Privacy Policy
Company: Cyberarcmsp Consulting Services LLP Website: www.cyberarcmsp.com Contact: contact@cyberarcmsp.com Registered Office: Hyderabad, Telangana, India
Effective Date: March 23, 2026 Last Updated: May 4, 2026
Legal Notice: This Privacy Policy is provided for informational and operational purposes. It does not constitute legal advice. Cyberarcmsp Consulting Services LLP recommends periodic review by a qualified legal professional to ensure continued compliance with applicable laws and regulations.
1. Introduction
Welcome to Cyberarcmsp Consulting Services LLP (“Cyberarcmsp Consulting Services LLP,” “Company,” “we,” “our,” or “us”). We are committed to protecting your privacy and handling your personal data with transparency, integrity, and care.
This Privacy Policy explains how we collect, use, store, disclose, and protect information about you when you access or use our platform available at www.cyberarcmsp.com (the “Platform”) and all related services (collectively, the “Services”).
By creating an account, accessing, or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.
This Policy applies to all users of the Platform, including registered account holders, visitors, clients, and any party interacting with our Services.
2. Information We Collect
2.1 Information You Provide Directly
We collect information you voluntarily provide to us, including:
- Account Registration Data: Full name, email address, username, password, and profile details when you register for an account.
- Profile Information: Job title, company name, phone number, profile photo, and any additional information you add to your profile.
- User-Generated Content: Data, files, documents, text, images, or any other content you upload, submit, or transmit through the Platform.
- Business and Lead Data: Contact information, company details, and related data you submit or import for lead management, CRM, or business operations within the Platform.
- Communications: Messages, support requests, feedback, or any other correspondence you direct to us.
- Payment Information: Billing name, address, and payment details (processed securely through PCI-DSS-compliant third-party payment processors; we do not store full card numbers).
2.2 Information Collected Automatically
When you use our Platform, we automatically collect certain technical data, including:
- Usage Data: Pages visited, features used, actions taken, timestamps, session duration, and in-app navigation paths.
- Device and Browser Information: IP address, device type, operating system, browser type and version, screen resolution, and language settings.
- Log Data: Server logs, error reports, and diagnostic data generated during your use of the Services.
- Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to enhance your experience and gather analytics. Please refer to Section 8 (Cookies) for details.
- Location Data: General geographic location inferred from your IP address.
2.3 Information from Third Parties
We may receive information about you from:
- Third-Party Integrations: When you connect the Platform with third-party tools or services, we may receive data from those services subject to your authorization and their privacy policies.
- Business Partners: Information shared by our partners or affiliates to support the delivery of our Services.
- Publicly Available Sources: Publicly accessible information used to verify or supplement the data we hold.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Providing and Operating the Services
- To create and manage your account and deliver the Platform’s features.
- To process your transactions and manage billing and subscriptions.
- To respond to your inquiries, support requests, and feedback.
- To maintain, secure, and improve the performance of the Platform.
3.2 Business Analytics and Service Improvement
- To analyze usage trends and Platform performance metrics.
- To develop new features, products, and service offerings.
- To conduct internal research and reporting.
- To process, store, and analyze business data and lead data you submit for your own operational use within the Platform.
3.3 Communications
- To send account-related notifications, security alerts, and administrative messages.
- To deliver marketing communications, product updates, and promotional content where you have consented or where permitted by applicable law.
- To respond to your communications in a timely manner.
3.4 Security and Legal Compliance
- To detect, prevent, and investigate fraud, unauthorized access, and other unlawful activities.
- To enforce our Terms of Service and applicable policies.
- To comply with legal obligations under Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA), and applicable international frameworks.
3.5 Personalization
- To customize your experience on the Platform based on your preferences and usage history.
4. Legal Bases for Processing
We process your personal data on the following legal bases:
| Legal Basis | Application |
|---|---|
| Consent | Marketing emails, non-essential cookies, and processing sensitive data |
| Contractual Necessity | Providing Services, managing accounts, processing payments |
| Legitimate Interests | Fraud prevention, Platform improvement, security monitoring |
| Legal Obligation | Compliance with Indian law (IT Act, DPDPA) and applicable international regulations |
For users in the European Economic Area (EEA) or United Kingdom, we additionally comply with the General Data Protection Regulation (GDPR) and its equivalents. Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.
5. Data Sharing and Disclosure
We do not sell your personal data to any third party. We may share your information in the following limited circumstances:
5.1 Service Providers
We engage trusted third-party vendors who perform functions on our behalf, including cloud hosting, payment processing, analytics, email delivery, security monitoring, and customer support. All such providers are contractually bound to protect your data and may only use it for the purposes specified by Cyberarcmsp Consulting Services LLP.
5.2 Business Transfers
In the event of a merger, acquisition, corporate restructuring, or sale of assets, your data may be transferred as part of that transaction. We will notify you prior to any such transfer via email or a prominent Platform notice.
5.3 Legal and Regulatory Requirements
We may disclose your data when required by law, court order, or government authority, or in good faith where necessary to:
- Comply with a legal obligation under Indian or applicable international law;
- Protect the rights or property of Cyberarcmsp Consulting Services LLP;
- Prevent or investigate fraud or illegal conduct;
- Protect the safety of our users or the public.
5.4 With Your Consent
We may share your information with third parties when you have provided explicit consent.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Policy:
- Active Accounts: Retained for the lifetime of your account.
- Closed/Deleted Accounts: Deleted or anonymized within 60 days of account closure, unless retention is required by applicable law.
- Lead and Business Data: Retained for the duration of your subscription; deleted within 60 days of account closure.
- Backup Data: May persist in encrypted backup systems for up to 30 days following primary deletion.
- Legal or Compliance Holds: Where required by law, certain data may be retained for longer periods.
7. Data Security
Cyberarcmsp Consulting Services LLP implements industry-standard technical and organizational security measures to protect your data, including:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest using AES-256 or equivalent
- Role-based access controls and multi-factor authentication on internal systems
- Regular vulnerability assessments and penetration testing
- Documented incident response and breach notification procedures
No electronic transmission or storage system is entirely secure. While we take all reasonable precautions, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience, monitor Platform performance, and support our communications. The categories of cookies we use include:
| Cookie Type | Purpose |
|---|---|
| Strictly Necessary | Core Platform functions; cannot be disabled |
| Performance / Analytics | Anonymized usage data to improve Platform performance |
| Functional | Remembering your preferences and settings |
| Marketing / Targeting | Delivering relevant communications and measuring campaign performance |
You may manage cookie preferences through your browser settings or through our cookie consent mechanism. Disabling certain cookies may impact Platform functionality.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to Access: Request a copy of the data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete information.
- Right to Erasure: Request deletion of your personal data, subject to legal limitations.
- Right to Restriction: Request that we limit processing of your data in certain circumstances.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Withdraw previously given consent at any time.
- Right to Grievance Redressal (India): Under the Digital Personal Data Protection Act, 2023, you may raise a grievance with us or the Data Protection Board of India.
To exercise any of these rights, please contact us at contact@cyberarcmsp.com. We will respond within the timeframe required by applicable law (generally 30 days).
10. International Data Transfers
Cyberarcmsp Consulting Services LLP is headquartered in Hyderabad, Telangana, India. If you access our Services from outside India, your data may be transferred to and processed in India or other countries. Where international transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms as applicable.
11. Children’s Privacy
Our Platform is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted data to us, we will take prompt steps to delete it. If you believe a minor has provided us with data, please contact us at contact@cyberarcmsp.com.
12. Google and Microsoft OAuth Integration — Limited Use Disclosure
CarcMail integrates with Google Gmail API and Microsoft Graph API to enable users to send outreach emails directly from their connected Gmail and Outlook/Microsoft 365 inboxes. This section discloses exactly how that access is used.
12.1 What Access We Request
Google (Gmail API):
gmail.send— to send outreach emails on behalf of the connected accountgmail.readonly— to read inbox messages for reply detection onlyuserinfo.emailanduserinfo.profile— to verify and display the connected email address
Microsoft (Graph API):
Mail.Send— to send outreach emails via Microsoft Exchange / OutlookMail.ReadWrite— to create draft messages and read inbox for reply detectionUser.Read— to verify and display the connected account email
12.2 How We Use This Access
We use Gmail and Microsoft account access exclusively to:
- Send outreach emails that the authenticated user has explicitly configured and initiated within the Platform
- Read the user’s inbox solely to detect replies from leads, for reply-tracking and auto-stop features
- Verify the email address of the connected account for display in the Platform
We do not:
- Read, store, or analyze any email content beyond what is necessary to detect replies to outreach emails sent via the Platform
- Share Gmail or Microsoft account data with any third party, advertiser, or data broker
- Use Gmail or Microsoft data to train AI or machine learning models
- Transfer or use Gmail or Microsoft data for advertising purposes
- Use Gmail or Microsoft data for any purpose other than what is explicitly described above
12.3 Google API Limited Use Policy Compliance
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Gmail data to third parties except as necessary to provide and improve user-facing features of the Platform, where disclosure is required by law, or where the user has given explicit consent.
12.4 Revoking OAuth Access
You may revoke CarcMail’s access to your Gmail or Microsoft account at any time by:
- Disconnecting the inbox from within the Platform (Settings → Connected Inboxes)
- Visiting your Google Account Permissions or Microsoft App Permissions and revoking access directly
Upon revocation, we immediately delete the associated OAuth refresh token from our systems.
12A. Internal AI Training and Monitoring
12A.1 Data Use for Internal AI Improvement
Cyberarcmsp Consulting Services LLP may use aggregated, anonymized, and de-identified platform interaction data — including email campaign metadata, spam scores, deliverability signals, and AI pipeline performance metrics — for internal AI model training, evaluation, and monitoring purposes.
This data is used exclusively for:
- Improving the accuracy and quality of our AI email generation and spam-check pipeline
- Monitoring and benchmarking AI model performance
- Detecting errors, biases, or quality regressions in AI-generated outputs
12A.2 What We Do Not Use for AI Training
We do not use the following for AI training purposes:
- The content of your lead data or recipient contact information
- The actual email content sent to your recipients
- Any Gmail or Microsoft inbox data accessed via OAuth
- Any personally identifiable information about your leads or contacts
12A.3 No Third-Party Sharing
Data used for internal AI training and monitoring is never shared with, sold to, or disclosed to any third party for any purpose. It is processed exclusively by Cyberarcmsp Consulting Services LLP on internal systems and in accordance with applicable data protection law.
13. Third-Party Links
Our Platform may contain links to third-party websites or services. This Privacy Policy applies solely to Cyberarcmsp Consulting Services LLP’s Services. We are not responsible for the privacy practices of external websites and encourage you to review their respective privacy policies.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page;
- Send a notification email to your registered address; and/or
- Display a prominent notice on the Platform.
Your continued use of the Platform after the effective date of any update constitutes your acceptance of the revised Policy.
14. Grievance Officer (India)
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the details of the Grievance Officer are:
Grievance Officer: [Designated Officer Name / Legal Team] Cyberarcmsp Consulting Services LLP Email: contact@cyberarcmsp.com Address: Hyderabad, Telangana, India Response Time: Within 30 days of receipt of grievance
15. Contact Us
For all privacy-related questions, requests, or concerns:
Cyberarcmsp Consulting Services LLP Email: contact@cyberarcmsp.com Website: www.cyberarcmsp.com Address: Hyderabad, Telangana, India
© 2026 Cyberarcmsp Consulting Services LLP. All rights reserved.