1.Introduction
Tinycrows Private Limited (together with its direct and indirect subsidiaries and foreign branch offices, collectively referred to as “We” or “Us” or “Company” or “Tinycrows”) is committed to protecting your privacy. In compliance with all applicable laws in the jurisdiction where we operate. We have developed this Privacy Policy (also referred to as “Privacy Policy” or “Policy” or “Privacy Statement” or “Privacy Notice”) in order to demonstrate our commitment to meeting legal and regulatory requirements for data protection and privacy.This Privacy Notice applies to the website, mobile application(s) (if any) and tools (collectively referred to as the "Sites") provided by Tinycrows Pvt. Ltd., a company incorporated under the laws of India, with respect to personal data you share with Tinycrows under this Privacy Notice.This Privacy Notice governs the collection and processing of personal data when you visit our website www.tinycrows.com , apply for a position, or inquire about our services (e.g.,_VAPT, Red Teaming, AI Maturity Assessment, TPRM, etc.). This policy is drafted in compliance with the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection (DPDP) Act, 2023.Note on Client Data: Please note that data collected during the execution of our professional services (e.g., server logs, vulnerability reports, penetration testing data) is governed by the specific Non-Disclosure Agreement (NDA) and Master Service Agreement (MSA) signed with the respective client, which supersedes this general website policy.Tinycrows reserves the right, at its sole discretion, to update this Privacy Notice from time to time in accordance with the amendments in the laws. We therefore encourage you to review the current version of the Privacy Notice each time you return to our Sites.
2.Definitions
In this Privacy Notice, the following definitions are used:2.1Data (or "Personal Data"): Any information about an individual who is identifiable by or in relation to such data, including sensitive personal information as defined under applicable laws. This encompasses data we collect, receive, or otherwise process in connection with your use of our website or services, such as your name, contact details, professional title, and technical identifiers like IP addresses or device logs used for security monitoring2.2Cookies: A small text file or piece of code placed on your device by our website or portals when you visit or use certain features. These files generally allow our platform to remember your actions or preferences for a certain period, and in the context of our security services, they are also used to manage secure user sessions, prevent fraud, and detect malicious bot activity.2.3Data Protection Laws: Any applicable law currently in force in India relating to the processing of Data, including the Information Technology Act, 2000, and its associated rules, as well as the Digital Personal Data Protection Act, 2023 (DPDP Act), along with any amendments or subsequent regulations that may be enacted.2.4OEM & Technology Partners: Select third-party technology vendors, such as antivirus providers, cloud service providers, or firewall manufacturers, with whom we have valid partnership agreements to resell, integrate, or implement specific cybersecurity solutions for our clients.2.5Service Providers: Entities that provide specific operational services to us, such as cloud hosting, customer relationship management, or payment processing, and to whom we may disclose your Data for a specific purpose pursuant to a written contract that mandates strict confidentiality and data security obligations.2.6User (or "You"): The natural person who accesses our website, applies for a job, joins our community or utilizes our cybersecurity services, referred to as the "Data Principal" under the Digital Personal Data Protection Act, 2023
3. Applicability
This Privacy Policy applies to all "Users" who access our website, submit inquiries, apply for employment, or otherwise interact with our digital platforms. It governs the processing of Personal Data collected through these channels for the purposes of lead generation, recruitment, and general website security. However, this policy does not apply to the confidential client data, security logs, vulnerability reports, or proprietary information we process during the execution of paid cybersecurity engagements (such as VAPT, SOC monitoring, or Audits); such data is strictly governed by the specific Non-Disclosure Agreement (NDA) and Master Service Agreement (MSA) executed between Tinycrows and the respective Client, which takes precedence over this general policy
4.Data We Collect
We collect different types of data to provide and improve our services, which includes both information you voluntarily provide and data we capture automatically, when you register or contact us, we may collect the following:4.1Identity Data: Such as your name, age, and gender;4.2Contact Data: Including your email address, phone number, and mailing address; and4.3Professional Data: Your CVs and employment history if you are applying for a job.4.4Additionally, when you access our website, we automatically record technical details including your IP address, device ID, browser type, operating system, time zone, location data, and interaction logs that track the pages you visited, and the time spent on our platform.
5.Minors and Children's Privacy
Our platforms, professional services, and mentorship programs are strictly directed towards business professionals and individuals who have attained the age of majority (18 years or older). We do not knowingly solicit, collect, or process personal data from minors. By accessing our website, submitting your resume, or applying for any of our programs, you represent and warrant that you are at least 18 years of age. In the event that we discover that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child has provided us with personal data, please contact our Grievance/ Data Privacy Officer immediately for its removal.
6. Purpose of Processing
We process your personal data only for lawful purposes essential to the delivery of our cybersecurity consultancy services and the protection of our infrastructure. This includes Service Delivery, where we use your information to execute professional engagements such as Vulnerability Assessments (VAPT), compliance audits, and managed security services, as well as to manage client portals and authentication for secure report delivery. We also process data for Communication, specifically to send critical security advisories, incident response updates, remediation guidance, and transactionalalerts like invoices or contract renewals. A significant portion of our processing is dedicated to Security and Threat Monitoring, where we analyse web traffic and device logs to detect malicious vectors, prevent fraud, and ensure the resilience of our own networks as mandated by CERT-In and other regulatory bodies. Furthermore, we use your data for Legal Compliance to adhere to tax regulations, execute Non-Disclosure Agreements (NDAs), and respond to lawful government requests. Finally, subject to your explicit consent or our legitimate business interest, we may use your contact details for Marketing purposes to invite you to CISO roundtables, share whitepapers, or provide updates on the latest threat intelligence relevant to your industry.
7.Consent
By accessing our platforms or voluntarily providing your information through our various engagement channels, you grant your free, specific, informed, unconditional, and unambiguous consent to the processing of your personal data for the purposes outlined in this policy. This consent is evidenced by your clear affirmative action such as submitting your resume or curriculum vitae for job applications, completing registration forms to join our cybersecurity community, or applying for our mentorship programs which signifies your full understanding and acceptance of how we collect, use, and store your data for these specific activities. You retain the absolute right to withdraw this consent at any time by formally communicating your decision to us; however, please be aware that withdrawing consent may result in our inability to process your employment application, maintain your membership in our community, or continue your participation in our mentorship program, thereby leading to the cessation of those specific services or opportunities.
8.Data Sharing and Transfer
We maintain strict confidentiality and strictly do not sell, trade, or monetize your personal data to any external parties. However, to effectively operate our business and deliver our services, we may share your data with trusted third-party service providers acting as Data Processors such as cloud infrastructure providers (e.g., AWS, Azure) for secure hosting, CRM platforms for managing client inquiries, and background verification agencies for processing job applications all of whom are contractually bound by rigorous Data Processing Agreements (DPAs) and confidentiality obligations to protect your information. Furthermore, as a cybersecurity entity subject to specific regulatory mandates, we may be required to disclose data to law enforcement agencies, courts, or statutory bodies like the Indian Computer Emergency Response Team (CERT-In) for the purposes of mandatory cyber incident reporting, fraud prevention, or legal compliance. In instances where your data is transferred to countries outside India, we strictly adhere to the provisions of the Digital Personal Data Protection Act, ensuring that transfers are only made to permissible territories and that the recipient entity guarantees a level of data protection equivalent to that required under Indian law
9.Data Retention
We retain your personal data and technical logs only for as long as is reasonably necessary to fulfil the specific purposes for which it was collected, including the provision of our cybersecurity services, the processing of job applications, and the maintenance of community memberships. Because retention needs vary by data type, our periods are determined by strict adherence to statutory requirements and business necessities; for instance, candidate resumes may be kept for a defined period to consider you for future roles. Crucially, as a cybersecurity enterprise, we are legally mandated by the CERT-In Directions (2022) to retain certain system logs, ICT traffic data, and subscriber information for a minimum period of 180 days to aid in cyber incident analysis andforensics. Once the applicable retention period expires or the purpose for processing is achieved, we securely delete or anonymize your data to prevent further processing, unless a longer retention period is required to resolve disputes, enforce our agreements, or comply with valid legal orders.
10.Where We Store Data
We primarily store and process your personal data within secure infrastructure located in India, where our headquarters are established. However, given the global nature of the cybersecurity ecosystem and our reliance on top-tier cloud service providers (such as AWS or Azure) and international technology partners, your data may be transferred to, stored in, or accessed from countries outside India. In all such instances, we adhere strictly to the Digital Personal Data Protection Act, 2023, ensuring that data is only transferred to territories not restricted by the Government of India
11.Your Rights and Choices
We respect your privacy and grant you significant control over your personal data, subject to the laws applicable in your jurisdiction. Depending on whether you are governed by the Indian Digital Personal Data Protection Act, 2023 or international regulations like the GDPR, you are entitled to exercise specific rights, including the (i) Right to Access and Confirmation, which allows you to request a summary of the data we hold and its processing activities; (ii) the Right to Correction and Erasure, enabling you to update inaccurate details or request the deletion of your data (subject to our mandatory data retention obligations under cyber laws); (iii) the Right to Grievance Redressal to report concerns; and (iv) the Right to Nominate an individual to exercise your rights in the event of incapacity.For our global users, we also acknowledge rights such as the Right to Restrict Processing, the Right to Object to legitimate interest processing, and the Right to Data Portability where technically feasible. You may also Withdraw Your Consent at any time for specific processing activities, though this will not affect the lawfulness of processing based on consent before its withdrawal. To exercise any of these rights, please contact us at dpo@tinycrows.com we will respond without undue delay and within statutory timelines, while noting that we may retain certain data records if required to comply with legal disputes or CERT-In security directives.
12.Security Measures
As a cybersecurity consultancy, protecting your data is not just a regulatory requirement but a core tenet of our business operations. We implement and maintain robust, industry-leading security practices that align with ISO 27001 standards and the "Reasonable Security Practices" mandated by the Information Technology Act, 2000. We subject our own infrastructure to regular Vulnerability Assessments and Penetration Testing (VAPT) and enforce stringent physical and operational security protocols to ensure that your information remains secure against evolving cyber threats, although we acknowledge that no digital transmission is completely infallible.
13.Cookie Policy
This Cookie Policy applies to the website(s) and client portals (together, the "Sites") provided by Tinycrows. The Sites include (www.) tinycrows.com and any additional secure portals or dashboards managed by us.This Cookie Policy explains how and why cookies, web beacons, pixels, and other similar technologies (collectively “Cookies”) may be stored on and accessed from your device when youuse or visit our Sites and how you can manage your preferences. This Cookie Policy should be read together with our Privacy Policy and our Terms of Use. Tinycrows reserves the right, at its sole discretion, to alter and update this Cookie Policy from time to time. We therefore invite you to review the current version of the Cookie Policy each time you return to our Sites.13.1What are Cookies?Our digital platforms utilize "cookies" and similar tracking technologies to enhance your browsing experience, secure our services, and analyze website traffic. A cookie is a small text file stored on your device that helps us recognize your browser and capture certain information; we categorize these into "Strictly Necessary" cookies, which are essential for the technical operation of our site, enabling secure logins, preventing Cross-Site Request Forgery (CSRF), and detecting malicious bot activity; "Analytical/Performance" cookies, which allow us to recognize and count the number of visitors and see how they move around our website, helping us improve our service offerings; and "Functionality" cookies that remember your preferences (such as language or region).13.2Cookies can be further categorized into two types:If you are a registered user accessing our client platforms, we may use these Cookies to verify your identity across different sessions.13.2.1Session Cookies: These are only stored on your device during your browser session. They are deleted automatically when you close your browser.13.2.2Persistent Cookies: These remain on your device for a set period even after your browser session has ended (e.g., to remember your login status or language preference).13.3What do we use Cookies for?Our Sites use different categories of Cookies for the purposes described below.13.3.1Strictly Necessary Cookies: These Cookies are required for the operation of our Sites and the use of their core features. They include, for example, Cookies that enable you to log into secure areas of our Sites. They enable us to remember some of your choices to speed up navigation and provide you with a secure site experience.13.3.2Security Note: As a cybersecurity firm, we also use these cookies to detect malicious activities like CSRF, malicious bots, DDOS attempts, etc.Our Sites cannot function without such Cookies, and they are therefore automatically set when you visit them. You can set your browser to block or alert you about these Cookies, but some parts of our Sites will not work.13.4Functional CookiesOur Sites may use functional Cookies to carry out analytics and enhance our Sites. These Cookies allow us to collect information such as how you use our Sites, which pages are the most visited or where people visiting our Sites are located. This enables us to determine what content is of most interest to our users and to ensure that users are finding what they are looking for easily.13.5Targeting CookiesThese Cookies record your visit to our Sites, the pages you have visited, and the links you have followed. We may use this information to make our Sites more relevant to your interests. We may also use Cookies to enable you to share content on networking or social media sites or for marketing purposes where you have subscribed to marketing communications from Tinycrows.13.6Managing CookiesStrictly necessary Cookies are automatically set on your browser when you visit our Sites. These Cookies are required for our Sites to work properly and cannot be disabled using the “Manage Cookie Settings” window on our Sites.You have the choice to accept all Cookies by clicking on “Accept all cookies” or manage your preferences by clicking on “Cookie Settings” on our cookie banner. Please note that certain functionalities of our Sites might not work if you choose to disable other Cookies.If you want to modify your Cookie settings later on, you can do so by clicking on the “Manage Cookie Settings” available on the website.You can also use the settings of your Internet browser to prevent your browser from accepting new Cookies (including strictly necessary Cookies), get notified when new Cookies are dropped on your browser, and disable or delete Cookies altogether.
14.Re-Captcha
To protect our web forms from automated access, we use a CAPTCHA service. As part of this process, users may be asked to complete simple tasks or select checkboxes. The information entered and, where applicable, mouse movements are analysed to determine whether the interaction is made by a human or an automated system.The CAPTCHA service is provided by a third-party provider. When it is displayed, content from this provider is loaded, allowing them to receive information that you have accessed our website as well as technically necessary usage data. We have no control over how the third-party provider further processes this data.The use of the CAPTCHA is based on our legitimate interest in protecting our website from spam and misuse.
15.Updates
We may change this privacy policy from time to time, and you should check these regularly. Your use of the website will be deemed an acceptance of the privacy policy existing at that time.
16.Contact Us
If you have any questions regarding our privacy practices or this Privacy Notice, or to request this document, please contact us at:Contact person: Supreet AgrawalContact address: 1605, Bramhacorp Business Park, New Kalyani Nagar, Pune- 411 014Phone: Email: dpo@tinycrows.com
.png)
