Privacy Policy

Effective Date: 25-10-2025
Last Updated: 25-10-2025

1. Introduction

Cybercyko Technologies Pvt Ltd ("Cybercyko", "we", "our", "us") respects your privacy and is committed to protecting personal data processed in connection with our website https://cybercyko.com

This Policy explains how we collect, use, disclose, transfer and secure personal information. It complies with India's Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By accessing our Services, you agree to this Policy.

2. Definitions

Term Meaning

Personal Data Any data about an identifiable individual.

Sensitive Personal Data (SPDI) Includes passwords, financial information, biometric data, health information, and any

data declared sensitive under applicable law.

Data Principal The individual to whom the data relates.

Data Fiduciary Cybercyko Technologies Pvt Ltd.

Processing Any operation performed on Personal Data such as collection, storage, use, disclosure, or .

deletion

3. Information We Collect

We collect Personal Data through direct interactions, automated technologies, and third-party integrations.

a. Information You Provide

• Name, company, designation, email address, and contact number.
  
  
  
• Login credentials and authentication details.
  
  
  
• Support requests, feedback, or communications.
  
  
  
• Billing or contractual data (for enterprise clients).
  
  
  

b. Information Collected Automatically

• Device identifiers, IP address, browser type, operating system.
  
  
  
• Access logs, timestamps, geolocation (approximate).
  
  
  
• Usage metrics, API calls, session length, and error diagnostics.
  
  
  

c. Information from Third Parties

• Data provided by client organisations using our IAM platform.
  
  
  
• Data from analytics providers, marketing partners, or authentication sources (e.g., OAuth, SAML IdP).
  
  
  

We collect only data necessary for the purposes stated below.

4. Purpose and Legal Basis of Processing

Purpose Legal Basis

Provide and operate our IAM solutions, manage user accounts Performance of Contract

Authenticate users, authorise access, and ensure system security Legitimate Interest / Contract

Provide customer support and technical assistance Contract / Legitimate Interest

Conduct R&D, testing, AI-based analytics on anonymised data Legitimate Interest / Consent

Send service updates, notifications, or marketing (opt-in) Consent

Ensure compliance with legal and regulatory obligations Legal Obligation

Detect, prevent and investigate security breaches or fraud Legitimate Interest

5. Data Retention

We retain Personal Data only for as long as required for lawful purposes or as mandated by regulation.

Data Category Typical Retention Period

Account & login logs 90 days to 1 year

Support tickets & communications 12 months after closure

Client contractual records 7 years post-termination

Analytics & telemetry data 180 days (aggregated afterwards)

Marketing data Until consent withdrawal

6. Disclosure and Sharing of Information

We may share Personal Data only under strict contractual and legal safeguards:

• Service Providers: Hosting, cloud (AWS/Azure), email, analytics, and security vendors under NDAs.
  
  
  
• Business Partners / Resellers: To deliver joint solutions with proper consent.
  
  
  
• Legal Authorities: If required by law, court order, or government regulation.
  
  
  
• Corporate Transactions: During merger, acquisition, or asset transfer with prior notice.
  
  
  

We never sell Personal Data to any third party.

7. Cross-Border Transfers

Data may be processed or stored on servers located outside India.
Cybercyko ensures adequate safeguards including:

• Contractual clauses ensuring equivalent data protection;
  
  
  
• Encryption of data in transit and at rest;
  
  
  
• Access restriction to authorised personnel only.

8. Data Security

Cybercyko implements Reasonable Security Practices and Procedures, consistent with ISO 27001 and SOC 2 Type II standards:

• Multi-layered network, application and data security controls.
  
  
  
• Role-based access and MFA.
  
  
  
• Continuous monitoring and periodic vulnerability assessments.
  
  
  
• Regular employee privacy and security training.
  
  
  
• Incident-response and breach-notification mechanisms.
  
  
  

9. Data Breach Notification

In the unlikely event of a data breach that impacts your Personal Data, Cybercyko will:

1. Investigate and contain the breach immediately.
   
   
   
2. Notify affected users and the Data Protection Board of India (if required) within statutory timelines.
   
   
   
3. Provide guidance on remedial actions.

10. Your Rights

As a Data Principal, you have the right to:

• Access your Personal Data held by us.
  
  
  
• Correct or update inaccurate data.
  
  
  
• Erase data no longer necessary for processing.
  
  
  
• Withdraw consent for data processed based on consent.
  
  
  
• Request information about data-sharing and processing.
  
  
  

Requests can be sent to info@cybercyko.com

11.Cookies and Analytics

Our website uses cookies and similar technologies to:

1.Enable secure sign-in sessions;

2.Analyse site usage and performance;

3.Remember preferences;

4.Deliver relevant content.

We may use third-party analytics tools (e.g., Google Analytics, Microsoft Clarity). You may manage or disable cookies in your browser, but certain features may not work properly.

12. Third-Party Links and Integrations

Our Services may contain links or integrations to external websites or identity providers (e.g., Google Workspace, Azure AD, Okta).
Cybercyko is not responsible for the privacy practices of such third parties. Please review their respective policies.

13. Children's Privacy

Our Services are intended for persons aged 18 and above. We do not knowingly collect data from minors. If such information is inadvertently received, we will delete it promptly.

14. Updates to this Policy

Cybercyko may modify or update this Policy from time to time. Material changes will be communicated via:

• Updated "Effective Date" on this page, and
  
  
  
• Email notice (if you maintain an active account).
  Continued use of the Services after such updates constitutes acceptance of the revised Policy.
  
  
  

15. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes shall be subject to the exclusive jurisdiction of the courts at Andhra Pradesh, India.

16. Contact and Grievance Redressal

In accordance with Rule 5(9) of the SPDI Rules and Section 13 of the DPDP Act 2023, you may contact our Grievance Officer:

Grievance Officer
Cybercyko Technologies Pvt Ltd
Malikipuram, Andhra Pradesh, India
📧 info@cybercyko.com