GDPR, Privacy & Cookies policy

sapna security respects your privacy and this policy will inform you of our privacy practices, and how we collect and use personal data.

What personal information we have, why, and where do we store it?

sapnasecurity maintains an online CRM (Customer Relationship Management) system used for communicating with clients for project management, business and marketing purpose. As data controllers we store basic contact information which includes first name, last name, company, office address, email, telephone, mobile number, fax, MSN contact, Skype contact and VAT number about our clients, agencies, business partners, sub-processors and employees and communications with them. Additionally, your contact details will also reside on personal contact list like but not limiting to Google contact list or address book, and/or on social and networking tools like Whatsapp/Skype/Facebook/Google+ etc. We may also share this information with third parties when we need to use their service or when we feel they might be beneficial to you. This information is not restricted to EEA.

sapnasecurity is also a data processor for multiple data controllers. This is mainly due to the nature of our service where as a part of the service we provide, we will also have to handle sensitive information like the details of your application and access details for resources so that we can test them. The application itself may reveal information which is sensitive to us, although we always insist that the client should prepare a separate test environment and ensure no live personal or sensitive data is used. Tools like google analytics may also be used to gather statistical data. 

How do we use your information?

We may use the information we collect from you to communicate with you for any services you need. We may reach out to you to inform you of a potential threat if we feel the need to do so. If you have not opted to receive newsletters you will not receive them. Some of the information you provide us will be used to understand the application or the infrastructure, and also help us conduct our tests and audits.

What lawful basis do we have to process this information?

The lawful basis for this information is contract with the individual or company and/or legitimate interests: As we are a private-sector organisation and can process personal data without consent if we have a genuine and legitimate reason (including commercial benefit)


How long we retain this information for?

We may store this information for continuing our business relationship, and even keep this information beyond any active business relationship for any future perspective business.

How do we protect your information?

We implement various security measures including hardening of our servers to ensure your information is safe with us. Brute force protection, DoS protection, firewall etc are some of the various methods used to ensure your data is safe. We have good management policies for account, password, risk, backups, exceptions, asset, key etc to ensure we follow the best practices. We use industry standard encryption tools and protocols like SSH, SSL, FTPeS etc to ensure your data is safe. We also use encryption tools like axcrypt, or password protected zip files to secure some information.


Do we use cookies?

This website uses cookies to store information on your computer. Cookies are small text files located in browser directories. Some of these cookies are essential to make our website work and others help us to improve by giving us some insight into how the site is being used.


Cookies being used:


1. Wix related cookies.

We use Wix for our website and Wix uses specific mandatory cookies as listed in 


2. __utma, __utmb, __utmc, __utmz

Third party Google Analytics cookies used for statistical purpose. More information.


To know how to manage your cookies (enable/disable etc) please refer to how to control cookies on


Our main sub processors are

  • sapnagroup deutschland, Claus Hübner e.K. who handle German project management and administrative work for us

  • Sapna Technologies an IT company in India which we use for our services which include software development and server hosting/maintenance.

  • Hetzner ( which we use for hosting requirements. Hetzner does not have software access to our servers as it does not have any OS accounts.

  • Strato ( used for remote backup solutions

  • AWS ( used for hosting services like files etc.

  • G Suite, Gmail, Google Drive, Google Calendar, Dropbox, iCloud, Slack and similar services

In rare cases we may use a different provider as data processors and such cases are noted with the data controller.

What are your rights for your personal information?
You can contact us at for any of the following requests for the personal information we hold of you

  • to get details of the information we hold of you i.e. subject access requests

  • to correct/update this information

  • to delete this information

  • to restrict processing of this information

  • to object

  • to not be subjected to automated decision making including profiling.

  • to provide this information in portable format


Whom to contact if you have queries or complain?


If you have any queries or complains you can write to us at

Do we use google analytics?

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States . Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, or using the cookie controller. By using this website and accepting the cookie controller, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can read Google Analytics terms of service at, and Google's privacy policy can be read at


Changes to this Privacy Policy

sapnasecurity may change the privacy policy from time to time. All changes to privacy policy will be on this page.


If you have any additional questions or concerns about this Privacy Policy, please feel free to contact us anytime at