Privacy Policy

Kawacha is a security and compliance services business operating in India. We help businesses implement security and data privacy obligations. Contact: contactus@kawacha.com

When you submit the contact form on this website, we collect: • Your name • Your company name • Your email address • The message you write to us We do not collect any other personal data. We do not use cookies, analytics trackers, or third-party tracking scripts on this website.

We collect this data solely to respond to your enquiry and assess whether a Kawacha engagement is the right fit for your business. We do not use it for any other purpose.

We process your personal data on the basis of your consent, given when you submit the contact form. You may withdraw consent at any time by writing to contactus@kawacha.com — we will delete your data within 30 days.

Enquiry data is retained for up to 12 months from the date of receipt, after which it is deleted. If an engagement begins, data related to that engagement is governed by the separate engagement agreement between you and Kawacha.

Your data is stored and processed in India. We do not transfer your personal data outside India. We do not sell, share, or disclose your data to any third party, except where required by law.

Under the Digital Personal Data Protection Act 2023, you have the right to: • Access the personal data we hold about you • Correct inaccurate or incomplete data • Request erasure of your data • Withdraw consent at any time • Nominate a representative to exercise these rights on your behalf To exercise any of these rights, write to: contactus@kawacha.com We will respond within 30 days.

If you have a complaint about how we handle your personal data, you may raise it with us at: contactus@kawacha.com We will acknowledge your complaint within 7 days and resolve it within 30 days. If you are not satisfied with our response, you may approach the Data Protection Board of India once it is constituted under the DPDP Act 2023.

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, disclosure, or loss. We are ourselves compliant with CERT-In Directions 2022.

In the event of a personal data breach that is likely to affect you, we will notify you without undue delay and within 72 hours of becoming aware of it, as required under the Digital Personal Data Protection Act 2023 and CERT-In Directions 2022. Notification will be sent to the email address you provided. We will describe the nature of the breach, the data affected, the likely consequences, and the measures we are taking or have taken to address it. To report a suspected security incident involving your data, write to: contactus@kawacha.com

We may update this policy as our services evolve or as legal requirements change. The current version will always be available at kawacha.com/privacy. Material changes will be communicated to you if we hold your contact details.