Privacy Policy

This Privacy Policy ("Policy") explains how OPSEC Labs Private Limited ("Company," "we," "us," or "our") collects, uses, shares, and protects personal data obtained through our website and related services. This Policy is designed to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and serves as our privacy notice under the DPDP Act, as well as other applicable data protection laws including the General Data Protection Regulation ("GDPR") for EU/EEA visitors.

By accessing our website or using our services, you consent to the practices described in this Policy.

1. Who We Are

OPSEC Labs Private Limited ("OPSEC Labs", "we", "us", or "our") is a cybersecurity consulting company registered in India, providing security assessments, compliance consulting, and advisory services.

Office Address:
No.4, 3rd Floor, 1st Cross, 1st Main,
Shivanagar, Rajajinagar,
Bengaluru 560010, Karnataka, India

CIN: U72900KA2021PTC155591

For privacy-related queries, contact us at: [email protected]

2. Scope of This Policy

This Privacy Policy applies to all visitors and users of the website opseclabs.co and explains how personal information is collected, used, stored, and protected. It also describes your rights regarding your data and the measures we take to ensure confidentiality and security of information.

3. Information We Collect

3.1 Information You Provide

• Email Communications: When you email us, we collect your name, email address, and any information you include in your message.
• Meeting Bookings: When you schedule a consultation through Calendly, we receive your name, email address, phone number (if provided), and meeting details.

3.2 Information Collected Automatically

• Analytics Data: We use Cloudflare Web Analytics, a privacy-friendly analytics service that does not use cookies or collect personal data. It provides aggregated insights such as page views, referral sources, and country-level location without tracking individual visitors.
• Server Logs: Our web server and Cloudflare may log IP addresses, browser type, operating system, and referral source for security and operational purposes. These logs are retained for a limited period.

4. How We Use Your Information

We use the information we collect to:

• Respond to your enquiries and provide requested information
• Schedule and conduct consultations
• Send relevant communications about our services (only if you have engaged with us)
• Improve our website and user experience
• Analyse website traffic and usage patterns (aggregated, non-personal data only)
• Ensure website security and prevent abuse
• Comply with legal obligations

5. Legal Basis for Processing

We process your personal information based on:

• Legitimate Interest: To respond to enquiries, ensure website security, and improve our services
• Consent: Where you have provided explicit consent (e.g., booking a meeting, submitting a contact form)
• Contractual Necessity: To fulfil our obligations when you engage our services
• Legal Compliance: To meet regulatory and legal requirements

6. Cookies and Similar Technologies

6.1 Our Cookie Usage

This website uses minimal cookies and local storage:

• Cookie Preference: We store your cookie notice acknowledgment in your browser's localStorage. This is not a cookie and is not transmitted to our servers.

We do not use tracking cookies, advertising cookies, or analytics cookies.

6.2 Third-Party Services and Cookies

When you interact with certain features, third-party services may set cookies:

6.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. You can also use browser extensions to block third-party content. Please note that blocking Google Maps cookies will prevent the interactive map from loading.

7. External Links

Our website contains links to external websites and services, including:

• LinkedIn (linkedin.com) — Company profile
• X / Twitter (x.com) — Company profile
• GitHub (github.com) — Company profile
• Calendly (calendly.com) — Meeting scheduling

These external sites have their own privacy policies and data collection practices. We are not responsible for the content or privacy practices of external websites. We encourage you to review their privacy policies before providing any personal information.

8. Data Retention

We retain your personal information as follows:

• Email communications: 24 months from last interaction, unless an ongoing business relationship exists
• Meeting booking data: 12 months from the meeting date
• Server logs: 30 days (security logs may be retained longer if required for incident investigation)
• Analytics data: Cloudflare Web Analytics retains aggregated data only; no personal data is stored

Third-party services retain data according to their own policies.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a portable format
• Objection: Object to processing based on legitimate interest
• Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

For Indian Residents (DPDP Act, 2023)

Under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access and obtain information about your personal data
• Correct and update inaccurate or incomplete data
• Erase your personal data
• Grievance redressal
• Withdraw consent at any time
• Nominate another person to exercise your rights on your behalf

For EU/EEA Residents (GDPR)

You have the right to lodge a complaint with your local Data Protection Authority if you believe we have not handled your data appropriately.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• HTTPS encryption for all website traffic
• Cloudflare security services (Cache, WAF)
• Access controls limiting who can view personal data
• Security headers to prevent common web attacks
• Regular security assessments

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States, through our use of third-party services (Cloudflare, Calendly, Google). These transfers are subject to appropriate safeguards as required by applicable law, including Standard Contractual Clauses where applicable.

12. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be highlighted. We encourage you to review this policy periodically.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

OPSEC Labs Private Limited
Email: [email protected]
Address: No.4, 3rd Floor, 1st Cross, 1st Main, Shivanagar, Rajajinagar, Bengaluru 560010, Karnataka, India

This Privacy Policy serves as the privacy notice required under the Digital Personal Data Protection Act, 2023 (India).