Privacy Policy — UnlockSec

Overview

UnlockSec Cybersecurity Private Limited ("UnlockSec", "we", "us", or "our") operates the website unlocksec.com and delivers offensive security services. This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and your rights in relation to it.

By using our website or engaging our services, you agree to the practices described in this policy. If you disagree with any part, please discontinue use of our website and contact us to discuss your engagement terms.

Data We Collect

Information you provide directly

Contact form submissions: name, email address, phone number, company name, message content
Security Blueprint registrations: business email, company domain, job title
Job applications: name, email, CV/résumé, professional certifications
Email correspondence: any information you include in communications to us

Information collected automatically

IP address and approximate geographic location (country/city level)
Browser type, operating system, and device type
Pages visited, time on page, referrer URL
Cookie identifiers (see Cookies section below)

Engagement data (clients only)

For security assessment clients, we may process technical data about your systems as part of the contracted scope. This data is governed by your Master Services Agreement and Statement of Work, and is handled under strict confidentiality obligations. It is not subject to the marketing and analytics processing described in this policy.

How We Use Your Data

We use personal data for the following purposes:

To respond to enquiries, proposals, and contact form submissions
To deliver contracted security services and manage client relationships
To operate and improve the Security Blueprint platform
To process job applications and communicate with candidates
To send service-related communications (never unsolicited marketing without consent)
To analyse website usage and improve our content and user experience
To comply with legal obligations and enforce our Terms of Service

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. Ever.

Legal Basis for Processing

Under GDPR and equivalent laws, we process personal data only where we have a valid legal basis:

Contract performance: Delivering security services to clients under a signed agreement.
Legitimate interests: Analysing website traffic to improve our services; responding to unsolicited enquiries.
Legal obligation: Retaining records required by tax law or applicable security regulations.
Consent: Optional marketing newsletters (you may withdraw consent at any time).

Cookies & Tracking

Our website uses cookies and similar technologies. We use the following categories:

Strictly Necessary

Session management and security tokens. Cannot be disabled — they are required for the website to function correctly.

Analytics

Anonymous usage statistics (e.g., via privacy-respecting analytics). Help us understand which content is useful. No personal identifiers are transmitted.

Preferences

Remembering your UI choices (e.g., cookie consent status). Stored locally in your browser.

You can manage cookie preferences through your browser settings. Disabling analytics cookies will not affect your access to any part of our website.

Third-Party Services

We use carefully selected third-party services to operate our business. Each is subject to its own privacy policy and data processing agreements with us:

Email & CRM provider: Managing contact form submissions and client communications
Website hosting (Vercel or equivalent): Serving website content; may log IP addresses
Analytics platform: Privacy-respecting visitor analytics; no cross-site tracking
Payment processor: Handling subscription or invoice payments if applicable

We do not share your personal data with third parties except as necessary to deliver our services, comply with law, or with your explicit consent.

Data Retention

We retain personal data only as long as necessary for the stated purpose:

Contact form enquiries: 24 months from last contact
Client engagement records: 7 years (legal and tax requirements)
Job application data: 12 months if unsuccessful (unless you consent to longer)
Website analytics: 14 months rolling (anonymised thereafter)
Security Blueprint platform data: for the duration of the subscription plus 90 days

Data Security

We apply appropriate technical and organisational security measures to protect your personal data, including:

Encryption in transit (TLS 1.2+) and at rest for all stored personal data
Access controls limiting data access to staff with a legitimate need
Regular internal security reviews of systems handling personal data
Incident response procedures for notifying affected individuals within 72 hours of a breach

As a cybersecurity firm, data security is not a compliance exercise for us — it is core to our business. We hold ourselves to the same standards we apply for our clients.

Your GDPR Rights (EEA & UK)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under GDPR / UK GDPR:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your data where there is no overriding legal basis for retention.
Restriction: Ask us to restrict processing while a dispute is being resolved.
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests or direct marketing.
Withdraw consent: Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, contact us at privacy@unlocksec.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK).

India DPDPA Rights

If you are located in India, the Digital Personal Data Protection Act 2023 (DPDPA) grants you the following rights as a "Data Principal":

Right to Access: Obtain a summary of personal data being processed and the purposes for which it is processed.
Right to Correction: Correct inaccurate or misleading personal data; complete incomplete data.
Right to Erasure: Erase personal data where the purpose for processing is no longer served, subject to legal retention obligations.
Right to Grievance Redressal: Register a grievance with us and receive a timely response.
Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.

We act as a "Data Fiduciary" under DPDPA. You may exercise your rights by contacting our Grievance Officer at privacy@unlocksec.com. We will acknowledge within 48 hours and resolve within 30 days.

International Data Transfers

UnlockSec is based in India. If you contact us from the EEA, UK, or other jurisdictions with data transfer restrictions, your data may be transferred to and processed in India. We ensure such transfers are governed by appropriate safeguards, including standard contractual clauses where required.

Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on our website and, where we hold your email address, by sending a notification. The "Last updated" date at the top of this page always reflects the current version.

Continued use of our website following a change notification constitutes acceptance of the updated policy.

Contact Us

For any privacy-related questions, requests, or complaints, please contact:

Privacy & Data Protection

UnlockSec Cybersecurity Private Limited

Jains Carlton Creek, Techridge Road, Hyderabad, India

privacy@unlocksec.com

We aim to respond to all privacy enquiries within 5 business days.