Privacy Policy

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources. The types of information we collect include:

Personal Information You Provide:

Full name, email address, phone number, and postal address when you register for our services, apply for internships, or submit contact forms.

Company name, designation, and business details when you engage our professional services.

Payment information including billing address and payment method details (processed securely through third-party payment processors — we do not store credit card numbers on our servers).

Resume, educational qualifications, and professional experience when applying for internships or career opportunities.

Any other information you choose to provide in messages, support tickets, or feedback forms.

Information Collected Automatically:

Device information including IP address, browser type, operating system, device identifiers, and screen resolution.

Usage data such as pages visited, time spent on pages, click patterns, referring URLs, and navigation paths.

Log data including server logs, access times, and error logs for security monitoring and service improvement.

Cookies and similar tracking technologies (see Section 6 for details on our cookie policy).

We use the information we collect for the following purposes:

**Service Delivery** — To provide, maintain, and improve our cybersecurity services, web development projects, and IT consulting engagements.

**Communication** — To send you service updates, security advisories, project status reports, invoices, and respond to your inquiries and support requests.

**Internship Management** — To process internship applications, manage intern records, generate certificates, and track project progress.

**Security & Protection** — To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.

**Analytics & Improvement** — To understand how our services are used, identify trends, and improve user experience and service quality.

**Legal Compliance** — To comply with applicable laws, regulations, legal processes, and governmental requests.

**Marketing** — To send promotional communications about new services, events, or updates (only with your explicit consent, and you can opt-out at any time).

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information in the following circumstances:

**Service Providers** — With trusted third-party service providers who assist us in operating our website, conducting business, or servicing you (e.g., payment processors, email services, cloud hosting providers). These providers are bound by confidentiality agreements.

**Legal Requirements** — When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

**Business Transfers** — In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

**With Your Consent** — When you have given us explicit permission to share your information for a specific purpose.

**Aggregated/Anonymized Data** — We may share aggregated, de-identified information that cannot reasonably be used to identify you for research, analytical, and business purposes.

We do NOT share vulnerability assessment reports, penetration testing findings, or any client-specific security data with any third party without explicit written authorization from the client.

We implement industry-standard security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

**Encryption** — All data transmitted between your browser and our servers is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256 encryption.

**Access Controls** — Strict role-based access controls ensure that only authorized personnel can access personal information, and only on a need-to-know basis.

**Infrastructure Security** — Our servers are hosted in SOC 2 Type II certified data centers with 24/7 physical security, biometric access controls, and environmental monitoring.

**Regular Audits** — We conduct regular internal and third-party security audits, vulnerability assessments, and penetration tests on our own infrastructure.

**Employee Training** — All team members undergo mandatory security awareness training and sign confidentiality agreements before accessing any client or user data.

**Incident Response** — We maintain a comprehensive incident response plan. In the event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by applicable data protection laws.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to continuous improvement of our security posture.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

**Account Data** — Retained for the duration of your account or business relationship with us, plus 3 years after account closure for legal and audit purposes.

**Service Records** — Project deliverables, reports, and service records are retained for 5 years after project completion for reference and legal compliance.

**Internship Records** — Intern data, certificates, and verification records are retained indefinitely to support certificate verification services.

**Communication Records** — Support tickets and communication logs are retained for 2 years for quality assurance and dispute resolution purposes.

**Financial Records** — Invoices and payment records are retained for 8 years as required by Indian tax and accounting regulations.

**Website Analytics** — Anonymized analytics data may be retained indefinitely for trend analysis and service improvement.

You may request deletion of your personal data at any time by contacting us at support@ironshieldapi.in. We will process deletion requests within 30 days, subject to legal retention requirements.

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic:

**Essential Cookies** — Required for the website to function properly, including session management, authentication, and security features. These cannot be disabled.

**Analytics Cookies** — Used to collect anonymized information about how visitors use our website (e.g., pages visited, time on site). We use this data to improve our website and services.

**Functional Cookies** — Remember your preferences and settings (e.g., theme preference, language) to provide a personalized experience.

**Marketing Cookies** — Used to track visitors across websites to display relevant advertisements. These are only set with your explicit consent.

You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling essential cookies may affect the functionality of our website.

We do not use cookies to track your activity on other websites or to build advertising profiles without your consent.

You have the following rights regarding your personal information:

**Right to Access** — You can request a copy of the personal information we hold about you at any time.

**Right to Rectification** — You can request correction of any inaccurate or incomplete personal information.

**Right to Deletion** — You can request deletion of your personal information, subject to legal retention obligations.

**Right to Restriction** — You can request that we limit the processing of your personal information in certain circumstances.

**Right to Data Portability** — You can request your personal information in a structured, commonly used, machine-readable format.

**Right to Object** — You can object to the processing of your personal information for direct marketing purposes at any time.

**Right to Withdraw Consent** — Where processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer at support@ironshieldapi.in. We will respond to your request within 30 days.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age.

If we become aware that we have inadvertently collected personal information from a child under 16, we will take immediate steps to delete such information from our records.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@ironshieldapi.in so we can take appropriate action.

For our internship programs, applicants must be at least 18 years of age or have verifiable parental/guardian consent.

IronShieldAPI is based in India. If you access our services from outside India, your information may be transferred to, stored, and processed in India.

We ensure that any international data transfer is conducted in compliance with applicable data protection laws and that appropriate safeguards are in place to protect your personal information.

By using our services, you consent to the transfer of your information to India and acknowledge that data protection laws in India may differ from those in your country of residence.

For clients in the European Economic Area (EEA), we implement Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of personal data during international transfers.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by posting the new Privacy Policy on this page and updating the 'Last Updated' date at the top.

For significant changes, we will provide prominent notice on our website or send you an email notification to the address associated with your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@ironshieldapi.in

Website: https://ironshieldapi.in

Address: Pune, Maharashtra, India

We are committed to resolving any complaints about our collection or use of your personal information. We aim to respond to all inquiries within 2 business days and resolve complaints within 30 days.