Privacy Policy

QuantaVectra Labs is a technology and AI advisory firm founded and operated by Nishant Nagwani, based in Mumbai, Maharashtra, India. We serve as a Data Fiduciary under the DPDP Act in respect of personal data we collect and process.

For questions about this policy or your data, contact us at hello@quantavectra.com.

2.1 Data you provide directly

• Name, email address, and company name when you submit a contact form, book a consultation, or email us
• Business context shared during consultation calls, emails, or intake questionnaires (company stage, industry, team size, technology stack)
• Any other information you voluntarily share during an engagement

2.2 Infrastructure and system access data (during engagements)

For Cloud Cost Optimisation and Agentic AI Audit engagements, we request time-limited, read-only access to your cloud billing dashboards, infrastructure tooling, and/or agent system logs. During this access we may observe:

• Cost and usage data associated with your cloud accounts
• Infrastructure configuration, resource identifiers, and architecture information
• Agent decision logs, tool call records, and system outputs
• Incidental personal data of your end users that may appear within logs, outputs, or system data

We treat all such data as strictly confidential. We access only what is necessary for the agreed engagement scope. All access is revoked upon completion of the relevant phase.

2.3 End-user data (indirect, engagement-dependent)

Where your systems contain personal data of your customers or end users — and such data is incidentally visible during our access — we act as a Data Processor on your behalf. We do not use, copy, store, or analyse such end-user data beyond what is strictly necessary to complete the engagement. You remain the Data Fiduciary for your end users' data, and you are responsible for ensuring you have a lawful basis to share it with us.

2.4 Website analytics and cookies

Our website uses analytics tools and cookies to understand how visitors interact with our content. Data collected may include pages visited, time on page, general geographic location, device type, and referring URL. This data is aggregated and does not identify you personally.

• To respond to enquiries and schedule consultations
• To deliver advisory services and produce engagement deliverables (reports, roadmaps, findings)
• To communicate about your engagement — status updates, questions, follow-ups
• To improve our website and understand how founders engage with our content
• To comply with applicable legal obligations

We do not use your personal data for unsolicited marketing. We do not sell personal data to third parties. We do not use client data or end-user data to train AI models.

Under the DPDP Act 2023, we process personal data on the following bases:

• Consent: for website analytics and cookies, where you have the ability to opt out
• Contractual necessity: for data processed as part of delivering an engagement you have commissioned
• Legitimate interests: for responding to unsolicited enquiries and maintaining records of consultations
• Legal obligation: where required by applicable Indian law

5.1 What cookies we use

Analytics cookies: Used to measure website traffic and visitor behaviour. Set by tools such as Google Analytics. Data is aggregated and anonymised where possible.

Functional cookies: Used to maintain basic website functionality during your session. These are strictly necessary and do not track you across sessions.

5.2 Your choices

You can control cookies through your browser settings. You can also opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on. Blocking analytics cookies will not affect your ability to use the website or book a consultation.

We do not sell, rent, or share personal data with third parties for their own commercial purposes. We may share data only in the following limited circumstances:

• Service providers: Tools we use to operate our business (such as Cal.com for scheduling, email providers, and analytics platforms) may process data on our behalf.
• Legal compliance: We may disclose data if required by law, court order, or a competent regulatory or government authority in India.
• Business transfer: In the event of a business sale, merger, or restructuring, client data may be transferred as part of that transaction. We will notify affected clients in advance where legally permitted.

• Consultation and enquiry records: up to 12 months from the date of contact, or until you request deletion
• Engagement data (reports, findings, communications): up to 3 years from engagement completion
• Infrastructure access: credentials revoked and access terminated at the end of the relevant engagement phase
• Website analytics: as governed by the retention settings of the relevant analytics provider (typically 14–26 months)

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. Infrastructure access credentials are stored in encrypted form. Engagement data is stored in access-controlled environments.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we will notify you promptly if we become aware of a data breach that affects your personal data, in accordance with DPDP Act requirements.

As a Data Principal under the DPDP Act, you have the following rights:

• Right to access: request a summary of the personal data we process about you
• Right to correction: request correction of inaccurate or incomplete personal data
• Right to erasure: request deletion of your personal data, subject to our legal retention obligations
• Right to grievance redressal: raise a complaint with us directly
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email us at hello@quantavectra.com. We will acknowledge your request within 72 hours and respond substantively within 30 days.

Our services are directed at business founders and professionals. We do not knowingly collect personal data from individuals under the age of 18.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated by posting the updated policy on our website with a revised effective date.