/no-tracking /on-premise /dpdp-act /zero-cookies /sovereign-data
LEGAL

Privacy Policy

LAST UPDATED: 30 MAY 2026

1. Introduction

Garud Research & Tech Private Limited ("Grosint", "we", "us") is committed to protecting the privacy of individuals who visit our website (grosint.in) and engage with our products. This Privacy Policy explains how we collect, use, and safeguard information in connection with our website and intelligence platform suite (Grosint SMINT, Anveshak, and Drishti).

This policy is governed by the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, as applicable.

2. Website Data Collection

This website is a static informational site. We do not use cookies, analytics trackers, or third-party tracking scripts. We do not collect personal information through this website unless you voluntarily contact us via WhatsApp or email.

  • No cookies or local storage for tracking purposes
  • No Google Analytics, Facebook Pixel, or equivalent
  • No contact forms that collect personal data
  • Fonts are loaded from Google Fonts (subject to Google's privacy policy)
  • CDN assets are loaded from jsdelivr.net and unpkg.com (subject to their respective policies)

3. Platform Data Handling

Our intelligence platform products (Grosint SMINT, Anveshak, Drishti) are deployed on-premise within the client's own infrastructure. As such:

  • All intelligence data resides within the client's deployment boundary
  • No intelligence data is transmitted to Grosint servers or any third party
  • Data processing, storage, and retention are governed by the client's own policies
  • We do not have access to client data after deployment unless explicitly granted for support purposes
  • Products are designed for air-gapped operation with zero external dependencies

4. Intelligence Data Sources

Our products aggregate information from publicly available sources (open-source intelligence) and authorized data services. All data collection is designed to comply with applicable Indian law, including the IT Act 2000 and the DPDP Act 2023. Access to restricted databases is contingent on the deploying agency's legal authorizations, memoranda of understanding (MOUs), and applicable court orders as required under Indian law.

We do not independently collect, store, or process personal data of Indian citizens for commercial purposes. Our tools are provided exclusively to authorized government agencies and defence establishments.

5. Lawful Basis for Processing

Intelligence operations conducted using our platform are governed by the lawful authority of the deploying agency. This may include but is not limited to:

  • Section 69 of the IT Act, 2000 — interception, monitoring, and decryption orders
  • Section 91 of the Code of Criminal Procedure, 1973 — production orders for documents
  • The Intelligence Organisations (Restriction of Rights) Act, 1985
  • Section 17(2)(a) of the DPDP Act, 2023 — exemption for national security and public order
  • Relevant agency-specific enabling legislation and standing orders

Garud Research & Tech provides the technology platform. Operational use, legal authorization, and compliance with applicable privacy frameworks remain the responsibility of the deploying agency.

6. Data Security

All platform deployments incorporate:

  • SHA-256 cryptographic integrity verification on all stored records
  • Role-based access control (RBAC) with per-query authorization
  • Immutable audit trails for all system actions
  • Write-once object storage for evidence preservation
  • Air-gap compatibility with zero external network dependencies
  • Encryption at rest and in transit within the deployment boundary

Refer to our Security Policy for detailed technical security measures.

7. Third-Party Services (Website Only)

This website loads resources from the following external services for functionality purposes:

  • Google Fonts — typeface delivery (fonts.googleapis.com)
  • jsDelivr CDN — JavaScript library delivery (cdn.jsdelivr.net)
  • unpkg CDN — JavaScript library delivery (unpkg.com)
  • Vercel — website hosting and deployment

These services may collect standard server logs (IP addresses, request timestamps). This is limited to website delivery and does not apply to our intelligence platform products, which operate entirely within client-controlled infrastructure.

8. Your Rights

Under the DPDP Act, 2023, data principals have the right to access, correct, and erase their personal data, subject to applicable exemptions. Since this website does not collect personal data, these rights are generally not applicable to website visitors.

For queries related to data processed by our intelligence platforms when deployed by a government agency, the appropriate point of contact is the deploying agency's data protection officer, not Garud Research & Tech.

9. Contact

For privacy-related inquiries concerning this website or our company practices:

Garud Research & Tech Private Limited

Email: contact@grosint.in
WhatsApp: +91 99019 38800

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of this website after changes constitutes acceptance of the revised policy.