Privacy Policy

1. Introduction

Elytra Security ("we," "our," or "us") operates the ElytraNexus platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable laws.

2. Information We Collect

We collect the following types of personal data:

• Account Information: Name, email address, organization details
• Usage Data: Login timestamps, IP addresses, feature usage statistics
• Compliance Data: Information you upload for GRC purposes (frameworks, controls, evidence)
• Communication Data: Support tickets, feedback, correspondence

3. Legal Basis for Processing

We process your personal data under the following lawful bases:

• Consent for account creation and platform usage
• Contract performance to provide GRC services
• Legal obligations for data security and compliance
• Legitimate interests for service improvement and security

4. How We Use Your Information

• Provide and maintain ElytraNexus platform services
• Process compliance workflows and generate reports
• Communicate service updates and support
• Improve platform functionality and user experience
• Ensure security and prevent fraud
• Comply with legal and regulatory requirements

5. Data Storage and Security

Your data is stored on secure servers in India. We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Multi-tenant data isolation
• Regular security audits and penetration testing
• Access controls and authentication (MFA available)
• Audit logging and monitoring

6. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

• Service Providers: Cloud hosting, email services (under data processing agreements)
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In case of merger, acquisition, or asset sale

7. Your Rights Under DPDPA

You have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Correction: Update inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Data Portability: Receive your data in a structured format
• Right to Withdraw Consent: Revoke consent at any time
• Right to Grievance Redressal: File complaints with our Data Protection Officer

To exercise your rights, contact us at: privacy@elytrasecurity.com

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account closure, data is retained for:

• Legal compliance: 7 years (as per Indian laws)
• Audit and compliance records: As required by applicable frameworks
• Anonymized analytics: Indefinitely

9. International Data Transfers

Your data is primarily stored and processed in India. If transferred outside India, we ensure adequate safeguards through Standard Contractual Clauses or other DPDPA-compliant mechanisms.

10. Children's Privacy

ElytraNexus is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

11. Cookies and Tracking

We use essential cookies for authentication and platform functionality. See our Cookie Policy for details.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email and in-app notifications 30 days before taking effect.

13. Contact Information

Data Protection Officer:
Elytra Security
Email: privacy@elytrasecurity.com
Address: Bengaluru, Karnataka, India

Grievance Officer:
Email: grievance@elytrasecurity.com
Response Time: Within 30 days as per DPDPA

← Back to Home