Privacy Policy

1. Introduction

CtrlSec ("Company", "we", "us") provides structured cybersecurity infrastructure, including vulnerability disclosure and security collaboration platforms. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with applicable laws including GDPR, India’s DPDP Act, CCPA, and other global regulations.

2. Data We Collect

• Identity data (name, email, organization)
• Technical data (IP address, browser, device metadata)
• Security-related submissions (VDP reports)
• Communication data
• Cookie-based analytics (where consent provided)

3. Legal Basis for Processing

We process data under the following legal bases:

• Consent (analytics, marketing cookies)
• Contractual necessity (service delivery)
• Legal obligation (security logging, compliance)
• Legitimate interest (platform integrity)

4. Data Retention

Personal data is retained only as long as necessary for service delivery, compliance obligations, or legitimate business needs. Security logs may be retained longer where required for cybersecurity auditing.

5. Data Security

We implement industry-standard technical and organizational safeguards aligned with ISO 27001 principles, including encryption, access control, monitoring, and incident response.

6. International Transfers

Where data is transferred internationally, we implement appropriate safeguards such as Standard Contractual Clauses or equivalent lawful mechanisms.

7. Your Rights

• Right to access and portability
• Right to rectification
• Right to erasure
• Right to withdraw consent
• Right to lodge complaints with supervisory authority

8. Cookies

We use strictly necessary cookies for platform operation. Non-essential cookies (analytics, marketing, personalization) are processed only after explicit user consent.

9. Contact

For privacy inquiries: founders@ctrlsec.io