Who We Are
Thirisoft Consultancy Services ("Thirisoft", "we", "us", or "our") is a software development and IT consultancy firm incorporated and operating under the laws of India, with its principal place of business at Ahmedabad, Gujarat, India.
We provide custom software development, team augmentation, cloud engineering, AI/ML integration, UI/UX design, QA services, and related technology consulting services to clients in India and internationally across the United Kingdom, the United States, the Middle East, and other territories.
This Privacy Policy applies to all personal data we process in connection with:
- Visitors to our website at thirisoft.com
- Prospective clients who contact us for inquiries or project discussions
- Existing clients and their authorised representatives
- Job applicants who submit their details to us
- Individuals whose data is processed as part of service delivery
For the purposes of applicable data protection law, Thirisoft Consultancy Services acts as the Data Fiduciary (or Data Controller) in respect of personal data collected via this website and in connection with our business operations.
Information We Collect
We collect only the information that is necessary for legitimate business purposes. The categories of personal data we may process are described below.
2.1 Information You Provide Directly
- Identity Data: Full name, job title, company name, designation
- Contact Data: Email address, phone number, business address
- Project & Enquiry Data: Details of your project, business requirements, budget range, timelines, and any other information you share with us during discussions
- Communications Data: Emails, messages, meeting notes, and correspondence exchanged with our team
- Contractual Data: Information contained in signed agreements, statements of work, NDAs, and invoices
- Career Applicant Data: CV/resume, cover letter, academic qualifications, portfolio links, work samples, and interview notes
2.2 Information We Collect Automatically
- Technical Data: IP address, browser type and version, operating system, device type
- Usage Data: Pages visited, time spent on pages, referring URLs, navigation paths
- Cookie Data: Session identifiers and preference settings (see Section 9)
2.3 Information from Third Parties
- Referral information from existing clients or business partners
- Publicly available professional profiles (e.g. LinkedIn) where relevant to a business enquiry or job application
- Information from business directories or event organisers where you have made your contact details available for professional purposes
We do not collect or process sensitive personal data (such as biometric data, health information, religious beliefs, or financial account details) unless strictly required under a specific engagement and with your explicit consent.
How We Use Your Information
We use personal data only for the purposes for which it was collected or for compatible purposes that you would reasonably expect. The following table sets out our principal processing activities.
| Purpose | Description |
|---|---|
| Client Engagement | Responding to enquiries, preparing proposals, scoping projects, and onboarding new clients |
| Service Delivery | Delivering software development, consulting, and related services under contract |
| Contract Management | Managing agreements, invoicing, payments, and maintaining project records |
| Communications | Sending project updates, meeting invitations, and responding to your messages |
| Marketing | Sending relevant service updates, case studies, or industry insights where you have consented or where we have a legitimate interest |
| Recruitment | Evaluating job applications, conducting interviews, and maintaining a talent pipeline |
| Website Improvement | Analysing usage patterns to improve website content and user experience |
| Legal Compliance | Complying with applicable laws, regulations, court orders, and government requests |
| Security | Detecting, preventing, and responding to fraud, abuse, or security incidents |
We will never sell, rent, or trade your personal data to third parties for their own marketing purposes. Your data is not a product.
Legal Basis for Processing
Where applicable data protection law requires a legal basis for processing personal data, we rely on the following grounds depending on the nature of the processing activity.
- Contractual Necessity: Processing required to enter into or perform a contract with you, such as delivering agreed services or managing your project
- Legitimate Interests: Processing necessary for our legitimate business interests, including responding to business enquiries, improving our services, maintaining security, and marketing to existing or prospective clients — provided such interests are not overridden by your rights
- Consent: Where you have freely given clear, informed, and specific consent — for example, subscribing to our newsletter or agreeing to non-essential cookies
- Legal Obligation: Processing required to comply with a legal or regulatory obligation under Indian law or applicable international law
Under the Digital Personal Data Protection Act 2023 (DPDPA) of India, we fulfil our obligations as a Data Fiduciary and respect all rights granted to Data Principals under that Act. For clients in the European Union or United Kingdom, we process data in accordance with the GDPR and UK GDPR respectively where those instruments apply.
Sharing Your Information
We share personal data only in the limited circumstances described below and always with appropriate safeguards in place.
5.1 Service Providers & Sub-processors
We engage trusted third-party providers who assist us in operating our business. These parties process data only on our instructions and under binding confidentiality and data protection obligations. Current categories include:
- Cloud Infrastructure: Amazon Web Services (AWS), Microsoft Azure — for hosting, storage, and computing
- Communication Tools: Google Workspace — for email, document collaboration, and video calls
- Project Management: Platforms such as Jira, Notion, or similar tools used for project tracking
- Payment Processing: Secure payment gateways for billing and invoice settlement
- Analytics: Website analytics tools to understand how visitors use our website
5.2 Professional Advisors
We may share data with lawyers, accountants, auditors, and insurers where necessary for professional advice or the conduct of legal proceedings.
5.3 Legal & Regulatory Disclosure
We may disclose personal data if required to do so by applicable law, court order, government authority, or regulatory body — including CERT-In (India), tax authorities, or law enforcement agencies where legally required.
5.4 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the successor entity as part of that transaction. We will notify affected individuals in such circumstances.
We do not sell, license, or share your personal data with any third party for independent marketing, advertising, or data brokerage purposes.
International Data Transfers
As a company that serves international clients and uses global cloud infrastructure, personal data we hold may be transferred to, stored in, or processed in countries outside India — including the United Kingdom, the United States, and member states of the European Union.
When we transfer personal data internationally, we ensure that appropriate safeguards are in place, which may include:
- Adequacy decisions issued by the relevant data protection authority
- Standard Contractual Clauses (SCCs) approved by the European Commission or the UK ICO
- Data Processing Agreements with sub-processors that include appropriate transfer mechanisms
- The consent of the data subject where required and appropriate
For clients in the EU or UK, we are committed to ensuring that any cross-border transfer of your personal data complies with Chapter V of the GDPR or equivalent UK provisions, as applicable.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law. Our general retention periods are as follows:
| Data Category | Retention Period | Reason |
|---|---|---|
| Client project records & contracts | 7 years after project completion | Legal, tax, and audit obligations under Indian law |
| Invoice and financial records | 8 years | Income Tax Act 1961 (India) compliance |
| Pre-sales enquiries (non-converted) | 2 years from last contact | Legitimate interest in potential future engagement |
| Job applications (unsuccessful) | 12 months from application date | Future recruitment consideration with consent |
| Job applications (hired) | Duration of employment + 7 years | Employment records and legal obligations |
| Website analytics data | 26 months (anonymised after 13 months) | Website performance improvement |
| Marketing consent records | Until consent is withdrawn + 3 years | Evidence of consent for regulatory purposes |
| NDA and confidentiality agreements | Duration of agreement + 7 years | Contractual and legal obligations |
When personal data is no longer required, we securely delete or anonymise it in accordance with our internal data disposal procedures.
Your Rights
Depending on the data protection law applicable to you, you may have the following rights in relation to your personal data. We will respond to all valid requests within 30 days, or within any shorter period required by applicable law.
| Right | What It Means | Applicable Under |
|---|---|---|
| Right to Access | Request a copy of the personal data we hold about you | DPDPA, GDPR, UK GDPR |
| Right to Correction | Request correction of inaccurate or incomplete data | DPDPA, GDPR, UK GDPR |
| Right to Erasure | Request deletion of your data where there is no lawful basis for continued processing | DPDPA, GDPR, UK GDPR |
| Right to Withdraw Consent | Withdraw consent at any time where processing is based on consent | DPDPA, GDPR, UK GDPR |
| Right to Object | Object to processing based on legitimate interests, including direct marketing | GDPR, UK GDPR |
| Right to Portability | Receive your data in a structured, machine-readable format | GDPR, UK GDPR |
| Right to Restrict Processing | Request that we pause processing while a complaint or accuracy issue is resolved | GDPR, UK GDPR |
| Right to Nominate | Nominate a person to exercise your rights in the event of death or incapacity | DPDPA |
To exercise any of these rights, please contact our Grievance Officer using the details in Section 14. We may need to verify your identity before fulfilling your request. We will not charge a fee for reasonable requests, though we reserve the right to charge for manifestly unfounded or excessive requests.
If you are located in the EU or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority — such as the UK Information Commissioner's Office (ICO) or the relevant EU Data Protection Authority in your member state.
Cookies & Tracking
Our website uses cookies and similar technologies to improve your browsing experience, analyse site traffic, and understand how visitors interact with our content.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for the website to function — cannot be disabled | Session |
| Analytics | Understand how visitors use our website (e.g. pages visited, time on site). Used with tools like Google Analytics or similar | Up to 26 months |
| Preference | Remember your settings and preferences for future visits | Up to 12 months |
| Marketing | Track visits across websites to deliver relevant advertisements (only if you have consented) | Up to 24 months |
You can manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of the website.
We do not currently use cross-site tracking cookies for advertising without your explicit consent. We do not engage in fingerprinting or use invasive tracking technologies.
Security of Your Data
We take the security of personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, disclosure, or destruction.
- Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
- Access Controls: Personal data is accessible only to authorised personnel on a strict need-to-know basis
- Cloud Security: We rely on enterprise-grade cloud infrastructure (AWS, Azure) with industry-standard security certifications
- NDAs: All team members and contractors who handle client or personal data sign comprehensive confidentiality agreements
- Secure Development: We follow secure coding practices and conduct regular code reviews and security assessments
- Incident Response: We maintain an internal data breach response procedure to detect, contain, and report incidents in accordance with applicable law
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within the timeframes required by applicable law and inform affected individuals where required.
No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially reasonable measures to protect your data, we cannot guarantee absolute security.
Third-Party Links
Our website may contain links to third-party websites, platforms, or services — including LinkedIn, GitHub, or partner company websites. This Privacy Policy applies solely to our own website and services.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites. We encourage you to read the privacy policy of every website you visit. Linking to a third-party website does not constitute our endorsement of that site or its privacy practices.
Children's Privacy
Our website and services are intended solely for use by business professionals and are not directed at children. We define "children" as individuals under the age of 18.
We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal information from a child without appropriate parental consent, we will take immediate steps to delete such information from our systems.
If you believe that a child has provided us with their personal data, please contact us immediately at privacy@thirisoft.com.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or applicable data protection regulations. All changes will be published on this page with an updated "Last Updated" date at the top.
For material changes — such as new categories of data collection, new purposes of processing, or changes to your rights — we will provide more prominent notice, which may include an email notification to existing clients or a notice on our website.
Your continued use of our website or services after any changes to this Policy constitutes your acknowledgement of those changes. We encourage you to review this Policy periodically to stay informed about how we protect your information.
Contact & Grievance Officer
If you have any questions, concerns, or complaints about this Privacy Policy or the way we handle your personal data, please contact us. Under the Digital Personal Data Protection Act 2023, we have designated a Grievance Officer to handle all data protection related queries and complaints.
We take all privacy complaints seriously and will investigate your concern thoroughly. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India (once constituted under the DPDPA 2023), the UK Information Commissioner's Office, or the relevant data protection supervisory authority in your country of residence.