Services About Solution Contact

Privacy Policy

Effective Date: 12 November 2025
Last Updated: 12 November 2025
This Privacy Policy describes how Sojaru Corp LLP (“Sojaru”, “we”, “our”, or “us”) collects, uses, processes, stores, and protects information when you access our website sojaru.in or use our cybersecurity products and services, including but not limited to Hawk and Galactus (collectively, the “Services”). By using our Website or Services, you agree to the terms of this Privacy Policy.

Company Details

Legal Entity: Sojaru Corp LLP
Registered Address:
2ND-FR, FL-2A, 3/97 Chittaranjan Colony,
Jadavpur University, Kolkata – 700032,
West Bengal, India
Email: [email protected]
Privacy Contact: [email protected]
Phone: +91-9147050755
GST No: 19AFSFS5111B1ZZ
Jurisdiction: Courts of Kolkata, West Bengal, India

Application Laws & Compliances

This Privacy Policy is framed in accordance with:

  • Digital Personal Data Protection Act, 2023 (India)
  • Information Technology Act, 2000
  • IT (SPDI) Rules, 2011
  • CERT-In Cybersecurity Directions (April 2022)
  • Indian Contract Act, 1872 Where international clients are involved, reasonable measures aligned with global data protection standards are adopted.

Information We Collect

Information You Provide Voluntarily

  • Name, designation, organization details
  • Email address, phone number, business address
  • Account credentials (if applicable)
  • Billing, invoicing, and payment details
  • Source code, binaries, configurations, or logs uploaded solely for security analysis
  • Support queries, communications, and feedback

Information Collected Automatically

  • IP address, browser type, device identifiers
  • Access timestamps and usage metadata
  • Security telemetry, threat indicators, and logs generated by Galactus
  • Performance and diagnostic data required for service reliability

Information from Authorized Sources

  • Threat intelligence feeds
  • Public vulnerability databases
  • Partner integrations approved by the client

Purpose of Data Processing

We process information strictly for: 1. Delivering cybersecurity scanning, monitoring, and protection services 2. Identifying vulnerabilities, threats, and anomalous behavior 3. Improving accuracy of AI-assisted security models 4. Account authentication and service administration 5. Legal compliance and audit requirements 6. Incident detection, reporting, and response 7. Customer communication and support We do not use client data for advertising or resale.

Source Code & Confidential Data Protection

  • Uploaded source code or internal systems data remain the sole property of the client
  • Sojaru does not claim ownership or licensing rights over client code
  • Code is processed only for security analysis purposes
  • No client code is shared, sold, reused, or trained into public AI models
  • Access is restricted to authorized systems and personnel under NDA

Data Storage & Retention

  • All operational data is stored on secure servers located in India
  • Security logs are retained for up to 180 days, unless legally required otherwise
  • Aggregated analytics are anonymized
  • Data may be deleted upon written request, subject to legal obligations

Security Safeguards

We implement industry-grade safeguards, including:

  • AES-256 encryption (data at rest)
  • TLS encryption (data in transit)
  • Role-based access control (RBAC)
  • Secure network segmentation
  • Regular security audits and internal reviews
  • Mandatory confidentiality agreements for employees However, no system is completely risk-free, and users acknowledge inherent cybersecurity risks.

Data Sharing & Disclosure

We do not sell or trade personal data. Limited disclosure may occur:

  • To infrastructure or cloud service providers under contractual confidentiality
  • To government authorities as required by Indian law
  • To CERT-In in the event of reportable cybersecurity incidents
  • During mergers or restructuring, with prior notice

User Rights

Under applicable Indian law, you have the right to:

  • Access personal data processed by us
  • Request correction or erasure
  • Withdraw consent where applicable
  • File grievances with the Data Protection Board of India Requests may be sent to [email protected] and will be addressed within reasonable timelines.

Cookies & Tracking

We use essential cookies for functionality and security. Analytics cookies, if any, are limited and non-invasive. Continued use of the website implies consent.

Third-Party Links

Our Website may contain links to third-party platforms. We are not responsible for their privacy practices.

Breach Notification

In the event of a data breach:

  • CERT-In will be notified within the legally prescribed timeframe
  • Affected clients will be informed promptly
  • Remedial actions will be initiated immediately

Children’s Data

Our Services are intended for businesses and professionals. We do not knowingly collect data from individuals under 18 years of age.

Policy Updates

We may update this Privacy Policy periodically. The revised version will be posted on our Website with the updated date.