Contents
01 Who We Are
Cyber Manch (also referred to as "CyberManch", "we", "us", or "our") is a cybersecurity consulting firm providing GRC & compliance, penetration testing, and SOC services. We operate primarily in India and serve clients across India, Australia, and internationally.
Business Owner: Ritu Dahiya
Operating Name: Cyber Manch
Website: cybermanch.org
Email: contact@cybermanch.org
Registered Office: Haryana, India
This Privacy Policy governs the collection, use, and protection of personal data that you provide to us through our website at cybermanch.org and any related services. By using our website or submitting your information through our contact form, you consent to the practices described in this policy.
This policy is written in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000. CyberManch is the Data Fiduciary for the personal data it collects through this website.
02 What Data We Collect
We only collect information that is necessary to respond to your enquiry and provide our services. We do not collect unnecessary personal data.
| Data Category | Specific Fields | Required? |
|---|---|---|
| Identity Data | Full name | Yes |
| Contact Data | Email address, phone number / WhatsApp | Email required; phone optional |
| Business Data | Company name, service interest, business context (what you share in the message field) | Service interest required; others optional |
| Technical Data | IP address, browser type, pages visited, time of visit (if analytics is enabled) | Collected automatically |
| Communication Data | Content of messages you send us via email or WhatsApp | When you initiate contact |
We do not collect any of the following: government ID numbers (Aadhaar, PAN), financial account or payment details through this website, health or medical information, biometric data, or any special category of sensitive personal data as defined under the DPDP Act.
03 How We Collect Your Data
We collect personal data through the following means:
- Contact / Booking Form: When you submit the enquiry form on our website, we collect the fields you fill in. Form submissions are processed via Formspree (a third-party form service) and delivered to our email inbox.
- Email: When you email us directly at contact@cybermanch.org, we collect the content of your email and your email address.
- WhatsApp: When you initiate a WhatsApp conversation with us, we collect your phone number and the content of that conversation through WhatsApp's platform.
- Instagram: When you message us via @cybermanch_official, we collect your Instagram handle and message content through Meta's platform.
- Automatic Collection: Our website hosting provider (Cloudflare) may automatically collect technical data such as IP addresses and page access logs as part of their standard service. We do not use this data for profiling.
04 Why We Use Your Data (Purpose & Legal Basis)
Under the DPDP Act 2023, we must have a lawful basis for every use of your personal data. Here is what we use your data for and why:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Responding to your enquiry and providing a free security assessment | Name, email, phone, company, service interest, message | Consent (form submission / message initiation) |
| Sending you information about CyberManch services relevant to your enquiry | Name, email | Consent (you contacted us for this purpose) |
| Maintaining records of our business relationships and engagements | Name, email, company, communication records | Legitimate interest (business record-keeping) |
| Improving our website and services | Technical data (anonymised) | Legitimate interest (service improvement) |
| Complying with legal obligations | As required | Legal obligation |
We do not: sell your personal data to any third party, use your data for automated profiling or decision-making that affects you legally, or use your contact details to send you unsolicited marketing unless you have specifically requested updates from us.
If you wish to receive our newsletter or security updates in future, we will seek your specific consent for that purpose separately.
05 How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes it was collected:
- Enquiries that do not convert to a client engagement: We retain your contact details and enquiry information for 12 months from the date of your last communication with us, after which it is deleted.
- Active client engagements: We retain relevant data for the duration of the engagement plus 3 years from project completion, for contractual and tax compliance purposes.
- Financial and billing records: Retained for 7 years as required under the Income Tax Act, 1961.
- Email communications: Retained for 2 years unless related to an active engagement.
After the applicable retention period, your data is securely deleted or anonymised so it can no longer identify you.
06 Who We Share Your Data With
We share your personal data only with the following categories of third parties, and only to the minimum extent necessary:
| Third Party | Purpose | Data Shared | Location |
|---|---|---|---|
| Formspree Inc. | Form submission processing and email delivery | All contact form fields | USA (processes data as a data processor under its own privacy policy) |
| Cloudflare Inc. | Website hosting and CDN | Technical access logs (IP, browser, pages) | USA / Global (standard hosting logs) |
| Meta Platforms (WhatsApp, Instagram) | Messaging platform for client communication | Phone number, message content (when you initiate contact) | USA / Global |
| Google (Analytics) | Website analytics — if and when enabled | Anonymised usage data | USA / Global |
We do not share your personal data with any other third parties. We do not sell your data. We do not transfer your data to any advertising networks or data brokers.
In the event that we are legally required to disclose your data (e.g., by a court order or under Section 69 of the IT Act), we will do so only to the extent legally required and will notify you where legally permitted to do so.
07 Your Rights Under the DPDP Act 2023
India's Digital Personal Data Protection Act 2023 grants you the following rights as a Data Principal (the person whose data is being processed):
- Right to Access: You have the right to obtain a summary of the personal data we hold about you and how it is being processed.
- Right to Correction: You have the right to correct any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to our legal retention obligations.
- Right to Withdraw Consent: Where we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
- Right to Grievance Redressal: You have the right to raise a grievance with our Grievance Officer (see Section 12) and to escalate to the Data Protection Board of India if your grievance is not resolved satisfactorily.
- Right to Nominate: You have the right to nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, please contact our Grievance Officer at privacy@cybermanch.org or contact@cybermanch.org. We will respond to your request within 30 days.
If you are not satisfied with our response to your grievance, you may escalate your complaint to the Data Protection Board of India once it is constituted and operational under the DPDP Act 2023.
08 Cookies and Tracking
Our website currently uses minimal cookies. Specifically:
- Essential cookies: Set by our hosting provider (Cloudflare) for security and performance purposes. These cannot be disabled as they are necessary for the website to function.
- Analytics cookies: We may add Google Analytics in future. If and when we do, we will update this policy and display a cookie consent notice. Analytics cookies will be optional and you will be able to decline them.
We do not currently use any advertising cookies, retargeting cookies, or third-party tracking pixels. We do not sell your browsing data.
You can manage cookies through your browser settings at any time. Disabling certain cookies may affect some website functionality.
09 Data Security
As a cybersecurity firm, data security is central to everything we do. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
- Our website is served over HTTPS (TLS encryption) via Cloudflare, ensuring data in transit is encrypted
- Form submissions are transmitted to Formspree over encrypted connections
- Access to your data is restricted to the minimum number of personnel necessary
- We do not store your personal data in unencrypted formats
- We review our security practices periodically in line with ISO 27001 principles
In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant authorities as required under applicable law.
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
10 Children's Privacy
Our services are intended for business professionals and organisations, not for individuals under the age of 18. We do not knowingly collect personal data from children.
Under the DPDP Act 2023, processing personal data of children (under 18) requires verifiable parental consent. If you believe we have inadvertently collected data from a minor, please contact us immediately at contact@cybermanch.org and we will delete such data promptly.
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Post the revised policy on this page with a new version number
- Where required by law, notify affected individuals directly
We encourage you to review this policy periodically. Your continued use of our website after changes are posted constitutes your acceptance of the updated policy, to the extent permitted by applicable law.
All previous versions of this policy are available upon request by emailing contact@cybermanch.org.
12 Grievance Officer & Contact
In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the details of our Grievance Officer are as follows:
Grievance Officer
Name: Ritu Dahiya
Designation: Founder & Data Fiduciary
Organisation: Cyber Manch
Email: contact@cybermanch.org
Website: cybermanch.org
Jurisdiction: Haryana, India
We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt.
For general privacy questions or to exercise your rights under the DPDP Act, you may also write to us at the email address above. Please include your full name, the nature of your request, and sufficient information to identify the personal data you are referring to.