Privacy Policy

Effective date: March 10, 2026. This Privacy Policy explains how Convigil Private Limited collects, uses, protects, and shares information when you visit our website, request our services, interact with our chatbot, or communicate with us for cybersecurity, compliance, development, marketing, or partnership enquiries.

1. About Convigil

Convigil Private Limited offers cybersecurity and advisory services including VAPT, SOC support, GRC audit programs, regulatory readiness reviews, selected digital services, and partner-led business collaboration models. This policy applies to information processed through our website, business communication channels, consultations, service onboarding, and related pre-sales workflows.

2. Categories of Information We Collect

• Identity and business details: name, work email address, phone number, organization name, role, industry, and business location.
• Service request details: requested service categories, scope notes, preferred timelines, target assets, compliance objectives, uploaded scope documents, and engagement context.
• Partner and alliance information: organization profile, market focus, delivery capabilities, geographic presence, team size, and collaboration goals submitted through partner workflows.
• Communication records: website form submissions, support enquiries, chatbot questions, WhatsApp-initiated outreach, and email correspondence.
• Website and device information: browser type, device type, pages visited, interaction patterns, language selection, accessibility settings, approximate IP-based location, and cookie choices.
• Operational information: meeting notes, proposal status, audit planning information, or onboarding data needed before a formal engagement begins.

3. How We Use Information

• To respond to consultation requests, demos, pricing questions, or contact enquiries.
• To understand project suitability for VAPT, SOC, GRC, audit, or regulatory assessments.
• To prepare proposals, scope assumptions, timelines, and delivery planning.
• To manage partner-network, alliance, and strategic collaboration enquiries.
• To improve website accessibility, multilingual support, content relevance, and service navigation.
• To protect our website, investigate misuse, prevent unauthorized activity, and maintain platform security.
• To comply with legal, tax, contractual, regulatory, or recordkeeping obligations.

4. Legal Bases for Processing

Depending on the purpose and your location, we process information under one or more of the following legal bases: consent, legitimate business interest, contractual necessity, pre-contractual service evaluation, and compliance with legal obligations.

5. Use of Cookies and Similar Technologies

We use cookies, local storage, and similar browser technologies to remember user preferences, support website functionality, improve navigation, analyze traffic patterns, maintain accessibility settings, and understand how visitors engage with our pages. More detail is available in our Cookie Policy.

6. When We Share Information

We do not sell personal data. We may share information only where necessary with hosting providers, analytics tools, communication platforms, document management providers, website support vendors, payment or contracting systems, and professional advisors who help us operate securely and lawfully. We may also disclose information when required by law, court order, lawful authority request, or to protect our rights, clients, staff, or systems.

7. Service-Specific Confidentiality

Many Convigil services involve sensitive business or technical information. Where clients share audit evidence, security findings, architecture details, application scope, or regulatory material, such information is handled under applicable contractual confidentiality terms, internal access restrictions, and operational safeguards. Website use alone does not create a full confidentiality agreement, but we still aim to limit unnecessary disclosure and protect pre-sales information appropriately.

8. Data Retention

We retain information only for as long as reasonably necessary for the purpose for which it was collected, including pre-sales follow-up, service delivery planning, legal compliance, dispute resolution, fraud prevention, and internal recordkeeping. Retention periods may differ depending on whether the information relates to marketing enquiries, partner requests, support interactions, or signed commercial engagements.

9. Security Controls

We apply administrative, technical, and organizational controls designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These may include restricted access, role-based handling, secure storage practices, credential protection, review of third-party tooling, and monitoring of website-level misuse. No online system can be guaranteed to be completely secure, but we maintain reasonable security measures aligned to the nature of the information involved.

10. International Access and Cross-Border Processing

Our website may be accessed from multiple jurisdictions, and some supporting providers may process data outside your local region. Where cross-border processing is involved, we use reasonable contractual, technical, and operational protections appropriate to the type of information and the services being delivered.

11. Your Rights and Choices

• You may request access to the personal data we hold about you.
• You may ask us to correct inaccurate or incomplete information.
• You may request deletion or restriction where legally applicable.
• You may object to certain processing based on legitimate interests.
• You may withdraw consent where a processing activity depends on consent.
• You may update cookie settings through the website controls.

12. Marketing and Communications

If you contact us for services, download resources, or engage with our team, we may send business-related communications relevant to your request. Where required by law, we will rely on consent before sending optional promotional communication. You may opt out of non-essential communication at any time.

13. Children's Privacy

Our services and website are intended for business and professional use. We do not knowingly collect personal information from children. If you believe a child has submitted information to us, please contact us so we can review and remove it if appropriate.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our website, services, operational practices, technology, legal requirements, or regulatory expectations. The latest version will be posted on this page with an updated effective date.

15. Contact for Privacy Matters

For privacy requests or data protection questions, you can contact Convigil Private Limited at info@convigil.com or through our Contact page. Please include enough detail for us to understand the request and verify the business relationship, where relevant.