Privacy Policy
Last updated June 3, 2026
Decipher Zone Technologies ("Decipher Zone", "we", "us") operates https://www.decipherzone.com and provides software development services to clients across 35+ countries. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by CPRA (CCPA), and the India Digital Personal Data Protection Act, 2023 (DPDPA).
If you only have time for the short version: we collect what you give us through our contact and consultation forms, we use it to reply to your enquiry and to run a quiet B2B sales process, we keep it for up to 24 months from your last interaction, and you can ask us to delete it any time by emailing info@decipherzone.com.
1. Data controller
The data controller for personal data processed through this website is:
- Decipher Zone Technologies
- C-29 Q Block, Mansarovar Extension, Narayan Vihar, Jaipur, Rajasthan 302029, India
- Email: info@decipherzone.com
- Phone: +91 9602714737
We have not appointed a Data Protection Officer because we are not required to under Article 37 GDPR. For any data protection question, including DPDPA Data Fiduciary requests, write to the email above and we will route the request internally.
2. Information we collect
Information you provide
- Contact and consultation forms: your name, email address, phone number, country, company name, and the contents of your message.
- Project Estimator: the project type, industry, feature selections, and any cost or budget figures you enter to generate an estimate. The detailed estimate brief is only sent to us if you submit the unlock form.
- Chat (Zeno or Tawk.to): the messages you send during the chat session and any contact details you choose to share.
Information collected automatically
- Usage data: pages visited, time spent on each page, scroll depth, referrer, and approximate location derived from your IP address. Collected via our internal analytics and Google Analytics 4 only after you accept analytics cookies.
- Device data: browser, operating system, screen size, and user agent string.
Information we do not collect
- We do not knowingly collect special category data (race, religion, health, biometric, sexual orientation).
- We do not knowingly collect personal data from children under 16.
- We do not buy or rent personal data from data brokers.
3. Lawful basis for processing
Under GDPR and UK GDPR we rely on the following lawful bases:
- Consent (Article 6(1)(a)): for analytics cookies, marketing cookies, the chat widget, and any optional newsletter sign-ups.
- Legitimate interest (Article 6(1)(f)): for responding to B2B enquiries, security logging, fraud prevention, and improving our services. We have performed a balancing assessment that documents why our interest in running a sales process does not override your rights.
- Performance of a contract (Article 6(1)(b)): once a Statement of Work is signed, we process your data to deliver the engagement.
- Legal obligation (Article 6(1)(c)): tax, accounting, and other statutory obligations.
4. How we use your information
- Reply to your enquiry within one business day.
- Schedule consultation calls and send proposals.
- Run a quiet B2B sales follow-up cycle until you ask us to stop or 24 months pass with no interaction.
- Operate and improve this website, including aggregated analytics and error monitoring.
- Detect and prevent abuse, spam, and security incidents.
- Meet our legal, tax, and accounting obligations.
We do not use your personal data for automated decision-making with legal or similarly significant effects.
5. Cookies and tracking
We use cookies and similar technologies. A full list lives in our Cookie Policy. Non-necessary cookies do not load until you accept them through the cookie banner. You can change your choice at any time using the Cookie Settings link in the footer.
6. Who we share your data with
We share personal data only with the processors and recipients listed below. Each is bound by a Data Processing Agreement or its equivalent.
| Processor | Purpose | Location |
|---|---|---|
| Google LLC (Google Analytics 4) | Website usage analytics | USA |
| Tawk.to Inc. | Live chat widget (where enabled) | USA |
| Our hosting and CDN provider | Serving the website and storing form submissions | USA and EU |
| Internal CRM and email systems | Sales follow-up and customer support | India |
| Auditors, lawyers, banks, tax advisors | Statutory obligations and dispute resolution | India |
We do not sell your personal data and we do not share it with advertisers or data brokers.
7. International transfers
Your personal data is primarily processed in India, where our development team is based, and may be sub-processed in the United States and the European Union by the processors listed above. For transfers out of the EEA or the UK we rely on the European Commission Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum where applicable. For transfers out of California and other US states, we rely on contractual safeguards and processor certifications.
8. How long we keep your data
- Contact form, consultation form, and Project Estimator briefs: 24 months from your last interaction, then deleted or anonymised.
- Chat transcripts (Zeno or Tawk.to): 12 months from the session end.
- Analytics data (GA4 and internal): aggregated indefinitely, raw event data 14 months.
- Signed contracts and invoices: 8 years for statutory and tax compliance.
You can request earlier deletion at any time. We will comply unless we are legally required to retain the data.
9. Your rights
If you are in the EEA, the UK, or Switzerland (GDPR / UK GDPR)
- Right of access to the personal data we hold about you.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (the "right to be forgotten").
- Right to restrict or object to processing.
- Right to data portability in a structured machine-readable format.
- Right to withdraw consent at any time where processing is based on consent.
- Right to lodge a complaint with your supervisory authority. In the UK this is the ICO at ico.org.uk.
If you are a California resident (CCPA / CPRA)
- Right to know what personal information we collect, use, and disclose.
- Right to delete personal information we have collected.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under CPRA, but you can still register your preference by emailing us at info@decipherzone.com with the subject line "Do Not Sell or Share".
- Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined under CPRA.
- Right to non-discrimination for exercising any of these rights.
If you are in India (DPDPA 2023)
- Right to access a summary of the personal data we process about you.
- Right to correction and erasure of personal data.
- Right to nominate another person to exercise your rights in the event of incapacity or death.
- Right to grievance redressal. Contact our grievance officer at info@decipherzone.com. We will respond within 30 days.
To exercise any right, email us at info@decipherzone.com. We will verify your identity and reply within one calendar month (extendable by two further months for complex requests, with notification).
10. Children
Our website and services are aimed at businesses and adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact us and we will delete it.
11. Security
We apply technical and organisational measures to protect personal data, including encryption in transit (TLS 1.2 or higher), access controls, secrets management, role-based authorisation, code review, and ISO 9001 quality processes. No method of transmission or storage is ever 100% secure, and we cannot guarantee absolute security. In the event of a personal data breach affecting EEA, UK, California, or India residents we will notify the relevant supervisory authority within 72 hours where required, and we will notify affected individuals without undue delay where the breach poses a high risk to their rights and freedoms.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be highlighted on the homepage or by email if we have your address on file. The "Last updated" date at the top of this page always reflects the current version.
13. Contact us
For any privacy, data protection, or DPDPA grievance question, email info@decipherzone.com or write to the postal address listed in section 1. We aim to acknowledge within two business days.