Features Pricing Security Sign In Start Free

Privacy Policy

How Aria CyberShield collects, uses, stores, and protects your personal data. We are committed to transparency and compliance with Indian and international data protection laws.

Effective: 14 April 2026 Last Updated: 14 April 2026 Version 1.0

01 Introduction

This Privacy Policy explains how AnthroTech ("Company," "we," "us," or "our"), operating the Aria CyberShield platform ("Platform") accessible at ariacyber.in, collects, uses, discloses, and safeguards your information when you use our cybersecurity services.

AnthroTech is a company registered in India and acts as the Data Fiduciary (under the Digital Personal Data Protection Act, 2023) and Data Controller (under the GDPR) for all personal data processed through the Platform.

By accessing or using Aria CyberShield, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

02 Information We Collect

2.1 Account Data

When you register for an account, we collect:

  • Full name and organization name
  • Email address and phone number
  • Billing address and payment information (processed via third-party payment processors)
  • Role, department, and account preferences
  • Authentication credentials (passwords are hashed and salted; we never store plaintext passwords)

2.2 Security Scan Data

When you use our scanning and analysis features, we collect:

  • Domain names, IP addresses, and URLs submitted for scanning
  • Scan results, vulnerability reports, and threat indicators (IOCs)
  • Network configuration data and SSL/TLS certificate information
  • Compliance audit results and security posture assessments
  • File hashes and metadata submitted for malware analysis (we do not retain original files)

2.3 Device and Technical Data

We automatically collect:

  • IP address and approximate geolocation (country/region level)
  • Browser type, version, and operating system
  • Device identifiers and screen resolution
  • Referring URLs and pages visited within the Platform

2.4 Usage Analytics

We collect aggregated usage data to improve our services:

  • Feature usage patterns and frequency of scans
  • Dashboard interactions and report generation activity
  • API call volumes and response times
  • Error logs and performance metrics

03 How We Use Your Data

We process your personal data for the following purposes:

3.1 Core Security Services

  • Security Analysis: Processing scan data to identify vulnerabilities, misconfigurations, and potential threats in your infrastructure
  • AI Agent Investigations: Our AI agents analyze security indicators to provide automated threat assessments, incident correlation, and remediation recommendations
  • Threat Detection: Real-time monitoring and alerting for domain impersonation, phishing campaigns, and emerging threats targeting your organization
  • Compliance Auditing: Evaluating your security posture against frameworks such as ISO 27001, SOC 2, DPDP Act, and GDPR

3.2 Platform Operations

  • Account creation, authentication, and access control
  • Billing, invoicing, and subscription management
  • Customer support and technical assistance
  • Platform performance optimization and bug resolution

3.3 Communications

  • Security alerts and threat notifications (essential, non-marketing)
  • Service updates and maintenance notifications
  • Product announcements (only with your consent; you may opt out at any time)

04 Data Storage and Security

4.1 Infrastructure

All data is stored on Google Cloud Platform (GCP) infrastructure located in the asia-south1 (Mumbai, India) region. Our infrastructure includes:

  • Cloud SQL (PostgreSQL) with automated backups and point-in-time recovery
  • Redis for encrypted session management and caching
  • Cloud Run for stateless, auto-scaling application workloads

4.2 Encryption

  • At Rest: All data is encrypted using AES-256 encryption via Google-managed encryption keys
  • In Transit: All connections are secured with TLS 1.2 or higher. We enforce HTTPS across all endpoints
  • Application Layer: Sensitive fields such as API keys and credentials are additionally encrypted at the application level before storage

4.3 Access Controls

  • Role-based access control (RBAC) for all platform operations
  • Multi-factor authentication (MFA) enforced for all administrative access
  • Audit logging of all data access and modifications
  • Principle of least privilege applied to all service accounts

05 Data Retention

We retain your data for the following periods:

Data Category Retention Period Rationale
Account Data Until account deletion Required for service delivery and legal obligations
Security Scan Data 1 year from scan date Enables trend analysis and historical comparison
Threat Intelligence Data Indefinitely Contributes to collective threat detection; fully anonymized and aggregated
Usage Analytics 2 years Platform improvement and capacity planning
Billing Records 7 years Indian tax and accounting regulations
Audit Logs 3 years Security investigations and compliance requirements

Upon account deletion or at the end of the retention period, data is securely erased using cryptographic erasure methods. Anonymized, aggregated threat intelligence data may be retained indefinitely as it cannot be linked to any individual.

06 Third-Party Services

We use the following third-party services in the operation of the Platform:

6.1 Anthropic Claude AI

Our AI-powered analysis features use the Claude API by Anthropic. We have implemented strict safeguards:

  • No PII is transmitted to the Claude API. Only sanitized security indicators (IP addresses, domain names, file hashes, CVE identifiers, and threat patterns) are sent for analysis
  • All personally identifiable information is stripped before any data reaches the AI model
  • Claude AI is used solely for security analysis, threat classification, and generating remediation recommendations
  • Anthropic does not use our API inputs to train their models (per our enterprise agreement)

6.2 Google Cloud Platform

GCP provides our hosting infrastructure. Google acts as a Data Processor under our Data Processing Agreement. Data residency is maintained in the India region (asia-south1).

6.3 Payment Processors

Payment information is processed by PCI DSS-compliant payment processors. We do not store full credit card numbers or CVVs on our systems.

07 Your Rights Under the India DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: Request confirmation of whether we process your personal data and obtain a summary of the data processed
  • Right to Correction: Request correction of inaccurate or misleading personal data, and completion of incomplete data
  • Right to Erasure: Request deletion of your personal data when it is no longer necessary for the purpose for which it was collected, subject to legal retention requirements
  • Right to Grievance Redressal: Lodge a complaint with our Grievance Officer or escalate to the Data Protection Board of India
  • Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity

Grievance Officer

In accordance with the DPDP Act, our designated Grievance Officer can be contacted at:

  • Email: legal@ariacyber.in
  • Response time: Within 72 hours of receipt
  • Resolution time: Within 30 days of receipt

08 GDPR Rights for EU/EEA Users

If you are located in the European Union or European Economic Area, you are entitled to additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access (Art. 15): Obtain a copy of all personal data we hold about you
  • Right to Rectification (Art. 16): Correct inaccurate personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction (Art. 18): Restrict the processing of your personal data in certain circumstances
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV)
  • Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
  • Right Not to be Subject to Automated Decisions (Art. 22): Request human review of decisions made solely by automated processing

Data Protection Officer (DPO)

For GDPR-related inquiries, contact our Data Protection Officer:

  • Email: legal@ariacyber.in (subject line: "DPO - GDPR Request")
  • We will respond within 30 days. If we require an extension, we will notify you within the initial 30-day period with reasons for the delay.

Legal Basis for Processing

We process personal data of EU/EEA users under the following legal bases:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to deliver the security services you subscribed to
  • Legitimate Interests (Art. 6(1)(f)): Platform security, fraud prevention, and service improvement
  • Consent (Art. 6(1)(a)): Marketing communications (withdrawable at any time)
  • Legal Obligation (Art. 6(1)(c)): Tax, accounting, and regulatory compliance

You may lodge a complaint with your local supervisory authority if you believe our processing infringes upon your rights.

09 Cookie Policy

Aria CyberShield uses essential cookies only. We do not use advertising, analytics, or third-party tracking cookies.

Cookie Name Purpose Duration
session_id Maintains your authenticated session Session (expires on browser close or after 24 hours)
csrf_token Cross-site request forgery protection Session
preferences Stores your dashboard layout and theme preferences 1 year

Because we use only strictly necessary cookies, consent is not required under GDPR Article 5(3) of the ePrivacy Directive or the DPDP Act. No cookie banner is displayed.

10 Children's Privacy

Aria CyberShield is a professional cybersecurity platform designed for organizations and individuals aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18.

If we become aware that we have collected personal data from a person under 18 without appropriate parental or guardian consent, we will take immediate steps to delete that data. If you believe a minor has provided us with personal data, please contact us at legal@ariacyber.in.

11 International Data Transfers

All primary data processing and storage occurs in India on Google Cloud Platform's asia-south1 (Mumbai) region.

In limited circumstances, data may be accessed from other jurisdictions for the following purposes:

  • AI Analysis: Sanitized, non-PII security indicators may be processed via Anthropic's Claude API infrastructure. No personally identifiable information is included in these requests.
  • Global Threat Intelligence: Anonymized threat data may be cross-referenced with international threat intelligence feeds for enhanced detection accuracy.

For EU/EEA users, any transfer of personal data outside the EEA is conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions where applicable.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes:

  • We will update the "Last Updated" date at the top of this page
  • We will notify you via email and/or a prominent notice on the Platform at least 30 days before changes take effect
  • Continued use of the Platform after the effective date constitutes acceptance of the updated policy

13 Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Support support@ariacyber.in
Legal / Privacy / DPO legal@ariacyber.in
Security Issues security@ariacyber.in
Company AnthroTech (registered in India)
Website ariacyber.in