Enforcer Labs Private Limited
Effective Date: May 1, 2026
Last Updated: May 17, 2026
Applies To: Enforcer Marketing | Enforcer Dashboard
1. Introduction
Enforcer Labs Private Limited ("Enforcer Labs," "we," "us," or "our"), a company incorporated under the laws of Maharashtra, India, with its registered office at Plot No. 12, Sector 15, BKC, Bandra (East), Mumbai, Maharashtra, 400051, India, is committed to protecting the privacy of individuals who interact with our products and services.
This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in connection with:
- Enforcer Marketing — our publicly accessible marketing website at enforcer-cca.com
- Enforcer Dashboard — our enterprise compliance and governance platform deployed on Customer infrastructure
This Policy applies to all visitors, users, and Customers ("you" or "your") who interact with our Services.
2. Scope and Applicability
2.1 Enforcer Marketing
This Privacy Policy governs all personal data collected through the Enforcer Marketing website, including data submitted through contact forms, email subscription forms, analytics tracking, and cookies.
2.2 Enforcer Dashboard
Enforcer Dashboard is self-hosted enterprise software deployed entirely within Customer's private infrastructure. Enforcer Labs does not host, access, collect, or process any personal data or Customer Data through Enforcer Dashboard. Customer is the sole data controller for any data processed by Enforcer Dashboard within Customer's environment.
This Privacy Policy applies to Enforcer Dashboard only with respect to:
- information collected during the license procurement process;
- information collected through support interactions; and
- information collected through product update and licensing mechanisms.
3. Data Controller
For data collected through Enforcer Marketing and during business interactions:
Enforcer Labs Private Limited
Plot No. 12, Sector 15, BKC, Bandra (East), Mumbai, Maharashtra, 400051, India
Email: legal@enforcer-cca.com
Data Protection Officer: Ommar Shaikh (dpo@enforcer-cca.com)
For data processed by Enforcer Dashboard within Customer infrastructure: Customer is the data controller. Enforcer Labs has no access to such data.
4. Personal Data We Collect
4.1 Information You Provide Directly
| Data Category | Collection Point | Examples |
|---|---|---|
| Contact information | Contact forms, demo requests | Name, email address, company name, job title, phone number |
| Communication content | Email correspondence, support tickets | Message content, attachments |
| Account information | License registration | Name, email, organization, billing address |
| Payment information | License purchase | Processed by third-party payment processors; we do not store payment card data |
4.2 Information Collected Automatically (Enforcer Marketing Only)
| Data Category | Technology | Examples |
|---|---|---|
| Usage data | Vercel Analytics | Pages visited, time on page, referral source, session duration |
| Device data | Browser headers | Browser type, operating system, device type, screen resolution |
| Network data | Server logs | IP address (anonymized where feasible), approximate geolocation (country/region) |
| Cookie data | Cookies, local storage | Session identifiers, preference settings |
4.3 Information We Do NOT Collect
- Enforcer Labs does not collect personal data from Enforcer Dashboard deployments
- Enforcer Labs does not collect biometric data
- Enforcer Labs does not collect financial account numbers or government-issued identifiers through the marketing website
- Enforcer Labs does not sell personal data
5. Legal Bases for Processing (GDPR)
Where the EU General Data Protection Regulation (GDPR) applies, we process personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Responding to inquiries and contact form submissions | Legitimate interest (pre-contractual communication) |
| Email marketing (where consent obtained) | Consent (Article 6(1)(a)) |
| Analytics and website optimization | Legitimate interest (Article 6(1)(f)) |
| License administration and support | Performance of contract (Article 6(1)(b)) |
| Legal compliance | Legal obligation (Article 6(1)(c)) |
| Security and fraud prevention | Legitimate interest (Article 6(1)(f)) |
6. How We Use Personal Data
We use personal data for the following purposes:
(a) Service delivery — to respond to inquiries, process license purchases, and provide support;
(b) Communications — to send transactional emails, product updates, and, where consented, marketing communications;
(c) Analytics — to understand website usage patterns, improve user experience, and optimize marketing efforts;
(d) Security — to detect, prevent, and address fraud, abuse, and security incidents;
(e) Legal compliance — to comply with applicable laws, regulations, and legal processes;
(f) Business operations — to manage our business relationship with Customers, including billing, licensing, and account administration.
7. Data Sharing and Disclosure
7.1 Third-Party Service Providers (Sub-Processors)
We share personal data with the following categories of service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Vercel, Inc. | Website hosting and analytics | Usage data, IP addresses, device data | United States |
| Resend, Inc. | Transactional and marketing email delivery | Email addresses, names, email content | United States |
All sub-processors are bound by data processing agreements that require them to protect personal data in accordance with applicable law.
7.2 Other Disclosures
We may disclose personal data:
(a) to comply with applicable laws, regulations, legal processes, or enforceable governmental requests;
(b) to enforce our Terms of Service or other agreements;
(c) to protect the rights, property, or safety of Enforcer Labs, our Customers, or the public;
(d) in connection with a merger, acquisition, reorganization, or sale of assets, subject to the acquiring entity agreeing to protect personal data consistent with this Policy.
7.3 No Sale of Personal Data
Enforcer Labs does not sell, rent, or trade personal data. We do not share personal data for cross-context behavioral advertising.
8. International Data Transfers
Enforcer Labs is headquartered in India. Personal data collected through Enforcer Marketing may be transferred to and processed in the United States (through our sub-processors).
For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland:
(a) We rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, or other approved transfer mechanisms;
(b) We ensure that receiving parties maintain adequate data protection standards;
(c) Customers may request copies of applicable SCCs by contacting legal@enforcer-cca.com.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
| Data Category | Retention Period |
|---|---|
| Contact form submissions | 24 months from last interaction |
| Email subscriber data | Until unsubscribe or 36 months of inactivity |
| License and account data | Duration of license plus 60 months |
| Support correspondence | 36 months from resolution |
| Analytics data (aggregated) | 24 months |
| Server logs | 90 days |
Upon expiration of the retention period, personal data is securely deleted or irreversibly anonymized.
10. Data Subject Rights
10.1 GDPR Rights (EEA, UK, Switzerland)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:
- Right of access (Article 15) — obtain confirmation and a copy of your personal data
- Right to rectification (Article 16) — correct inaccurate or incomplete data
- Right to erasure (Article 17) — request deletion of your personal data
- Right to restriction (Article 18) — restrict processing in certain circumstances
- Right to data portability (Article 20) — receive your data in a structured, machine-readable format
- Right to object (Article 21) — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, withdraw at any time
- Right to lodge a complaint — file a complaint with your local supervisory authority
10.2 CCPA/CPRA Rights (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by CPRA):
- Right to know — request disclosure of the categories and specific pieces of personal information we collect
- Right to delete — request deletion of personal information we hold
- Right to correct — request correction of inaccurate personal information
- Right to opt-out of sale/sharing — Enforcer Labs does not sell or share personal information
- Right to non-discrimination — we will not discriminate against you for exercising your rights
10.3 APAC and Other Jurisdictions
We extend data subject rights consistent with local law to users in all jurisdictions where we operate, including but not limited to India (under the Digital Personal Data Protection Act, 2023, as applicable), Canada (PIPEDA), and applicable APAC privacy frameworks.
10.4 Exercising Your Rights
To exercise any data subject right, contact:
Data Protection Officer
Enforcer Labs Private Limited
Email: dpo@enforcer-cca.com
Or: legal@enforcer-cca.com
We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law.
11. Security Measures
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:
- Encryption of data in transit (TLS 1.2+)
- Access controls and authentication requirements
- Regular review of data processing practices
- Vendor security assessments for sub-processors
- Employee access limited to need-to-know basis
12. Children's Privacy
Enforcer Labs does not knowingly collect personal data from individuals under the age of 16 (or the applicable age of consent in the relevant jurisdiction). If we become aware that personal data has been collected from a child, we will take steps to delete such data promptly.
13. Automated Decision-Making
Enforcer Labs does not use personal data collected through Enforcer Marketing for automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
For Enforcer Dashboard: Any automated processing, decision-making, or AI-driven functionality operates entirely within Customer's infrastructure. Customer is solely responsible for compliance with applicable laws regarding automated decision-making.
14. Do Not Track
Enforcer Marketing does not currently respond to "Do Not Track" (DNT) browser signals, as there is no industry-standard technology for recognizing DNT signals. We do honor Global Privacy Control (GPC) signals where technically feasible.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
(a) update the "Last Updated" date at the top of this Policy;
(b) provide notice via email to registered users or prominent notice on our website;
(c) where required by law, obtain your consent before applying material changes.
Your continued use of our Services after changes become effective constitutes your acceptance of the updated Policy.
16. Contact Information
For questions, concerns, or requests related to this Privacy Policy:
Enforcer Labs Private Limited
Attn: Data Protection Officer
Plot No. 12, Sector 15, BKC, Bandra (East), Mumbai, Maharashtra, 400051, India
Email: legal@enforcer-cca.com
DPO Email: dpo@enforcer-cca.com
Website: https://enforcer-cca.com
This Privacy Policy is subject to attorney review and should be validated by qualified privacy counsel in each applicable jurisdiction before publication.