+
Legal & Compliance

Privacy Policy

We are committed to protecting your personal data with the same rigour we apply to our clients' security. This policy explains what we collect, why, and how we protect it.

Effective Date: 12th April , 2026
Last Updated: 12th April , 2026
Jurisdiction: India (IT Act 2000)

Who We Are

HX Security ("we," "our," or "us") is a cybersecurity company based in India, specialising in offensive security, vulnerability assessment, penetration testing, red team operations, and security compliance advisory services.

We operate the website hxsecurity.in and all subdomains thereof. This Privacy Policy applies to all visitors, clients, and contacts who interact with our website, services, or communications.

Data Controller: HX Security  |  Email: contact@hxsecurity.in  |  Website: hxsecurity.in

Information We Collect

We collect only the information necessary to deliver our services, respond to enquiries, and improve our offerings. We never collect data unnecessarily.

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Information We Do Not Collect

How We Use Your Information

We use your personal data for specific, clearly defined purposes only:

Purpose Data Used Legal Basis
Respond to assessment requests & enquiries Name, email, company, environment description Legitimate interest / Contract
Deliver security assessment services All client-provided engagement data Contract performance
Send service-related communications Email address, name Legitimate interest
Improve our website & services Anonymised analytics, log data Legitimate interest
Comply with legal obligations As required by applicable law Legal obligation
Prevent fraud & security incidents IP address, log data Legitimate interest

We will never use your data for automated decision-making that produces legal or similarly significant effects without your explicit consent.

Legal Basis for Processing

We process your personal data under the following lawful bases in accordance with applicable Indian law (Information Technology Act 2000 & IT (Amendment) Act 2008) and international best practices:

Data Sharing & Third Parties

We do not sell or trade your personal information. We may share data only in the following strictly controlled circumstances:

5.1 Service Providers

We work with carefully vetted third-party providers who assist us in operating our website and delivering services. These providers are contractually bound to process data only on our instructions and in accordance with this policy:

5.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of HX Security, our clients, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected individuals and ensure the receiving party upholds equivalent privacy protections.

Client Data Confidentiality: All data shared with us during security engagements is treated as strictly confidential under our client agreements and NDAs. It is never shared with third parties without explicit written authorisation.

Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy, or as required by applicable law.

Upon expiry of these periods, data is securely deleted or irreversibly anonymised using methods that prevent reconstruction.

Your Rights

Subject to applicable law, you have the following rights with respect to your personal data. To exercise any of these rights, contact us at contact@hxsecurity.in. We will respond within 30 days.

We will not discriminate against you for exercising any of your data rights. All requests are handled free of charge unless manifestly unfounded or excessive.

Cookies & Tracking

Our website uses a minimal set of cookies essential to basic functionality. We do not use tracking cookies for advertising purposes.

8.1 Essential Cookies

These cookies are strictly necessary for the website to function and cannot be disabled:

8.2 Analytics (If Applicable)

If we deploy analytics tools in future, we will update this section and provide an opt-out mechanism. Any analytics will be privacy-preserving (e.g., cookieless, IP-anonymised).

8.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality. Most browsers allow you to view, delete, and block cookies — refer to your browser's help documentation for specific instructions.

Security Measures

As a cybersecurity company, we hold ourselves to a higher standard than most. The technical and organisational measures we implement include:

No transmission over the internet is 100% secure. While we use industry-best measures to protect your data, we cannot guarantee absolute security. We encourage you to contact us securely via our email for sensitive communications.

Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected information from a child, please contact us immediately at contact@hxsecurity.in and we will take prompt action to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Your continued use of our website or services after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our data team directly:

We commit to responding to all privacy-related requests within 30 days of receipt.

Questions About Your Data?

Our team is happy to clarify anything in this policy or help you exercise your data rights. Reach out and we'll respond within 24 hours.

Contact Privacy Team