Privacy Policy

Foreword:

We, at SOCLY.io, are committed to protecting the information that you share with us and explaining how we collect, process, and share that information online. When you use our services, you are trusting us with your information. We understand that this is a big responsibility and work hard to protect your information and keep it secure.

We provide you with insight into the privacy practices employed here at SOCLY.io.

Background:

This Policy provides an overview of how at SOCLY.io information of “data subjects” (hereinafter referred to as “You” or “your”) personal data is collected, handled, and protected. In this policy, “we”, “us”, and “our” may refer to SOCLY.io Inc. or its subsidiaries and affiliates.

Services Provided by SOCLY.io:

The SOCLY.io platform is designed to help you consistently monitor and manage compliances. We offer a platform that provides all the services required by small and medium enterprises, offering an end-to-end solution for compliances like SOC2, ISO27001, GDPR, etc., enabling businesses to have assistance with global security compliances.

What data do we collect?

Our Company collects the following data:

• Personal identification information (Name & email address)
• Any other type of personal data collected from auditors for auditing purposes will be obtained with the individual’s consent.

How do we collect your data?

You or your employer directly provide Our Company with data we intend to collect. We collect data and process it when you:

• Register online or avail our products or services.
• Our Company may also receive your data indirectly from the following sources: None

How will we use your data?

Our Company collects your data so that we can:

• Provide your service and manage your account to provide the service.
• Email you with special offers on other products and services we think you might like.
• Email you with real-time alerts of your organization.

If you agree, Our Company will share your data with our partner Auditors who are also an essential part of the Compliance Service we intend to provide.

How do we store your data? (If you are located in the EU)

Personal data submitted through our lead, demo, or contact forms is stored in secure systems with access limited to authorized personnel and protected by appropriate technical and organizational measures.

We retain this data only for as long as necessary to respond to inquiries and for lawful marketing communications, after which it is deleted or anonymized.

Cross-Border Data Transfers:
We are headquartered in India and may process personal data outside the European Economic Area (EEA). Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards in accordance with GDPR.

How do we store your data? (If you are located in other locations except EU)

Our Company securely stores your data at a Secure storage location in India.

Marketing:

SOCLY.io processes personal data for marketing purposes in accordance with applicable data protection requirements.

Marketing Communications

For individuals located in the European Economic Area (EEA):

• We send marketing communications only where we have a lawful basis, primarily:
  
  • Explicit consent, or
  • Legitimate interest, where permitted (for example, B2B outreach to corporate email addresses relevant to your professional role), subject to your right to object at any time.
    
• You may opt out of marketing communications at any time by using the unsubscribe link included in our emails or by contacting us directly.
• We do not sell or rent your personal data to third parties for their independent marketing purposes.

How We Handle Data Collected via Lead / Demo / Contact Forms

When you submit your personal information through our website forms (including demo requests, contact forms, lead forms, or newsletter sign-ups), we collect and process only the data you voluntarily provide, which may include:

• Name
• Work email address
• Company name
  

Purpose of Collection

Data collected via website forms is used strictly for the following purposes:

• To respond to your inquiry or demo request
• To provide information about our products or services
• To communicate with you regarding compliance-related offerings
• To send marketing communications only where lawful and permitted
  

Legal Basis

For individuals located in the EEA, personal data collected through lead and demo forms is processed based on:

• Your consent, where explicitly obtained, or
• Our legitimate interests, where applicable for B2B communications, subject to your right to object.

You may withdraw your consent or object to marketing communications at any time. Withdrawal or objection will not affect the lawfulness of processing carried out prior to that point.

What are your data protection rights?​

Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request Our Company for copies of your personal data.

The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete information you believe is incomplete.

The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact our Data Protection Officer or

Email us at: karthik@socly.io

Call us: +91-7992646464

Data Protection Officer(DPO) and their responsibilities:

Name: Karthik Rambhatla

Email: datasupport@socly.io

DPO Roles and Responsibilities:

• Oversee the implementation of data protection policies and procedures.
• Ensure the organization’s compliance with data protection regulations.
• Conduct risk assessments related to data processing activities.
• Serve as a point of contact for data subjects and supervisory authorities.
• Monitor data security measures, investigate breaches, and enforce staff training to uphold data security.

Data Breach Procedure and Reporting Time Period:

• In the event of a data breach, we follow a stringent procedure to mitigate and address the incident promptly. Our response includes identifying the breach, containing its impact, assessing affected data, notifying relevant authorities, and communicating transparently with affected individuals. We conduct thorough investigations to understand the extent of the breach and implement corrective measures to prevent recurrence.
• Any detected data breach will be reported to relevant authorities and affected individuals within 72 hours of its identification, in compliance with applicable data protection regulations.

Consent Management:

Obtaining Consent:

When you visit our website or platform, we will request your consent before collecting any personal information. Clear and easily understandable explanations will be provided regarding the purpose and scope of data processing activities. You have the right to grant or deny consent.

Modification of Consent:

If you wish to modify your consent for data processing,You can do so easily by contacting our DPO or our helpline. Modification will not affect the lawfulness of any processing based on prior consent.

Withdrawal of Consent:

If you wish to withdraw your consent for data processing, you can do so easily by contacting our DPO or our helpline. Withdrawal will not affect the lawfulness of any processing based on prior consent.

By incorporating this consent management facility, we aim to empower you with control over your personal data, ensuring transparency and compliance with privacy regulations.

Children’s Privacy:

The site and our product are not intended for use by children, and SOCLY.io does not knowingly collect personal information from anyone under 13 years of age. Product access is granted only to the employees of our client companies, assuming they are all above 18 years of age. In case of any exceptions, we collect it with parental consent.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit the cookie link (wiki).

How do we use cookies?

Our Company does not use cookies. We only use a session variable that is to:

• Keep you signed in to our application

Privacy policies of other websites:

Our Company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy:

Our Company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 6th January 2026.

How to contact us?

If you have any questions about Our Company’s privacy policy, the data we hold on you, or if you would like to exercise one of your data protection rights, please do not hesitate to contact us. Email us at: datasupport@socly.io Call us: +91-7992646464

How to contact the appropriate authority?

Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.