%20Redacto%20logo_New.png)
This Privacy Policy explains how Redacto by VertexTech Labs Private Limited ("Redacto", "we", "our", "us"), collects, uses, and discloses your personal data when you use our website (www.redacto.io), our platform, or any of our services (collectively referred to as the Redacto Services). It also outlines the rights you have regarding your personal data and how you may access, correct or make other requests in relation to your personal data in our possession or control as permitted by applicable laws; and details of our data protection complaints procedure.
By accessing or using any part of our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described herein. If you do not agree to this Privacy Policy, please do not access the Site or otherwise use the Service.
Redacto’s approach to privacy is guided by three key principles: our policies are clear and easy to understand, our data practices are simple and secure, and we aim to meet the reasonable expectations of our users.
Redacto collects personal and technical information to deliver and improve our services, fulfill our contractual obligations, support user requests, ensure security, and meet regulatory requirements. We collect the following categories of personal information about you:
We collect personal information when you choose to interact with Redacto in any of the following ways:
Account Registration: When you sign up for our services, create a user account, or onboard your organization, we may collect your name, company name, business email address, job title, role, phone number, password (hashed), and authentication credentials.
Demo Requests and Sales Enquiries: When you fill out forms to request a demo, speak with our sales team, or ask for information, we collect the contact details and any information you voluntarily include.
Customer Support and Communications: When you contact us via email, chat, or phone, we collect the content of your communication along with your contact information to address your queries and provide technical support.
Surveys, Feedback, and Forms: We may collect your responses to surveys or feedback forms, which can include product usage insights or business needs.
Events and Webinars: If you register for a webinar, event, or conference hosted or sponsored by Redacto, we may collect your registration data, attendance status, and participation details.
Billing and Payment: When you purchase paid services, we or our payment processor collect billing information such as name, billing address, payment method, and transaction data. We do not store payment card details on our servers.
User-Generated Content: You may provide additional data within the platform (e.g., vendor inputs, data mappings, or questionnaires). This may include information about your vendors, employees, customers, or internal systems based on your platform usage.
When you access or use the Redacto website or platform, we automatically collect technical and usage information, which helps us secure our systems, monitor service health, and improve user experience. This may include:
Device and Technical Information: We collect information about the device and system you use to interact with our Services. This includes data such as your IP address, device identifiers (e.g., IMEI, MAC address), TCP/IP configuration, browser type and version, browser language, operating system, mobile carrier, screen resolution, and device type (e.g., desktop, mobile, tablet). We may also estimate your approximate location (by country or city) based on your IP address. This information allows us to tailor our Services, ensure compatibility, and detect potentially unauthorized access.
Usage and Interaction Data: Redacto collects information related to how you interact with our Services. This includes the pages you visit, the order in which they are accessed, the time spent on each page, click paths, navigation behavior, referring and exit URLs, error logs, and feature usage statistics. We may also record session timestamps, frequency of usage, and actions performed within the platform. This data helps us understand user behavior, improve functionality, and identify performance bottlenecks.
Cookies and Tracking Technologies: We collect data about your interaction with the Redacto Services through server logs and a variety of online tracking technologies, including cookies and tracking pixels.
Cookies are small text files stored on your browser or device when you visit our website. They enable us to:
In addition to cookies, we may use tracking pixels (also known as web beacons or clear GIFs) tiny transparent images embedded in webpages, emails, or advertisements. These are designed to collect information such as ad impressions, click behavior, and engagement metrics. For example, we may use tracking pixels in:
These technologies help us measure the effectiveness of our communications, enhance service delivery, and improve our advertising relevance and reach.
As we continue to evolve our technology stack, we may adopt additional tracking methods that serve similar purposes.
You can manage your cookie preferences through your browser settings most browsers allow you to block or delete cookies or receive alerts when a cookie is being set. Please note that disabling cookies may impact the availability or functionality of certain features within the Services. For more details, please refer to our Cookie Policy.
We may obtain personal and business-related information about you from third-party sources, including:
Business Partners, System Integrators, or Resellers: In cases where you engage with Redacto through a partner such as during implementation, onboarding, or integration setup those partners may share relevant information with us to ensure a seamless service experience. This could include deployment details, user contact data, training needs, or technical configurations.
Public Sources and Business Databases: We may enrich or validate user and company profiles using publicly available data or professional databases. Sources may include company websites, professional networking platforms (such as LinkedIn), business registries, or online directories.
Marketing and Lead Generation Tools: We may receive business contact information or engagement insights from third-party marketing platforms. These may include newsletter sign-up tools, CRM enrichment services, webinar or event platforms, or advertising partners. This data helps us assess interest, tailor our outreach, and ensure accurate targeting.
Analytics and Embedded Services: When you interact with third-party services embedded in our platform such as customer support chat, analytics dashboards, or form submissions those services may collect and share anonymized or identifiable data with us. This is subject to their respective privacy policies and may include metrics such as interaction timestamps, device type, or referral source.
As part of delivering our Services, Redacto may process personal data on behalf of our customers for example, data contained in vendor records, risk assessments, compliance documents, or data discovery outputs. In these instances, Redacto acts as a data processor, not a data controller. We process such information strictly in accordance with our customer’s instructions, the terms of our service agreements, and all applicable data protection laws. We do not access, use, or disclose this data for any purpose other than delivering the contracted services.
We use the information we collect from and about you for a variety of operational, technical, legal, and business purposes. These uses include:
Service Delivery and Fulfillment: We use your information to fulfill the purposes for which it was provided. This includes enabling access to our platform, maintaining your user account, managing your preferences, and delivering the features you expect from the Redacto Services.
Service Improvement and Support: Your data helps us improve and enhance our Services, including the development of new features and capabilities. We also use this information to maintain the technical stability and security of the platform and to provide customer support and troubleshooting.
Transactions and Operational Communications: We may use your information to process transactions, such as service subscriptions or renewals. In some cases, this may also include fundraising or donation-related transactions (if applicable). We also use your contact information to send operational messages related to your use of the Services such as account alerts, notifications, system updates, or newsletters to which you have subscribed.
Feedback and User Engagement: We may process your information to respond to your inquiries, gather feedback, or invite you to participate in surveys or user research. This helps us better understand your needs and make data-driven decisions about platform improvements.
Analytics, Research, and Reporting: Redacto uses personal and usage data to perform analytics, conduct internal research, and generate usage insights. This may include the synthesis of behavioral patterns or platform metrics to evaluate performance, identify trends, and optimize future functionality.
Legal Compliance and Protection: We may use your information to comply with legal obligations or to protect the rights, property, and safety of Redacto, our users, and the general public. This includes efforts to prevent misuse, fraud, or violations of law, and to respond to lawful requests from regulatory or law enforcement authorities.
Terms Enforcement: Your data may be used to investigate, detect, and enforce violations of our Terms of Use or other agreements. This includes analyzing usage patterns or account behavior to ensure compliance with our policies.
Data Combination and Enrichment: We may combine information collected from you including automatically collected data with information obtained from our affiliates or non-affiliated third parties. The combined data may be used to improve accuracy, enrich user profiles, or enhance personalization across our Services.
De-Identified and Aggregated Data: We may aggregate or de-identify the data collected through our Services to ensure it no longer identifies any individual. Such anonymized data may be used for any lawful purpose, including research, analytics, benchmarking, product development, and marketing.
We may disclose or share your personal information in specific situations to operate our Services, fulfill legal obligations, enforce our terms, or pursue legitimate business objectives. All such disclosures are governed by contractual, technical, and legal safeguards.
Service Providers and Vendors: We engage third-party service providers to perform functions on our behalf and support the delivery of our Services. These providers are given access to personal information only as needed to carry out their duties and are contractually bound to handle such information confidentially and securely. Service providers may include cloud hosting platforms, data storage providers, analytics and reporting tools, customer support and engagement systems, communication tools, event hosting platforms, and professional service firms such as legal, accounting, or audit advisors.
Legal Compliance and Protection of Redacto and Others: We may disclose your personal information if we believe such action is necessary to comply with applicable laws, regulations, or legal proceedings, including subpoenas or court orders. We may also share information to enforce our Terms of Use or other agreements, to investigate suspected fraud or abuse, or to prevent security threats. Additionally, we may share information as needed to respond to your service inquiries or to protect the rights, safety, and property of Redacto, our employees, users, affiliates, or the general public. In some cases, this may involve sharing data with other companies or organizations for purposes of fraud detection, cyber threat monitoring, and malware prevention.
Business Transfers: In the event of a corporate transaction such as a merger, acquisition, financing, asset sale, or business restructuring, your personal information may be disclosed or transferred as part of that process, including during any due diligence review. Should ownership of Redacto or its assets change, we will take reasonable steps to ensure that your data continues to be protected in line with the commitments outlined in this Privacy Statement.
Affiliates and Group Companies: We may share your personal information with our current or future affiliated companies and subsidiaries for legitimate internal business purposes. This may include internal administrative operations, shared infrastructure, cross-functional support, or product development activities across our corporate group.
With Your Consent: We may disclose your information to third parties if you explicitly authorize or consent to such sharing. For instance, you may choose to integrate third-party tools, enable optional platform features, or opt in to specific use cases that require data sharing beyond what is covered in this policy.
Aggregated or De-identified Data: We may use and share aggregated or de-identified data that cannot reasonably be used to identify you. This information may be shared with third parties for research, analytics, benchmarking, product development, or marketing purposes. Since this data does not reveal individual identities, it is not treated as personal information under applicable data protection laws.
Depending on your location and the context in which we collect and use your personal data, we rely on different legal bases to process your information. Where required by law such as under the Digital Personal Data Protection Act, 2023 (India) or the General Data Protection Regulation (GDPR) in the European Union we are obligated to identify and explain these legal grounds. Accordingly, Redacto processes your personal data under one or more of the following lawful bases:
Consent: In circumstances where we are legally required to obtain your consent or where no other legal basis applies we will ask for your clear and informed consent before processing your personal information. This may include activities such as sending you marketing communications, collecting optional information via forms or surveys, or enabling third-party integrations. You have the right to withdraw your consent at any time by contacting us at dpo@redacto.io Please note that withdrawing consent may limit your ability to access or use certain features of the Services.
Contractual Necessity: We process your personal information when it is necessary to fulfill our contractual obligations to you. This includes providing access to the Redacto platform, managing your user account, delivering customer support, responding to service requests, and performing our obligations under any service agreements or terms of use.
Legitimate Interests: In many cases, we process personal information to pursue our legitimate business interests, provided such processing does not infringe upon your rights and freedoms. These interests include improving and maintaining the functionality of our platform, providing customer service, conducting internal analytics, enhancing security, preventing fraud or abuse, promoting our services, organizing events or webinars, and managing our business operations and legal risks. We may also process data based on the legitimate interests of our users, customers, partners, and service providers.
Legal Obligations: We may process or disclose your personal information when required to do so by law or regulatory authorities. This includes compliance with tax, accounting, and auditing obligations; responding to lawful government requests or court orders; and fulfilling our responsibilities under data protection laws such as the DPDP Act and GDPR.
Depending on your jurisdiction including under the General Data Protection Regulation (GDPR) in the European Union and the Digital Personal Data Protection Act, 2023 (DPDP Act) in India you may have certain rights regarding your personal data. Redacto is committed to enabling and respecting these rights in accordance with applicable data protection laws.
Right to Access: You have the right to request confirmation about whether we process your personal data and, if so, to access a copy of the data we hold about you, along with other relevant details such as the purposes of processing and the categories of data involved.
Right to Correction or Rectification: You may request that we correct inaccurate or incomplete personal data relating to you. We strive to ensure that the personal information we process is accurate, complete, and up to date.
Right to Erasure: Where applicable, you may request the deletion of your personal data. This right may be limited in some situations for example, if the data must be retained to comply with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to Withdraw Consent: If we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before the withdrawal, but may impact your access to certain features of our Services.
Right to Object to or Restrict Processing: Where we rely on legitimate interests or public interest as the legal basis for processing, you may object to such processing. You may also have the right to request restrictions on how your data is used, especially in situations where you contest its accuracy or object to processing.
Right to Data Portability: Where applicable (such as under GDPR), you may request a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request that this data be transmitted to another service provider where technically feasible.
Right to File a Complaint: If you believe that your privacy rights have been violated or that your personal data has been processed in a manner inconsistent with this Privacy Policy, we encourage you to first contact our designated Grievance Redressal Officer. If your concern is not resolved to your satisfaction, you may escalate the matter to our Data Protection Officer (DPO) at dpo@redacto.io . We are committed to investigating and addressing all privacy-related concerns in a timely and transparent manner. If you are still dissatisfied with our response, you may have the right to lodge a formal complaint with the relevant data protection authority in your jurisdiction. In India, this includes the Data Protection Board of India (once operational), and in the European Union, this includes the appropriate supervisory authority in your country of residence.
To exercise any of the rights listed above, please contact us at dpo@redacto.io We may ask you to verify your identity before processing your request. We will respond to your request within a reasonable timeframe, as required by applicable law.
As described in the “Who We Disclose Personal Information To” section, we may share or process your personal information with trusted service providers, partners, or affiliated entities located in countries other than your country of residence. This means your data may be transferred to and stored or processed in jurisdictions that may not provide the same level of data protection as the laws in your home country.
By using the Redacto Services or providing your personal information to us, you acknowledge and consent to the transfer, processing, and storage of your data in such countries, subject to the safeguards described in this Privacy Statement.
When we transfer personal information outside the European Economic Area (EEA), India, or other jurisdictions with similar requirements, we implement appropriate legal mechanisms to ensure your data remains protected. These may include:
We take these steps to ensure that any international transfer of personal data is conducted in a lawful, transparent, and secure manner that meets the standards required by applicable law.
If you would like more information about our international data transfer safeguards, you may contact our Data Protection Officer at dpo@redacto.io
Redacto is committed to maintaining the highest standards of data protection and implements a comprehensive set of technical, organizational, and administrative safeguards to protect personal information from unauthorized access, loss, misuse, alteration, or destruction.
We are proud to operate in compliance with internationally recognized security standards, including:
ISO/IEC 27001, the global benchmark for information security management systems (ISMS)
SOC 2 Type II, which validates the effectiveness of our internal controls for security, availability, and confidentiality
Redacto has implemented robust security practices to protect your personal data. These include encryption of data in transit and at rest using modern cryptographic protocols, strict access controls with role-based permissions, multi-factor authentication (MFA), and strong password policies. We maintain continuous monitoring, log management, and threat detection systems, conduct regular vulnerability assessments and third-party audits, and enforce rigorous security reviews for all subprocessors. Our employees receive ongoing training on data handling and incident response, and we have established comprehensive backup, disaster recovery, and business continuity measures to ensure operational resilience.
If you suspect any security issue or breach related to your data or our Services, please report it immediately to our Data Protection Officer at dpo@redacto.io
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including providing our Services, meeting contractual obligations, complying with legal and regulatory requirements, resolving disputes, and enforcing our policies. Retention periods may vary based on the nature of the data and the legal context in which it was collected. Backup copies of data may persist for a limited period beyond active use as part of our business continuity and disaster recovery protocols. Once retention is no longer required, we securely delete or anonymize personal information in accordance with applicable laws and industry best practices.
Our Services may include links to third-party websites, integrations, plug-ins, or features (such as social media sharing buttons). If you choose to interact with these third-party sites or tools, please be aware that any information you provide may be collected, used, or shared according to the privacy practices of those third parties, not Redacto. We do not control, endorse, or assume responsibility for the content, data practices, or privacy policies of these third-party websites or services. We strongly encourage you to review the privacy policies of any third-party service you access through our platform before disclosing any personal information.
The Redacto Services are intended for use by individuals who are 18 years of age or older and are not directed at children. We do not knowingly collect personal information from individuals under the age of 13, as defined under the Children’s Online Privacy Protection Act (COPPA) in the United States, or personal data from children under the age of 16 as defined under the General Data Protection Regulation (GDPR) in the European Union.
If we become aware that we have inadvertently collected such information without verified parental consent or a lawful basis, we will take reasonable steps to delete it as soon as practicable. If you believe that a child has submitted personal data to Redacto in violation of this policy, please contact us immediately at dpo@redacto.io
We may update this Privacy Statement from time to time to reflect changes in our business operations, legal obligations, technologies, or data practices. When we make changes, we will revise the “Last Updated” date at the top of this page.
If we make material changes that significantly affect how we collect, use, or share your personal information, we will provide additional notice such as by posting a prominent notice on our website, within the platform, or by directly notifying you via email where required by applicable law.
We encourage you to review this Privacy Statement periodically to stay informed about how we protect your personal data and manage your privacy choices. Your continued use of the Services after any changes constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Statement or how your personal data is handled, please reach out to us using the contact information below:
Grievance Redressal Officer
Email: grievance@redacto.io
Data Protection Officer (DPO)
Name: Shashank Karincheti
Email: dpo@redacto.io
We are committed to responding to your queries in a timely and transparent manner. If you are not satisfied with the resolution provided, you may escalate the matter to the appropriate data protection authority, including the Data Protection Board of India (once operational) or the relevant supervisory authority in your jurisdiction.
