1. Introduction
ABWcurious Pvt Ltd ("Company", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at https://abwcurious.com, use our products (CyberIntelligence360, TheCodeArena, StudySpark, Restaurant360), or engage our services including Cybersecurity, VAPT, Digital Forensics, Web Development, App Development, AI Learning, Digital Marketing, AMC Services, and IT Support.
This Privacy Policy is designed in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"). As a cybersecurity company, we hold ourselves to the highest standards of data protection and security.
2. Information We Collect
2.1 Personal Information You Provide:
- Full name, email address, phone number, and company name when you contact us or create an account
- Billing and payment information including address and GST details for invoicing purposes
- Project requirements, system information, and access credentials provided during service engagements
- Communication records including emails, support tickets, and meeting notes
- Educational and professional details when you enroll in AI Learning programs or use StudySpark
2.2 Information Collected Automatically:
- IP address, browser type, operating system, and device identifiers
- Pages visited, time spent on pages, click patterns, and navigation paths
- Referral source, search terms used to find our website
- Geolocation data (country and city level) based on IP address
- Cookies and similar tracking technologies as described in our Cookie Policy
2.3 Information from Service Engagements:
- Security scan results, vulnerability reports, and forensic analysis data collected during VAPT and digital forensics engagements
- System configurations, network topologies, and access logs provided for cybersecurity assessments
- Source code repositories and development artifacts shared during web and app development projects
- Marketing campaign data, analytics, and performance metrics from digital marketing engagements
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, maintain, and improve our cybersecurity, development, and consulting services, including generating VAPT reports, forensic analysis, and development deliverables
- Communication: To respond to your inquiries, send service-related notifications, schedule meetings, and provide technical support
- Account Management: To create and manage your accounts on our platforms including CyberIntelligence360, TheCodeArena, StudySpark, and Restaurant360
- Product Improvement: To analyze usage patterns, identify bugs, and improve the functionality and security of our products and services
- Security: To detect, prevent, and address security incidents, fraud, and other potentially prohibited or illegal activities
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
- Marketing: To send you promotional communications about our services, products, and events, only with your prior consent
- Analytics: To generate aggregated, anonymized analytics to understand service usage trends and improve user experience
4. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- Service Providers: With trusted third-party vendors who perform services on our behalf, such as cloud hosting (AWS, Azure), payment processing, email delivery, and analytics. All service providers are bound by contractual obligations to maintain the confidentiality and security of your data.
- Legal Requirements: When required by law, court order, or governmental regulation, including responses to lawful requests from Indian law enforcement agencies under the IT Act, 2000 and the DPDP Act, 2023
- Business Transfers: In connection with any merger, acquisition, reorganization, or sale of all or a portion of our assets, your personal information may be transferred as part of such transaction
- With Your Consent: When you have explicitly consented to sharing your information with specific third parties
- VAPT Engagements: Vulnerability and security findings may be shared with your designated security team and authorized stakeholders as defined in the SOW
5. Data Security
As a cybersecurity company, we implement industry-leading security measures to protect your personal information. These include:
- End-to-end encryption for data in transit using TLS 1.3 and at rest using AES-256 encryption
- Multi-factor authentication (MFA) for all internal systems and administrative access
- Regular security audits, penetration testing, and vulnerability assessments of our own infrastructure
- Role-based access controls ensuring that only authorized personnel can access personal data
- Secure data centers with SOC 2 Type II compliance through our cloud infrastructure providers
- Incident response procedures and breach notification protocols aligned with the DPDP Act, 2023
- Regular employee security awareness training and background verification checks
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable security standards.
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Specific retention periods include:
- Account Data: Retained for the duration of your active account plus 2 years after deactivation
- Service Engagement Data: VAPT reports and forensic findings are retained for 5 years from the date of delivery, as required by industry standards and legal obligations
- Financial Records: Invoices and payment records are retained for 7 years as required by Indian tax laws and the Companies Act, 2013
- Marketing Communications: Email consent records are retained for 3 years from the date of consent withdrawal
- Website Analytics: Anonymized analytics data may be retained indefinitely for trend analysis
7. Your Rights Under the DPDP Act, 2023
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you
- Right to Correction: You can request correction of inaccurate or incomplete personal data
- Right to Erasure: You can request deletion of your personal data, subject to legal retention requirements
- Right to Nominate: You can nominate another individual to exercise your rights in the event of your death or incapacity
- Right to Grievance Redressal: You can lodge a complaint with our Grievance Officer if you believe your data rights have been violated
To exercise any of these rights, please contact our Grievance Officer at the details provided below. We will respond to your request within 30 days as required by the DPDP Act, 2023.
8. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such information from our servers. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than India, particularly when we use cloud infrastructure providers with global data centers. We ensure that such transfers comply with the DPDP Act, 2023, and that appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions. By using our services, you consent to the transfer of your information to these countries.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes affecting your rights, we will provide additional notice through email or a prominent notice on our website. We encourage you to review this Privacy Policy periodically.
11. Grievance Officer Contact Information
In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer to address any concerns regarding this Privacy Policy or our data handling practices:
We will acknowledge receipt of your complaint within 48 hours and resolve it within 30 days of receipt, in accordance with applicable law.