Privacy Policy

Last updated: March 2026

1. Who We Are

This Privacy Policy applies to CyberneticsPlus Services Private Limited, a company incorporated under the laws of India, with its registered office at No. 07/3, Nagananda Commercial Complex, 2nd Floor, 18th Main Road, Marenahalli, Jayanagara 9th Block, Bengaluru, Karnataka 560041, India. We operate the website at cyberneticsplus.com and provide professional cybersecurity services including penetration testing, cloud security assessments, managed SOC, and compliance consulting.

For the purposes of the General Data Protection Regulation (GDPR) and applicable Indian data protection law, CyberneticsPlus Services Private Limited is the data controller. You can reach us at info@cyberneticsplus.com.

2. What Data We Collect

We collect the following categories of personal data:

• Contact information: Name, email address, company name, phone number, and any information you voluntarily provide when submitting our contact or quote request forms.
• Technical data: IP address, browser type and version, operating system, referring URLs, pages visited, and time spent on pages. This data is collected automatically via analytics tools when you browse our website.
• Cookies and tracking data: We use analytics cookies to understand how visitors interact with our website. See Section 5 for full details.
• Engagement data: If you engage us for services, we may collect additional professional details such as your organisation's security posture, systems in scope, and related technical information necessary to deliver contracted services.

We do not knowingly collect data from children under the age of 16. Our services are directed at business professionals and organisations.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

• Service delivery: To respond to enquiries, provide quotations, execute engagement contracts, deliver reports, and fulfil any other contracted cybersecurity services.
• Communication: To send you service updates, respond to support requests, and — where you have opted in — to send relevant security advisories or newsletters.
• Analytics and improvement: To analyse website traffic, understand user behaviour, and improve the performance and content of our website.
• Legal compliance: To comply with applicable laws, regulations, and lawful requests from government or regulatory authorities.

4. Legal Basis for Processing

Where the GDPR applies, we rely on the following legal bases under Article 6 to process your personal data:

• Contract (Article 6(1)(b)): Processing is necessary to perform a contract with you or to take steps at your request before entering a contract. This applies when we deliver engagements you have commissioned.
• Legitimate interests (Article 6(1)(f)): We process certain data based on our legitimate interests in running and improving our business — for example, analysing website performance and responding to unsolicited enquiries. We balance these interests against your rights and will not override them.
• Consent (Article 6(1)(a)): Where we set analytics cookies or send marketing communications, we rely on your freely given, specific, and informed consent. You may withdraw consent at any time.
• Legal obligation (Article 6(1)(c)): We may process data to comply with legal obligations such as tax, accounting, or regulatory requirements.

5. Cookies

Our website uses cookies — small text files stored on your device — to help us understand how visitors use our site. We categorise cookies as follows:

• Strictly necessary cookies: Required for the website to function. These cannot be disabled. They do not store personally identifiable information.
• Analytics cookies: We use Google Analytics (via Google Tag Manager, ID: GTM-NB4QPC7) to collect aggregated data about website traffic and behaviour. These cookies are only set after you provide explicit consent via our cookie consent banner.

You can accept or decline analytics cookies using our cookie banner when you first visit the site. If you decline, no analytics cookies will be set and Google Tag Manager will not load. You can change your preference at any time by clearing your browser's local storage for this site.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes described:

• Contact form submissions: Retained for up to 2 years from the date of submission, or until you request deletion, whichever is earlier.
• Analytics data: Google Analytics data is retained for a maximum of 26 months.
• Engagement records: Data collected in the course of a cybersecurity engagement is retained for the duration of the engagement plus 2 years, after which it is securely deleted unless a longer retention period is required by law or contract.

7. Your Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR (or UK GDPR):

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete data.
• Right to erasure: You may ask us to delete your personal data in certain circumstances (the "right to be forgotten").
• Right to data portability: You may request that we transfer your data to you or a third party in a structured, commonly used, machine-readable format.
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to restrict processing: You may ask us to suspend processing of your data in certain circumstances.

To exercise any of these rights, please email info@cyberneticsplus.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

8. Third Parties

We share limited personal data with the following trusted third-party service providers who process data on our behalf:

• Google LLC (Google Analytics / Google Tag Manager): Analytics and tag management. Data is processed subject to Google's standard contractual clauses and privacy policy.
• Zoho Corporation / ZeptoMail: Transactional email delivery for contact form responses and service communications. Data is processed under Zoho's data processing agreement.
• Cloudflare, Inc.: Content delivery network, DDoS protection, and DNS. Cloudflare may process request-level data including IP addresses as part of delivering our website securely.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

9. International Data Transfers

Some of our third-party providers are based outside of India and the EEA. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Google: Data may be processed in the United States and European Union. Google participates in the EU–US Data Privacy Framework and applies standard contractual clauses where applicable.
• Cloudflare: Data is processed globally across Cloudflare's network. Cloudflare applies standard contractual clauses for EEA transfers and maintains ISO 27001 certification.

By using our website and services, you acknowledge that your data may be transferred to and processed in countries outside your own. We take reasonable steps to ensure that any such transfers comply with applicable data protection laws.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: