Join Waitlist

Privacy Policy

Last updated: February 8, 2026

1. Introduction

This Privacy Policy explains how Lanos Technologies Pvt. Ltd. (trading as "ComplyZero," and referred to herein as "we," "us," or "our") collects, uses, stores, discloses, and protects the personal data of individuals ("you," "your," or "Data Principal") who visit our website at www.complyzero.com (the "Website") or use our services (collectively, the "Services").

As a company dedicated to helping businesses comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"), we hold ourselves to the highest standards of data privacy. This policy is drafted in accordance with the DPDP Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By accessing or using our Website and Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Website or Services.

2. Data Fiduciary Information

For the purposes of the DPDP Act, 2023, the Data Fiduciary is:

  • Entity Name: Lanos Technologies Pvt. Ltd.
  • Trading As: ComplyZero
  • Registered Address: Silver Square, Dattatray Road, Santacruz West, Mumbai, Maharashtra, India
  • Privacy Contact: privacy@complyzero.com

3. Personal Data We Collect

We collect personal data through various means, depending on how you interact with our Website and Services. We adhere to the principle of data minimisation and only collect what is necessary.

3.1 Information You Provide Directly

  • Waitlist Sign-up: Email address
  • Contact Form Submissions: Name, email address, company name, and message content
  • Newsletter Subscription: Email address
  • Resource Downloads: Email address (e.g., when downloading our DPDP Compliance Checklist)
  • Account Registration: Name, email address, company name, and any other information required during registration (upon platform launch)

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain technical information through cookies and similar technologies:

  • Browser type and version
  • Operating system
  • Pages visited and time spent on each page
  • Referring website or source
  • IP address (anonymised where possible)
  • Device type and screen resolution
  • Date and time of access

3.3 Information from Third Parties

We may receive limited information from third-party analytics providers and hosting services that help us maintain and improve the Website.

4. Purpose of Processing

We process your personal data only for clear, specific, and lawful purposes, as required under Section 4 of the DPDP Act. These purposes include:

  • Service Delivery: To provide, maintain, and improve our Services, process your requests, and communicate with you about your account
  • Waitlist Management: To notify you about product launch, early access opportunities, and feature updates
  • Communication: To respond to your inquiries, support requests, and feedback submitted through our contact form
  • Newsletter and Updates: To send periodic newsletters and compliance updates (only with your explicit opt-in consent)
  • Website Improvement: To analyse usage patterns, diagnose technical issues, and improve our Website's performance and user experience
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests
  • Security: To detect, prevent, and address fraud, security threats, and abuse

5. Lawful Basis for Processing

Under the DPDP Act, 2023, we process your personal data based on the following lawful grounds:

  • Consent (Section 6): When you sign up for our waitlist, subscribe to our newsletter, or submit a contact form, you provide your informed, free, specific, and unambiguous consent. You may withdraw your consent at any time (see Section 8 below).
  • Legitimate Uses (Section 7): For analytics and Website improvement, where such processing is balanced against your privacy rights and does not cause harm to you as a Data Principal.
  • Contractual Necessity: To fulfil our obligations when you use our Services under a subscription agreement (upon platform launch).
  • Legal Obligation: Where processing is necessary to comply with applicable Indian law.

6. Cookies and Tracking Technologies

We use the following categories of cookies:

  • Essential Cookies: Strictly necessary for the Website to function. These cannot be disabled without affecting core functionality. They do not collect personal data for marketing purposes.
  • Analytics Cookies: Help us understand how visitors interact with our Website (e.g., Google Analytics with IP anonymisation enabled). These are placed only with your consent.

You can manage your cookie preferences through your browser settings. Disabling cookies may affect certain features of the Website. We do not use cookies for behavioural advertising or cross-site tracking.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your personal data only in the following limited circumstances:

  • Service Providers (Data Processors): We engage trusted third-party vendors who process data on our behalf to provide the Services. These include:
    • Cloudflare, Inc.: Website hosting, content delivery, and DDoS protection
    • Google LLC (Google Analytics): Website analytics with IP anonymisation
    All service providers are bound by written data processing agreements and are contractually obligated to process your data only as instructed by us, implement appropriate security measures, and not use your data for their own purposes.
  • Legal Requirements: We may disclose your personal data when required by law, regulation, legal process, or enforceable governmental request, or to protect our rights, privacy, safety, property, or that of our users.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of the transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

8. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights with respect to your personal data:

  • Right to Access (Section 11(a)): You have the right to obtain a summary of the personal data we hold about you and the processing activities undertaken.
  • Right to Correction and Erasure (Section 12): You may request correction of inaccurate or misleading personal data, or completion of incomplete data. You may also request erasure of your personal data that is no longer necessary for the purpose for which it was collected.
  • Right to Withdraw Consent (Section 6(6)): You may withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by:
  • Right to Grievance Redressal (Section 13): You have the right to file a complaint about how we process your data. Please contact our Grievance Officer (see Section 14 below). If you are not satisfied with our response, you may approach the Data Protection Board of India.
  • Right to Nominate (Section 14): You have the right to nominate any other individual who shall, in the event of your death or incapacity, exercise your rights as a Data Principal.

To exercise any of these rights, please contact us at privacy@complyzero.com. We will respond to your request within 30 days.

9. Data Security

We implement reasonable security safeguards as required under Section 8(4) of the DPDP Act to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our measures include:

  • Encryption in transit (HTTPS/TLS for all connections)
  • Encryption at rest for sensitive data stores
  • Access controls based on the principle of least privilege
  • Regular security assessments and vulnerability scanning
  • Employee training on data handling and security practices

While we take commercially reasonable precautions, no method of electronic transmission or storage is 100% secure. If you have reason to believe your data has been compromised, please contact us immediately.

10. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the Data Protection Board of India as required under Section 8(6) of the DPDP Act
  • Notify affected Data Principals without unreasonable delay
  • Provide information about the nature of the breach, the data involved, and the remedial steps taken

11. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are:

  • Waitlist emails: Until product launch and for 6 months thereafter, or until you unsubscribe, whichever comes first
  • Contact form submissions: 2 years from the date of submission
  • Newsletter subscribers: Until you unsubscribe
  • Account data: For the duration of your active subscription, plus 90 days after termination to allow for data export
  • Analytics data: 14 months (anonymised)
  • Legal and compliance records: As required by applicable Indian law (typically 8 years under the Companies Act, 2013)

Upon expiry of the retention period or fulfilment of the purpose, we will erase your personal data, unless retention is required by law.

12. International Data Transfers

Our Website is hosted on Cloudflare's global content delivery network. Your data may be processed in jurisdictions outside India. Under the DPDP Act, the Central Government may restrict transfers of personal data to certain countries. We will comply with any such restrictions and ensure appropriate safeguards are in place for international data transfers, including:

  • Contractual clauses with service providers requiring equivalent data protection standards
  • Compliance with any transfer restrictions notified by the Central Government under Section 16(1) of the DPDP Act

13. Children's Privacy

Our Services are not directed to individuals under 18 years of age. In accordance with Section 9 of the DPDP Act, we do not knowingly collect, process, or store personal data of children without verifiable consent from their parent or lawful guardian.

If we become aware that we have collected personal data from a child without appropriate consent, we will take immediate steps to delete such data. If you believe we hold data of a minor, please contact us at privacy@complyzero.com.

14. Grievance Officer

In accordance with the DPDP Act and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address your concerns:

  • Email: privacy@complyzero.com
  • Address: Grievance Officer, Lanos Technologies Pvt. Ltd., Silver Square, Dattatray Road, Santacruz West, Mumbai, Maharashtra, India
  • Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt

15. Third-Party Links and Services

Our Website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access through our Website.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post a prominent notice on our Website
  • Notify registered users via email where required by law

We encourage you to review this page periodically. Your continued use of the Website after changes are posted constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights under the DPDP Act, please contact us: