Policy
Privacy Policy
Last updated: 19 April 2026 · Version 1.0
This Privacy Policy explains how Secure IT Technologies ("we", "our", "us") collects, uses, stores, and shares personal data when you visit secure-it.tech, submit an enquiry, or apply for a role with us. It is written to align with India's Digital Personal Data Protection Act, 2023 ("DPDP") and — for EU and UK visitors — the General Data Protection Regulation ("GDPR").
1. Who we are
Secure IT Technologies is a cybersecurity firm registered and operating in Chennai, Tamil Nadu, India. We act as the data fiduciary (DPDP) / data controller (GDPR) for the personal data described below.
2. Personal data we collect
We collect only what is needed for each interaction:
- Contact enquiries. Name, work email, company, topic of interest, and the message you send via the contact form.
- Job applications. Name, email, phone number, role applied for, years of experience, cover note, and the resume file you upload.
- Technical data. IP address, browser user-agent, and request timestamps — captured by our Cloudflare edge and retained short-term for security and anti-abuse purposes.
- Cookies. Only strictly necessary cookies at present: Cloudflare's session/security cookies and the Cloudflare Turnstile CAPTCHA. We do not run behavioural advertising or cross-site tracking.
We do not knowingly collect sensitive personal data (health, biometrics, sexual orientation, caste, etc.). Please do not volunteer such information via our forms.
3. Why we process your data (lawful basis)
- Respond to enquiries — legitimate use (DPDP) / consent and legitimate interests (GDPR).
- Evaluate job applications — your consent at the point of submission; pre-contractual steps in preparation of a possible employment contract.
- Security, fraud and abuse prevention — legitimate interests in protecting our infrastructure and users.
- Comply with legal obligations — where required by Indian law, or foreign law to which we are subject.
4. How long we keep it
- Enquiry records — up to 24 months after the last interaction, then deleted.
- Unsuccessful applications — up to 12 months, then deleted unless you ask us to keep them for future roles.
- Successful applications — retained as part of your employment record per applicable law and internal retention policy.
- Technical logs — up to 30 days at the edge, then purged.
5. Who we share it with
We do not sell your personal data. We share it only with the following processors, under contractual safeguards:
- Cloudflare, Inc. — hosting, CDN, WAF, DDoS mitigation, D1 database, R2 object storage, and the Turnstile CAPTCHA. Data is stored on Cloudflare's global edge network.
- Microsoft Corporation — Microsoft 365 handles
@secure-it.techemail, so messages you send to us are stored in Microsoft's infrastructure.
6. International transfers
Because Cloudflare operates globally, your data may be processed at edge locations outside India. Where that happens, we rely on Cloudflare's contractual commitments (DPA, SCCs where applicable) and on industry-standard encryption in transit (TLS 1.3) and at rest. We will adjust our practices if and when transfer rules under Section 16 of the DPDP Act are notified by the Indian Government.
7. Your rights
Under the DPDP Act, you may request to:
- Obtain a summary of the personal data we hold about you and who we've shared it with.
- Correct, complete, update, or erase your personal data.
- Withdraw consent you previously gave (without affecting prior lawful processing).
- Nominate another person to exercise your rights in the event of your death or incapacity.
- Seek grievance redressal — see section 12.
If you are in the EU/EEA or the UK, under the GDPR you also have the right to: access, rectify, erase, restrict, port, or object to processing; and to lodge a complaint with your local supervisory authority.
To exercise any of these rights, email privacy@secure-it.tech. We will respond within 30 days.
8. How we protect your data
Reasonable technical and organisational measures include: TLS 1.3 across all endpoints, Cloudflare WAF and bot protection, private (never-public) R2 storage for resume files, role-based access with strong credentials on the admin dashboard, timing-safe authentication compare, and short log retention. We review these controls regularly.
9. Children
Our services are not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a child has submitted information to us, contact privacy@secure-it.tech and we'll delete it.
10. Cookies and similar technologies
We use only strictly necessary technologies:
cf_clearance,__cf_bm— Cloudflare bot and security protection (session-scoped).- Cloudflare Turnstile — loaded on pages with forms; fires only when you interact with a form.
- Cloudflare Web Analytics — a privacy-friendly analytics beacon (
static.cloudflareinsights.com/beacon.min.js). It does not use cookies, does not fingerprint visitors, and does not track individuals across sites. It records only aggregate page loads and basic visit metrics.
If we later add non-essential cookies, we will update this policy and, where required, obtain your consent before those cookies fire.
11. Changes to this policy
We may update this policy from time to time. The effective date at the top will always reflect the latest version. Material changes will be highlighted on this page for at least 30 days. Historical versions are available on request.
12. Contact and grievance redressal
For any data-protection question or complaint, reach us at:
- Grievance / Data Protection Officer: privacy@secure-it.tech
- Company: Secure IT Technologies, Chennai, Tamil Nadu, India
- General enquiries: info@secure-it.tech
If you are not satisfied with our response, you may approach the Data Protection Board of India (when operational) or your local supervisory authority if you are in the EU/EEA or the UK.
This document is a good-faith draft intended to help visitors understand our practices. It is not legal advice. Please have it reviewed and customised by qualified counsel before relying on it.