Hexdrift Security Advisory
Legal

Privacy Notice

Effective date: 24 April 2026

This notice explains how Hexdrift (“we”, “us”, “our”) handles personal data submitted through the contact form on this website. We are committed to handling that data responsibly and in accordance with applicable data protection laws, including India’s Digital Personal Data Protection Act (DPDP) and, where relevant, the EU General Data Protection Regulation (GDPR) and Saudi Arabia’s Personal Data Protection Law (PDPL).

1. Data controller

The data controller is Hexdrift Security Advisory, headquartered in India. For any privacy-related queries, contact us at info@hexdrift.com.

2. What data we collect

We collect only the information you provide when submitting our contact form:

  • Name - to address you correctly in our response.
  • Company name - to understand the organisational context of your enquiry.
  • Email address - to send you our response.
  • Phone number - optional; provided only if you choose to include it.
  • Service interest - optional; helps us route your enquiry to the right team.
  • Message content - the details of your enquiry.

We do not collect any special category data (such as health, financial, or biometric information) through this form, and we do not request it.

3. Why we collect it

The sole purpose of collecting this data is to receive, review, and respond to your enquiry. We do not use it for marketing, profiling, or any automated decision-making. We do not sell it, and we do not use it to build advertising audiences.

4. Lawful basis for processing

We process your data on the following grounds depending on your jurisdiction:

  • Legitimate interests (GDPR Art. 6(1)(f)) - responding to a business enquiry you initiated is a legitimate interest that does not override your rights.
  • Consent / voluntary submission (DPDP Act, PDPL) - by completing and submitting the contact form, you consent to us using the provided data to respond to your enquiry.

5. How data is shared

We do not sell, rent, or trade your personal data. Data submitted through the contact form is received directly by our team via email. We do not share it with third parties except:

  • Email delivery infrastructure - we use a transactional email provider solely to deliver form submissions to our inbox. This provider acts as a data processor and is bound by appropriate data processing terms.
  • Legal obligation - where we are required by law, court order, or regulatory authority to disclose information.

6. How long we keep data

We retain enquiry data for as long as is necessary to respond to and follow up on your request - typically no longer than 24 months from the date of submission, unless a longer period is required by applicable law or a business relationship develops from the enquiry.

If you ask us to delete your data before that period, we will do so unless retention is required by law.

7. Security measures

We take reasonable technical and organisational measures to protect the data you submit - including encrypted transmission (HTTPS/TLS), access controls limited to staff who need to handle your enquiry, and secure email handling practices. As a cybersecurity advisory firm, we hold ourselves to a high standard in this regard.

8. Your rights

Depending on your jurisdiction, you may have the following rights over your personal data:

  • Access - request a copy of the data we hold about you.
  • Correction - ask us to correct inaccurate or incomplete data.
  • Erasure - ask us to delete your data where we no longer have a lawful basis for retaining it.
  • Restriction - ask us to restrict processing in certain circumstances.
  • Objection - object to processing based on legitimate interests.
  • Withdrawal of consent - where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at info@hexdrift.com. We will respond within 30 days.

If you are located in the EU/EEA, you also have the right to lodge a complaint with your local supervisory authority. If you are in India, you may raise a grievance under the DPDP Act once the Data Protection Board is operational.

9. Cookies

This website does not use tracking, analytics, or advertising cookies. We do not load any third-party analytics scripts. Any cookies set are strictly necessary for the website to function (for example, security-related browser behaviour managed by the framework).

10. Changes to this notice

We may update this notice from time to time. The effective date at the top of this page will reflect the date of the most recent revision. Material changes will be noted clearly. Continued use of the website after a revision constitutes acceptance of the updated notice.

11. Contact us

For any questions about this notice or how we handle your data, contact us at:

Hexdrift Security Advisory
info@hexdrift.com

Alternatively, use the contact form on this website.