Privacy Policy

Last updated: May 2026

1. Who We Are

CITRA Insight is a product of Code & Clause Systems (GSTIN: 23DDQPS9840L1ZN), a sole proprietorship based in Bhopal, Madhya Pradesh, India.

2. DPDP Act 2023 Compliance

CITRA Insight is fully compliant with India's Digital Personal Data Protection Act 2023 (DPDP Act).

  • Data Fiduciary: Code & Clause Systems
  • Data Processor: Code & Clause Systems
  • Data Principal: Employees of our customers whose devices are scanned

3. Data We Collect

Through the CITRA agent installed on endpoints:

  • Installed software (names, versions, publishers)
  • Hardware specifications (CPU, RAM, disk, OS)
  • Software usage patterns (for metering)
  • Font installations and audio plugins
  • System activation markers

We do not collect: personal files, email content, browsing history, keystrokes, or screenshots.

4. Your Rights (DPDP Act 2023)

As a Data Principal, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Correction: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Grievance Redressal: Contact our Grievance Officer
  • Right to Withdraw Consent: Withdraw consent at any time (triggers account cancellation)

5. Data Storage

All data is stored on servers located in India. Data is encrypted in transit (TLS 1.2+) and at rest. Multi-tenant isolation ensures no customer can access another customer's data.

6. Data Retention

Upon cancellation: data is retained for 30 days (reactivation window). After 37 days, all data is permanently deleted. You can export your data as a ZIP file at any time before deletion.

7. Grievance Officer

Name: Chitra Arora

Email: legal@citrainsight.in

Response Time: Within 30 days

8. Contact

For privacy-related queries, contact us at legal@citrainsight.in.