Privacy Policy

1. Introduction

Giritech Enterprises LLP ("Company", "we", "us", "our") provides IT, software development, cloud, and related services. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, with whom we share it, and the choices you have regarding your information.

Please read this document carefully. By using our website, services, products, or by contacting us, you consent to the practices described in this Privacy Policy (subject to any choices you make and applicable law).

2. Information We Collect

We collect information needed to provide services, communicate with you, secure our systems, and comply with legal obligations. The categories below describe the types of personal information we may collect.

2.1 Information You Provide Directly

• Contact details: name, company name, email address, phone number, postal address.
• Account & billing: invoicing details, billing address, payment method details (note: payment card details may be processed by our payment processor; we do not store full payment card numbers).
• Project materials: files, documentation, specifications, source code, credentials, or other content you upload or transmit to us.
• Communications: messages, support requests, feedback, and correspondence with our team.

2.2 Information Collected Automatically

• Usage data: pages visited, features used, IP address, browser type, operating system, device identifiers, timestamps, and referral data.
• Cookies and similar technologies: for authentication, preferences, analytics, and marketing (see section 5).
• Logs & diagnostics: error logs, performance data, and system telemetry used to maintain and improve services.

2.3 Information From Third Parties

We may receive information from third-party sources such as integrations (e.g., Git providers, cloud platforms), business partners, public sources, and service providers. We combine such data with information we collect directly.

3. How We Use Your Information

We use personal information for the following business purposes:

• To provide, operate, and maintain the Services and Deliverables.
• To manage projects, process orders, bill clients, and collect payments.
• To communicate (e.g., support, updates, security notices, marketing where permitted).
• To personalize and improve user experience, product features, and our website.
• To secure our services, detect and prevent fraud or abuse, and maintain system integrity.
• To comply with legal and regulatory obligations and respond to lawful requests from public authorities.
• For research and analytics to improve our products and services.

4. Legal Bases for Processing (if applicable)

Where applicable (for example, under the EU GDPR), we rely on the following legal bases to process personal data:

• Performance of a contract: processing necessary to perform our contract with you.
• Legal obligation: processing to comply with legal requirements.
• Legitimate interests: such as improving services, network security, and fraud prevention, balanced against your rights.
• Consent: where we rely on consent (e.g., for newsletters or certain cookies), you can withdraw consent at any time.

5. Cookies, Tracking & Analytics

We and our service providers use cookies and similar technologies to collect information about how you use our site and Services.

• Essential cookies: required for core functionality (e.g., authentication, security).
• Performance & analytics: used to understand usage and improve performance (e.g., Google Analytics or other analytics providers).
• Functional cookies: remember user preferences and settings.
• Advertising & marketing: may be used to present targeted content or ads (where applicable).

You can control cookies through your browser settings and, where provided, cookie consent tools on our site. Blocking some cookies may affect the functionality of the Services.

6. Third-Party Services

We use third-party providers for infrastructure, analytics, payment processing, customer support, email delivery, and other services. These providers may access personal information as necessary to perform services on our behalf and are contractually restricted from using it for other purposes.

Examples include (but are not limited to): cloud providers, payment processors, CRM and ticketing systems, analytics platforms, and code repositories. Where applicable, we rely on processors that implement appropriate security and data-handling safeguards.

7. Sharing & Disclosure

We will not sell your personal information. We may disclose information in the following circumstances:

• Service providers: third-party vendors who help us deliver the Services.
• Business transfers: in connection with a merger, acquisition, or sale of assets (with notice to affected users where required by law).
• Legal obligations: to comply with laws, regulations, court orders, or government requests.
• Protection of rights: to protect our rights, property, safety, or those of others.
• With your consent: where you request or authorize sharing.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction. Security measures include access controls, encryption in transit (TLS) and, where applicable, at rest, regular security assessments, and employee access restrictions.

No method of transmission or storage is perfectly secure; therefore, we cannot guarantee absolute security. If a data breach affecting personal data is discovered, we will follow applicable laws regarding breach notification and mitigation.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and purpose (e.g., accounting records retained for statutory periods).

10. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of personal data where we have no legal basis to retain it.
• Restriction: request restriction of processing in certain circumstances.
• Portability: request a portable copy of your data in a commonly used format.
• Objection: object to processing based on legitimate interests or direct marketing.
• Withdraw consent: where processing is based on consent you may withdraw it at any time.

To exercise these rights, contact us using the details in Section 14. We may require verification of identity before processing requests and may reject requests where permitted by law (for example, to preserve records required by law).

11. International Transfers

We operate globally. Personal information may be processed and stored in countries other than your country of residence. When transferring data internationally, we rely on lawful transfer mechanisms (e.g., standard contractual clauses, adequacy decisions, or other safeguards) to ensure an adequate level of protection.

12. Children’s Privacy

Our Services are not directed to children under the age of 13 (or a higher minimum age where local law applies). We do not knowingly collect personal data from children. If you believe we have collected information about a child, please contact us and we will delete such data as required by law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify users via prominent notice on our website or by other means as required by law. The "Last Updated" date at the top indicates when the policy was last revised.

14. How to Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, please contact:

15. Specific Notices

15.1 GDPR (European data subjects)

If you are located in the European Economic Area (EEA), the UK, or Switzerland, you have the rights set out in Section 10. Our lawful bases for processing are those listed in Section 4. You may lodge a complaint with your local supervisory authority if you believe we have infringed applicable data protection laws.

15.2 CCPA / CPRA (California residents)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know categories of personal data collected, the right to request deletion, and the right to opt out of the sale of personal information (we do not sell personal information for monetary value). To exercise your CCPA/CPRA rights, contact us as described in Section 14. Verified requests will be processed in accordance with applicable law.

15.3 Other Jurisdictions

Residents of other jurisdictions may have rights under local laws; please contact us to learn more about rights that may apply to you.

16. Additional Security & Operational Notes

• Encryption: we use encryption in transit (TLS/HTTPS). In some cases, encryption at rest is used depending on the service/product and agreement terms.
• Access controls: access to your project data is limited to authorized personnel on a need-to-know basis.
• Backups & disaster recovery: backup routines and disaster recovery processes are in place consistent with our service agreements.

17. Third-Party Links

Our website or communications may include links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. Review their privacy policies before providing personal information.

18. Consent & Authorization

By using our Services or providing personal information, you represent and warrant that you have the authority to provide such data and that it is accurate. Where required, you provide consent for the processing described in this Privacy Policy.