Legal Documentation

Privacy Policy

Effective: March 11, 2026Last Updated: March 11, 2026

01. Introduction & Compliance Scope

At ComplyZen, we believe that data privacy and security are the foundations of digital trust. This Privacy Policy outlines how we collect, process, and protect your personal information when you visit our website (complyzen.in) or engage our services.

Aligned with Global Frameworks:

DPDPA 2023 (Digital Personal Data Protection Act, India)
GDPR (General Data Protection Regulation, European Union)
CalOPPA (California Online Privacy Protection Act)
CAN-SPAM Act (US)
ISO/IEC 27001 (Information Security Management System)

02. Core Definitions

Personal Data

Any data about an individual who is identifiable by or in relation to such data.

Data Principal / Subject

The natural person to whom the personal data relates.

Data Fiduciary / Controller

The entity (ComplyZen) determining the purpose and means of processing personal data.

Data Processor

Any entity that processes personal data on behalf of a Data Fiduciary/Controller.

Processing

A wholly or partly automated operation performed on digital personal data, including collection, storage, use, and sharing.

03. Information Collection and Use

Information You Provide

We collect your name, work email, phone number, and company details when you submit inquiries, request a demo, or register on our site. Providing this information is voluntary, but necessary to fulfill certain functions.

Automated & Domain Identifiers

We automatically collect domain information, browser types, and IP addresses to analyze site performance and secure our network.

Job Applicants and Talent Network

When you apply for a role or join our Talent Network, we collect additional personal data necessary for recruitment. This includes your resume/CV, employment history, educational background, professional skills, compensation expectations, and any other information you choose to provide during the application or interview process.

Children's Data

ComplyZen provides B2B services. We do not intentionally process data of individuals under 18. If such processing occurs, we mandate verifiable consent from a parent or lawful guardian, and we strictly prohibit behavioral monitoring or targeted advertising directed at children.

04. Lawful Basis for Processing

Consent

Freely given, specific, informed, unconditional, and unambiguous consent via a clear affirmative action.

Contractual Necessity

To deliver our platform and consulting services to you.

Legitimate Uses

Processing voluntarily provided data for specified purposes, emergencies, or legal compliance.

Recruitment and Employment

If you apply for a job, we process your data based on your Consent (for joining the Talent Network) and our Legitimate Interests in assessing your suitability for current and future roles at ComplyZen, conducting interviews, and communicating with you regarding career opportunities.

05. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy. For job applicants and Talent Network members, we typically retain your profile and resume for a period of 1 year to match you with future opportunities, unless you request erasure sooner.

06. Data Security (ISO 27001 ISMS Alignment)

As a cybersecurity firm, ComplyZen protects your data through a rigorous Information Security Management System (ISMS) aligned with ISO/IEC 27001:

CIA Triad

We enforce strict technical and organizational measures to ensure the Confidentiality, Integrity, and Availability of your data.

Controls

We utilize AES-256 encryption, SSL/TLS technology, RBAC, and continuous vulnerability monitoring.

Breach Notification

In the event of a personal data breach, we will notify the Data Protection Board of India, applicable EU supervisory authorities, and affected individuals per statutory timelines.

07. Your Global Data Protection Rights

Core Rights

  • Right to Access: Request a summary of your data, processing purpose, and third-party sharing.
  • Correction & Erasure: Request correction of inaccuracies or deletion when no longer necessary.
  • Withdraw Consent: You may withdraw consent at any time with the same ease as it was provided.

🇮🇳 DPDPA-Specific Rights (India)

  • Right to Nominate: Nominate another individual to exercise rights in case of incapacity.
  • Grievance Redressal: Right to readily available means of grievance redressal.
  • Duties: Provide verifiable authentic info; refrain from impersonation or frivolous grievances.

🇪🇺 GDPR-Specific Rights (EU/UK)

  • Data Portability: Receive data in structured, machine-readable format.
  • Restrict & Object: Object to profiling or automated decision-making.

08. CalOPPA Compliance

  • Users can visit our site anonymously.
  • Do Not Track (DNT): We honor DNT signals and do not track/plant cookies when active.
  • Privacy Policy link is clearly available on our homepage.

09. CAN-SPAM Act

  • No false or misleading subjects/addresses.
  • Commercial messages identified as ads.
  • Physical address included in emails.
  • Clear opt-out/unsubscribe links in every email.

10. International Data Transfers

ComplyZen may transfer personal data outside of your resident country to trusted processors (e.g., cloud hosting providers).

Under DPDPA: Transfers permitted except to restricted countries.

Under GDPR: We rely on Standard Contractual Clauses (SCCs) and adequate safeguards.

We do not sell your personal data. Data is only shared with authorized sub-processors bound by strict confidentiality agreements.

11. Contact Us & Grievance Redressal

If you have questions, wish to exercise your data rights, or need to escalate a grievance, please contact our Data Protection Officer (DPO).

Email
privacy@complyzen.in
Address
Covai Tech Park, Coimbatore, Tamil Nadu, India
Escalation
DPBI or EU Supervisory Authority

We value your privacy

We use cookies to secure our site, analyze performance, and deliver personalized content. You can manage your preferences below. Read our Privacy Policy.