Legal & Compliance
All of MSInfo Services' legal documents in one place โ transparent, accessible, and built with the same rigor we apply to your security.
Privacy Policy
At MSInfo Services, your privacy is not an afterthought โ it is embedded in everything we do.
Information We Collect
Personal Identification Information
When you engage with our services, request a consultation, or fill out our contact forms, we may collect your full name, email address, phone number, company name, job title, and postal address.
Technical & Usage Data
We automatically collect certain technical data when you visit our website, including IP addresses, browser type and version, operating system, referring URLs, pages visited, and time spent on pages.
Business & Organizational Data
In the course of providing cybersecurity assessments, audits, or managed services, we may collect information about your organization's IT infrastructure, security posture, and compliance status necessary to deliver our services.
How We Use Your Information
Service Delivery
Your information is primarily used to deliver, maintain, and improve the cybersecurity and digital transformation services you have requested, including gap assessments, compliance audits, penetration testing, and managed SOC operations.
Communication
We use your contact information to respond to inquiries, send service updates, share relevant cybersecurity insights, and communicate about your account or engagements with our team.
Legal & Compliance Obligations
We may process your data to comply with applicable laws including DPDPA, GDPR, RBI, SEBI, ISO 27001, and SOC 2 requirements that govern our operations.
Security & Fraud Prevention
We actively use data to protect the integrity of our platforms, detect unauthorized access, and prevent fraudulent activities in alignment with our Defense in Depth principles.
Data Sharing & Disclosure
We Do Not Sell Your Data
MSInfo Services does not sell, trade, or rent your personal information to third parties for marketing or commercial purposes. Your trust is the foundation of our Proof of Value model.
Trusted Service Partners
We may share data with carefully vetted technology partners and subprocessors solely to deliver our contracted services. All partners are bound by data processing agreements aligned with applicable regulations.
Legal Requirements
We may disclose your information if required by law, court order, or governmental authority โ including CERT-In, SEBI, or RBI โ or to protect the rights, property, or safety of MSInfo Services, our clients, or the public.
Data Security
Enterprise-Grade Protection
We implement the same enterprise-grade security controls we recommend to clients โ including end-to-end encryption (TLS 1.3+), role-based access controls, multi-factor authentication, and continuous monitoring via our Managed SOC.
NIST-Aligned Practices
Our internal data security practices are benchmarked against the NIST Cybersecurity Framework. We conduct regular internal audits, vulnerability assessments, and penetration tests on our own infrastructure.
Incident Response
In the event of a data breach affecting your information, MSInfo Services will notify affected parties within 72 hours of discovery, in line with DPDPA and GDPR breach notification requirements.
Your Rights
Access & Portability
You have the right to request a copy of the personal data we hold about you, in a structured, commonly used, and machine-readable format.
Correction & Erasure
You may request correction of inaccurate data or erasure of your personal data where there is no compelling legal basis for continued processing.
Withdrawal of Consent
Where processing is based on your consent, you may withdraw it at any time. Contact us at [email protected] to exercise your rights.
Data Retention
Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by applicable laws. Client engagement records are typically retained for 7 years in line with financial and legal compliance requirements.
Secure Deletion
Upon expiry of the retention period or receipt of a valid erasure request, personal data is securely deleted or anonymized using methods compliant with NIST SP 800-88 guidelines for media sanitization.
Applicable Laws & Frameworks
Changes to This Document
MSInfo Services reserves the right to update this Privacy Policy at any time. Material changes will be communicated via email to active clients and by posting a notice on this page. The "Last Updated" date above reflects the most recent revision. Continued use of our services after any changes constitutes your acceptance of the updated document.
Other Legal Documents
Questions About Our Legal Documents?
Our compliance and legal team is happy to walk you through any aspect of our policies, agreements, or engagement terms.
Contact Our Team