Privacy Policy

We collect the following types of information when you use our website or services:

Personal Information: Name, email address, phone number, and company name when you fill out contact forms or request assessments.

Usage Data: IP address, browser type, pages visited, time spent on pages, and referring URLs through analytics tools.

Communication Data: Messages and correspondence when you contact us via email, forms, or chat.

Technical Data: Security assessment data collected during engagements, which is handled under strict confidentiality agreements.

We use collected information for the following purposes:

- To respond to your inquiries and provide requested cybersecurity services
- To send service proposals, reports, and security recommendations
- To improve our website and service quality
- To send relevant cybersecurity updates and newsletters (with your consent)
- To comply with legal obligations under Indian law
- To prevent fraud and ensure the security of our systems

We do NOT sell, rent, or trade your personal information to third parties.

As a cybersecurity company, we practice what we preach. Your data is protected by:

- End-to-end encryption for all data in transit (TLS 1.3)
- Encrypted storage for all personal and client data
- Role-based access control — only authorized personnel access client data
- Regular security audits of our own systems
- Strict data retention policies — client data deleted after project completion unless retention is required by law
- ISO 27001-aligned information security management practices

We may share your information only in the following limited circumstances:

Service Providers: Trusted third-party service providers (e.g., email, hosting, analytics) who process data on our behalf under strict data processing agreements.

Legal Requirements: When required by Indian law, court orders, or regulatory authorities including CERT-In.

Business Transfers: In the event of a merger or acquisition, your data may be transferred with appropriate protections.

We never share client security assessment data, vulnerability findings, or confidential business information.

Our website uses cookies and similar technologies to:

- Maintain session state and website functionality
- Analyze traffic patterns via Google Analytics (anonymized)
- Remember your preferences

You can control cookie settings through your browser. Disabling cookies may affect website functionality. We do not use advertising cookies or cross-site tracking.

Under India's Digital Personal Data Protection Act 2023, you have the right to:

- Access: Request a copy of personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data
- Grievance Redressal: Contact our Data Protection Officer for complaints

To exercise these rights, contact us at: privacy@bugzero.solutions

We will respond to all valid requests within 30 days.

We retain personal data only as long as necessary:

- Contact form submissions: 2 years from last interaction
- Client project data: Duration of engagement + 1 year (or as required by law)
- Marketing data: Until you unsubscribe
- Legal records: As required by Indian law (typically 7 years)

Security assessment reports are retained for the agreed period specified in the service agreement.

Our services are directed at businesses and organizations, not individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on our website with a revised date. Continued use of our services after changes constitutes acceptance of the updated policy.

For privacy-related inquiries, requests, or complaints:

Data Protection Officer
BugZero Cyber Solutions
Email: privacy@bugzero.solutions
General: contact@bugzero.solutions

We take all privacy concerns seriously and will respond within 5 business days.