Privacy Policy

ATOMQUARK SOFTWARE LLP

atomquark.ai | atomquark.com

Privacy Policy & Global Regulatory Compliance

Applicable to: atomquark.ai | atomquark.com | atomquarksoftware.com

Version 3.0 | Effective: April 1, 2026

1. Scope of This Policy

1.1 Portals and Domains Covered

This Policy applies to both of Atomquark Software LLP's web portals and their associated sub-domains and services.

1.2 Who This Policy Applies To

This Policy applies globally to all individuals who interact with either portal, including:

  • Visitors, registered users, prospects, and clients — regardless of geographic location
  • Data submitted via web forms, enquiry pages, AI-powered tools, chat interfaces, and uploaded documents on either portal
  • Information exchanged during consultancy, software delivery, and AI service engagements initiated through either portal
  • Employees, contractors, and representatives of client organisations whose data is processed in connection with service delivery

This Policy does not govern third-party websites linked from our portals. We encourage you to review the privacy policies of any external services you access through links on atomquark.ai or atomquark.com.

2. Information We Collect

2.1 Information You Provide

We collect personal information you voluntarily submit, including:

  • Identity data: name, job title, designation, and company/organisation name
  • Contact data: email address, phone number, and postal address
  • Project and service data: requirements documents, RFPs, uploaded files, and technical specifications
  • Communications: emails, messages, feedback, ratings, and testimonials submitted via the portal
  • Financial data: billing name and address (payment card details are handled exclusively by our PCI-DSS-compliant payment processors)

2.2 Automatically Collected Information

When you visit atomquark.ai or atomquark.com, we automatically collect:

  • Technical data: IP address, browser type, device type, operating system, and screen resolution
  • Usage data: pages visited, time spent, referral URLs, click paths, and navigation patterns
  • Cookies and tracking technologies (see Section 8 for details)
  • Log data: server access logs, error reports, and timestamps

2.3 Portal-Specific Data Collection

The two portals serve distinct purposes and may collect different categories of data.

2.4 AI-Interaction Data (atomquark.ai)

Where AI-powered tools, demos, or chatbot interfaces are available on the portal:

  • Queries, prompts, and session inputs may be logged temporarily for quality assurance and service improvement
  • We do not use identifiable personal information from AI interactions to train third-party or commercial models without your explicit consent
  • Anonymised and aggregated interaction patterns may be used to improve our proprietary AI models

2.5 Data from Third-Party Sources

We may receive data about you from third parties including business directories, referral partners, and publicly available professional networks (e.g., LinkedIn) for the purpose of B2B outreach, with appropriate legitimate interest or consent as applicable.

3. Legal Bases for Processing Personal Data

We process your personal data only where we have a valid legal basis. The applicable bases vary by jurisdiction.

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your privacy rights. You may request our Legitimate Interests Assessment by contacting us at contact@atomquark.com.

4. How We Use Your Information

We use collected information across both portals for the following purposes:

  • To provide, maintain and improve our services and portals
  • To process enquiries and service requests
  • To communicate with you about our services
  • To comply with legal obligations
  • To protect our rights and interests

5. Disclosure of Your Information

We do not sell, rent, or trade your personal data. We may share it in the following limited circumstances:

5.1 Service Partners and Sub-processors

  • Cloud infrastructure and hosting providers (data processing agreements in place)
  • Analytics platforms (e.g., Google Analytics — with data minimisation and anonymisation enabled)
  • CRM and communication tools used to manage client relationships
  • Payment processors (PCI-DSS compliant; they do not share payment data back to us)
  • AI infrastructure providers for model inference (data shared only to the extent required for service delivery)

5.2 Legal and Regulatory Authorities

  • Government authorities, courts, or law enforcement when required by law, court order, or regulatory directive
  • Regulators under the IT Act 2000, DPDP Act 2023, GDPR supervisory authorities, or equivalent bodies in relevant jurisdictions
  • CERT-In (Indian Computer Emergency Response Team) in the event of a reportable cybersecurity incident

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets involving Atomquark Software LLP, your personal data may be transferred to the successor entity. We will notify you of such transfers and ensure equivalent privacy protections are maintained.

5.4 Professional Advisors

We may share data with legal counsel, auditors, and insurance providers on a confidential, need-to-know basis for the purposes of obtaining professional advice.

5.5 Portfolio and Marketing References

With your prior written consent, we may reference your organisation (without disclosing individual personal data) in our portfolio, case studies, awards submissions, or marketing materials.

6. International Data Transfers

Atomquark Software LLP operates globally. Personal data may be transferred to, stored in, and processed in countries outside your country of residence, including India, the European Economic Area (EEA), the United Kingdom, and other jurisdictions where our service providers operate.

6.1 Transfer Mechanisms — EU/EEA and UK Data

  • Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs (2021 version) for transfers from the EEA to third countries not covered by adequacy decisions
  • UK International Data Transfer Agreements (IDTAs): For transfers from the United Kingdom, we rely on ICO-approved IDTAs or addenda to EU SCCs
  • Adequacy Decisions: Where the European Commission or UK ICO has issued an adequacy decision in respect of a recipient country, we may rely on that decision
  • Binding Corporate Rules (BCRs): Where applicable for intra-group transfers

6.2 Transfer Mechanisms — Indian Data (DPDP Act 2023)

  • Cross-border transfers are made only to countries notified by the Indian Government as permitting such transfers, or where appropriate contractual safeguards are in place
  • We maintain a record of all significant cross-border data flows and the safeguards applied

6.3 Other Jurisdictions

For transfers involving data subjects in Singapore (PDPA), Canada (PIPEDA), or South Africa (POPIA), equivalent contractual or regulatory safeguards are applied as required by applicable local law.

You may request a copy of the transfer mechanism documentation applicable to your data by contacting us at contact@atomquark.com.

7. Global Regulatory Compliance Framework

Atomquark Software LLP is committed to complying with applicable data protection and privacy laws across all jurisdictions in which we operate or engage with clients.

7.1 European Union — General Data Protection Regulation (GDPR)

Where we process personal data of individuals located in the European Economic Area (EEA), we comply with Regulation (EU) 2016/679 (GDPR). Our compliance includes:

  • Maintaining a Record of Processing Activities (ROPA) as required under GDPR Article 30
  • Appointing a Data Protection Representative in the EU where required under GDPR Article 27
  • Conducting Data Protection Impact Assessments (DPIAs) for high-risk processing activities
  • Implementing Privacy by Design and Privacy by Default principles (GDPR Article 25)
  • Reporting personal data breaches to the relevant supervisory authority within 72 hours (GDPR Article 33)
  • Notifying affected data subjects of breaches without undue delay where required (GDPR Article 34)

7.2 United Kingdom — UK GDPR and Data Protection Act 2018

Following the UK's departure from the EU, we comply with the retained UK GDPR and the Data Protection Act 2018 (DPA 2018) for personal data of individuals in the United Kingdom.

7.3 India — IT Act 2000 and Digital Personal Data Protection Act 2023 (DPDP Act)

As an Indian entity, our primary compliance framework is Indian law:

  • Information Technology Act 2000 and the IT (Amendment) Act 2008
  • IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011
  • Digital Personal Data Protection Act 2023 (DPDP Act)
  • Designation of a Grievance Officer as required under the DPDP Act
  • Data localisation requirements as mandated by the Government of India from time to time

7.4 United States — California Consumer Privacy Act (CCPA) / CPRA

Where we process personal information of California residents, we comply with the California Consumer Privacy Act 2018 as amended by the California Privacy Rights Act 2020 (CPRA). California residents have the following additional rights:

  • Right to Know: Know what personal information is collected, used, shared, or sold
  • Right to Delete: Request deletion of personal information we hold
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at contact@atomquark.com with the subject line "CCPA Privacy Request". We will respond within 45 days.

7.5 Singapore and Thailand — Personal Data Protection Acts (PDPA)

Where we process personal data of individuals in Singapore or Thailand, we comply with the respective Personal Data Protection Acts.

7.6 Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)

Where we process personal information of Canadian residents, we comply with the federal PIPEDA and applicable provincial privacy laws.

7.7 South Africa — Protection of Personal Information Act (POPIA)

Where we process personal information of South African data subjects, we comply with POPIA (Act No. 4 of 2013).

8. Cookies and Tracking Technologies

Atomquark.ai uses cookies and similar technologies. A cookie consent banner is presented on your first visit for non-essential cookies, in compliance with the ePrivacy Directive (EU), UK PECR, and equivalent requirements.

You may withdraw cookie consent or manage your preferences at any time via the Cookie Preference Centre accessible in the portal footer. Disabling strictly necessary cookies may impair portal functionality.

For full details, please see our Cookie Policy.

9. Your Data Subject Rights

9.1 Rights Under GDPR (EU/UK) and Equivalent Frameworks

Depending on your location and the applicable regulatory framework, you may have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

9.2 Rights Under the DPDP Act 2023 (India)

  • Right to Access: Obtain a summary of personal data processed and the identities of Data Fiduciaries with whom data has been shared
  • Right to Correction and Erasure: Request correction of inaccurate data and erasure where no longer required
  • Right to Grievance Redressal: File a complaint with our Grievance Officer and escalate to the Data Protection Board of India
  • Right to Nominate: Nominate a person to exercise rights in the event of death or incapacity
  • Right to Withdraw Consent: Withdraw consent at any time (prospectively)

9.3 Exercising Your Rights

To exercise any of the rights above, contact us using the details in Section 14. We will respond within:

  • EU/UK GDPR requests: within 1 calendar month (extendable by 2 months for complex requests)
  • DPDP Act requests: within 30 days
  • CCPA requests: within 45 days (extendable by a further 45 days)
  • PIPEDA requests: within 30 days

10. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Policy, or as required by applicable law. Upon expiry of the applicable retention period, data is securely deleted or anonymised in accordance with our Data Retention and Disposal Procedure. You may request early erasure subject to applicable legal obligations.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our security measures include:

  • Encryption: HTTPS/TLS 1.2+ for all data in transit; AES-256 encryption for data at rest where applicable
  • Access Controls: Role-based access control (RBAC) with least-privilege principles; multi-factor authentication (MFA) for administrative access
  • Security Assessments: Regular vulnerability assessments, penetration testing, and third-party security audits
  • Incident Response: Documented breach response procedures aligned to CERT-In guidelines (India), GDPR Article 33/34 timelines, and equivalent requirements
  • Sub-processor Due Diligence: Data processing agreements with all vendors; security assessments prior to onboarding
  • Employee Training: Annual data protection and security awareness training for all staff handling personal data
  • Business Continuity: Disaster recovery and backup procedures to ensure data availability and integrity

12. Children's Privacy

The atomquark.ai portal is a professional B2B service platform intended solely for business users and professionals aged 18 years or above (or the applicable age of majority in your jurisdiction). We do not knowingly collect, process, or retain personal data from minors. If you believe a minor has submitted personal data through our portal, please contact us immediately at contact@atomquark.com and we will promptly delete such data.

13. Automated Decision-Making and Profiling

We do not make solely automated decisions that produce legal or similarly significant effects on individuals. Where our AI tools provide recommendations or assessments, these are supplementary to human review and do not constitute automated decision-making under GDPR Article 22 or equivalent provisions.

14. Grievance Officer, DPO, and Contact Details

For any questions, complaints, or requests to exercise your data rights under any applicable privacy law, please contact our designated Grievance Officer.

Atomquark Software LLP
#959, Ground Floor, Sector-29, Faridabad, Haryana-121008, India
Email: contact@atomquark.com

14.1 Supervisory Authorities

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority for your jurisdiction.

15. Updates to This Policy

We review and update this Privacy Policy periodically to reflect changes in our business practices, technology stack, or applicable legal and regulatory requirements. The revised Policy will be published on atomquark.ai with an updated "Effective Date". For material changes affecting your rights or how we use your personal data, we will provide at least 14 days' advance notice via email (to registered users) or a prominent portal notification.

16. Governing Law and Jurisdiction

This Privacy Policy is primarily governed by the laws of the Republic of India, including the Information Technology Act 2000, the Digital Personal Data Protection Act 2023, and all rules and regulations made thereunder. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the courts in Faridabad, Haryana, India, except where applicable law in your jurisdiction confers mandatory local jurisdiction rights.

Atomquark Software LLP
atomquark.ai | atomquark.com | contact@atomquark.com
Version 3.0 | Effective: April 1, 2026