Services About Expertise Projects FAQ Resources Insights Contact
Legal & Compliance

Privacy Policy

How Vayuantriksh Aerospace Consultants collects, processes, and protects personal and sensitive information — in full compliance with Indian law and the standards expected of a defence sector professional services firm.

Effective: 04 May 2023
Last Revised: April 2026
Jurisdiction: India

Contents

01 About This Policy 02 Information We Collect 03 How We Use Your Information 04 Defence & Classified Information 05 Sharing & Disclosure 06 Data Security 07 Data Retention 08 Your Rights 09 Cookies & Analytics 10 Third-Party Links 11 Changes to This Policy 12 Grievance Officer

01 About This Policy

This Privacy Policy applies to Vayuantriksh Consultants (hereinafter "Vayuantriksh", "we", "us", or "our"), a defence aerospace consultancy registered under the MSME Act with Udyam Registration and operating from India. We provide specialist advisory, project management, systems engineering, and training services to India's defence aerospace industry.

This policy governs all personal data collected through our website at vayuantriksh.in, through direct client engagement, through email and telephone communication, and through formal procurement and tendering processes.

Applicable Legal Framework — This policy is framed in accordance with the IT Act, 2000 IT (Amendment) Act, 2008 SPDI Rules, 2011 DPDP Act, 2023 and applicable guidelines issued by the Ministry of Electronics & Information Technology (MeitY) and the Ministry of Defence (MoD).

By engaging with our website or entering into a professional relationship with us, you acknowledge that you have read and understood this policy. If you do not agree with its terms, please refrain from submitting personal information through any channel.

02 Information We Collect

We collect only the minimum information necessary for the purpose for which it is collected. The categories of information we may hold are as follows:

Contact & Identity
  • Full name and designation
  • Organisation / company name
  • Business email address
  • Phone number
  • Postal / registered address
Engagement Data
  • Project scope and requirements shared
  • Technical briefs and RFP documents
  • Correspondence and meeting notes
  • Contract and agreement records
  • Invoice and payment references
Website Interaction
  • IP address and browser type
  • Pages visited and time spent
  • Contact form submissions
  • Referring URL
  • Device and operating system
Procurement / Compliance
  • GST / PAN / CIN details (where required)
  • GeM Seller / Buyer IDs
  • DPP / DAP compliance declarations
  • Security clearance references
  • NDA execution records

We do not collect Sensitive Personal Data or Information (SPDI) as defined under the SPDI Rules 2011 — such as passwords, financial account details, physical or mental health data, sexual orientation, or biometric data — unless specifically required for a contractual purpose and with your explicit written consent.

03 How We Use Your Information

All information collected is used solely for lawful, specific, and legitimate purposes directly related to our consultancy activities. We do not use personal data for advertising, profiling, or sale to third parties.

Purposes of Processing

  • Responding to enquiries submitted through our website contact form or direct email
  • Assessing project fit, preparing proposals, and conducting due diligence prior to engagement
  • Executing contractual obligations under signed consultancy agreements and NDAs
  • Compliance with defence procurement regulations including DAP 2020, DPIIT Startup India, and GeM portal requirements
  • Issuing invoices, tax documents, and statutory filings required under GST and income tax law
  • Maintaining engagement records as required by defence sector regulations and audits
  • Communicating updates relevant to ongoing projects or regulatory changes affecting clients
  • Improving our website and understanding visitor behaviour in aggregate

We rely on one or more of the following legal bases for processing: contractual necessity, legitimate interest, legal obligation, and consent — as applicable to each specific processing activity.

04 Defence & Classified Information

As a consultancy serving India's defence aerospace sector, we regularly handle information that is operationally sensitive, commercially confidential, or subject to national security considerations. This section sets out our obligations and practices in that context.

Classified & Restricted Material — Vayuantriksh does not solicit, store, or transmit information classified under the Indian Official Secrets Act, 1923 or designated as SECRET / TOP SECRET by the Ministry of Defence through any commercial channel, including this website or standard email. All classified project communication is conducted through formally established, authorised channels only.

Confidentiality Obligations

  • All client project information is treated as strictly confidential by default, irrespective of whether a formal NDA is in place
  • Team members handling project data are bound by confidentiality obligations as a condition of engagement
  • Project identities, client organisations, and technical details are not disclosed publicly — our Projects page reflects this commitment by presenting only representative, non-sensitive summaries
  • Where an NDA has been executed, its terms supersede and coexist with this privacy policy; in the event of conflict, the NDA prevails
  • Information shared by defence startups under iDEX, DISC, or Technology Development Fund (TDF) programmes is handled in accordance with the confidentiality framework of those programmes
Note to Defence Startups — If you are engaging with Vayuantriksh in the context of an iDEX Challenge, DAP 2020 procurement, or MoD-linked programme, please do not share documents classified above RESTRICTED grade through our website contact form. Request a secure communication channel via consultant@vayuantriksh.in before transmitting sensitive technical data.

05 Sharing & Disclosure

We do not sell, rent, or trade personal information to any third party. Information is shared externally only in the following limited circumstances:

Permitted Disclosures

  • With your consent: where you have explicitly authorised us to share your information with a specific party for a defined purpose
  • Legal obligation: in response to a valid order, summons, or direction from a court of competent jurisdiction, a statutory authority, or the Ministry of Defence or its agencies acting within their lawful powers
  • Defence procurement process: information necessary to complete tender submissions, GeM portal filings, or DPSU/MoD-facing documentation, shared only to the extent required
  • Sub-consultants / domain experts: where specialist input is required to fulfil an engagement, relevant non-classified information may be shared with vetted individuals bound by their own confidentiality obligations. Clients are informed before such sharing occurs
  • Statutory auditors and tax consultants: financial and invoice records shared on a need-to-know basis for compliance purposes

06 Data Security

We implement reasonable security practices and procedures as required under Rule 8 of the SPDI Rules, 2011, and in accordance with good industry practice for a defence-adjacent professional services firm.

Security Measures

  • All digital communications containing client data are conducted over encrypted channels (TLS/SSL)
  • Electronic records are stored on access-controlled systems with role-based permissions
  • Physical documents containing sensitive information are stored in secured premises with restricted access
  • Personnel with access to client data are bound by confidentiality obligations
  • We review and update security practices periodically, particularly in response to changes in the threat landscape or regulatory guidance from MeitY or MoD

Notwithstanding the above, no method of transmission over the internet or electronic storage is entirely secure. While we strive to maintain appropriate safeguards, we cannot guarantee absolute security. In the event of a data breach that is likely to adversely affect your rights and interests, we will notify you as required under applicable law.

07 Data Retention

We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law or contractual obligation.

Retention Guidelines

  • Enquiries not leading to an engagement: contact details are retained for up to 12 months, then securely deleted
  • Active engagement records: retained for the duration of the engagement and 7 years thereafter, as required for GST, income tax, and potential audit purposes
  • NDA-covered project documents: retained for the period specified in the NDA, or 10 years from project closure, whichever is longer
  • Website analytics data: aggregated and anonymised; raw IP-level data not retained beyond 90 days
  • Defence procurement records: retained in accordance with MoD document management requirements, typically a minimum of 10 years

08 Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the existing SPDI Rules, 2011, you have the following rights with respect to your personal data held by us:

Data Principal Rights under DPDP Act 2023

  • Right to Access: you may request a summary of the personal data we hold about you and the purposes for which it is being processed
  • Right to Correction & Erasure: you may request correction of inaccurate data or erasure of data no longer necessary for the purpose for which it was collected, subject to legal retention obligations
  • Right to Grievance Redressal: you may raise a complaint with our designated Grievance Officer (see Section 12), who will respond within the timeframe prescribed by law
  • Right to Nominate: you may nominate another individual to exercise your rights on your behalf in the event of incapacity or death, as permitted under the DPDP Act
  • Right to Withdraw Consent: where processing is based on consent, you may withdraw it at any time, without prejudice to the lawfulness of processing prior to withdrawal

Please note that certain rights may be subject to limitations where data is held under a legal obligation, in the context of a defence engagement, or where disclosure would prejudice national security. To exercise any of the above rights, please write to our Grievance Officer at the contact details provided in Section 12.

09 Cookies & Analytics

Our website (vayuantriksh.in) does not use advertising cookies, tracking pixels, or third-party behavioural analytics platforms. We may use minimal, privacy-respecting analytics to understand aggregate page traffic and improve the site experience.

Cookie Usage

  • Essential cookies: required for basic site functionality such as navigation and form submission. These cannot be disabled
  • Analytics (if used): aggregated, anonymised visitor data only — no individual profiling. IP addresses are anonymised before processing
  • No advertising or retargeting cookies are placed on your device by this website
  • Third-party fonts: we use Google Fonts, which may log a request to Google's servers when loading this page. No personally identifiable data is shared. Refer to Google's Privacy Policy for details

10 Third-Party Links

Our website may contain links to external sites including government portals (MoD, DPIIT, iDEX, GeM, MSME), regulatory bodies, and partner organisations. These links are provided for informational convenience only.

We have no control over the content, privacy practices, or security measures of external websites. We strongly encourage you to review the privacy policies of any third-party site you visit, particularly government procurement portals which have their own data handling obligations under Indian e-governance frameworks.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in applicable law (including the full operationalisation of the DPDP Act, 2023 and its Rules), or in the nature of our services.

Material changes will be notified to active clients by email. The revised policy will be published on this page with an updated "Last Revised" date. Your continued engagement with Vayuantriksh following any such change constitutes acceptance of the revised terms.

We recommend reviewing this page periodically if you are in an active or prospective engagement with us.

12 Grievance Officer

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the provisions of the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer to address any concerns relating to the processing of your personal data.

Designated Grievance Officer

Vayuantriksh Consultants
MSME Registered · Micro Enterprise · Services

Email: consultant@vayuantriksh.in
Subject line: "Privacy Grievance – [Your Name]"

Grievances will be acknowledged within 72 hours and resolved within 30 days of receipt, in accordance with the IT Rules, 2011. If you remain unsatisfied after our response, you may approach the Data Protection Board of India (once constituted under the DPDP Act, 2023) or a court of competent jurisdiction.

Governing Law — This Privacy Policy and any dispute arising from it shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes shall be subject to the exclusive jurisdiction of courts of competent jurisdiction in India.