Privacy Policy
Dataspace Security is a cybersecurity company, not a data business: we maintain no databases of personal information. This policy explains the little we do handle, why, and your rights under India's Digital Personal Data Protection Act, 2023.
Draft pending legal review before launch · Grievance Officer name to be appointed by the company
01Who we are
Dataspace Security Private Limited(“Dataspace”, “we”), Unit-701A, 7th Floor, Tower-II, PS Srijan Corporate Park, Salt Lake Sector-V, Kolkata-700091, India, is the Data Fiduciaryfor personal data processed through dataspacesecurity.com and our sales and marketing activities. This policy is issued under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the rules made under it.
For data our clients entrust to us inside engagements or on the GovernanceOps AI platform, we act as a Data Processoron the client's instructions under contract — that processing is governed by the client's own privacy notice, not this policy.
02We do not store personal data
Dataspace does not maintain any database, CRM, marketing list or profile store of personally identifiable information (PII). What little we handle is transient and purpose-bound:
- Contact and demo requests: the name, work email, organization and message you submit are delivered to our team to answer you — they are not written to any database of ours.
- Correspondence: emails you send us live in our ordinary business mailbox like any professional correspondence, and nowhere else.
- Analytics (optional, consent-only): anonymized usage statistics via Google Analytics 4 and Microsoft Clarity — loaded only if you accept them, held by those processors, never joined by us to any identity. See the Cookie Policy.
- Recruitment:CVs you send are reviewed and then deleted if we don't proceed.
We do not buy contact lists, build visitor profiles, or collect any personal data from browsing this site with analytics declined.
03Purposes and lawful basis
We process personal data on two bases recognized by the DPDP Act: consent (Section 6) and legitimate uses (Section 7), specifically voluntary provision of your data for a purpose you initiated:
- Responding to inquiries, scoping calls and demo requests you make;
- Delivering and administering engagements you contract for;
- Sending you material you explicitly asked to receive;
- Understanding site usage (analytics — only with your consent);
- Evaluating job applications you submit;
- Meeting legal obligations, including under CERT-In directions.
We do not use personal data for behavioral advertising, and we do not sell it to anyone.
04Sharing and transfers
Personal data is shared only with processors who help us run the business (hosting, email, analytics — each bound by contract to process only on our instructions) and with authorities where the law requires it. Our sub-processor list is available on request under NDA.
This website and our email are hosted with cloud providers whose infrastructure may sit outside India; any transfer involved in relaying your inquiry follows Section 16 of the DPDP Act, and jurisdictions restricted by government notification are excluded.
05Retention — nothing beyond the conversation
Because we keep no PII databases, retention reduces to ordinary business email: inquiry threads remain in our mailbox while the conversation is live and are deleted on request or through routine mailbox hygiene. Records the law obliges us to keep (e.g. contractual or tax correspondence) are kept for the statutory period only. Analytics retention is set by the processors and described in the Cookie Policy.
06Security safeguards
We are an ISO/IEC 27001:2022-certified organization and apply the same controls we sell: encryption in transit and at rest, least-privilege access with MFA, logging, and annual third-party penetration testing of our own estate. Details are in the Trust Center.
07Your rights as a Data Principal
Under the DPDP Act you may, in respect of data we hold as Fiduciary:
- Access a summary of your personal data and processing activities (Section 11);
- Correct, complete, update or erase your data (Section 12);
- Withdraw consent at any time, as easily as it was given — including analytics consent via the Cookie Policy page;
- Grievance redressal (Section 13); and
- Nominate another person to exercise your rights in case of death or incapacity (Section 14).
To exercise any right, email privacy@dataspacesecurity.com from the address you contacted us with. Because we store no PII beyond correspondence, most requests are satisfied simply by deleting the relevant email thread — which we confirm to you in writing, within the timelines prescribed under the Act and Rules.
08Grievance Officer and escalation
Grievance Officer: [To be appointed], Dataspace Security Pvt. Ltd., Unit-701A, 7th Floor, Tower-II, PS Srijan Corporate Park, Salt Lake Sector-V, Kolkata-700091 — privacy@dataspacesecurity.com.
If you are not satisfied with our response, you may approach the Data Protection Board of India in the manner prescribed under the DPDP Act.
09Children's data
This site and our services are directed at organizations and working professionals. We do not knowingly process the personal data of children as defined by the DPDP Act; if you believe we hold such data, contact privacy@dataspacesecurity.com and we will erase it.
10Breach notification
In the event of a personal data breach affecting you, we will notify the Data Protection Board and affected Data Principals in the form and manner prescribed under the Act and Rules, and CERT-In within its mandated timelines where applicable.
11Changes to this policy
We will post changes here with an updated date; material changes affecting your rights will be notified to active contacts by email. Continued use after a change does not substitute for consent where consent is the applicable basis.
