Legal

Privacy Policy

Last updated: April 18, 2026 · Effective: April 18, 2026

GarudaVault ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit garudavault.com or use our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of the site.

1. Information We Collect

Information you provide directly

Account registration: name, email address, organization name, organization type, and team size.
Enquiry / contact form: name, email address, organization type, and team size.

Information collected automatically

Log data: IP address, browser type, pages visited, and timestamps — stored in Apache server logs for security and diagnostic purposes.
Session data: We use server-side sessions to maintain your login state. No third-party tracking cookies are used.

2. How We Use Your Information

We use the information we collect to:

Create and manage your account
Respond to your enquiries and provide customer support
Send service-related communications (account confirmations, updates)
Improve and develop our platform
Detect and prevent fraud, abuse, and security threats
Comply with applicable legal obligations

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. Data Storage and Security

Your data is stored on servers hosted on Amazon Web Services (AWS) infrastructure located in the Asia Pacific region. We implement industry-standard security measures including HTTPS/TLS encryption, bcrypt password hashing, CSRF protection, and rate-limiting on authentication endpoints. While we take reasonable steps to protect your information, no method of transmission over the internet is 100% secure.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time by contacting us at garudavault@hotmail.com. We will action deletion requests within 30 days.

5. Cookies

We use a single session cookie (gv_session) strictly necessary for keeping you logged in. This cookie is set as HttpOnly and SameSite=Lax. We do not use advertising, analytics, or third-party tracking cookies. No cookie consent banner is required as we use only essential cookies.

6. Third-Party Services

We use the following third-party services:

Google Fonts — to load typography. Google may log your IP address. See Google's Privacy Policy.
Amazon Web Services — cloud infrastructure hosting. See AWS Privacy Policy.

7. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict certain processing
Withdraw consent at any time

To exercise any of these rights, contact us at garudavault@hotmail.com.

8. Children's Privacy

GarudaVault does not knowingly collect personal information from children under the age of 13 without verifiable parental consent. Educational institution administrators are responsible for obtaining appropriate consent when deploying our platform to minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email or a prominent notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:
GarudaVault
Email: garudavault@hotmail.com
Website: garudavault.com