Privacy Notice

Version v1 · Effective for Cyepro Solutions Private Limited

Issued under the Digital Personal Data Protection Act, 2023 (Rule 3) and the GDPR (Articles 13–14).

Who we are (Data Fiduciary / Controller)

This insurance CRM platform is operated by Cyepro Solutions Private Limited (registered office: First Floor, Shritan Govardhana Giri, Plot No.3-6, Sy No.58/1, Gopana Palli Road, Hyderabad, Rangareddy, Telangana 500046, India), acting as the data fiduciary (controller) for the personal data described below. Your insurance dealer, broker, or agency that uses this platform processes your data within it. The platform operator acts as the data processor on their behalf for hosting, security, and the services described here. We are governed by the laws of India, including the Digital Personal Data Protection Act, 2023.

Personal data we collect

When you make an insurance enquiry or your policy is renewed/serviced, we collect the following categories of personal data:

  • Name
  • Mobile / phone number
  • Email address
  • Vehicle registration number
  • Vehicle chassis number
  • Vehicle engine number
  • Insurance policy number
  • Postal PIN code
  • Vehicle details (make, model, variant, year)
  • Policy details (insurer, premium, sum insured, start/expiry dates)
  • Interaction history (enquiries, quotes, follow-ups, appointments, service requests)

Why we use your data (Purposes)

  • Preparing and sharing insurance quotes for you
  • Processing policy renewals and reminding you before expiry
  • Following up on your enquiry and arranging callbacks/appointments
  • Servicing your policy and responding to your requests

Our legal bases for processing

  • Your consent, where you have given it for a specific purpose (you can withdraw it at any time)
  • Performance of a contract — to provide the insurance quoting/renewal service you requested
  • Legitimate uses permitted under the DPDP Act, 2023 and legitimate interests under GDPR Art 6(1)(f)
  • Compliance with a legal obligation, where applicable

How long we keep your data (Retention)

We retain your personal data only as long as necessary. Policy and related records are kept until policy expiry plus 7 year(s), after which they are securely erased. Inactive enquiries with no active policy are purged after a period of inactivity, and soft-deleted records are permanently removed after a short grace window.

Your rights as a data principal

Under the DPDP Act, 2023 and the GDPR you have the right to:

  • Access — request a summary of the personal data we hold about you
  • Correction — request that inaccurate or incomplete data be corrected or updated
  • Erasure — request deletion of your personal data, subject to legal retention
  • Withdraw consent — withdraw any consent you previously gave, at any time
  • Grievance redressal — raise a complaint about how your data is handled
  • Nominate — nominate another person to exercise these rights in the event of death or incapacity

How to exercise your rights

To access, correct, or erase your data, or to withdraw consent, contact our Grievance Officer: Cyepro Grievance Officer (support@cyepro.com). We will respond within the timelines required by applicable law. If you are not satisfied, you may escalate to the Data Protection Board of India or your local supervisory authority.

Where we obtained your data (indirectly collected data)

Some data is provided directly by you. In other cases your data may have been provided to us by your insurance dealer, broker, or agency, or uploaded in bulk from their records (for example, an existing policy due for renewal). Where your data was not collected directly from you, this notice serves as the disclosure required under GDPR Art 14, and the categories and purposes above apply.

Children’s data

Our services are intended for adults (18 years and older). We do not knowingly collect or process the personal data of children. If you believe a child’s personal data has been provided to us, please contact our Grievance Officer and we will delete it.

How we protect your data (Security measures)

  • Personal data is encrypted at rest using database-level encryption (pgcrypto / AES)
  • Access is restricted by row-level security so staff only see data within their authority
  • Your data is hosted in India (Supabase, ap-south-1 region)
  • All access to your records is audit-logged
  • We maintain a personal-data breach register and notification process

Grievance Officer / contact

Grievance Officer: Cyepro Grievance Officer. Contact: support@cyepro.com.