This Privacy Policy describes how TRINETRA CYBER DEFENSE PRIVATE LIMITED (CIN: U74904UW2026PTC252417), a company incorporated under the Companies Act, 2013, with its registered office at G-04 Satyam Complex-2, Plot Cs-05, Alpha Greater Noida, Gautam Buddha Nagar, Noida, Uttar Pradesh 201310, India ("Trinetra", "we", "us"), the operator of trinetracyberdefense.com, acts as a Data Fiduciary (under the India Digital Personal Data Protection Act, 2023) and Data Controller (under the GDPR, for users in the EEA/UK) in respect of your personal data.
Who we are
The controller/fiduciary responsible for your data is TRINETRA CYBER DEFENSE PRIVATE LIMITED, G-04 Satyam Complex-2, Plot Cs-05, Alpha Greater Noida, Gautam Buddha Nagar, Noida, Uttar Pradesh 201310, India. For any privacy question, contact our Grievance Officer (see section 11) or info@trinetracyberdefense.com.
Data we collect
- Account data: name, email address, hashed password (Argon2id — we never store your password in plaintext), and your consent records (Terms / AUP acceptance, age confirmation, timestamps).
- Profile & learning data: display name, rank, XP, badges, challenge solves, lab sessions, quiz results, and certificates you earn.
- Payment data: billing identifiers and subscription status. Card/UPI details are handled directly by Stripe and Razorpay — we receive only tokens and transaction metadata, never full card numbers.
- Technical data: IP address, device/browser type, and log data, used for security, abuse prevention, and reliability.
- Usage / analytics data: pages viewed and feature events — collected via PostHog only if you opt in through our cookie banner.
- AI mentor interactions: the questions/messages you send to the in-app AI mentor. Flag values are redacted before any content is sent to the AI provider.
- Support communications: emails and messages you send us.
Why we use it & lawful basis
| Purpose | Data used | Lawful basis (GDPR) / Ground (DPDP) |
|---|---|---|
| Provide the platform, your account, labs & progress | Account, profile, learning, technical | Performance of a contract; legitimate use |
| Process payments & manage subscriptions | Account, payment | Performance of a contract |
| Security, fraud & abuse prevention | Technical, account | Legitimate interests / legal obligation |
| Product analytics to improve the Service | Usage / analytics | Consent (opt-in cookie banner) |
| Error monitoring & reliability | Technical, limited account id | Legitimate interests (no profiling, no PII beyond user id) |
| AI mentor hints | Your messages (flags redacted) | Performance of a contract / consent |
| Service & legal notices | Account | Legitimate interests / legal obligation |
Processors & who we share with
We do not sell your personal data. We share it with the following categories of data processors, who act on our instructions under contract:
| Processor | Role | Where |
|---|---|---|
| Stripe | Payment processing (international cards) | USA / global |
| Razorpay | Payment processing (India — UPI, cards) | India |
| Amazon Web Services (AWS) | Cloud hosting, database, storage | India (ap-south-1) |
| PostHog | Product analytics (only with consent) | EU / USA |
| Sentry | Error & crash monitoring | USA / EU |
| Anthropic / Groq | AI mentor inference (flag values redacted before sending) | USA |
| Email delivery (e.g. AWS SES) | Transactional email | India / USA |
We may also disclose data where required by law, to enforce our Terms, or to protect the rights, safety, or property of Trinetra, our users, or the public.
International data transfers
Some processors are located outside India and the EEA. Where personal data is transferred internationally, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses and the processors' own data-protection commitments — and on transfers permitted under the DPDP Act to countries not restricted by the Indian government.
How long we keep data
We retain personal data only as long as necessary for the purposes above:
- Account & learning data: for the life of your account, then deleted or anonymised within 90 days of account closure, unless a longer period is required by law.
- Payment/transaction records: retained for the period required by Indian tax and accounting law (typically up to 8 years under the Companies Act, 2013).
- Security logs: typically 12 months.
- Backups: encrypted backups are retained on a rolling 30-day cycle, after which deleted data ages out of all backup copies.
- Analytics data: retained per our PostHog configuration and deleted/anonymised thereafter.
Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you and obtain a copy (data export).
- Correct inaccurate or incomplete data.
- Erase your data ("right to be forgotten") — you can request deletion of your account and associated personal data.
- Withdraw consent (e.g. turn off analytics) at any time, without affecting prior lawful processing.
- Object to or restrict certain processing, and to data portability (GDPR).
- Nominate another individual to exercise your rights in the event of death or incapacity (DPDP).
- Complain to the Data Protection Board of India or your local supervisory authority.
You can exercise account export and deletion from your account settings, or by emailing info@trinetracyberdefense.com. We will respond within the timeframes required by law.
Children's data
The Service is not directed at children under 16. Users under the age of majority must have verifiable parental/guardian consent as required by the DPDP Act. We do not knowingly profile children or serve them targeted advertising. If we learn we have collected a child's data without the required consent, we will delete it.
Security
We use technical and organisational measures appropriate to the risk: Argon2id password hashing, encryption in transit (TLS), access controls, isolated lab containers (dropped capabilities, read-only root filesystem, internal-only networking), and the principle of least privilege. No method of transmission or storage is perfectly secure; we will notify affected users and the relevant authority of a personal data breach as required by law.
Grievance Officer / Data Protection Officer
Grievance Officer
TRINETRA CYBER DEFENSE PRIVATE LIMITED
G-04 Satyam Complex-2, Plot Cs-05, Alpha Greater Noida, Gautam Buddha Nagar, Noida, Uttar Pradesh 201310, India
Email: grievance@trinetracyberdefense.com (or info@trinetracyberdefense.com)
EEA/UK users may also contact our Data Protection point of contact at the same address. We aim to acknowledge grievances promptly and resolve them within the period prescribed by law.
Changes to this policy
We may update this Privacy Policy. The "Last updated" date reflects the latest version; we will give notice of material changes. Please review it periodically.