Privacy Policy
Last updated: May 2025
1. Introduction
This Privacy Policy describes how VDSecura, a brand operated by V.D. Infotech (“Company”, “we”, “us”, or “our”), a company incorporated under the Companies Act, 2013, with its registered office in India, collects, uses, stores, and discloses your personal information when you use our website, services, and communications (collectively, the “Services”).
By accessing or using our Services, you consent to the practices described in this policy. This policy is compliant with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA), as applicable.
2. Information We Collect
- Personal Information: Name, email address, phone number, company name, job title, and billing address provided when you contact us, request a quote, or engage our services.
- Security Assessment Data: Information provided during security assessments, including infrastructure details, compliance documentation, and vulnerability findings.
- Usage Data: IP address, browser type, device information, pages visited, time spent, and referral source — collected automatically via cookies and analytics tools.
- Communication Data: Records of emails, support tickets, chat transcripts, and call notes.
- Financial Data: Payment details processed through third-party payment gateways. We do not store credit/debit card numbers on our servers.
3. Purpose of Data Collection
- To deliver, maintain, and improve our security, compliance, and advisory services
- To communicate regarding project updates, invoices, support requests, and marketing (with consent)
- To comply with legal obligations under Indian law, including tax compliance under GST regulations
- To prevent fraud, enforce our terms, and protect the security of our systems
- To analyse service usage patterns and improve our offerings
4. Data Storage & Security
Your data is stored on secure servers with reputable cloud providers that maintain industry-standard security certifications. We implement reasonable security practices including encryption in transit and at rest, role-based access controls, regular security audits, and automated backups.
In the event of a data breach, we will notify affected individuals and the relevant authorities as required under the DPDPA and IT Act within 72 hours.
5. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share data with service providers bound by confidentiality agreements, when required by law, or in the event of a business transfer with prior notice.
6. Your Rights (DPDPA Compliance)
- Access: Request a summary of your personal data
- Correction: Request correction of inaccurate data
- Erasure: Request deletion, subject to legal retention
- Grievance Redressal: Lodge a complaint with our Grievance Officer
- Withdraw Consent: Withdraw previously given consent at any time
To exercise any of these rights, contact us at hello@vdsecura.com. We will respond within 30 days.
7. Data Retention
- Active engagement data: Retained during and 3 years after
- Financial records: 8 years (Income Tax Act, GST)
- Communication records: 2 years after last interaction
- Analytics data: Anonymised and retained indefinitely
8. Contact
Data Protection Officer
Email: hello@vdsecura.com
Response Time: Within 30 days