Privacy Policy

Last Updated: 25th January, 2026

At IIM Bangalore, we take your privacy and the security of your data seriously. We are committed to protecting the Personal Information you share with us and being transparent about how we process it. This policy explains our practices in accordance with our Information Security Management System (ISMS), aligned with the ISO/IEC 27001:2022 standard.

1. Information We Collect

We collect information that identifies, relates to, or could reasonably be linked to you ("Personal Information").

  • Information You Provide: Name, email address, and company name when you sign up.
  • Automatically Collected Information: IP addresses, browser type, device identifiers, and usage data via cookies.
  • Customer Support Data: Information you provide when contacting our support team or reporting security vulnerabilities.

2. How We Use Your Information

We process your data based on the following legal bases:

  • Performance of a Contract: To provide the services you have purchased.
  • Legitimate Interests: To improve our product and ensure the security of our platform.
  • Compliance with Law: To meet legal and regulatory obligations.

3. Data Retention

In accordance with our ISO 27001 data handling procedures, we do not keep your Personal Information longer than necessary. Upon account termination, we delete or anonymize Personal Information within 60 days, unless required by law for tax or audit purposes.

4. Sub-processors

We share data with trusted third-party service providers. We maintain a formal Supplier Management Policy to ensure all partners meet our rigorous security standards.

Our primary sub-processors include and are not limited to: Railway & Vercel (Cloud Hosting), GCP (Maps).

5. Security of Your Data (ISO 27001)

We have implemented an ISMS to protect your data. Our security measures include:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Access Control: We follow the "Principle of Least Privilege" for all internal systems.
  • Monitoring: Continuous security logging and threat detection.

6. Vulnerability Disclosure Policy

We welcome reports from security researchers. If you believe you have found a security vulnerability, please contact us at [email protected]. We will acknowledge your report within 48 hours and will not take legal action against good-faith reporting.

7. Your Rights

You have the right to access, delete, or correct your personal data. To exercise these rights, please email us.

Contact Our Security Team

IIM Bangalore

[email protected]