Privacy Policy for CyberArcade (Innvikta Cybersecurity Solutions)

Last Updated: 2025

Your privacy is important to us. At Innvikta Cybersecurity Solutions ("Company," "we," "us," or "our"), we are committed to protecting your personal information and handling it responsibly. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you may have under applicable data protection laws.

Please read this policy together with any additional notices we may provide when collecting or processing your data. By using CyberArcade, our cybersecurity awareness gaming platform ("Platform" or "Services"), you agree to this Privacy Policy and our Terms and Conditions.

1. Company Information

Company Name: Innvikta Cybersecurity Solutions
Business Address: D1 601, Satin Hills, Bavdhan, Pune – 411021, Maharashtra, India
Contact Email: privacy@innvikta.com
Website: www.innvikta.com

2. What is Personal Data?

Personal data refers to any information that can identify an individual, directly or indirectly. This includes, but is not limited to name, email address, phone number, job title, organization details, IP address and device identifiers.

3. Data Controller and Processor Roles

• We act as a Data Controller for registration, account management, marketing communications, analytics, and research.
• We act as a Data Processor for employee training data and learning analytics processed on behalf of client organizations.

Ownership:

• Employees own their personal data.
• Organizations (employers) own the training records and results of their employees.
• Employees wishing to exercise rights regarding training data must contact their employer directly, who will then coordinate with us if needed.

4. Personal Data We Collect

We may collect the following categories of data:

4.1 Registration and Account Information

• Microsoft/Office 365 email (required for SSO login)
• Basic profile details from Microsoft authentication
• Organization and department details

4.2 Training and Gameplay Data

• Training progress, completion records, and certificates
• Quiz and assessment results
• Gameplay interactions, performance metrics, achievements
• Phishing simulation responses and awareness test results

4.3 Technical Information

• IP address, device details, browser type, operating system
• Login timestamps and session data
• Platform usage analytics and logs

4.4 Communication Data

• Support requests and responses
• Feedback and surveys
• Email preferences and unsubscribe records

4.5 Other Sources

We may also collect personal data:

• From publicly available sources (databases, social media)
• From affiliates, partners, and service providers
• From events, conferences, or webinars where you interact with us
• From employment or partnership applications you submit to us

5. Legal Basis for Processing

We process personal data on one or more of the following bases:

• Contractual necessity: To deliver our services and fulfill agreements.
• Consent: For marketing communications and when publishing research that could identify individuals or organizations.
• Legitimate interests: For improving services, ensuring security, and fraud prevention, provided these interests are not overridden by your rights.
• Legal obligations: Where processing is required to comply with applicable laws.

6. How We Use Your Data

6.1 Platform Services

• Providing access to training modules and games
• Tracking learning progress and issuing certificates
• Running simulations and awareness assessments

6.2 Marketing Purposes

• By agreeing to our Terms and Privacy Policy, you consent to receive cybersecurity insights, updates, promotions, and surveys via your business email.
• All emails include an unsubscribe option, and you can withdraw consent anytime.

6.3 Research and Development

• Aggregated or anonymized data may be used to improve features, benchmark awareness, or support research.
• No personally identifiable information will ever be published or shared without explicit consent.

7. Cookies

The Platform currently uses only session cookies to enable secure login and core functionality. No tracking, advertising, or third-party analytics cookies are used.

8. Data Sharing

We may share your data with:

• Microsoft: For SSO authentication (independent controller under Microsoft's privacy policies)
• Service providers: Hosting, analytics, communication, and support tools
• Affiliates or group companies: For operational and administrative purposes
• Legal authorities: When required by law

We do not sell personal data to third parties.

9. Payment Processing

CyberArcade is subscription-based. Payments are made annually, in advance, by organizations. No individual user payments are accepted.

10. Data Retention

• Training data: Stored for the subscription term + 90 days after termination.
• Marketing data: Retained until you unsubscribe or withdraw consent.
• Legal/security logs: Retained as required by law.

11. Data Security

We implement strong security controls, including:

• Encryption of data in transit and at rest
• Role-based access controls
• Regular audits and monitoring
• Incident response and breach notifications

Our security program is aligned with international standards such as ISO 27001 and SOC 2.

Please note, while we apply robust safeguards, no system is 100% secure. Users should also protect their accounts (e.g., keeping passwords safe, ensuring secure device use).

12. International Data Transfers

• EU/EEA clients: Data is stored and processed in the EU.
• Indian clients: Data is stored and processed in India.
• Other regions: Appropriate safeguards such as Standard Contractual Clauses (SCCs) are applied.

13. Children's Data

The Platform is not intended for users under 18.

14. Your Rights

Depending on your location, you may have the right to:

• Access, correct, or erase your personal data
• Object to processing or withdraw consent
• Restrict or port your data

How to exercise rights:

• For registration/marketing data → contact us at privacy@innvikta.com
• For training data → contact your employer directly
• We will respond to requests within required timelines (e.g., 30 days under GDPR).

15. Global Legal Compliance

We comply with:

• GDPR (EU/EEA)
• India's DPDP Act, 2023
• California CCPA
• Virginia VCDPA
• UAE Data Protection Law
• Saudi PDPL

Where local laws grant additional rights, those rights will apply.

16. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform, by email, or by other appropriate means.

17. Contact & Reporting

Privacy Officer: Rajsinh Phadtare
Email: privacy@innvikta.com
Phone: +91 8788402025
Address: D1 601, Satin Hills, Bavdhan, Pune – 411021, Maharashtra, India

If you suspect a security issue or receive suspicious communication claiming to be from Innvikta, please report it immediately to privacy@innvikta.com.

← Back