Skip to main content
Legal & Compliance

Privacy Policy

How we collect, use, and protect your personal information

Effective Date: July 1, 2026

Last Updated: July 2026

RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED ("CloudServe Digital", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cloudservedigital.com and our related websites (collectively, the "Services"), including our IndianMetropolis and Vernacia waitlists.

This Privacy Policy is compliant with the General Data Protection Regulation (GDPR) for users in the European Union, the Digital Personal Data Protection Act, 2023 (DPDP Act) for users in India, and the California Consumer Privacy Act (CCPA) for users in California.

1. Data We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Contact Forms: Name, email address, phone number, company name, and message content
  • Early Access Signup: Name, email address, organization, role, and areas of interest

1.2 Automatically Collected Information

When you visit our Services, we automatically collect:

  • Device Information: IP address, browser type, device type, operating system
  • Usage Data: Pages visited, time spent, referring URLs, click patterns
  • Analytics Data: Google Analytics collects aggregated usage statistics
  • Performance Data: Page load times, error logs, technical diagnostics

1.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies. See Section 9 for details.

2. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To respond to your inquiries, process requests, and provide customer support
  • Communication: To send you updates and product announcements about IndianMetropolis and Vernacia (with consent)
  • Improvement: To analyze usage patterns and improve our Services
  • Security: To detect, prevent, and address technical issues and security threats
  • Compliance: To comply with legal obligations and enforce our Terms of Service
  • Analytics: To understand user behavior and measure website performance

4. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with the following third parties:

Third-Party Service Providers

Legal Disclosures

We may disclose your data if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or the public.

5. Your Rights

5.1 GDPR Rights (EU Users)

Under GDPR, you have the following rights:

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Correct inaccurate or incomplete data
  • Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Article 18): Limit how we use your data
  • Right to Data Portability (Article 20): Receive your data in a machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (does not affect lawfulness of prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

5.2 DPDP Act Rights (India Users)

Under the DPDP Act, you have the following rights:

  • Right to Access: Obtain information about your data and how it's processed
  • Right to Correction: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Data Portability: Receive your data in a structured format
  • Right to Withdraw Consent: Withdraw consent with the same ease as giving consent
  • Right to Grievance Redressal: File a grievance with our Data Protection Officer (see Grievance Mechanism)
  • Right to Nominate: You have the right to nominate any individual to exercise your data protection rights in the event of your death or incapacity.

5.3 CCPA Rights (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: Opt-out of the "sale" of your personal information — we do not sell personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights

IMPORTANT NOTICE:

We do NOT sell your personal information. We do not and will not sell your personal information to third parties for monetary or other valuable consideration. We may share certain information with service providers and partners as described in this Privacy Policy, but such sharing does not constitute a "sale" under CCPA.

To exercise your CCPA rights, please contact us at [email protected] or call +91 91106 18988. We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days with notice).

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or use our Grievance Mechanism. We will respond to your request within 30 days for GDPR requests and within 30 days for DPDP Act requests.

6. Data Security

We implement industry-standard security measures to protect your personal data:

  • Encryption in Transit: TLS 1.3 encryption for all data transmitted over the internet
  • Encryption at Rest: Data stored in databases is encrypted using AES-256
  • Access Controls: Role-based access controls and least-privilege principle
  • Security Headers: Content Security Policy (CSP), HSTS, X-Frame-Options, and other protective headers
  • Regular Audits: Periodic security audits and vulnerability assessments
  • Rate Limiting: Protection against brute-force attacks and DDoS
  • Secure Development: OWASP Top 10 compliance and secure coding practices

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification: In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, where feasible. We will also notify the Data Protection Board of India and relevant supervisory authorities as required by DPDPA 2023 and GDPR Article 33.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

Data TypeRetention Period
Contact form submissions24 months from submission
Early access signups2 years or until product launch
Analytics data26 months (Google Analytics default)
Rate limiting dataAuto-expires per request window

After the retention period expires, we securely delete or anonymize your data. We may retain data longer if required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

8. Cross-Border Data Transfers

CloudServe Digital is based in India. We may transfer your personal data to countries outside your jurisdiction, including:

8.1 Transfers from EU/EEA

For users in the European Union or European Economic Area, your data may be transferred to India and the United States. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission
  • Adequacy Decisions: Where applicable, relying on EU Commission adequacy decisions
  • Service Provider Agreements: Data processing agreements with all third-party processors

8.2 Transfers from India

For users in India, your data may be transferred for processing by third-party service providers (Resend, Google Analytics, Google Cloud Platform). We ensure compliance with DPDP Act requirements:

  • Consent: Your explicit consent for cross-border transfers
  • Contracts: Data processing agreements with adequate safeguards
  • Government Approvals: Compliance with any government-mandated transfer requirements

Note on Data Localization: CloudServe Digital is committed to data localization and plans to implement India-based data storage for Indian users by Q3 2026. Currently, some data processing occurs outside India as described above.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. A cookie is a small text file stored on your device. For more detailed information, see our Cookie Policy.

Types of Cookies We Use

Cookie TypePurposeDuration
EssentialRequired for website functionality (theme preference, session)Session / 1 year
AnalyticsGoogle Analytics for usage statistics2 years
FunctionalRemember your preferences (language, layout)1 year
MarketingCurrently not used (future use with explicit consent)N/A

Managing Cookies

You can control cookies through:

  • Browser Settings: Most browsers allow you to refuse or delete cookies
  • Cookie Banner: Use our cookie consent banner to manage preferences
  • Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on
  • Do Not Track: We respect browser Do Not Track (DNT) signals

Note: Disabling essential cookies may affect website functionality.

10. Children's Privacy

Our Services are not intended for children under 18 years of age (or under 16 in the EU). We do not knowingly collect personal data from children.

If we discover that we have collected personal data from a child without parental consent, we will delete that information immediately. If you believe we have collected data from a child, please contact us at [email protected].

11. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email (if you have provided an email address)
  • Display a prominent notice on our website
  • Request renewed consent where required by law

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact & Grievances

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED

Grievance Officer: Santhosh Suryavanshi

Email: [email protected]

Grievance Email: [email protected]

General Inquiries: [email protected]

Registered Office

RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED

#36, WeWork Prestige Central, Infantry Road, Mahatma Gandhi Road, Bengaluru – 560001, Karnataka, India

CIN: U62091KA2025PTC210162

GST: 29AAPCR1639E1Z3

Phone: +91 91106 18988

Grievance Redressal:
For DPDP Act grievances, visit our Grievance Mechanism page.

Response Timeline

  • GDPR Requests: We will respond within 30 days (may be extended by 2 months for complex requests)
  • DPDP Act Grievances: We will acknowledge within 72 hours and resolve within 30 days
  • General Inquiries: We aim to respond within 5 business days

Regulatory Authorities

If you are not satisfied with our response, you have the right to lodge a complaint with:

Transparency Note: CloudServe Digital is a division of RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED, incorporated October 2025. IndianMetropolis and Vernacia are pre-launch, invite-only waitlist products; invitations begin Q3 2026 with full public launch in Q3 2026. This Privacy Policy is designed to be compliant with GDPR, DPDP Act, and CCPA requirements from day one. We will update this policy as products launch to reflect our evolving data practices while maintaining the highest standards of privacy protection.