How we handle your personal data

AutoCops (a Subsidiary of Techium Solution Pvt Ltd) (referred to as “AutoCops”, “we”, “us”, or “our”) is the Data Fiduciary for the personal data described in this policy. We are incorporated in India and our principal place of business is in New Delhi.

You can contact us at any time at hello@autocops.org. If you have a privacy-specific concern, you can reach our Grievance Officer at the same address with the subject line “Grievance”.

This policy describes how we handle personal data collected through our marketing website at autocops.org and the AutoCops application. It does not cover personal data that our customers process using the AutoCops platform on their own infrastructure — for that, our customers are the Data Fiduciary and their own privacy notices apply.

We collect the following categories of personal data:

• Contact details when you book a demo, run our free assessment, or email us — typically your name, work email, organisation, designation, and phone number.
• Usage data from our website — your IP address, device type, browser, pages visited, and the timing of your visit. We use this for security and to understand which content people find useful.
• Account data if you become a customer — username, hashed password, MFA enrolment data, role assignments, and audit log entries for actions you take in the application.
• Communication content when you write to us — the body of your email, attachments, and any follow-up correspondence.

We process personal data for the following specific purposes:

• To respond to your enquiries and demo requests
• To deliver the AutoCops product and service to our customers
• To send you the assessment report you requested
• To operate, secure, and improve our website and application
• To meet our legal obligations under Indian law (including the DPDP Act 2023)
• To send you transactional emails (account, security, billing) — we do not add you to a marketing list without your explicit opt-in

Our lawful basis for processing your personal data is your consent (Section 6 of the DPDP Act) or, in some cases, lawful use under Section 7 — for example, when processing is necessary to provide a service you have signed up for, or to meet a legal obligation. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

We retain personal data only for as long as it is needed for the purpose for which it was collected, or for as long as we are required by law to retain it.

• Demo enquiries: 24 months from last contact, then erased
• Free assessment results: 12 months from submission, then erased
• Customer account data: as long as the account is active, plus 12 months
• Audit logs: 7 years (statutory retention)
• Marketing email subscribers: until you unsubscribe, plus 30 days

Under the DPDP Act 2023, you have the right to:

• Access a summary of the personal data we hold about you
• Request correction or completion of inaccurate data
• Request erasure of your data when its purpose is fulfilled
• Withdraw consent at any time
• Nominate another person to exercise these rights on your behalf
• Submit a grievance to our Grievance Officer
• Escalate to the Data Protection Board if you are not satisfied with our response

To exercise any of these rights, email us at hello@autocops.org. We will acknowledge within 24 hours and respond within the statutory window set by the DPDP Rules 2025.

We implement reasonable security safeguards in line with Section 8(5) of the DPDP Act, including encryption at rest and in transit, role-based access control, multi-factor authentication for all privileged accounts, regular vulnerability assessments, and a documented incident response process. The full technical detail is available in our Trust Center.

We do not transfer personal data outside India unless explicitly required to deliver a service you have signed up for. Where such transfers occur, they are restricted to countries notified as permissible under Section 16 of the DPDP Act 2023, and are governed by Data Processing Agreements with appropriate safeguards.

Our website and platform are not intended for children under 18. We do not knowingly collect personal data from children. If you believe we have collected personal data from a child, please contact us immediately and we will delete it.

We may update this policy from time to time to reflect changes in our practices or in the law. The effective date at the top of the policy always shows the current version. If we make material changes, we will notify affected individuals where reasonably possible.