Elytra Security Pvt Ltd (“Elytra”, “we”, “our”, “us”) is an information-security company headquartered at 7th Floor, Kirloskar Tech Park, Hebbal Kempapura, Bengaluru, Karnataka 560024. For the purposes of the Digital Personal Data Protection Act, 2023 (DPDPA) we are the Data Fiduciary for personal data collected through:
Contact: dpo@elytrasecurity.com
Term | Meaning (abridged) |
Personal Data (PD) | Data about an individual who is identifiable directly or in combination with other data. |
Processing | Any operation (collection, storage, use, transmission, erasure) on PD. |
Data Principal | The individual to whom the PD relates (“you”, “your”). |
Consent | A clear affirmative action signifying agreement to process PD for a specified purpose. |
Legitimate Use | Processing necessary for the performance of a lawful contract or compliance obligation where consent is not practicable. |
Category | Typical Elements | Source |
Identity & Contact | Name, title, org, e-mail, phone, postal address | Web forms, contracts |
Professional | Government-issued ID for KYC, designation, skills/certs | Customer onboarding |
Usage & Device | IP, browser type, pages visited, event timestamps | Site analytics, product telemetry |
Marketing Preferences | Opt-in/opt-out flags, topics of interest | Consent forms |
Support Artefacts | Log files, configuration snippets, screenshots | Customer tickets |
We do not knowingly collect children’s data; services are strictly business-to-business.
Purpose | Lawful Basis | Key Retention Rule |
Deliver contracted products & services (e.g., portal access, SOC monitoring) | Contract performance (Legitimate Use) | 7 years after contract end (tax & audit requirement) |
Account onboarding & KYC | Legal Obligation (RBI / SEBI guidelines) | 8 years |
Respond to enquiries / demos | Consent | 12 months after last interaction |
Security monitoring & incident response | Legitimate Use – vital for threat prevention | Until incident closed + 1 year |
Marketing emails, newsletters, webinars | Consent (withdrawable anytime) | Until consent withdrawn or 24 months of inactivity |
Improving products (analytics & telemetry) | Legitimate Use (minimal, aggregated) | 18 months |
Logs may be anonymised and retained indefinitely for statistical security research.
We never sell personal data. Data may be shared with:
A complete up-to-date list of sub-processors is maintained at elytrasecurity.com/sub-processors.
Personal data is stored primarily in India. Limited transfers to jurisdictions as notified by GoI; contractual safeguards applied, occur for backup and global email delivery. In such cases, standard contractual clauses and equivalent protection measures are applied.
You have the right to:
Submit a request to privacy@elytrasecurity.com with the subject line “DPDPA Right – [Access / Correction / Erasure / Portability / Withdrawal]”.
We will acknowledge within 48 hours and fulfil or formally respond within 7 working days (complex cases: ≤ 15 days). Identification proof may be requested to validate your identity.
You may withdraw marketing or service-specific consent via:
Minimum fields required: name, business email, consents to revoke, optional comment.
Upon validation your data is flagged “Restricted – Consent Withdrawn” in 24 hours and purged from marketing systems in ≤ 5 days (back-ups overwritten by retention cycle).
Name: Venkat Mangudi, CEO
Email: gro@elytrasecurity.com
Unresolved grievances may be escalated to the Data Protection Board of India as per DPDPA rules.
We use:
See our Cookie Notice for granular controls. Consent choices are honoured for at least 12 months unless you clear browser cookies earlier.
Material changes will be posted on this page with date-stamp and, where appropriate, notified via email. Continued use of our services after such changes constitutes acknowledgment.
Effective Date: August 8, 2025
Last update: August 8, 2025
Questions about this notice or our privacy practices?
