FirewallIQ Secure

Legal

Privacy Policy

Effective May 12, 2026

This privacy policy explains how Srida IT Consulting and Services Pvt Ltd ("Srida IT", "we", "us") handles personal data in connection with the FirewallIQ Secure platform and the firewalliqsecure.com website. We comply with India's Digital Personal Data Protection Act, 2023 (DPDPA), and where applicable the EU General Data Protection Regulation (GDPR).

1. Data we collect

We collect data you provide directly (name, email, company, role, message), usage data necessary for platform operation (logins, scan requests, API usage), and findings data your authorized users generate within the platform. We do not collect personal data from your scan targets — the platform validates configuration and reachability, not personal data.

2. How we use data

We use the data to provide and improve the platform, respond to your inquiries, send service-related communications, and comply with legal obligations. We do not sell personal data, and we do not use it to train third-party AI models.

3. Legal basis

Under GDPR, our legal bases include contract performance, legitimate interest, and consent where required. Under DPDPA, we process personal data on the basis of consent and certain legitimate uses as defined therein.

4. Data residency

India tenants' data resides in our Mumbai region by default. EU tenants' data resides in Frankfurt. Backups are kept in the same region as primary storage unless otherwise agreed in writing.

5. Sharing

We do not share your personal data with third parties except: (a) trusted sub-processors required to deliver the service (e.g., cloud infrastructure, email delivery); (b) when required by law; or (c) with your explicit instruction. A current list of sub-processors is available on request.

6. Security

We employ industry-standard administrative, technical, and physical safeguards including TLS 1.3 in transit, AES-256-GCM at rest, KMS-managed keys, role-based access control, multi-factor authentication, immutable audit logging, and regular security reviews.

7. Your rights

You have rights to access, correct, erase, and restrict processing of your personal data. To exercise these rights, contact privacy@sridait.com. We respond within statutory timelines.

8. Retention

We retain personal data only as long as necessary for the purposes described, or as required by law (e.g., audit logs retained for 7 years).

9. Contact

For privacy questions: privacy@sridait.com. For data protection inquiries under DPDPA, you may also reach our Data Protection Officer at the same address.

10. Changes

We may update this policy. Material changes will be notified by email and a banner on the platform at least 14 days before they take effect.