Privacy Policy

Effective Date: 1 May 2026  |  Last Updated: 24 May 2026

Tidal Wave Technologies Pvt. Ltd. ("Tidal Wave", "we", "us", or "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what personal data we collect, how we use it, on what legal basis, who we share it with, how long we keep it, and what rights you have under applicable law — primarily the Digital Personal Data Protection Act, 2023 (India), and where applicable, the EU/UK General Data Protection Regulation.

1. Who we are

Tidal Wave Technologies Pvt. Ltd. is a private limited company incorporated under the laws of India, with its registered office at Mumbai. We act as the Data Fiduciary (Controller) for personal data collected through this website.

2. Personal data we collect

2.1 Information you provide directly

• Name, work email, telephone number, company name, job title, country, and industry, when you submit a contact form, request a download, or book a consultation.
• Any additional context you choose to share in a free-text field (use case description, timeline, site details).
• Optional information you provide in conversations with our sales engineers or support team.

2.2 Information collected automatically

• Device and browser information (browser type, operating system, screen resolution).
• Approximate IP-derived location (city/region level).
• Pages visited, time spent, click and scroll patterns, referring URL.
• Cookies and similar technologies — see our Cookie Policy for details.

2.3 Information from third parties

• Business contact information from professional networking platforms (e.g., LinkedIn) when you interact with our profile or content.
• Information from event organisers when you visit our booth, attend a webinar, or sign up for an event we participate in.
• Publicly available business information (company filings, press releases, government tender portals).

3. How we use your personal data

• To respond to your enquiries and provide the information, documents, or consultations you request.
• To schedule, conduct, and follow up on technical consultations and site assessments.
• To send you content we believe is relevant to your role and industry — only with your consent or where permitted by law.
• To improve our website, products, and services.
• To comply with applicable legal, regulatory, and tax obligations.
• To protect our legitimate interests, including fraud prevention, network security, and enforcement of our terms.
• To carry out customer due diligence in connection with potential business engagements.

4. Legal basis for processing

Where the DPDP Act applies, we process personal data based on your consent, or where the processing falls under a legitimate use specified in the Act. Where GDPR applies, we rely on one of the following: your consent; performance of a contract; compliance with a legal obligation; our legitimate interests; or, in narrow circumstances, your vital interests or a task in the public interest.

5. Sharing your personal data

We do not sell your personal data. We share it only as follows:

• With our service providers and processors who help us operate the website, our CRM, email systems, analytics, and meeting-scheduling platforms (including HubSpot, Google Analytics, LinkedIn, and similar). These processors act on our written instructions and are subject to confidentiality.
• With professional advisors (legal, audit, tax) under confidentiality.
• With law enforcement, regulators, or other public authorities where required by law or court order.
• In connection with a corporate transaction (merger, acquisition, financing, restructuring), under appropriate confidentiality protections.

6. Cross-border data transfers

Some of our service providers process personal data outside India (for example, in the United States or the European Union). Where the DPDP Act or GDPR requires it, we put in place appropriate safeguards including contractual commitments, standard contractual clauses, and provider certifications.

7. How long we keep your personal data

We keep personal data only for as long as necessary for the purposes described in this policy, and to comply with our legal, regulatory, accounting, and contractual obligations.

Typical retention periods:

• Enquiry and lead data: up to 36 months from the date of last meaningful interaction, unless we have an active commercial engagement.
• Customer data under a Master Services Agreement: as required for the duration of the engagement and 7 years thereafter, in line with Indian tax and corporate law.
• Marketing-list data: until you withdraw consent or unsubscribe, whichever is earlier.

8. Security of personal data

We follow reasonable security practices and procedures consistent with the Information Technology Act, 2000, and best industry practice. These include role-based access control, encryption in transit and at rest where appropriate, vendor due diligence, and incident response procedures. No system is perfectly secure; in the event of a personal data breach, we will notify the Data Protection Board of India and affected individuals as required by law.

9. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Erase personal data, subject to lawful retention requirements.
• Withdraw consent (where consent is the basis for processing).
• Object to or restrict certain processing.
• Nominate another individual to exercise these rights in the event of death or incapacity (under DPDP Act).
• Lodge a grievance with our Grievance Officer (see Section 11), and escalate to the Data Protection Board of India.

10. Marketing communications

Where we send you marketing emails, every email contains an unsubscribe link. You may also email us at info@tidalwave.tech at any time to opt out. Unsubscribing from marketing emails does not affect transactional emails relating to active engagements with us.

11. Grievance Officer

If you have a question, complaint, or wish to exercise any of your rights, contact our Grievance Officer:

• Email: info@tidalwave.tech
• Address: Mumbai, India
• Response time: We will acknowledge your request within 7 working days and respond substantively within 30 days, unless the law provides a different timeline.

12. Children

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact our Grievance Officer.

13. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be at this URL with the 'Last Updated' date refreshed. Material changes will be communicated by email to active contacts and through a prominent banner on the website for a reasonable period.

14. Contact us

For any questions about this policy or our data practices, email us at info@tidalwave.tech or use the address above.

15. Notice under the Digital Personal Data Protection Act, 2023

This section serves as our formal notice under Section 5 of India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

Identity of the Data Fiduciary

Tidal Wave Technologies Pvt. Ltd., a company incorporated under the Companies Act, 2013, with its registered office at Mumbai.

Personal data collected

We collect the following personal data from you when you submit a form, request a download, or interact with our website: full name, work email, telephone number, company name, job title, country, industry, and any additional information you choose to provide.

We also collect technical information automatically (IP-derived approximate location, browser, device, page activity) through cookies and similar technologies.

Purposes of processing

• To respond to your enquiries and process your requests.
• To schedule technical consultations and site assessments.
• To send you information about our products, services, and content relevant to your industry.
• To carry out customer due diligence and assess prospective engagements.
• To improve our website and services.
• To comply with legal, tax, and regulatory obligations.

Manner of giving consent and withdrawing it

By submitting a form on this website and ticking the consent checkbox, you give your consent to the processing described above. You may withdraw your consent at any time by emailing info@tidalwave.tech or by using the unsubscribe link in our emails. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Your rights as a Data Principal

Under the DPDP Act, you have the right to:

• Access information about your personal data, the purposes for which it is being processed, and the categories of recipients.
• Correct inaccurate, incomplete, or misleading personal data.
• Update personal data.
• Erase personal data, subject to lawful retention requirements.
• Nominate another individual to exercise your rights in the event of your death or incapacity.
• Lodge a grievance with our Grievance Officer.

Grievance Officer

• Email: info@tidalwave.tech
• Postal: Mumbai

We will acknowledge your grievance within 7 working days and resolve it within 30 days, unless the matter requires a longer period.

Escalation to the Data Protection Board of India

If you are not satisfied with our response, you have the right to escalate the matter to the Data Protection Board of India in accordance with the DPDP Act.

Transfer of personal data outside India

Some of our processors operate from outside India. We do not transfer personal data to any jurisdiction notified by the Government of India as restricted under Section 16 of the DPDP Act. Where transfers occur, we put in place appropriate contractual and technical safeguards.

Languages

This notice is available in English. If you would like a copy in Hindi or any other language scheduled under the Eighth Schedule of the Constitution of India, contact our Grievance Officer.