Privacy Policy

TrustGate IT ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect when you visit our website or engage with our services, how we use it, who we share it with, and what rights you have over it.

This policy is designed to comply with the European Union's General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act, 2023 (DPDP Act), and other applicable privacy laws.

1. Who we are

TrustGate IT is a Microsoft 365 security and compliance consultancy based in Delhi, India, serving clients globally via remote delivery. For the purposes of GDPR, we are the data controller of personal information collected through this website and our services.

You can reach us at:

• Email: hello@trustgateit.com
• Phone: +91 98919 48703
• Location: Delhi, India

2. What information we collect

2.1 Information you give us directly

When you fill in a form on our website, email us, message us via WhatsApp or live chat, or engage us as a client, you may provide:

• Full name
• Work email address
• Phone number
• Company name and your role
• The message or enquiry you send us
• Any other information you choose to share

2.2 Information collected automatically

When you visit our website, certain information is collected automatically:

• IP address and approximate location (city/country level)
• Browser type, operating system, and device type
• Pages visited, time spent, scroll depth, and click patterns
• Referring website (where you came from)
• Cookies and similar tracking identifiers (see our Cookie Policy)

2.3 Information collected during engagements

When we deliver consulting services, we may receive limited access to your Microsoft 365 tenant or related systems for the purposes you have authorised. This is governed by a separate engagement agreement and is treated with strict confidentiality. We do not retain your operational data beyond what is necessary to deliver the engagement.

3. How we use your information

We use the personal data we collect for the following purposes:

• To respond to your enquiries — replying to forms, emails, chat, and WhatsApp messages.
• To deliver our services — performing the consulting work you have engaged us to do.
• To improve our website and services — understanding which pages perform well, where visitors get stuck, and what content is useful.
• To send relevant follow-up communications — only when you have requested them or where a legitimate interest applies (e.g. following up on an enquiry).
• To comply with legal obligations — including tax, accounting, and regulatory requirements.
• To protect our rights and prevent fraud — investigating suspicious activity and enforcing our terms.

4. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under the GDPR:

• Consent — for analytics cookies and marketing communications, which you can withdraw at any time.
• Contract — to deliver services you have engaged us for, or to take steps before entering a contract (e.g. responding to a quote request).
• Legitimate interests — to operate and improve our business, respond to enquiries, and ensure website security, where these interests are not overridden by your rights.
• Legal obligation — where required by applicable law.

5. Sharing with third parties

We do not sell your personal data. We share it only with trusted service providers who help us run our business, and only to the extent necessary. These include:

Provider	Purpose	Where
Formspree	Receives and forwards website form submissions to our email	USA
Google Analytics	Anonymous traffic and usage analytics	USA / EU
Microsoft Clarity	Heatmaps and anonymised session recordings to improve UX	USA / EU
Tawk.to	Live chat functionality on the website	USA
Email & calendar provider	Business correspondence and scheduling	Varies
Hosting provider	Hosts our website and serves content to visitors	Varies

We may also share information when legally required (e.g. by court order or regulatory authority), or with your explicit consent.

6. Cookies & tracking

We use cookies and similar technologies to operate the website, remember preferences, and understand usage. You can accept or reject non-essential cookies via our cookie banner, and adjust preferences at any time via the "Cookie Settings" link in our footer. Full details are in our Cookie Policy.

7. How long we keep your data

We keep personal data only as long as we need it for the purposes set out in this policy, or as required by law:

• Enquiry messages: up to 24 months from last contact, then deleted unless an active engagement exists.
• Client engagement records: for the duration of the engagement plus 7 years (as required by Indian tax and accounting law).
• Website analytics: aggregated data is retained for up to 26 months in Google Analytics; Microsoft Clarity recordings are typically retained for up to 90 days.
• Marketing consent records: until you withdraw consent.

8. Your rights

Depending on where you are located, you have the following rights regarding your personal data. We honour these rights for all visitors regardless of jurisdiction:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention requirements.
• Right to restrict processing — ask us to limit how we use your data.
• Right to data portability — request your data in a machine-readable format.
• Right to object — object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — at any time, where processing is based on consent.
• Right to lodge a complaint — with your local data protection authority.

To exercise any of these rights, email us at hello@trustgateit.com. We will respond within 30 days.

9. International data transfers

Because we are based in India and use service providers in the United States, the European Union, and elsewhere, your personal data may be transferred outside your country of residence. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, vendor adequacy decisions, or your explicit consent.

10. How we protect your data

We take security seriously — it is, after all, what we do for a living. We apply technical and organisational measures appropriate to the risk, including:

• Multi-factor authentication on all business-critical accounts
• Encrypted storage and transmission (TLS/HTTPS) for data in transit and at rest
• Principle of least privilege for any access to client data
• Regular security reviews and patching
• Confidentiality obligations on all personnel

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security and recommend you also take care of how you share information with us.

11. Children's privacy

Our services are intended for businesses and adults. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted on our website or notified via email where appropriate.

13. Contact us

If you have any questions about this Privacy Policy, want to exercise your rights, or have a privacy concern, please contact us:

• Email: hello@trustgateit.com
• Phone: +91 98919 48703
• Address: Delhi, India