Privacy Policy

1. Introduction

ErlySign ("we," "our," or "us") is a product of Shubhendra Singh Thakur, operating as ErlySign, registered at EON Free Zone, Kharadi, Pune, Maharashtra 411014, India. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website geterlysign.com and interact with our services.

This policy is designed to comply with the India Information Technology Act 2000, the Digital Personal Data Protection Act 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), as applicable to the relevant categories of users.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

• Fill out a contact or pilot request form (name, work email, company name, device fleet size, device type, and any additional context you choose to provide)
• Communicate with us by email at [email protected]
• Subscribe to technical updates or blog notifications
• Report a security vulnerability through our responsible disclosure process

2.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and approximate geographic location (country/region)
• Browser type, version, and language preference
• Pages visited and time on page
• Referring URL
• Device type and operating system
• Cookie identifiers (see Section 4)

3. How We Use Your Information

We use the information we collect to:

• Respond to pilot requests, contact form inquiries, and technical questions
• Onboard pilot customers and provide technical support during pilot engagement
• Send transactional communications related to your pilot or account (e.g., onboarding instructions, architecture session scheduling)
• Send marketing communications about ErlySign updates, new features, or relevant content — only with your explicit consent
• Improve our website and understand how visitors interact with our content
• Comply with applicable legal obligations under the India IT Act 2000, DPDP Act 2023, or other applicable law

4. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our website. Essential cookies are required for basic website functionality and cannot be disabled. Analytics cookies (if enabled with your consent) help us understand website usage. For full details, see our Cookie Policy. You can manage your cookie preferences using the banner that appears when you first visit the site.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

• Service providers who help us operate our website and deliver our services (e.g., cloud hosting providers, email delivery services) — under contractual data processing agreements
• Legal authorities when required by applicable law (including the India IT Act 2000, DPDP Act 2023, or court order), or to protect our rights or prevent fraud
• Acquiring entities in the event of a merger, acquisition, or asset sale — users will be notified of any change in data controller

6. Data Security

We implement technical and organizational security measures appropriate to the sensitivity of the information we process. Our website is served over TLS. API communications use TLS 1.3. Contact form submissions are transmitted encrypted. We are a security infrastructure company; our own security practices are held to a corresponding standard.

No method of transmission over the Internet is 100% secure. If you believe your information has been compromised, please contact us immediately at [email protected].

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, or as required by law. Pilot inquiry information is retained for 24 months following last contact. You may request deletion at any time (see Section 8).

8. Your Rights

Under applicable law, you may have the following rights regarding your personal data. To exercise any right, contact us at [email protected] with the subject line "Privacy Request."

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Objection / Restriction: Object to or request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent to marketing communications at any time

8.1 India DPDP Act 2023 (Indian Users)

Under the Digital Personal Data Protection Act 2023, Indian residents have the right to access, correct, and erase their personal data, and to nominate a representative in the event of their death or incapacity. We act as a "Data Fiduciary" under the DPDP Act for data we collect from Indian residents. Grievances may be submitted to [email protected] and will be addressed within the timeframes prescribed by the DPDP Act and its rules.

8.2 EU/EEA Users (GDPR)

For users located in the European Union or European Economic Area, we process personal data under the following lawful bases: (a) your consent, (b) performance of a contract (for pilot customers), (c) legitimate interests (for analytics and security), or (d) compliance with a legal obligation. You have the right to lodge a complaint with your national data protection authority.

8.3 California Residents (CCPA)

California residents have the right to know what personal information we collect and share, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a California privacy request, email [email protected] with the subject line "CCPA Privacy Request."

9. International Data Transfers

Our servers are hosted on AWS infrastructure, which may involve transfers of data to servers located outside India. For transfers from the EU/EEA, we use appropriate safeguards including Standard Contractual Clauses (SCCs). For transfers of Indian personal data outside India, we comply with the applicable cross-border data transfer requirements of the DPDP Act as implemented.

10. Third-Party Links

Our website may contain links to third-party websites or services (e.g., GitHub for SDK access, documentation external resources). We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

Our website and services are directed at business and technical professionals and are not intended for children under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will update the "Last updated" date at the top of this page. For material changes, we will provide notice by email (if you have provided your email address) or by a prominent notice on our website.

13. Contact Us

For privacy inquiries, data subject requests, or concerns about this policy:

ErlySign
EON Free Zone, Kharadi, Pune, Maharashtra 411014, India
Email: [email protected]
Phone: +91 20 546 3908