Privacy Policy

RDSoftechSolution ("Company", "we", "us", or "our") is a technology firm providing enterprise Artificial Intelligence (AI) services, Generative AI solutions, Autonomous Agent systems, and Mobile Application Development services to clients globally. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy applies to all information collected through our website (rdsoftechsolution.com), our AI-powered platforms, mobile applications we develop, and any related services, sales, marketing, or events. By using our services, you agree to the collection and use of information in accordance with this policy.

We operate in compliance with the European Union General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act (DPDP), California Consumer Privacy Act (CCPA), and applicable regional data protection laws.

RDSoftechSolution develops and deploys AI systems including Large Language Models (LLMs), Autonomous Agents, and Generative AI pipelines. The following rules govern how data is handled within our AI service delivery:

When we develop mobile applications for clients or internal use, we enforce strict privacy-by-design standards across the entire software development lifecycle:

• To provide, operate, and maintain our AI services, mobile applications, and software development engagements.
• To communicate project updates, service notifications, invoices, and support responses.
• To personalise your experience and improve our service offerings based on usage patterns.
• To process transactions and send related billing information.
• To send marketing communications (only with your explicit consent, which may be withdrawn at any time).
• To detect, investigate, and prevent fraudulent transactions, security incidents, and policy violations.
• To comply with legal obligations, regulatory requirements, and respond to lawful government requests.
• To train and improve internal AI models (using only anonymised, non-PII data unless explicit written consent is obtained).

We do not sell, trade, or rent your personal information to third parties. We may share data in the following limited circumstances:

We implement enterprise-grade security controls to protect your information against unauthorised access, alteration, disclosure, or destruction:

• AES-256 encryption for all Restricted and Confidential data at rest; TLS 1.3 with Perfect Forward Secrecy (PFS) for all data in transit.
• Zero-Trust Network Architecture with Role-Based Access Control (RBAC) and Just-In-Time (JIT) privilege elevation.
• Hardware-based FIDO2 Multi-Factor Authentication (MFA) for all systems handling sensitive data. SMS-based MFA is not used.
• Automated Security Information and Event Management (SIEM) with 15-minute incident triage SLAs.
• All source code deployments pass through automated SAST, DAST, and Software Composition Analysis (SCA) gates before production release.
• Cryptographic commit signing and container image attestation for all production deployments.
• Immutable Write-Once-Read-Many (WORM) backup storage with a minimum 90-day retention lock, protected against ransomware.
• Annual disaster recovery drills with Recovery Time Objectives (RTO) of under 15 minutes for mission-critical systems.

Depending on your location, you may have the following rights regarding your personal data:

We retain personal data only as long as necessary for the purposes stated in this policy or as required by applicable law:

• Client project data is retained for the duration of the contractual engagement plus a maximum of 7 years for legal and audit compliance, after which it is cryptographically shredded.
• Website analytics data is retained for 26 months and then automatically purged.
• Marketing contact data is retained until you withdraw consent, after which it is deleted within 30 days.
• AI model training data is anonymised before use and cannot be traced back to individual users.
• Cryptographic Shredding: Restricted and Confidential data is encrypted with unique Data Encryption Keys (DEKs). Upon deletion, the Key Management Service (KMS) destroys the encryption key, permanently rendering stored data unrecoverable — even from block storage.
• WORM-protected financial and transactional records are retained for the minimum statutory period and cannot be deleted until the immutable clock expires.

RDSoftechSolution operates globally. Your data may be processed in countries outside your own. We ensure all cross-border data transfers comply with applicable law:

• EU/EEA personal data transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.
• India DPDP transfers follow government-approved whitelisted corridors and contractual safeguards.
• Where data localisation is legally mandated, we deploy geographically isolated cloud infrastructure to ensure data remains within the required jurisdiction.
• Personal identifiers are cryptographically pseudonymised before any data crosses international boundaries for AI processing workloads.
• We maintain a register of all international transfer mechanisms, available upon request.

Our website uses cookies and similar tracking technologies to enhance your experience:

• All custom business logic, tailored interfaces, and client-specific integrations developed under a signed Statement of Work (SOW) are transferred to the client upon full payment.
• Pre-existing frameworks, reusable AI components, and background IP developed independently of any client contract remain the property of RDSoftechSolution.
• When fine-tuning AI models using client-provided Restricted datasets, the resulting model weights are structurally isolated and never reused for other clients or external workloads.
• Client-provided data used for model training remains the property of the client at all times.

To exercise any of your data rights, report a privacy concern, or request information about how your data is used, please contact our Data Protection Officer: