Privacy & Cookies Policy

1. Statutory Applicability & Introduction

Welcome to Raidsoft ("we," "our," "us"). Under Indian law, when we determine the purpose and means of processing your data, we act as a Data Fiduciary. When we process data on your behalf via our enterprise software, we act as a Data Processor.

Why this applies: Because Raidsoft processes digital personal data within the territory of India—and offers digital services to individuals—we are strictly governed by the newly enacted Digital Personal Data Protection Act, 2023 (DPDPA). Furthermore, to protect you from corporate negligence, we publish this policy in mandatory compliance with Section 43A of the Information Technology Act, 2000, which holds corporate bodies legally liable to pay compensation if they fail to implement reasonable security practices to protect sensitive data.

By accessing our digital platforms, engaging our software engineering services, or interacting with our AI models, you (the "Data Principal") grant explicit, affirmative, and verifiable consent to the data practices meticulously described below.

2. Categorization of Collected Information

To ensure data minimization (a core principle of the DPDPA), we process specific categories of data strictly limited to what is absolutely necessary for our operational engagement:

3. Comprehensive Cookies & Tracking Policy

To provide a seamless, secure digital experience, Raidsoft deploys Cookies, Web Beacons, and Local Storage. This tracking is mandatory for maintaining zero-trust architecture on our client portals.

• Strictly Necessary (Session) Cookies: These are mandatory cryptographic tokens required to authenticate your login state and maintain enterprise dashboard security.
  Why it applies: Without these, the server cannot verify if you are a legitimate user or an unauthorized attacker attempting to access your ERP data.
• Analytical & Targeting Cookies: Aggregated metrics utilized to monitor server load, track user journey friction, and serve relevant B2B digital marketing content.
  Why it applies: We use these to dynamically scale our AWS cloud infrastructure based on traffic spikes. You may configure your browser to reject these, though platform rendering speeds may degrade.

4. Lawful Purpose & Statutory Processing Obligations

Under Section 4 of the DPDPA, 2023, personal data can only be processed for a "lawful purpose." We process your data exclusively to:

• Fulfill Contractual Obligations: To design, develop, host, and deploy the custom software, web solutions, and Native Apps you hired us to build.
• Financial Compliance: To execute financial transactions and raise statutory tax invoices (GST) as mandated by the Ministry of Finance.
• Cybersecurity Mandates (CERT-In): Under Section 70B of the IT Act, we are legally mandated to report severe cyber security incidents (like data breaches or ransomware attacks) to the Computer Emergency Response Team - India (CERT-In) within 6 hours. We process technical server logs to fulfill this national security obligation.

5. Data Sharing & Compelled Law Enforcement Disclosures

Raidsoft strictly does not broker, rent, or sell your personal data to data brokers. We exclusively share data under the following highly restricted legal parameters:

• Data Processors (Cloud Infrastructure): We route data through secure, heavily audited third-party infrastructure (e.g., AWS, Google Cloud, Razorpay).
  Why it applies: We must use global infrastructure providers to ensure 99.9% uptime. These entities are bound by strict Data Processing Agreements (DPAs) making them legally liable for data mishandling.
• Lawful Interception & Government Directives: We are legally bound to disclose data, decrypt communications, or provide server access to Indian law enforcement.
  Why it applies: Under Section 69 of the Information Technology Act, 2000, the Government of India holds the statutory power to issue directions for interception, monitoring, or decryption of any digital information to protect the sovereignty and integrity of India. We cannot refuse a lawful court warrant.

6. Security Practices & Mandatory Data Localization

To comply with Section 43A of the IT Act, Raidsoft implements robust, ISO/IEC 27001-equivalent "Reasonable Security Practices and Procedures" to shield your data from unauthorized exfiltration, alteration, or destruction.

• Encryption & Access: Data is secured using End-to-End Encryption (E2EE) using TLS 1.3 in transit and AES-256 Role-Based Access Control (RBAC) at rest.
• Data Localization:
  Why it applies: To ensure your data remains under the protection of Indian law, our primary databases and AI processing nodes are hosted on secure servers physically located within the Indian territory (e.g., AWS Asia Pacific - Mumbai). Cross-border data transfers are executed ONLY to jurisdictions explicitly whitelisted by the Central Government under the DPDPA, 2023.

7. Rights of the Data Principal (DPDPA 2023)

Because your data is being processed under the jurisdiction of India, the Digital Personal Data Protection Act, 2023 grants you (the "Data Principal") the following unalienable, statutory rights:

• Right to Access: You may request a verifiable, categorized summary of the personal data currently being processed by Raidsoft.
• Right to Correction & Erasure (Right to be Forgotten): You may demand the correction of inaccurate data or the complete deletion of your data once the contractual project is finished. (Note: We cannot delete financial data that we are legally required to retain for 8 years under the Companies Act and GST taxation laws).
• Right to Withdraw Consent: You may withdraw your processing consent at any time. (Warning: Withdrawal of consent will result in the immediate technological termination of your access to our custom software, ERPs, and ongoing IT services, as we cannot host your data without consent).
• Right to Nominate: You have the legal right to nominate a legal heir or representative to exercise your data rights in the event of your death or medical incapacity.

8. Grievance Redressal Mechanism

Why this applies: In strict mandatory compliance with the SPDI Rules, 2011, and the DPDPA, 2023, every Data Fiduciary must appoint a dedicated Grievance Redressal Officer. We are legally mandated to acknowledge your privacy grievance within 24 hours and resolve the dispute within 30 days of receipt.