Privacy Policy

VERUSAVA INFOSEC PRIVATE LIMITED (“Verusava,” “we,” “us,” or “our”) is committed to the highest standards of privacy and data protection for our clients, partners, employees, contractors, and website visitors. This Privacy Policy outlines how Verusava collects, uses, stores, protects, shares, and manages your information in connection with our cybersecurity and compliance services.

1. Who We Are

Verusava Infosec Private Limited is a company incorporated under the Companies Act, 2013, with its registered office at Ghaziabad, Uttar Pradesh – 201001, India.

We deliver professional solutions in information security, data protection, risk assessment, regulatory compliance, penetration testing, consultancy, and training.

2. Information We Collect

Depending on the nature of engagement and interaction, Verusava may collect the following categories of information:

A. Personal Identifiable Information (PII)

• Name
• Email address
• Phone number
• Organization/company name
• Job title and professional role
• Government-issued identification details

B. Business/Organizational Information

• Company profiles
• IT environment data and network diagrams
• Current security posture and audit log data
• Regulatory/compliance documentation

C. Technical Data

• IP addresses and device identifiers
• Browser and operating system information
• Authentication credentials (only for testing, and deleted after use)
• System and access logs

D. Financial and Transactional Data

• Invoices, billing details, and payment records
• Business bank information/name as relevant to services

3. How We Collect Information

We obtain information from the following sources:

• Direct interactions (forms, emails, contracts, support requests)
• Client organizations as part of service agreements

4. How We Use Your Information

Verusava uses collected data for legitimate purposes, including the following:

• Delivering security, compliance, and risk management services as per contract
• Conducting audits, assessments, penetration testing, and training
• Managing client relationships, support, notifications, billing, and feedback
• Internal governance, analytics, compliance monitoring, and service improvements
• Fulfilling legal, statutory, or regulatory requirements
• Protecting our rights, property, and personnel

Data provided for security testing (such as credentials) is used strictly for agreed scopes and is deleted post-engagement.

5. Lawful Basis for Processing

Verusava processes information on the following bases:

• Consent, where given explicitly
• Contractual necessity for service delivery
• Legitimate business interests
• Legal or regulatory obligations

6. Data Sharing and Disclosure

Verusava never sells or rents personal data. Information may be shared in the following circumstances:

• With your consent, or as part of agreed services
• With vetted third-party vendors/sub-processors (cloud, IT, legal, or audit support) strictly as necessary
• With regulatory, audit, or government authorities when required by law
• For protection of Verusava, clients, or the public’s rights, property, and safety

All third-party partners are contractually obligated to maintain confidentiality and data security.

7. Data Retention

Information is retained only as long as needed for service provision, legal and compliance requirements, customer relations, and business operations. Afterward, data is securely deleted, anonymized, or archived in line with contractual and statutory mandates.

8. Data Security

As a cybersecurity specialist, Verusava employs robust, industry-standard safeguards, which may include:

• Advanced encryption for data at rest and in transit
• Strict access controls, authentication, and role-based permissions
• Secure physical and cloud storage
• Regular internal and external security audits
• Continuous vulnerability assessments and monitoring
• Personnel training and awareness programs

Access is restricted to authorized personnel only, and policies prohibit unauthorized use and disclosure.

9. International Data Transfers

If services require transferring data outside India (for example, for cloud hosting or cross-border compliance engagements), Verusava ensures adherence to applicable international protections such as the GDPR, HIPAA, or other relevant frameworks, along with adequate contractual and technical safeguards.

10. Cookies and Tracking Technologies

Our website uses cookies, web beacons, and analytical tools to optimize functionality, understand visitor behavior, and enhance service delivery. Users can control cookie preferences through their browser settings.

11. Your Rights

Subject to Indian law and applicable international standards, you may have rights to access, rectify, restrict, object to processing, request deletion of your data, and withdraw consent for non-essential processing.

Requests can be submitted to privacy@verusava.com. Identity verification and applicable legal exceptions may apply.

12. Data Breach Notification

In the event of a data breach affecting your information, Verusava will notify affected individuals or organizations and relevant authorities in line with legal and contractual obligations, including information on impact, remedial steps taken, and how to obtain further assistance.

13. Third-Party Websites and Services

Links provided on our site or in reports may direct users to external sites. Verusava is not responsible for their content, policies, or practices and recommends reviewing external privacy notices before providing information.

14. Children’s Privacy

Verusava does not knowingly collect personal data from children under 18. If you believe a child’s data has been improperly provided, you can contact us for prompt removal.

15. Policy Updates

This Privacy Policy may be revised periodically at Verusava’s discretion, and updates will be posted on this page with the new effective date. Continued use of our services or website following changes will be treated as acceptance of the updated policy.

16. Contact Us

For privacy questions, data access or rectification requests, or complaints, please contact: