Privacy Policy — Coditing® | AI Consulting · Cyber Security

In this policy

Scope and definitions
What we collect
How we use information
Legal basis for processing
Cookies and tracking
Third-party services
Data sharing
Data retention
International transfers
Your rights
Security of your data
Children's privacy
Changes to this policy
Contact

01Scope and definitions

This Privacy Policy governs personal data processed by Arunima Consulting Pvt. Ltd. (operating under the registered trademark Coditing®, "Coditing", "we", "us", or "our") through (a) the website at coditing.com and any subdomains, and (b) advisory, audit, training, and engineering services delivered to clients ("Services").

"Personal data" means any information that identifies you directly (such as your name or email) or that could reasonably be combined with other information to identify you. We use the terms "you" and "your" to refer to visitors to our site, prospects, clients, vendors, and other individuals whose data we process.

02What we collect

Coditing's website is intentionally minimal — there are no embedded forms, no analytics scripts, and no tracking pixels by default. The data we receive in connection with this site is therefore limited to:

Server log data. Our hosting provider automatically records standard HTTP request data — IP address, user-agent, requested URL, response status, referrer, and timestamp — to deliver the page and detect abuse. Logs are retained per the provider's standard data retention window.
Email correspondence. If you write to info@coditing.com or click any mailto: link on our site, your email address and message contents are processed by our email provider so we can respond.
Booking data. If you click "Book a 30-min call" you are redirected to our scheduling provider (the destination URL is visible at the point of click). Any name, email, scheduling preferences, or notes you submit there are processed by that provider on Coditing's behalf, subject to that provider's privacy terms.
Engagement data. Where you become a Coditing client, we process the information required to scope, deliver, and invoice services — typically business contact details, scope documents, technical evidence, and where contractually agreed, restricted technical artefacts subject to NDA.

What we do not collect on the website: we do not embed Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any other third-party tracking script. No cookies are set by Coditing on the website itself.

03How we use information

We use the personal data described above only for the following purposes:

Operating, maintaining, and securing the website
Responding to email enquiries and scheduling calls you request
Delivering, supporting, and billing for Services you engage us for
Complying with legal, regulatory, audit, and tax obligations
Protecting Coditing, our clients, and the public from security incidents and abuse
Communicating Service-related updates (we do not send marketing email without prior consent)

04Legal basis for processing

Where the EU General Data Protection Regulation (GDPR), UK GDPR, India's Digital Personal Data Protection Act 2023 (DPDP), or California Consumer Privacy Act (CCPA) applies, our legal bases for processing are:

Contract — to enter into and perform our Services agreement with a client
Consent — where you have voluntarily provided your data via email or a booking system
Legitimate interest — to operate, secure, and improve our website and Services in a manner consistent with your expectations
Legal obligation — to comply with tax, accounting, audit, and regulatory requirements applicable to a consulting firm

05Cookies and tracking

The Coditing website does not set first-party cookies and does not embed third-party tracking technologies. If a future change to the site introduces cookies or analytics — for example a privacy-respecting tool such as Plausible — we will disclose it here and, where required, present an explicit opt-in. The site uses HTML5 localStorage for nothing other than minor UI preferences (such as remembering whether a section is expanded). No personal data is stored client-side.

06Third-party services

The website is served through, and links to, the following external services:

Hosting / CDN — serves the static site, terminates TLS, and processes server logs. Operates under recognised cross-border transfer mechanisms (EU-US Data Privacy Framework and/or Standard Contractual Clauses where applicable).
Email and scheduling provider — handles inbound email and the "Book a 30-min call" scheduling page (the booking URL is visible at the point of click).
LinkedIn — outbound link to our company page. We do not embed the LinkedIn Insight Tag.

A current, named subprocessor list (with locations, scopes of processing, and the safeguards applied) is maintained as part of our Data Processing Addendum and is available to clients and prospective clients on request.

These providers process data under their own privacy terms; we recommend you review each provider's policy before interacting with them. Coditing does not control their data practices.

We do not sell, rent, or trade personal data. We share personal data only:

With processors we engage to operate the business (hosting, email, accounting, payment processing), under contract and only to the extent necessary
With professional advisors (auditors, lawyers, insurers) under their respective duties of confidentiality
Where legally required in response to a valid court order, subpoena, or regulatory request
With your explicit consent, or with the entity you have directed us to share with (for example, the client organisation you represent)

08Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting obligations. Typical retention periods:

Server logs — per our hosting provider's standard retention window (typically 7–30 days)
Email correspondence — until the matter is concluded plus a reasonable period for follow-up, then archived or deleted
Client engagement records — for the duration of the engagement plus the period required by applicable contract, tax, and audit law (commonly 7 years in India)
Restricted technical artefacts (penetration test evidence, model data, etc.) — handled and destroyed per the engagement-specific NDA, often within 30–90 days of delivery

09International transfers

Coditing is headquartered in India and delivers Services globally. Where personal data is transferred outside the data subject's country, we rely on appropriate safeguards:

Standard Contractual Clauses (SCCs) for transfers from the EU/UK
The EU-US Data Privacy Framework, where applicable to processors we use
Contractual data protection clauses with sub-processors that meet or exceed regional standards

10Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you
Correct data that is inaccurate or incomplete
Delete data we no longer need (subject to legal retention obligations)
Restrict or object to certain processing
Withdraw consent where we relied on consent
Data portability — receive your data in a portable format
Lodge a complaint with your supervisory authority (e.g. the Data Protection Board of India under the DPDP Act, or your local EU/UK data-protection regulator)

To exercise any of these rights, contact us at the email address below. We will respond within the timelines required by the applicable law.

11Security of your data

As a security and AI advisory firm, we apply commensurate controls to the personal data we process:

TLS 1.2+ for all data in transit across our website and email
Encryption at rest for data stored in managed services
Role-based access with least-privilege and audited account lifecycle
Multi-factor authentication on administrative accounts
An incident response process aligned to our ISO 27001 control set

No system can be guaranteed perfectly secure. If we become aware of a personal-data breach affecting you, we will notify you and the relevant authorities as required by applicable law.

12Children's privacy

Coditing provides services to organisations, not consumers. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us personal data, please contact us so we can delete it.

13Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal obligations, or for operational reasons. When we make a material change, we will update the effective date at the top of this page and, where appropriate, provide additional notice (such as an email to active clients or a notice on the website).

14Contact

Questions, requests, or concerns about this policy or your personal data can be sent to:

Email — compliancecoditingcom
Controller — Arunima Consulting Pvt. Ltd., trading as Coditing®
Registered office — Pune, Maharashtra, India

For the fastest response, please include "Privacy" in the subject line.