Privacy Policy
Effective Date: January 7, 2026 | Last Updated: April 7, 2026
This Privacy Policy has two parts:
- Part A — Website covers personal data collected through https://satark.live (the “Website”).
- Part B — Product / Platform covers personal data processed through the Satark AI cyber intelligence platform (the “Product” or “Platform”) when deployed by an enterprise customer.
Part A — Website
A1. Introduction
Satark Technology Private Limited (“Satark AI”, “we”, “us”, “our”) operates the Website. This Part A explains how we collect, use, disclose, and protect personal data of Website visitors, in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the rules made thereunder.
A2. Personal Data We Collect
We collect personal data only when a visitor voluntarily submits it — for example through our “Request a Demo,” “Contact Us,” or careers/newsletter forms. This may include:
- Full name
- Business email address
- Phone number
- Company name and job title/designation
- Any message or information you choose to provide
As of the date of this Policy, the Website does not use analytics, advertising, or marketing tracking cookies. If this changes, this Policy and our Cookie Policy will be updated, and an appropriate consent mechanism will be implemented before any non-essential cookies are set.
Our hosting infrastructure may automatically log limited technical information (such as IP address, browser type, and access timestamps) for security and operational purposes.
A3. Purpose and Legal Basis for Processing
We process Website personal data to: respond to inquiries and demo requests; provide information about our products and services; process recruitment/careers applications; maintain and secure the Website; and comply with applicable legal obligations. Under the DPDP Act, this processing is based on the consent you provide at the point of submission, or on other grounds recognized under the Act.
A4. How We Share Personal Data
We do not sell personal data. We may share personal data with:
- Our personnel who need it to respond to your inquiry;
- Service providers supporting our email, CRM, or hosting infrastructure, acting on our instructions and bound by confidentiality obligations;
- Regulators, courts, or authorities, where required by law.
We do not currently transfer personal data collected via the Website outside India in the ordinary course of business. If this changes, we will ensure any transfer complies with the DPDP Act and update this Policy accordingly.
A5. Data Retention
We retain personal data collected via the Website only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law, after which it is securely deleted or anonymized.
A6. Children's Data
The Website is intended for business/enterprise use. We do not knowingly collect personal data from individuals under the age of 18.
Part B — Product / Platform Data Practices
B1. Scope
This Part B applies to personal data processed through the Satark AI cyber intelligence platform (the “Product” or “Platform”) when deployed by an enterprise customer (“Customer”). It is separate from, and in addition to, Part A above.
B2. On-Premise-Only Deployment
The Product is currently offered exclusively as an on-premise deployment. The Platform is installed and operated entirely within the Customer's own IT environment (the Customer's own servers, private cloud, or data center, as the Customer chooses). Satark AI does not currently offer, host, or operate a shared/multi-tenant SaaS version of the Product.
B3. What Data the Product Processes
The Product ingests and correlates alerts and telemetry generated by the Customer's own security tools that the Customer chooses to connect (which may include EDR/XDR, SIEM, CSPM, WAF, IAM, vulnerability management, email security, and DLP tools, among others). Depending on which tools are connected and how the Customer has configured them, this data may include:
- Technical/security telemetry: IP addresses, device and asset identifiers, timestamps, file hashes, URLs, threat indicators, and log/alert metadata; and
- Personnel-related data, where present in that telemetry: for example, usernames, business email addresses, or device-owner names appearing in IAM, DLP, or email-security alerts.
- Business data, where present in that telemetry: for example, business name, business email addresses, country, industry, sector, revenue, employee size etc.
The exact categories of personal data processed depend entirely on the Customer's own environment and connected tools.
B4. How the Data Is Used
Within the Customer's own deployment, the Product's AI agents use this data solely to:
- Correlate alerts across the Customer's connected security tools;
- Distinguish genuine threats from noise and validate false positives/true positives;
- Prioritize risks by potential business impact; and
- Generate the Customer's own risk-decision, regulatory-defensibility, and ROI-visibility outputs.
Satark AI does not use Customer data processed through the Product for any purpose other than providing the Product to that Customer.
B5. Where the Data Is Stored — Nothing Leaves the Customer's Environment
Because the Product is deployed on-premise, all data it ingests, processes, and stores remains within the Customer's own infrastructure. Satark AI does not replicate, transmit, or store this data on Satark AI's own servers, cloud accounts, or any infrastructure outside the Customer's environment, except as described in Section B7 (Support Access) below.
B6. AI Processing Is Self-Hosted — No External LLM or Third-Party AI Calls
The Product's AI agents run on models hosted entirely within the Customer's on-premise environment. The on-premise deployment does not send Customer data to any external third-party AI/LLM provider (such as OpenAI or Anthropic) for inference or processing.
B7. Support and Maintenance Access
In the course of providing support, troubleshooting, updates, or maintenance, Satark AI personnel may access the Customer's deployment environment, but only:
- With the Customer's prior authorization;
- Through controlled, logged, and time-boxed remote-access mechanisms; and
- As governed by the applicable support/services agreement and Data Processing Agreement (DPA) executed with the Customer.
Outside of such authorized support access, Satark AI has no routine access to, or custody of, Customer data processed by the Product.
B8. Roles Under the DPDP Act
For data processed through the Product, the Customer is the Data Fiduciary (and, where applicable, acts on behalf of its own Data Principals, such as its employees or end users). Satark AI acts, at most, as a Data Processor solely to the extent it is granted authorized support access under Section B7, and only on the Customer's documented instructions as set out in the applicable DPA. Satark AI does not independently determine the purpose or means of processing Customer data through the Product.
B9. Data Retention
Because the Product's data resides entirely within the Customer's own environment, retention is configured and controlled by the Customer, using the Product's configurable retention settings together with the Customer's own data governance policies. Satark AI does not independently retain or dispose of this data.
B10. Security of the Product
Security of an on-premise deployment is a shared responsibility: the Customer is responsible for the physical, network, and infrastructure security of the environment in which the Product is deployed; Satark AI is responsible for the security of the Product software itself, including secure development practices, vulnerability management, and timely security updates, consistent with our ISO/IEC 27001:2022-certified Information Security Management System. See our Information Security Policy for further detail.
B11. Your Rights (End Users of a Satark AI Customer)
If you are an employee or end user of a Satark AI Customer and believe your personal data has been processed through the Product, please direct your request to that Customer in the first instance, as they are the Data Fiduciary responsible for that data. Satark AI's Grievance Officer (see Section 7 below) remains available for queries relating to Satark AI's own processing, including the limited support access described in Section B7.
7. Grievance Officer
In accordance with the DPDP Act, 2023 and the Digital Personal Data Protection Rules, 2025, we have appointed a Grievance Officer to address queries, concerns, or complaints regarding the processing of personal data described in this Policy:
We will acknowledge grievances promptly and endeavor to resolve them within the timelines prescribed under the DPDP Rules, 2025 (generally within seven (7) working days, or as otherwise applicable). If you are not satisfied with our resolution, you may escalate your grievance to the Data Protection Board of India.
8. Your Rights as a Data Principal (Website)
Under the DPDP Act, you have the right to:
- Access information about the personal data we hold about you and how it is processed;
- Seek correction and updating of your personal data;
- Seek erasure of your personal data, unless retention is required by law;
- Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
- Nominate another individual to exercise these rights on your behalf in the event of death or incapacity;
- Grievance redressal, as set out in Section 7 above.
To exercise any of these rights regarding Website data, contact our Grievance Officer above.
9. Changes to this Policy
We may update this Privacy Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. Material changes will be notified through the Website.
10. Governing Law and Contact
This Policy is governed by the laws of India. Subject to applicable law, the courts at Ahmedabad, Gujarat shall have exclusive jurisdiction over any disputes arising out of or in connection with this Policy.
Company: Satark Technology Private Limited
Registered Office: 216, Pushti Sparsh Arcade, B/s Shell Petrol Pump, Sabarmati, Ahmedabad City, Ahmedabad - 380005, Gujarat
Corporate Office: 9th Floor, GIFT One Tower, GIFT City, Gandhinagar – 382355, Gujarat, India
CIN: U62099GJ2025PTC164215
Email: hello@getsatark.com