PRIVACY POLICY

ShellStrong Technologies Pvt. Ltd.

Effective Date: 1st May 2026
Last Updated: 10th May 2026

Welcome to ShellStrong Technologies Pvt. Ltd. (“ShellStrong”, “we”, “our”, or “us”).

At ShellStrong, we are committed to protecting the privacy, confidentiality, and security of personal data and digital information entrusted to us. This Privacy Policy explains how we collect, use, process, store, disclose, and protect information when you:

  • Access or use our website,
  • Engage with our cybersecurity services,
  • Communicate with us,
  • Participate in assessments, investigations, or consultations,
  • Subscribe to our updates or resources,
  • Interact with our digital platforms.

This Privacy Policy is designed in accordance with applicable laws including:

  • The Digital Personal Data Protection Act, 2023 (“DPDP Act”),
  • Information Technology Act, 2000 and applicable rules,
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011,
  • Applicable cybersecurity and privacy principles followed internationally.
  1. WHO WE ARE

ShellStrong Technologies Pvt. Ltd. is a cybersecurity consulting and digital security services company headquartered in Pune, Maharashtra, India. Our services include:

  • Risk Assessment
  • Vulnerability Assessment & Penetration Testing (VAPT)
  • Digital Forensics
  • Incident Response
  • Fraud Investigation
  • Threat Intelligence
  • Governance & Compliance
  • Cybersecurity Training
  • Root Cause Analysis
  • Security Consulting
  • Attack Surface Monitoring
  • Dark Web Monitoring
  • Virtual CISO Services
  • Cybersecurity Advisory Services

More details are available at:
ShellStrong Website

  1. INFORMATION WE COLLECT

We collect information that is necessary for legitimate business operations, cybersecurity service delivery, legal compliance, and website functionality.

  1. Information You Provide Directly

We may collect:

  • Name
  • Company name
  • Designation
  • Email address
  • Phone number
  • Billing information
  • Communication details
  • Service enquiry details
  • Information submitted through forms, emails, or consultations
  1. Information Automatically Collected

When you access our website or systems, we may automatically collect:

  • IP address
  • Device information
  • Browser type
  • Operating system
  • Access timestamps
  • Referring URLs
  • Website interaction data
  • Cookies and analytics data
  • Security logs

This information helps us:

  • Maintain website functionality,
  • Detect suspicious activity,
  • Improve cybersecurity,
  • Prevent abuse,
  • Analyse performance and usage trends.

Certain technical logs may be anonymized or aggregated after operational necessity expires.

  1. Information Processed During Cybersecurity Services

As part of cybersecurity engagements, investigations, assessments, or forensic services, we may process technical and operational information including:

  • Network logs
  • Authentication records
  • Firewall logs
  • System event logs
  • Malware samples
  • Device identifiers
  • Digital evidence
  • Email headers
  • Server artefacts
  • Cloud security data
  • Threat intelligence indicators
  • Endpoint telemetry
  • Security incidents and investigation materials

Such information is processed strictly under authorized contractual engagements and solely for legitimate cybersecurity, investigative, compliance, or recovery purposes.

  1. Payment Information

Payments may be processed through authorized third-party payment processors. We do not intentionally store complete payment card information on our systems unless required for lawful operational purposes.

  1. LEGAL BASIS FOR PROCESSING

We process personal data based on one or more of the following lawful grounds:

  • Your consent,
  • Performance of contractual obligations,
  • Compliance with legal obligations,
  • Legitimate business interests,
  • Fraud prevention and cybersecurity protection,
  • Protection of rights, systems, networks, and infrastructure,
  • Incident investigation and legal compliance.
  1. HOW WE USE YOUR INFORMATION

We may use information for the following purposes:

  • Delivering cybersecurity and consulting services,
  • Conducting investigations and forensic analysis,
  • Providing technical support,
  • Communicating regarding services or enquiries,
  • Enhancing website functionality and security,
  • Preventing fraud, abuse, unauthorized access, and cyber threats,
  • Managing billing and contractual obligations,
  • Improving our services and user experience,
  • Complying with legal and regulatory obligations,
  • Maintaining operational and security records,
  • Conducting analytics and research.

We do not sell personal data.

  1. COOKIES AND TRACKING TECHNOLOGIES

Our website may use cookies and similar technologies to:

  • Improve user experience,
  • Maintain website functionality,
  • Analyse traffic,
  • Remember preferences,
  • Enhance security monitoring,
  • Measure website performance.

Some third-party embeds or integrations may also use cookies, including platforms such as:

  • YouTube,
  • Google Maps,
  • Vimeo,
  • Social media integrations,
  • Analytics providers.

You may control cookies through browser settings. However, disabling certain cookies may affect website functionality.

  1. THIRD-PARTY SERVICES

We may engage trusted third-party providers for:

  • Website hosting,
  • Cloud infrastructure,
  • Analytics,
  • Email services,
  • Communication tools,
  • Security monitoring,
  • Payment processing,
  • Customer relationship management,
  • Operational support.

These parties are required to maintain appropriate security and confidentiality protections.

  1. HOW WE SHARE INFORMATION

We may disclose information:

  • With authorized employees and consultants,
  • With service providers assisting in operations,
  • With client-authorized representatives,
  • To law enforcement or regulatory authorities when legally required,
  • During mergers, acquisitions, restructuring, or business transfers,
  • To protect legal rights, systems, investigations, or security interests,
  • With your explicit consent.

We do not knowingly disclose personal information for unauthorized commercial exploitation.

  1. DATA RETENTION

We retain information only for as long as reasonably necessary for:

  • Service delivery,
  • Legal compliance,
  • Audit requirements,
  • Security monitoring,
  • Dispute resolution,
  • Contract enforcement,
  • Incident investigation,
  • Preservation of forensic evidence.

Certain cybersecurity logs, forensic artefacts, investigation materials, and security records may be retained for legally mandated or contractually agreed periods.

When data is no longer required, we take reasonable steps to securely delete, anonymize, or archive it.

  1. DATA SECURITY

We implement appropriate technical, organizational, and administrative safeguards to protect information from unauthorized access, disclosure, alteration, misuse, or destruction.

Our security measures may include:

  • Encryption,
  • Access control mechanisms,
  • Least-privilege access,
  • Security monitoring,
  • Network protection,
  • Logging and auditing,
  • Secure backup mechanisms,
  • Confidentiality agreements,
  • Security awareness practices.

Access to sensitive information is restricted to authorized personnel on a need-to-know basis.

While we strive to use commercially acceptable means to protect data, no method of electronic transmission or storage can be guaranteed as absolutely secure.

  1. DIGITAL FORENSICS & INVESTIGATIVE CONFIDENTIALITY

ShellStrong maintains strict confidentiality regarding:

  • Cybersecurity investigations,
  • Incident response engagements,
  • Digital forensic examinations,
  • Threat intelligence activities,
  • Vulnerability assessments,
  • Client systems and infrastructure,
  • Sensitive evidence and investigation artefacts.

Digital evidence is processed only under proper authorization and applicable legal frameworks.

We do not engage in unlawful interception, surveillance, unauthorized monitoring, or unauthorized access activities.

  1. CROSS-BORDER DATA TRANSFERS

Due to the nature of internet infrastructure and cloud technologies, certain information may be processed or stored on systems located outside India.

Where cross-border processing occurs, we take reasonable steps to ensure appropriate security safeguards and contractual protections are implemented.

  1. YOUR RIGHTS

Subject to applicable law, you may have rights including:

  • Right to access your personal data,
  • Right to correction of inaccurate information,
  • Right to request erasure,
  • Right to withdraw consent,
  • Right to grievance redressal,
  • Right to restrict or object to certain processing,
  • Right to nominate another individual under applicable law,
  • Right to approach appropriate regulatory or legal authorities.

To exercise your rights, please contact us using the details below.

  1. CHILDREN’S PRIVACY

Our services are not intended for individuals below 18 years of age.

We do not knowingly collect personal data from children without lawful authorization. If we become aware that such information has been unintentionally collected, we will take reasonable steps to delete it in accordance with applicable law.

  1. THIRD-PARTY LINKS

Our website may contain links to third-party websites or services.

We are not responsible for the privacy practices, security standards, or content of external websites. Users are encouraged to review the respective privacy policies of such third parties before sharing information.

  1. DATA BREACH RESPONSE

In the event of a security incident or personal data breach affecting information under our control, we will take reasonable steps to:

  • Investigate the incident,
  • Mitigate impact,
  • Preserve evidence where appropriate,
  • Comply with legal reporting obligations,
  • Notify affected parties or authorities where required by applicable law.
  1. GOVERNING LAW & JURISDICTION

This Privacy Policy shall be governed by and interpreted in accordance with the laws of India.

Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of competent courts located in Pune, Maharashtra, India, subject to applicable legal requirements.

  1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect:

  • Changes in laws,
  • Technological developments,
  • Security practices,
  • Operational requirements,
  • Regulatory guidance.

Updated versions will be published on this page with a revised “Last Updated” date.

Continued use of our website or services after updates constitutes acknowledgement of the revised policy.

  1. CONTACT & GRIEVANCE REDRESSAL

For privacy concerns, data requests, or grievances, please contact:

Grievance Officer / Privacy Contact

ShellStrong Technologies Pvt. Ltd.
Purushottam Apartments, A-6,
Model Colony Rd, opposite Ambassador Hotel,
Rage Path, Model Colony, Shivajinagar,
Pune, Maharashtra 411016, India.

Phone: +91 9028512729
Email: contact@shellstrong.in
Website: www.shellstrong.com

  1. ACKNOWLEDGEMENT

By using our website or engaging with our services, you acknowledge that you have reviewed and understood this Privacy Policy.