Privacy Policy

SDSM Analytics Private Limited (trading as "Delphi Cloud") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, how we protect it, and your rights. This policy complies with the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. Information We Collect

Account Information

Name, email address, phone number, organization name, designation, and billing address provided during registration or account management.

Billing and Financial Information

GSTIN (for Indian businesses), billing address, and payment method selection. We never store credit/debit card numbers, CVV, or bank account details. All payment information is tokenized and processed by Razorpay, our PCI DSS Level 1 compliant payment processor. We only store Razorpay-issued tokens for recurring billing authorization.

Usage and Metering Data

Resource usage metrics (compute hours, storage consumption, network transfer volumes, API call counts) collected for billing accuracy and service delivery. This data is associated with your project/tenant ID, not personal identity.

Technical and Log Data

IP addresses, browser type, operating system, session identifiers, and access timestamps for security monitoring, abuse prevention, and service debugging. Infrastructure access logs are maintained in accordance with CERT-In directives.

Communications

Support tickets, emails, and feedback you send us, including metadata associated with those communications.

2. How We Use Your Information

• Service Delivery: Provisioning, operating, and maintaining cloud infrastructure
• Billing: Generating accurate bills, invoices, and processing payments
• Communication: Service notifications, billing alerts, maintenance announcements, and support responses
• Security: Detecting and preventing unauthorized access, abuse, fraud, and DDoS attacks
• Compliance: Meeting legal obligations including tax reporting, CERT-In requirements, and law enforcement requests
• Improvement: Analyzing aggregate, anonymized usage patterns to improve platform reliability and performance

We do not use your personal information for advertising, profiling, or selling to third parties.

3. Data Storage and Security

Infrastructure location: Your cloud resources (VMs, volumes, networks) are hosted on our baremetal infrastructure in India. Metering and billing data is processed using secure database systems.

Encryption: All data in transit is encrypted via TLS 1.2+. Storage volumes support encryption at rest.

Access controls: Infrastructure access is restricted to authorized personnel using key-based SSH authentication, with access logged and audited. No customer data is accessed without explicit authorization or legal requirement.

Incident response: We maintain security incident response procedures and will notify affected customers of data breaches within 72 hours of discovery, as required by the DPDP Act.

4. Data Sharing

We share your personal data only with:

• Razorpay: Payment processing (name, email, phone, payment details) — governed by Razorpay's privacy policy
• Government Authorities: When required by valid legal process, court order, or CERT-In directive under the IT Act, 2000
• Professional Advisors: Legal, tax, and audit professionals bound by confidentiality obligations

We never sell, rent, trade, or share your personal information with third parties for marketing or advertising purposes.

5. Data Retention

6. Your Rights

Under the DPDP Act, 2023 and applicable law, you have the right to:

• Access: Request a summary of your personal data and how it is processed
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Export your data in machine-readable format via our APIs
• Grievance redressal: File a complaint with our Data Protection Officer
• Nomination: Nominate an individual to exercise your rights in case of death or incapacity

To exercise any right, email info@delphicloud.ai with "Privacy Request" in the subject line. We will respond within 30 days.

7. Cookies and Tracking

We use minimal, essential cookies for session management and authentication. We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track individual users across websites. Essential cookies cannot be disabled as they are required for the service to function.

8. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, contact us immediately for deletion.

9. Cross-Border Data Transfer

Your cloud resources and primary data reside on infrastructure in India. Certain operational data (anonymized metrics, error logs) may be processed by tools hosted outside India for platform monitoring purposes. Any such transfer complies with applicable data protection requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email at least 15 days before taking effect. The updated policy will be posted here with a revised date.

11. Grievance Officer / Data Protection Officer