Privacy Statement

Bigstrum Solutions Private Limited (“Bigstrum”, “we”, “our”, or “us”) is a cybersecurity and compliance technology company providing advanced threat intelligence, risk management, and security operations solutions through its platform Niraapadh (https://niraapadh.com) and its website Bigstrum (https://bigstrum.in/).

Protecting Personal Data is fundamental to our mission of enabling secure digital ecosystems. This Privacy Statement explains how we collect, use, process, disclose, and safeguard Personal Data when you access our websites, platforms, services, and related offerings (collectively, the “Services”).

This Privacy Statement explains how Bigstrum Solutions Private Limited (including our family of brands, subsidiaries, and related entities when they specifically reference this Privacy Statement) collects, uses, discloses, and otherwise processes personal information (as defined below) in connection with our websites (the “Sites”) and other websites we own and operate that link to this Privacy Statement, and any other related content, platform, services, products, and functionality offered on or through our services (collectively, the “Services”).

This Privacy Statement applies to personal information collected, used, retained, or disclosed by Bigstrum Solutions Private Limited while acting in the capacity of a data controller, as that term is defined in the India’s Digital Personal Data Protection Act 2023, European Union’s (EU) General Data Protection Regulation 2016/679, the “EU GDPR” or, where applicable, the “United Kingdom (UK) GDPR” (as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018), as amended and supplemented from time to time (together, herein referred to as the “GDPR”), for the purposes and legal bases set out in further detail below. For example, when individuals access and use our website and we place cookies in their browser or when individuals create accounts within our Customer Service Portal and provide certain personal information (such as name and email address) that is used for authentication purposes, we act as a data controller. We adhere to the principles of the EU-U.S. Data Protection Framework (DPF), DPDP Act 2023, the Swiss-U.S. DPF, and the UK extension to the EU-U.S. DPF. To learn more, see our Data Privacy Framework statement below.

Our services are intended for and provided to businesses and other organizations (our “Customers”) for professional use. In providing these services, we process personal information relating to consumers or end-users (“Customer Data”) on behalf of and at the direction of our business customers as a “processor” or “service provider.” This Privacy Statement does not apply to data processing in our role as a “processor” or “service provider”. For additional information about our data processing activities in our role as a processor or service provider, please see our DPA and our Trust Center. When collecting, using, and disclosing personal information for their own purposes , our customers are responsible for making their own disclosures concerning the rights of individuals (e.g., “data subjects” under the GDPR) with respect to personal information and other information regarding data collection and use, in accordance with applicable law. If you are a consumer end-user of one of those organizations, you should read that organization’s privacy statement and direct any privacy inquiries to that organization.

When we use the term “personal information” in this Privacy Statement, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. The term does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual and does not apply to other information that is excluded from privacy protections under applicable law.

If you are located in the European Economic Area (EEA), the term “personal Information” used in this Privacy Statement includes all “personal data”, as defined under the EU GDPR, and any applicable national implementing laws, as amended from time to time.

The personal data we collect depends on how you interact with us, the services you use, and the choices you make.

We collect personal information about you from different sources and in various ways when you use our services, including information collected automatically when you interact with our Services, directly from you, or about you from other sources and third parties.

Personal Information Collected from You

We, and providers working on our behalf, collect the following personal information you may submit to us when you access and use the Services:

• Contact Information: including first and last name, business email address, business postal address, employer, job title, your area of responsibility, company name, phone number, your country or region, and communication preferences.
• Demographic Information: including age, gender, occupation or job level, military or veteran status, or similar demographic details may be collected when you complete a survey, download a whitepaper, or as part of your registration details for a demo or event.
• Inquiry and Communications Information: including information provided in custom messages sent through the forms, recorded in chat messages, to our email addresses, or via phone. This also includes information provided in order to subscribe to any of our newsletters (such as email address) or contact information provided on our Services or when you complete a survey or event registration.
• Account Information: including first and last name, company name, employer, job title, business email address, customer ID, user ID (or equivalent unique identifier) and password, profile information, affiliations, account balances, payment, customer support, return, replacement, subscription, and history of product and services obtained, purchased, and considered, and any other information you provide to us. Please note we use a third-party provider to process payments on our behalf and do not accept payments directly through our Services.
• Audio or Visual Information: including recordings of customer service or support calls for quality assurance and internal training purposes, and photographs of yourself that you voluntarily consent to provide in connection with reviews of and contests, sweepstakes, surveys, webcasts, and events involving our Services.
• LIVE community and Blog Information: including public profile information, username, comments and posts, topics you follow, interactions you have with other users, comments you post, and any other information you choose to provide. If you choose to post comments on our Blog, accessible at https://niraapadh.com/blog (the “Blog”), please be aware that other users of the blog will see your name, website, and the content of your comments, and may interact with you in response to your comments.
• Contest, Sweepstakes, and Survey Information: including information provided when you enter a contest or sweepstakes, or information included in any questions submitted through surveys or content of any testimonials.
• Event and Webcast Information: including registration information, call-in details, attendee badge information, and business and/or personal contact information, such as email, physical address, mobile or telephone number, job title, and company name.

Personal Information Automatically Collected

We, and our third-party providers, automatically collect information you provide to us and information about how you access and use the Services when you visit our Services, open our emails, or otherwise engage with us. We typically collect this information through our use of tracking technologies, including (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, mobile SDKs, location-identifying technologies and logging technologies (collectively, “tracking technologies”) and we may use third-party providers or technologies to collect this information. Information we collect automatically about you may be combined with other personal information we collect directly from you or receive from other sources.

We, and our third-party providers, use tracking technologies to automatically collect usage and device information, such as:

Information about the computer, tablet, smartphone or other device you use, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and a unique ID that allows us to uniquely identify your browser, mobile device, or your account (including, for example, a persistent device identifier or an Ad ID), and other such information. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices.

Information about the way you access and use our services, for example, the site from which you came and the site to which you are going when you leave our services, how frequently you access the Services, whether you open emails or click the links contained in emails, whether you access the services from multiple devices, and other browsing behavior and actions you take on the Sites. We may also record information you enter when you interact with our Services or engage in chat features through our Services.

• Information about how you use the Services: such as the pages you visit, the links you click, the ads you view and click on, videos you watch, and other similar actions. We may also use third-party tools to collect information you provide to us or information about how you use the Services and may record your mouse movements, scrolling, clicks and keystroke activity on the Services and other browsing, search or purchasing behavior. These tools may also record information you enter when you interact with our Services or engage in chat features through our Services.
• Information about your location: such as general geographic location that we or our third-party providers may derive from your IP address.

Analytics information. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure traffic and usage trends for the services and to understand more about the demographics of our users. You can learn more about Google’s practices at http://www.google.com/policies/privacy/partners and view its opt-out options at https://tools.google.com/dlpage/gaoptout.

The information collected automatically through these tools allows us to improve your customer experience. For example, we may use this information to enhance and personalize your user experience, to monitor and improve our Sites and Services, and to improve the effectiveness of our Services, offers, advertising, communications, features such as live and automated chat and customer service. We and our third-party providers may also use cookies and tracking technologies for advertising purposes.

For more information about these practices and your choices regarding cookies, please see our Cookie Notice. To opt-out of targeted advertising cookies, you have several options, including clicking on the link to “Do Not Sell or Share My Personal Information” in the website footer to adjust your targeting cookie preferences. You can also use the Global Privacy Control setting in a web browser or browser extensions (as described more fully in our Cookie Notice). Depending on where you live, we may also provide you with a website cookie banner when you first visit our Site and you can manage your preferences from that banner. Finally, see our Cookie Notice for additional options offered by the organizations our advertising partners may participate in. These choices are specific to the device or browser you are using. If you access our Sites and Services from other devices or browsers, take these actions from those devices or browsers to ensure your choices apply to the data collected when you use them.

Information we infer, create, or generate.

We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“Inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address or your interests or preferences based on your browsing history on our Sites and Services.

When you are asked to provide personal information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

Sources of Personal Information

We obtain personal information from other sources, which we may combine with personal information we collect automatically or directly from you.

We may receive the same categories of personal information as described above from the following sources:

• Our Customers, and Other Users or Individuals who Interact with our Services: : We may receive your information from our customers, such as Customer Data, and other users or other individuals who interact with our Services. This includes any information collected by us when you or your organization contact us for support related to your organization’s use of our products, services, or events. In such instances, we will also collect information about the reason for the inquiry and any other information provided to us.
• Your Employer / Company: : If you interact with our Services through your employer or company, we may receive your information from your employer or company, including another representative of your employer or company.
• Business Partners: : We may receive your information from our business partners.
• Social Media: : When an individual interacts with our Services through various social media networks, such as when someone “Likes” us on Facebook or follows us or shares our content on Google, Facebook, Twitter, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network, and including, but not limited to, your profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third parties. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services.
• Service Providers: : Our service providers that perform services on our behalf, such as survey and marketing providers, cloud-hosting services, payment processors, web and mobile analytics providers, online chat and other communications providers, collect personal information and often share some or all of this information with us.
• Information Providers: : We may from time to time obtain information from third-party information providers to correct or supplement personal information we collect. For example, we may obtain updated contact information from third-party information providers to reconnect with an individual.
• Other Sources: : We may also collect personal information about individuals that we do not otherwise have from, for example, publicly available sources, third-party data providers, brand partnerships, or through transactions such as mergers and acquisitions.

By accessing, registering on, or using:

• Bigstrum website
• Niraapadh platform
• Any related services

you expressly acknowledge and agree that:

You provide your free, specific, informed, and unambiguous consent for the collection, use, storage, processing, and transfer of your Personal Data by Bigstrum Solutions Private Limited.

This includes consent for use of Personal Data for purposes such as:

• User authentication and identity verification
• Send E-Mail and Messages, Make Phone Call for Marketing and business Promotion Purposes.
• Threat telemetry and cybersecurity monitoring
• Incident detection, investigation, and response
• Security analytics and threat intelligence
• Customer relationship management (CRM)
• Service improvement and customer research
• Compliance, audit, and regulatory requirements
• Any other purpose necessary for providing services and as permitted under applicable law

Where required under the Digital Personal Data Protection Act, 2023, you may:

• Withdraw consent at any time
• Request access, correction, or erasure
• Exercise grievance redressal rights
• Contact: dsar@bigstrum.in

We may collect the following categories of Personal Data:

3.1 Information You Provide

• Name, email, phone number
• Organization details
• Account credentials
• Communications and support requests

3.2 Automatically Collected Data

• IP addresses
• Device identifiers (MAC, IMEI, hostnames)
• Log files and telemetry
• Usage patterns and analytics

3.3 Security and Threat Intelligence Data

• Network traffic metadata
• Security logs and alerts
• Indicators of compromise
• Incident response artifacts (e.g., PCAP, forensic data)

3.4 Third-Party Sources

• Business partners
• Public sources
• Threat intelligence feeds

We process Personal Data to:

• Deliver cybersecurity and compliance services
• Detect, prevent, and respond to threats
• Authenticate users and secure systems
• Provide customer support
• Conduct analytics and research
• Improve products and services
• Comply with legal and regulatory obligations
• Send Email, Messages or Call for Marketing.

In accordance with the Digital Personal Data Protection Act, 2023:

• Consent is obtained through clear affirmative action
• Consent is purpose-specific and revocable
• We maintain records of consent
• We provide mechanisms to manage and withdraw consent
• Where applicable, consent may also be managed through authorized consent managers.

We may share Personal Data with:

• Affiliates and group entities
• Authorized service providers and sub-processors
• Customers (as part of service delivery)
• Regulatory authorities and law enforcement (where required)
• All third parties are bound by confidentiality and data protection obligations.

Your Personal Data may be transferred to and processed in countries outside your jurisdiction.

We ensure such transfers comply with:

• Applicable data protection laws
• Contractual safeguards
• Adequacy mechanisms where required

We implement industry-standard technical and organizational measures, including:

• Encryption (in transit and at rest)
• Multi-factor authentication (MFA)
• Role-based access control (RBAC)
• Continuous monitoring and threat detection
• Secure development lifecycle
• Data Leak Monitoring

We retain Personal Data:

• For as long as necessary to fulfill processing purposes
• To comply with legal obligations
• To resolve disputes and enforce agreements

Depending on applicable laws (including DPDP Act, GDPR, etc.), you may have rights to:

• Access your Personal Data
• Correct inaccuracies
• Request deletion
• Withdraw consent
• Object to processing
• Lodge complaints with authorities
• Contact: dsar@bigstrum.in

Our Services are not directed to individuals under the age specified by applicable law. We do not knowingly collect Personal Data from children.

Our Services may contain links to third-party websites. We are not responsible for their privacy practices.

We may update this Privacy Statement periodically. Updates will be posted on:

https://niraapadh.com/legal-notices/privacy

For privacy-related inquiries:

Data Protection Officer (DPO)

dpo@bigstrum.in

Data Subject Requests (DSAR)

dsar@bigstrum.in