Disclaimer & DPDP Compliance

1. General disclaimer

The information on this website, including product descriptions, performance figures (such as throughput, latency, scrubbing capacity or detection times), and case studies, is provided for general informational purposes only. While we make reasonable efforts to keep it accurate and current, Cybervate, operated by Infivate Ventures, makes no representation or warranty of any kind, express or implied, about the completeness, accuracy, reliability or suitability of this information for any particular purpose. Specific commitments are only binding when set out in a signed order form or service agreement.

2. No guarantee of security outcomes

Network security, DDoS mitigation and intrusion detection/prevention are probabilistic disciplines. No vendor, including Cybervate, can guarantee that every attack, intrusion or vulnerability will be detected or prevented. Statistics referenced on this website (for example, mitigation capacity or false-positive rates) reflect platform-level performance under typical conditions and should not be read as a guarantee for any specific deployment, traffic profile or threat scenario.

3. Third-party links

Our website may link to third-party websites or resources. We are not responsible for the content, accuracy or practices of any third-party site, and inclusion of a link does not imply endorsement.

4. Digital Personal Data Protection Act, 2023 — overview

This section sets out how Cybervate approaches compliance with India's Digital Personal Data Protection Act, 2023 ("DPDP Act") for personal data of individuals located in India ("Data Principals") that we process as part of operating our website and platform. It supplements, and should be read alongside, our Privacy Policy.

5. Our role: Data Fiduciary and Data Processor

For personal data collected directly through this website (such as demo request and contact form submissions), Cybervate acts as a Data Fiduciary under the DPDP Act and determines the purpose and means of processing that data.

For network traffic metadata processed on behalf of our customers through the Cybervate platform (for example, flow records or threat telemetry that may incidentally contain personal data such as an end-user's IP address), Cybervate acts as a Data Processor, processing that data strictly under the instructions of, and the agreement with, the relevant customer, who remains the Data Fiduciary for that data.

6. Consent & lawful basis for processing

Where Cybervate is the Data Fiduciary, we process personal data based on:

• Free, informed and specific consent, such as when you submit a form on this website, with a clear notice of the purpose of collection;
• Legitimate uses recognized under the DPDP Act, such as responding to a request you have voluntarily made, or compliance with a legal obligation;
• Contractual necessity, where processing is required to provide a service you have requested.

You may withdraw consent at any time, with effect from the date of withdrawal, by contacting our Grievance Officer (Section 9). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. Rights of Data Principals

Subject to the DPDP Act and its rules, individuals located in India have the right to:

• Access a summary of the personal data we hold about them and the processing activities carried out;
• Correction and erasure of inaccurate, incomplete or no-longer-necessary personal data;
• Grievance redressal in relation to the processing of their personal data, through our Grievance Officer;
• Nominate another individual to exercise these rights on their behalf in the event of death or incapacity;
• Withdraw consent previously given, as described in Section 6.

These rights apply to personal data for which Cybervate is the Data Fiduciary. Requests relating to network traffic data processed on behalf of a customer should generally be directed to that customer, who can in turn engage us as required under our processing agreement.

8. Grievance Officer

In accordance with the DPDP Act and applicable Indian information technology rules, Cybervate has designated a Grievance Officer to address questions, complaints or rights requests relating to personal data:

Grievance Officer
Cybervate, a venture of Infivate Ventures
2nd Floor, Minarch Tower, Plot No-4, Sector-44, Gurugram, Haryana-122003
Email: [email protected]

We aim to acknowledge grievances within 48 hours and resolve them within the timelines prescribed under applicable law.

9. Data breach notification

In the event of a personal data breach, Cybervate will notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act, and will notify affected customers in line with the breach-notification terms of their service agreement.

10. Cross-border data transfer

Cybervate may process and store data, including in our global points of presence, outside India. Where the DPDP Act or rules issued under it restrict transfers to specific countries, we will comply with those restrictions and any conditions notified by the Central Government.

11. Other applicable Indian law

In addition to the DPDP Act, Cybervate has regard to the Information Technology Act, 2000 and its associated rules, including reasonable security practices for sensitive personal data, where applicable to our operations as an Indian-headquartered company.

This page is provided for transparency and informational purposes and does not constitute legal advice. If you have specific compliance questions relating to your use of Cybervate, please contact your account team or [email protected].