Privacy Policy
Red Sword Security Private Limited / Red Sword Strix Privacy Policy
Effective Date: 15 May, 2026
Last Updated: 13 May, 2026
Company: Red Sword Security Private Limited
Registered Location: Hamirpur, Himachal Pradesh, India
Contact Email: contact@redswordsecurity.com
Default Data Retention Period: 180 days
1. Introduction
This Privacy Policy explains how Red Sword Security Private Limited collects, uses, stores, shares, and protects personal data when users visit our website, request a demo, contact us, participate in alpha/beta testing, or use Red Sword Strix.
This policy is intended to align with applicable Indian laws, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable rules and directions issued under them. The DPDP Act provides India's framework for processing digital personal data for lawful purposes while recognizing individuals' right to protect their personal data.MeitY
2. Scope
This Privacy Policy applies to:
- Website visitors
- Demo request users
- Customers
- Customer administrators
- Platform users
- Alpha/beta testers
- Support contacts
- Business leads
- Authorized representatives of customer organizations
This policy does not apply to third-party websites, SIEM products, cloud platforms, payment gateways, or integrations that are not controlled by Red Sword Security Private Limited.
3. Types of Data We Collect
We may collect the following categories of data.
3.1 Account and Contact Data
- Name
- Email address
- Phone number
- Organization name
- Job title
- Login credentials or authentication identifiers
- Billing contact details
3.2 Platform Usage Data
- Login activity
- User actions
- Dashboard usage
- Feature usage
- Audit logs
- Device/browser information
- IP address
- Session metadata
3.3 Security and Telemetry Data
Depending on customer configuration, Red Sword Strix may process:
- Security alerts
- Device identifiers
- Hostnames
- IP addresses
- Event timestamps
- Usernames or system account identifiers
- Process names
- File paths
- Alert rule IDs
- Risk scores
- Incident timelines
- Duplicate alert information
- Analyst feedback
- Integration metadata
3.4 Support and Communication Data
- Support tickets
- Emails
- Chat messages
- Meeting notes
- Feedback forms
- Uploaded screenshots or logs shared for support
3.5 Payment and Commercial Data
- Subscription plan
- Invoice details
- Transaction references
- Billing address
- Tax details
Payment card, UPI, or banking details may be processed by third-party payment processors and may not be stored directly by Red Sword Security Private Limited.
4. Purpose of Processing
We process data for the following purposes:
- Creating and managing accounts
- Providing Red Sword Strix services
- Processing security alerts
- Reducing duplicate/noisy alerts
- Generating risk scores and incident timelines
- Providing reports and dashboards
- Sending security notifications
- Providing customer support
- Improving product reliability and features
- Preventing fraud, misuse, and unauthorized access
- Performing billing and contract administration
- Conducting alpha/beta testing and collecting feedback
- Generating anonymized or aggregated analytics
- Complying with legal obligations
5. Lawful Purpose
We process personal data only for lawful purposes, including:
- Performance of a contract
- User or customer consent where required
- Legitimate business, product, and security purposes
- Compliance with legal obligations
- Protection of systems, networks, users, and organizations
- Processing permitted under applicable data protection law
6. Customer Data and Role of Parties
For customer security logs and telemetry:
- The customer generally determines what data is collected from its systems and submitted to Red Sword Strix.
- Red Sword Security Private Limited acts as a service provider/data processor for such customer-controlled data unless otherwise agreed.
- Customers are responsible for ensuring they have lawful authority, consent, notice, policy basis, or contractual basis to send such data to Red Sword Strix.
7. AI-Assisted Features
Red Sword Strix may use AI-assisted features to generate:
- Alert explanations
- Recommended actions
- Incident summaries
- Weekly reports
- Noise-reduction reasoning
- Analyst assistance
Where third-party AI APIs are used, Red Sword Security Private Limited will apply reasonable safeguards, including limiting prompts to necessary security context, masking or minimizing sensitive data where feasible, and avoiding the intentional submission of passwords, secrets, private keys, or unnecessary sensitive content.
Customers should not submit secrets, credentials, confidential files, or unrelated personal data into AI prompts unless expressly supported and contractually agreed.
8. Data Sharing
We may share data with:
- Cloud hosting providers
- Database and infrastructure providers
- Email and communication providers
- Payment processors
- Analytics and monitoring tools
- AI model/API providers where enabled
- Legal, regulatory, or government authorities where required
- Professional advisors such as lawyers, auditors, or accountants
- Integration providers configured by the customer
We do not sell personal data.
9. Data Storage and Location
Data may be stored in India or other jurisdictions depending on hosting provider, customer configuration, AI provider, and applicable agreement.
Where required by law or written customer agreement, data residency restrictions may be applied.
CERT-In Directions also impose cybersecurity-related logging and reporting requirements on covered entities, including reporting specified cyber incidents within 6 hours.CERT-In
10. Data Retention
Unless otherwise agreed in writing, we may retain customer data, alerts, reports, audit logs, platform records, support data, and operational records for up to 180 days.
| Data Type | Retention |
|---|---|
| Account data | Account duration + legal requirement |
| Security alerts | 180 days |
| Audit logs | 180 days |
| Support tickets | 180 days |
| Reports | 180 days |
| Backups | Up to 180 days or backup cycle period |
| Alpha/beta data | Up to 180 days unless deleted earlier |
Customers may request deletion subject to contract, law, security requirements, investigation needs, and backup limitations.
11. Security Measures
We use reasonable security practices including:
- Access controls
- Encryption in transit
- Role-based access
- Logging and monitoring
- Secure configuration
- Password hashing
- Network segmentation where applicable
- Backups
- Vulnerability review
- Incident response procedures
- Least-privilege access
The IT SPDI Rules, 2011 require reasonable security practices and procedures for handling sensitive personal data or information.PRS Legislative Research
12. Data Principal Rights
Subject to applicable law, individuals may have rights to:
- Access personal data
- Correct personal data
- Update personal data
- Request deletion
- Withdraw consent where processing is based on consent
- Raise grievances
- Nominate another individual where applicable under law
Requests may be sent to:
Data Protection / Grievance Contact
Red Sword Security Private Limited
Hamirpur, Himachal Pradesh, India
Email: contact@redswordsecurity.com
13. Children's Data
Red Sword Strix is not intended for children. We do not knowingly collect personal data from children except where required under a valid institutional, educational, contractual, or lawful arrangement and subject to applicable legal requirements.
14. Cookies and Tracking
Our website may use cookies or similar technologies for:
- Website functionality
- Analytics
- Security
- Session management
- Preference storage
Users may control cookies through browser settings.
15. Updates to This Policy
We may update this Privacy Policy from time to time. Updated versions will be posted on our website with a revised "Last Updated" date.
16. Contact
For privacy, support, legal, or grievance-related queries, contact:
Red Sword Security Private Limited
Hamirpur, Himachal Pradesh, India
Email: contact@redswordsecurity.com