Comply ArkComply Ark

    Legal

    Privacy Policy

    Effective Date: June 10, 2026

    Effective Date: June 10, 2026

    1. INTRODUCTION

    1.1

    Comply Ark (collectively, "Company", "we", "us", or "our") is engaged in the provision of compliance automation and governance software services. We are committed to respecting the privacy and protecting the personal data of our clients, website visitors, job applicants, and other third parties ("User" or "you").

    1.2

    This Privacy Policy ("Policy") governs the collection, processing, and usage of your data when you:

    • (a) Visit our website at www.complyark.com ("Website");
    • (b) Access or use our SaaS platform, including any demo or trial versions (collectively, the "Platform"); or
    • (c) Apply for a job or internship with us.

    1.3

    This Policy is published in compliance with Section 43A of the Information Technology Act, 2000 and Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"). Please read this Policy carefully. By accessing our Platform, you consent to the practices described herein.

    2. THE DATA WE COLLECT ABOUT YOU

    2.1

    We collect or obtain data relating to you in a variety of ways. Such data includes "Personal Information" as defined under the IT Act, which refers to any information capable of identifying a natural person. We collect the following categories of data:

    • (a) Identity Data: Includes your full name, job title, and the organization you represent.
    • (b) Contact Data: Includes your business email address, billing address, and telephone numbers.
    • (c) Technical Data: Includes your Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform usage logs.
    • (d) Recruitment Data: If you apply for a role with us, we collect data such as your curriculum vitae (CV), cover letter, educational qualifications, employment history, professional references, and notes from interviews.
    • (e) Client Data: Information uploaded by you to the Platform for the purpose of using our compliance tools.
    • (f) Aggregated Data: Statistical or demographic data derived from your usage (e.g., "50% of users access the Audit Module"). This data is anonymized and is not considered personal data under law.

    2.2 EXCLUSION OF SENSITIVE PERSONAL DATA (SPDI)

    We strictly define our data collection to exclude Sensitive Personal Data or Information (SPDI) as defined under Rule 3 of the SPDI Rules. Specifically:

    We do not collect passwords (we use secure hashes), financial information (like credit card numbers), physical or mental health conditions, sexual orientation, medical records, or biometric information.

    User Responsibility: You are strictly advised not to upload, input, or share any SPDI on the Platform or in your communication with us. If you inadvertently submit SPDI, you agree that we shall not be liable for any non-compliance with specific SPDI regulations.

    3. HOW WE COLLECT DATA ABOUT YOU

    3.1

    We use different methods to collect data from and about you, including:

    • (a) Direct Interactions: You may give us your Identity, Contact, and Recruitment Data by filling in forms on our Website, applying for a job, creating an account, or corresponding with us by email.
    • (b) Automated Technologies: As you interact with our Platform, we may automatically collect Technical Data about your equipment, browsing actions, and patterns using cookies and server logs.
    • (c) Third Parties: We may receive Personal Data about you from third parties, such as recruitment agencies, background verification vendors (for job applicants), lead management tools and analytics providers (like Google Analytics).

    4. HOW WE USE YOUR PERSONAL DATA AND FOR WHAT PURPOSES

    4.1

    We will only use your personal data in accordance with applicable laws. Most commonly, we use your personal data for the following purposes:

    • Service Delivery: To authenticate your identity, provide access to the Platform, and manage your subscription.
    • Recruitment: To evaluate your suitability for a role, conduct interviews, and communicate regarding your application.
    • Security & Improvement: To troubleshoot technical issues, prevent fraud, ensure the security of our Platform, and analyze usage trends to improve our product.
    • Legal Compliance: To comply with a legal obligation, such as retaining records for tax purposes or responding to court orders.
    • Communication: To manage our relationship with you, including notifying you of changes to our terms or privacy policy.

    4.2 Legal Basis for Processing:

    • Contractual Necessity: For providing the Platform services to you.
    • Legitimate Interest: For network security, fraud prevention, and recruitment evaluation.
    • Consent: Where required by law, we rely on your consent (e.g., for certain marketing communications).

    5. HOW WE SHARE YOUR PERSONAL DATA

    5.1

    You hereby agree and acknowledge that we may share your data with the following categories of third parties:

    • (a) Service Providers: Third-party vendors who provide IT and system administration services (e.g., cloud hosting providers like AWS/Azure), payment processors, and background verification agencies. We require all such third parties to respect the security of your personal data and to treat it in accordance with the law.
    • (b) Professional Advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
    • (c) Legal Authorities: Regulatory bodies, courts, or government agencies where we are required by law to disclose specific information.

    5.2 Business Transfers

    In the event that Comply Ark is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

    6. CROSS-BORDER DATA TRANSFERS

    6.1

    We currently process data primarily within India. However, our third-party service providers (e.g., cloud infrastructure) may have servers located outside India.

    6.2 Consent to Transfer

    By using the Platform, you acknowledge and consent to the transfer of your information to countries outside of your residence.

    6.3 Safeguards

    We ensure that any such transfer is to an entity that ensures the same level of data protection that is adhered to by us as provided for under the SPDI Rules, 2011.

    7. DATA SECURITY

    7.1

    We have implemented Reasonable Security Practices and Procedures (RSPP) as required by the IT Act, 2000. These measures include encryption, strict access controls, and regular security assessments to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

    7.2

    While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

    8. DATA RETENTION

    8.1

    We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, or accounting requirements.

    8.2 Recruitment Data Retention

    • Successful Candidates: Data is transferred to the employee file.
    • Unsuccessful Candidates: We retain your Recruitment Data for a period of twelve (12) months from the date of our decision. This is to consider you for future opportunities and to defend against legal claims. After this period, your data is securely deleted.

    9. YOUR LEGAL RIGHTS

    9.1

    Under applicable laws, you have the right to:

    • (a) Request Access: Ask for a copy of the personal data we hold about you.
    • (b) Request Correction: Ask us to correct any incomplete or inaccurate data we hold about you.
    • (c) Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your data. Note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

    10. GRIEVANCE OFFICER

    10.1

    In accordance with the IT Act, 2000 and the SPDI Rules, 2011, we have appointed a Grievance Officer to redress any grievances regarding your data and can be reached out at [email protected].

    10.2

    We will address any grievances you may have expeditiously and within one (1) month from the date of receipt of the grievance.

    11. GOVERNING LAW AND JURISDICTION

    11.1

    This Policy shall be governed by and construed in accordance with the laws of India.

    11.2 Exclusive Jurisdiction

    You agree that the courts located in Ernakulam, Kerala shall have exclusive jurisdiction to resolve any disputes arising out of or in connection with this Policy or your use of the Platform.

    12. CHANGES TO THIS POLICY

    12.1

    We may update this Privacy Policy from time to time. The "Effective Date" at the top of this page indicates when the latest changes were made. Your continued use of the Platform after any changes constitutes your acceptance of the new Policy.