Privacy Policy

1. Introduction

Welcome to Sentry, a defense intelligence platform developed and operated by Lumiotech Private Limited (“Lumiotech,” “we,” “us,” or “our”). We empower organizations with next-generation defense intelligence capabilities to detect, analyze, and respond to threats with unprecedented precision.

We value and respect your privacy. This Privacy Policy describes how we collect, use, disclose, and protect your digital personal data when you use our Sentry platform, related websites, applications, and services (collectively, the “Services”). This Policy has been formulated in compliance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

Please read this Privacy Policy carefully. By accessing or using our Services, you are providing your free, specific, informed, unconditional, and unambiguous consent to the processing of your personal data as outlined in this Policy. If you do not agree, please do not use our Services.

2. Scope of this Policy

This Policy applies to digital personal data we collect through your use of the Services, as well as through any other interactions you may have with us (e.g., contacting our support team). It does not apply to services offered by other companies or individuals, including third-party services or websites that may be linked to or from our platform. Under the DPDPA, Lumiotech acts as a Data Fiduciary regarding the personal data we determine the purpose and means of processing.

3. Information We Collect

We collect personal data in various ways to provide, maintain, and improve the Services. We adhere to the principle of data minimization and only collect data strictly necessary for the purpose for which consent was obtained. This includes:

3.1 Information You Provide Directly

• Contact Information: Such as your name, email address, phone number, and professional title.
• Organization Details: Such as the name, address, and associated domain(s) of the organization you represent.
• Authentication Credentials: Including usernames, passwords, or other authentication data used to securely access your account.
• Communication Records: Copies of your communications with us (e.g., customer support inquiries, feedback, or surveys).

3.2 Information We Collect Automatically

• Usage Data: We may collect telemetry data regarding how you and your organization interact with the platform, such as features used, time duration spent, and pages visited, to optimize the Service.
• Log Data: Information such as your device’s Internet Protocol (IP) address, browser type, operating system, referral URLs, and dates/times of requests securely logged for IT compliance.
• Cookies and Similar Technologies: We may use cookies, web beacons, and other tracking technologies to collect information about your use of the Services. You have the right to manage your cookie preferences.

4. How We Use Your Information (Purpose Limitation)

We process the personal data we collect strictly for the specific business and operational purposes for which consent was obtained, including:

• Providing and Maintaining Services: To create and manage user accounts, authenticate users, process transactions, and operate our platform’s core defense intelligence functionalities.
• Responding to Requests and Inquiries: To communicate with you about support queries, technical questions, or other requests, and facilitate grievance redressal.
• Enhancing Platform Security and Capabilities: To analyze threats, detect suspicious activities, conduct investigations, and improve the security features and intelligence capabilities of Sentry.
• Improving and Personalizing: To understand how users interact with our Services, customize user analytic experiences, and develop new features.
• Marketing and Promotional Communications: To send you updates, event invitations, and other mission-critical information about our Services, unless you opt out of these communications.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests inside and outside your jurisdiction.

5. Data Sharing and Disclosure

We may share your information with trusted third parties under the following circumstances, ensuring all such entities act as legally bound Data Processors subject to strict confidentiality agreements:

• Data Processors: With trusted third-party companies that perform services on our behalf, such as cloud hosting, analytics, payment processing, or communications. These Data Processors are contractually required to protect your personal data and only process it in accordance with our instructions.
• Business Partners: In connection with joint projects or business collaborations, but only to the extent necessary to facilitate or evaluate such relationships and with appropriate consent.
• Compliance and Protection (Legal Override): We will disclose your information if we believe it is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or comply with a legal obligation, such as mandatory cyber incident reporting to authorities like CERT-In, responding to valid court orders, subpoenas, or government requests.
• Business Transfers: If we are involved in a merger, acquisition, sale of assets, financing, or bankruptcy, your information may be transferred as part of that transaction, provided the acquiring entity honors this ongoing Privacy Policy.

6. Data Retention and Erasure

We adhere to strict data retention policies. We retain your personal data only for as long as is necessary to fulfill the specific purposes for which it was collected, or to meet operational, legal, accounting, or reporting requirements.

Once the purpose of collection is served or you withdraw your consent, whichever is earlier, we will securely erase your digital personal data, unless retention is strictly required by law.

7. Information Security & Data Breaches

Protecting the confidentiality and integrity of your digital personal data is paramount. As a defense intelligence platform, we implement rigorous technical and organizational security safeguards to prevent unauthorized access, alteration, disclosure, or destruction of data, including:

• AES-256 encryption of data in transit and at rest.
• Robust secure server infrastructure and advanced network firewalls.
• Mandatory Multi-factor Authentication (MFA) and strict access controls.
• Continuous security monitoring and periodic external compliance audits.

Data Breach Notification: In the highly unlikely event of a personal data breach, Lumiotech maintains a strict incident response protocol. As mandated by the DPDPA and CERT-In directions, we will notify the Data Protection Board of India and any affected Data Principals without undue delay.

8. Cross-Border Data Transfers

As a global platform, your personal data may be transferred, processed, and maintained on secure servers located outside of India. Under the DPDPA, we utilize lawful mechanisms for transferring personal data globally and ensure that any receiving entity implements adequate levels of data protection equivalent to the standards upheld in India. We will not transfer data to any country or territory explicitly restricted by the Central Government.

9. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you (the Data Principal) possess several rights concerning your digital personal data:

• Right to Access: You can request a summary of your personal data being processed, the identities of Data Fiduciaries we have shared it with, and the categories of data shared.
• Right to Correction: You may request us to correct inaccurate data, complete incomplete data, or update your personal data.
• Right to Erasure: You can request the deletion of your personal data when its retention is no longer necessary for the original purpose or required under the law.
• Right to Withdraw Consent: Where processing is based on consent, you may easily withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
• Right to Grievance Redressal: You have the right to register grievances with our Grievance Officer, and if unsatisfied, have the right to approach the Data Protection Board of India.

To exercise any of these rights, please contact our Grievance Officer using the details provided below. We will acknowledge and address verifiable requests in a timely manner as required by law. Let it be known that it is your duty as a Data Principal not to furnish any false particulars or impersonate another person while providing personal data or exercising these rights.

10. Children’s Privacy

Our Services act as B2B intelligence platforms and are not directed at children (individuals under the age of 18). We do not knowingly process personal data belonging to children or undertake tracking or behavioral monitoring of children or targeted advertising directed at them.

11. Changes to This Privacy Policy

We may periodically update this Privacy Policy to ensure continuous compliance with changing legal standards and business practices. When we do, we will revise the “Last Updated” date at the top of this page and clearly signify material changes. We encourage you to review this Privacy Policy periodically.

12. Grievance Officer & Contact Us

In accordance with the Digital Personal Data Protection Act, 2023, the contact details of our designated Grievance Officer, for any privacy-related grievances, concerns, or inquiries, are provided below:

We will make every reasonable effort to acknowledge and resolve your request promptly and in a legally compliant timeframe.