025, we have designated a responsible person to address all questions about processing of your personal data:

Name: Saurabh Pande
Title: Founder & Chief Cybersecurity Consultant
Email: privacy@cyberaube.com
Phone: +91-9637230204
Address: Nagpur, Maharashtra, India

Response Commitment: We will respond to your privacy-related inquiries within 90 days as required by Rule 14 of the DPDP Rules, 2025.

3. What Personal Data We Collect

We collect personal data with your consent for specific purposes:

3.1 If You're a Client or Prospective Client

  • Name, email, phone number, company name, job title
  • Security infrastructure details (for service delivery)
  • System configurations and access logs (for managed services)
  • Billing and payment information

3.2 If You're a Job Candidate

  • Name, email, phone number, address
  • Resume/CV, work experience, qualifications
  • Professional certifications and security clearances
  • References (with your consent)

3.3 If You Visit Our Website

  • IP address, browser type, device information
  • Pages visited, time spent on site
  • Cookies (see Section 12)

3.4 Communication Records

  • Emails, chat messages, support tickets
  • Meeting notes and consultation records

Children's Data: We do not knowingly collect personal data of persons under 18 years without verifiable parental consent.

4. Why We Collect Your Data (Specific Purposes)

For Clients:

  • Delivering cybersecurity staffing, managed services, and DPDP consultation
  • Platform support (QRadar, Splunk, CyberArk, Okta)
  • Invoicing and payment processing
  • Service-related communications and support

For Candidates:

  • Evaluating qualifications for job placements
  • Matching skills with client requirements
  • Background verification (with your consent)
  • Maintaining talent pool for future opportunities

For Website Visitors:

  • Improving website functionality
  • Understanding user preferences
  • Responding to inquiries

Legal Compliance: Meeting obligations under Indian law; responding to lawful government requests; fraud prevention and security.

5. How We Share Your Data

We do NOT sell your personal data. We may share it with:

5.1 Service Delivery Partners

  • Client Organizations: When placing candidates or delivering managed services
  • Cloud Providers: For hosting (AWS, Google Cloud, Microsoft Azure)
  • Technology Vendors: IBM, Splunk, CyberArk, Okta (for technical support)
  • Background Check Providers: Only with your explicit consent

5.2 Legal Requirements

  • Law enforcement or government agencies when legally required
  • Courts or regulatory bodies under lawful orders

All third parties are bound by strict data protection agreements.

6. How We Protect Your Data

As a Nagpur-based cybersecurity startup, security is not just compliance for us - it's our core expertise. We implement enterprise-grade protection despite our small team size:

Technical Safeguards:

  • Encryption Standards: AES-256 for data at rest; TLS 1.3 for data in transit; end-to-end encryption for sensitive client communications
  • Access Controls: MFA mandatory; RBAC; biometric authentication for critical systems
  • Monitoring & Detection: SIEM monitoring, real-time threat detection, vulnerability assessments; security logs retained for minimum 1 year
  • Infrastructure Security: DDoS protection, firewalls, regular patches, secure backups (3-2-1 rule)

Organizational Safeguards:

  • Confidentiality agreements for all team members
  • DPDP Act and security awareness training
  • Background verification for employees with data access
  • Incident response procedures, quarterly drills, annual policy review

7. Data Retention

  • Client Data: Duration of engagement + 7 years
  • Candidate Data: 3 years from last interaction
  • Communication Records: 5-7 years
  • Website Analytics: 26 months
  • Security Logs: Minimum 1 year

After retention periods, we securely erase data using industry-standard methods. Inactive account notification: If you don't contact us for 3 years, we'll notify you at least 48 hours before erasing your data (unless legally required to retain it longer).

8. Your Rights

Under the DPDP Act, you have the right to:

8.1 Access Your Data

Request confirmation of what personal data we hold about you.

8.2 Correct Your Data

Request correction of inaccurate or incomplete information.

8.3 Erase Your Data

Request deletion when no longer needed, you withdraw consent, or processing violates the law (subject to legal retention requirements).

8.4 Withdraw Consent

You can withdraw consent anytime with the same ease you gave it.

8.5 Nominate Someone

Designate a person to exercise your rights if you're unable to.

8.6 File a Complaint

Contact us first, or directly approach the Data Protection Board of India.

9. How to Exercise Your Rights

Email: privacy@cyberaube.com
Subject Line: "Data Privacy Request - [Your Name]"
Contact Form: https://cyberaube.com/contact

Response Time: We'll respond within 90 days.

10. Data Breach Notification

If we experience a security breach affecting your data, we'll notify you without delay via email or registered contact method, explain the breach nature and steps we're taking, and notify the Data Protection Board within 72 hours.

11. Cross-Border Data Transfers

Our India-First Approach:

11.1 Data Residency

  • Primary Storage: India (Mumbai/Bangalore data centers via AWS Asia Pacific or Google Cloud India regions)
  • Client Project Data: Stored in India-region cloud infrastructure
  • Candidate Database: Hosted on India-based servers
  • Email & Collaboration: Google Workspace with India region settings

11.2 Limited International Transfers

We may transfer data outside India only in specific scenarios (technology vendor support, client-requested deployments) and only with safeguards, encryption, pseudonymization, and client consent where required.

11.3 No Transfers to Restricted Jurisdictions

We do not transfer personal data to jurisdictions where Central Government has imposed restrictions.

12. Cookies and Tracking

Our website uses essential cookies, analytics cookies (Google Analytics), and marketing cookies. Essential cookies cannot be disabled; analytics and marketing cookies can be controlled via browser settings. Link to detailed Cookie Policy

13. Third-Party Links

Our website may link to third-party sites. We're not responsible for their privacy practices. Please review their policies before sharing information.

14. Changes to This Policy

We may update this policy for changes in practices, services, or legal requirements. We'll notify material changes by email to registered users, prominent website notice, and updated "Last Updated" date.

15. Consent

By using our services or website, you acknowledge you've read this Privacy Policy. For specific data processing activities, we'll seek your explicit consent before collection. You can withdraw consent via email, account settings, or contact form.

16. Legal Compliance

This policy complies with the Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000, and other applicable Indian laws. Governing Law: Laws of India. Jurisdiction: Courts in Nagpur, Maharashtra, India.

Significant Data Fiduciary Status

Current Status: Cyberaube is NOT a Significant Data Fiduciary under the DPDP Act. We explain what this means and when we would become one; we will notify clients and update this policy if our status changes.

17. Grievance Redressal

Our Startup Approach: Direct, Founder-Led Resolution

Step 1: Contact Our Privacy Team — privacy@cyberaube.com | Phone: +91-9637230204

Step 2: Our Response Process — Acknowledgment within 2 business days; Investigation 7-30 days; Resolution within 90 days; Weekly updates for complex cases.

Step 3: Escalation to Data Protection Board if unresolved.

Quick Reference

QuestionAnswer
Who are you?Nagpur-based cybersecurity startup with <10 expert team members
Where is my data stored?India (Mumbai/Bangalore data centers) - India-first approach
Do you have a DPO?No (not required for our size) - Founder handles privacy matters directly
What data do you collect?Contact info, professional details, service delivery data, security logs
How long do you keep it?3-7 years depending on type; security logs minimum 1 year
How do I delete my data?Email privacy@cyberaube.com with "Data Deletion Request"
Do you sell data?NO - we never sell personal data

For Cybersecurity Clients

Why Trust a Nagpur-Based Startup with Your Data?

Our Competitive Advantages

  • Founder-Led Accountability: Direct oversight by cybersecurity experts
  • Specialized Expertise: SIEM, IAM, data protection, DPDP advisory
  • Enterprise-Grade Security on Startup Agility: ISO 27001 aligned practices, 24/7 managed services
  • Nagpur Strategic Advantage: Lower geopolitical risk, stable team, cost efficiency

Security SLAs We Commit To

  • Incident Response: <2 hours for critical alerts (P1)
  • Security Patch Deployment: Within 48 hours for critical patches
  • Breach Notification: <72 hours to Data Protection Board, <48 hours to you
  • Availability: 99.5% uptime for managed services

Contact us: contact@cyberaube.com | Nagpur, Maharashtra, India

Cyberaube Technologies
Cybersecurity Talent, Support and Services
Email: contact@cyberaube.com | Privacy: privacy@cyberaube.com
Web: https://cyberaube.com

Last Updated: January 15, 2026 | Version: 1.0

💬Need Support Now?