LEGAL & TRUST

Privacy Policy

Last updated: June 10, 2026. Learn how we handle your information and safeguard data sovereignty under India's DPDPA 2023.

1. Introduction

Welcome to Kryptasys ("Kryptasys", "we", "us", or "our"). We are committed to protecting the privacy and security of your digital information. This Privacy Policy details our practices concerning data collection, processing, and storage, and describes how we support compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

This policy applies to our marketing website (kryptasys.in), our product DPDP Shield (shield.kryptasys.in), and all related services, features, and tools operated by Kryptasys.

2. Zero Code Exposure Guarantee

Zero Code Exposure Guarantee

Kryptasys does not require you to share your codebase, database schemas, source files, or proprietary application configurations. Our compliance assessment is entirely questionnaire-based. Your actual code and internal data systems never leave your premises. What we store is limited to your assessment responses, compliance scores, and remediation task assignments — nothing more.

This design ensures your proprietary codebase and sensitive systems remain inside your secure perimeter. DPDP Shield works by asking structured questions about your data practices — not by scanning or receiving your actual systems. Kryptasys never gains visibility into your source code, database schemas, secrets, or internal intellectual property.

3. Information We Collect

We believe in data minimization. We only collect the minimal information necessary to deliver our services, and do not deploy analytics tracking or third-party advertising cookies.

  • Waitlist & Inquiries: When you sign up for our waitlists (e.g. for the CTF Hosting Platform) or send us an email, we collect your name, work email address, and company details to communicate with you.
  • Diagnostic Logs (Opt-in): In the event of system errors during local scans, you may optionally choose to send us anonymized debug summaries. These never contain raw system code or databases.
  • Subscription and Billing Details: If you purchase paid services in the future, billing and transaction processing will be handled securely via PCI-DSS compliant third-party payment aggregators. Kryptasys does not store your credit card or net banking credentials.

4. DPDPA Alignment & Roles

Under India's Digital Personal Data Protection Act, 2023 (DPDPA), legal obligations are mapped to specific roles:

  1. Kryptasys as a Data Processor: For the SaaS portals and waitlists we operate directly, we act as a Data Fiduciary. For the hosted services we operate where your compliance data is processed, we act as a software provider facilitating your compliance; you remain the sole Data Fiduciary for the data scanned.
  2. Supporting Fiduciary Obligations: DPDP Shield provides features specifically designed to help Data Fiduciaries meet DPDPA requirements, including automating processing consent trackers, establishing data processing registries, and enabling audit logs.
  3. Sovereign Data Storage: In compliance with sovereign data localization guidelines, any data processed or stored by Kryptasys portals is hosted exclusively on servers physically located inside the geographical borders of the Union of India.

5. Data Security & Storage

We employ enterprise-grade security controls to protect the limited personal information we hold:

  • Encryption: All transit data between your browser and our waitlist endpoints is encrypted using Transport Layer Security (TLS 1.3).
  • Retention: We keep communication and waitlist details only as long as necessary to address your requests or fulfill contractual relationships. You may request deletion at any time.
  • Access Controls: Access to waitlist databases is restricted to authorized Kryptasys security personnel with strict multi-factor authentication requirements.

6. Your Rights & Redressal

As a Data Principal under India's DPDPA, you possess the following rights regarding the personal data we process:

  • Right to Access: You can request a summary of your personal data processed by us and the processing activities.
  • Right to Correction & Erasure: You can ask us to correct inaccurate data or delete your records from our active databases.
  • Right to Grievance Redressal: In the event of unresolved privacy concerns, you have the right to register a complaint directly with our Grievance Officer.

7. Contact Information

For inquiries regarding this Privacy Policy, your rights, or to submit a request to our Grievance Redressal Officer, please contact us:

Grievance Officer: Vivek Kumar
Email: contact@kryptasys.in
Subject Line: Attention: Privacy Grievance Officer