Legal

Privacy Policy

Last updated: 30th November 2025

This Privacy Policy explains how StarSec Technologies collects, uses and protects personal data when you use our website or interact with us as a customer, partner, vendor or candidate.

1. Who we are

StarSec Technologies (“StarSec”, “we”, “our” or “us”) is a cyber security company based in Gurugram and Jaipur, serving clients across India. Our team brings experience in DPDP compliance, DLP, VAPT and managed SOC services.

For the purposes of India's Digital Personal Data Protection Act, 2023 (“DPDP Act”), StarSec may act as a Data Fiduciary (when we decide why and how personal data is processed, such as for our own website, marketing and HR activities) or as a Data Processor (when we process personal data on behalf of our customers according to their instructions).

You can contact us regarding privacy or data protection at info@starsectechnologies.com.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • Visitors to our website (including contact forms, demo or consultation requests, and newsletter sign-ups).
  • Representatives and employees of our customers, partners and vendors.
  • Job applicants and candidates.
  • Individuals whose personal data we process in connection with our marketing, sales and support activities.

When we act as a Data Processor for our customers—for example, when delivering managed SOC, VAPT or DLP services—we process personal data only under the customer's instructions and the relevant contract. In those cases, the customer's privacy notice will primarily apply.

3. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

3.1 Contact and business information

  • Name, job title and company name
  • Business email address and phone number
  • City, state and country
  • Any information you provide in a contact form, email or meeting

3.2 Website and technical data

  • IP address, browser type and device information
  • Pages visited, time spent, referring URLs
  • Cookie and basic analytics information (where used)

3.3 Service delivery data (B2B customers)

In the course of delivering cyber security services (e.g., monitoring logs, alerts, security events, VAPT reports), we may process:

  • User IDs, usernames and email IDs
  • System log data, access records and configuration details
  • Security incidents and related technical information

Wherever possible, we focus on minimising personal data and using aggregated or pseudonymised data.

3.4 Recruitment data

  • CV or resume, LinkedIn profile and work history
  • Contact details and interview information
  • References and background information where permitted by law

3.5 Communication data

  • Emails, messages and meeting notes with you
  • Feedback shared via surveys or support tickets

We do not intentionally collect personal data of children under 18 in the normal course of business. If you believe a child's data has been provided to us, please contact us so we can address it as required under the DPDP Act.

4. How we use personal data

We use personal data for the following purposes:

  1. To provide and manage our services, including onboarding, account management, delivering cyber security services (such as managed SOC, VAPT, DLP or cloud security) and providing technical support.
  2. To communicate with you about enquiries, demos, service updates, incident notifications and general business matters.
  3. For marketing and newsletters (with consent or a valid legal basis), such as sharing updates on cyber security trends, DPDP compliance guides, case studies from India and StarSec cyber security services.
  4. For recruitment and HR, to evaluate job applications, conduct interviews and manage the hiring process.
  5. For security, compliance and legal obligations, including monitoring and protecting our systems, complying with laws and responding to lawful requests.

We process personal data only for lawful purposes, typically based on consent, contractual necessity, legal obligations or legitimate uses permitted under the DPDP Act.

5. Cookies and analytics

Our website may use different types of cookies:

  • Essential cookies to enable core functionality and keep the site secure.
  • Analytics cookies to understand how visitors use our website and improve user experience.

Where required, we will display a banner or notice explaining the use of cookies and will seek consent for non-essential cookies. You can manage cookies through your browser settings, although blocking certain cookies may affect site function.

6. Sharing personal data

We may share personal data with:

  • Service providers and partners who support our operations (e.g., cloud hosting, security vendors, analytics tools and email platforms), bound by confidentiality and data protection obligations.
  • Customers in a B2B context, where relevant data (such as security reports or incident details) must be shared with authorised contacts in your organisation.
  • Professional advisors, such as legal, audit or consulting firms, where necessary.
  • Authorities and regulators to comply with legal obligations, respond to lawful requests, or report data breaches where required under the DPDP Act.

We do not sell your personal data.

7. International data transfers

Our primary operations are based in India. However, some personal data may be processed or stored using cloud or security services located outside India. Where such transfers occur, we take appropriate measures to protect your data in line with applicable laws.

8. Data retention

We retain personal data only for as long as necessary for the purposes explained in this Privacy Policy, or as required by applicable law. This may include:

  • Contract duration plus a reasonable period for record-keeping and dispute resolution
  • Statutory retention periods under tax, regulatory or other laws
  • For marketing, until you withdraw consent or object to receiving marketing communications

When data is no longer needed, we securely delete or anonymise it.

9. Your rights

Subject to the DPDP Act and other applicable laws, you may have the right to request access, correction or deletion of your personal data, withdraw consent, raise grievances and nominate another individual to exercise your rights in case of death or incapacity.

To exercise your rights, please contact us at info@starsectechnologies.com. We may ask for reasonable information to verify your identity and will respond within timelines prescribed by law.

10. Security measures

As a cyber security company, we implement technical and organisational safeguards such as access controls, network and endpoint protections, logging and monitoring, encryption where appropriate, and security awareness training for staff.

While we strive to use industry-standard controls, no system is completely secure. If a personal data breach occurs that is likely to cause significant harm, we will notify affected individuals and the relevant authorities as required by law.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or data protection practices. When we do, we will update the “Last updated” date at the top of this page and, where appropriate, provide additional notice.

13. How to contact us

If you have any questions, concerns or requests about this Privacy Policy or our data handling practices, please contact:

Email: info@starsectechnologies.com