Privacy Policy
Effective Date: August 18, 2025
VERUSAVA INFOSEC PRIVATE LIMITED (“Verusava,” “we,” “us,” or “our”) is committed to the highest standards of privacy and data protection for our clients, partners, employees, contractors, and website visitors. This Privacy Policy outlines how Verusava collects, uses, stores, protects, shares, and manages your information in connection with our cybersecurity and compliance services.
1. Who We Are
Verusava Infosec Private Limited is a company incorporated under the Companies Act, 2013, with its registered office at: Ghaziabad, Uttar Pradesh – 201001, India
We deliver professional solutions in information security, data protection, risk assessment, regulatory compliance, penetration testing, consultancy, and training.
2. Information We Collect
Depending on the nature of engagement and interaction, Verusava may collect:
A. Personal Identifiable Information (PII)
Name
Email address
Phone number
Organization/company name
Job title and professional role
Government-issued identification details
B. Business/Organizational Information
Company profiles
IT environment data, network diagrams
Current security posture and audit log data
Regulatory/compliance documentation
C. Technical Data
IP addresses, device identifiers
Browser and operating system information
Authentication credentials* (only for testing, and deleted after use)
System and access logs
D. Financial and Transactional Data
Invoices, billing details, payment records
Business bank information/name as relevant to services
3. How We Collect Information
We obtain information from:
Direct interactions (forms, emails, contracts, support requests)
Client organizations as part of service agreements
4. How We Use Your Information
Verusava uses collected data for legitimate purposes, including:
Delivering security, compliance, and risk management services per contract
Conducting audits, assessments, penetration testing, and training
Managing client relationships, support, notifications, billing, and feedback
Internal governance, analytics, compliance monitoring, and service improvements
Fulfilling legal, statutory, or regulatory requirements
Protecting our rights, property, and personnel
Data provided for security testing (such as credentials) is used strictly for agreed scopes and is deleted post-engagement.
5. Lawful Basis for Processing
Verusava processes information on the following bases:
Consent, where given explicitly
Contractual necessity for service delivery
Legitimate business interests
Legal or regulatory obligations
6. Data Sharing and Disclosure
Verusava never sells or rents personal data. Information may be shared:
With your consent, or as part of agreed services
With vetted third-party vendors/sub-processors (cloud, IT, legal, or audit support) strictly as necessary
With regulatory, audit, or government authorities when required by law
For protection of Verusava, clients, or the public’s rights, property, and safety
All third-party partners are contractually obligated to maintain confidentiality and data security.
7. Data Retention
Information is retained only as long as needed for service provision, legal/compliance requirements, customer relations, and business operations. Afterward, data is securely deleted, anonymized, or archived per contractual and statutory mandates.
8. Data Security
As a cybersecurity specialist, Verusava employs robust, industry-standard safeguards:
Advanced encryption for data at rest and in transit
Strict access controls, authentication, and role-based permissions
Secure physical and cloud storage
Regular internal and external security audits
Continuous vulnerability assessments and monitoring
Personnel training and awareness programs
Access is restricted to authorized personnel only; policies prohibit unauthorized use and disclosure.
9. International Data Transfers
If services require transferring data outside India (e.g., for cloud hosting or cross-border compliance engagements), Verusava ensures adherence to applicable international protections such as the GDPR, HIPAA, or other relevant frameworks. Adequate contractual and technical safeguards are always applied.
10. Cookies and Tracking Technologies
Our website uses cookies, web beacons, and analytical tools to optimize functionality, understand visitor behavior, and enhance service delivery. Users can control cookie preferences in their browser settings.
11. Your Rights
Subject to Indian law and international standards, you retain rights to:
Access your personal data held by Verusava
Rectify or update inaccurate information
Request restriction or objection to certain data processing
Request deletion of your data (unless legal or contractual obligations require retention)
Withdraw consent at any time for non-essential processing
Requests can be submitted to privacy@verusava.com. Identity verification and applicable exceptions may apply.
12. Data Breach Notification
In the event of a data breach affecting your information, Verusava will notify affected individuals/organizations and relevant authorities in compliance with legal and contractual obligations, describing impact, remedial steps taken, and contact for further assistance.
13. Third-Party Websites and Services
Links provided on our site or in reports may direct users to external sites. Verusava bears no responsibility for their content, policies, or practices. We recommend reviewing external privacy notices before providing information.
14. Children’s Privacy
Verusava does not knowingly collect personal data from children under 18. If you believe a child’s data has been improperly provided, contact us for prompt removal.
15. Policy Updates
We may revise this Privacy Policy periodically at our discretion. Updates will be posted on our website with the new effective date. Continued use of our services or website constitutes acceptance of such changes.
16. Contact Us
For privacy questions, data access/rectification requests, or complaints, please contact:
Verusava Infosec Private Limited
Email: privacy@verusava.com