Recommended Services
Supported Scripts

Privacy Policy

Privacy Policy

Effective Date: 10 May 2026 | Version 2.0 | Next Review: 10 May 2027

Company: Iamem IT Consulting (trading as Iamem Hosting) Address: 13th Floor, Building No. 9, Raheja Mindspace IT Park, Mindspace, HITEC City, Madhapur, Telangana – 500081, India Grievance Officer: Sharon Ankita | grievance@iamemhost.com | +91-40-48213085 Governing Law: Digital Personal Data Protection Act 2023 · IT Act 2000 · SPDI Rules 2011 · GDPR (EU residents)

1. Introduction and Scope

Iamem IT Consulting (trading as Iamem Hosting, hereinafter “we”, “us”, or “the Company”) is committed to protecting the privacy and personal data of every individual who interacts with our services. This Privacy Policy describes how we collect, use, store, share, and protect your personal data, and explains the rights available to you.

This Policy applies to all services offered by Iamem Hosting, including shared web hosting, reseller hosting, VPS and dedicated servers, domain registration, SSL certificates, email services, managed AWS cloud services, and any associated websites, client portals, and mobile applications (collectively, “Services”).

This Privacy Policy is governed by the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 and its amendments, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and, where applicable, the EU General Data Protection Regulation (GDPR 2016/679).

If you do not agree with the terms of this Policy, please discontinue use of our Services. Continued use constitutes your acceptance of this Policy.

2. Identity of the Data Fiduciary / Data Controller

The Data Fiduciary (under DPDPA 2023) and Data Controller (under GDPR) responsible for your personal data is:

Legal Entity Name: Iamem IT Consulting Trade Name: Iamem Hosting Registered Address: 13th Floor, Building No. 9, Raheja Mindspace IT Park, Mindspace, HITEC City, Madhapur, Telangana – 500081, India Email: privacy@iamemhost.com Phone: +91-40-48213085 Website: https://iamemhost.com

3. Grievance Officer

In compliance with Rule 5(9) of the SPDI Rules 2011 and Section 13 of the DPDPA 2023, we have designated a Grievance Officer to address concerns regarding the processing of your personal data:

Name: Sharon Ankita Designation: Grievance Officer Email: grievance@iamemhost.com Phone: +91-40-48213085 Working Hours: Monday to Friday, 9:00 AM – 6:00 PM IST

Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt. If you are unsatisfied with our resolution, you may escalate your complaint to the Data Protection Board of India or the applicable regulatory authority in your jurisdiction (see Section 12).

4. Personal Data We Collect

4.1 Account and Identity Data

  • Full name, username, and password (stored in hashed, salted form)
  • Email address and phone number
  • Billing and postal address
  • Company name (if applicable)
  • Government-issued identification where required for KYC compliance

4.2 Financial and Payment Data

We do not directly collect or store credit or debit card numbers. All payment transactions are processed exclusively through Razorpay, a PCI-DSS compliant third-party payment gateway. When you make a payment, you interact with Razorpay’s secure payment interface and their privacy policy applies to that transaction. We receive only a transaction confirmation reference and status from Razorpay.

We do collect and retain:

  • Transaction reference IDs and payment status (success/failure)
  • Invoice amounts, dates, and billing address for accounting purposes
  • Bank account details for refunds, where you voluntarily provide them

4.3 Technical and Usage Data

  • IP address and geolocation (country/city level)
  • Browser type, version, and operating system
  • Device identifiers
  • Pages visited, features used, time and date of access
  • Log files generated by our servers and infrastructure
  • Cookie identifiers (see Section 8)

4.4 Communications Data

  • Support tickets, live chat transcripts, and email correspondence with us
  • Feedback, survey responses, and testimonials you voluntarily provide

4.5 Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules 2011, the following categories qualify as sensitive and are collected only where strictly necessary and with explicit consent:

  • Financial information (bank account details for refunds — we do not collect card numbers; payments are handled by Razorpay)
  • Passwords (stored in hashed, salted form; never in plaintext)
  • Biometric data (not currently collected)

We do not collect health, medical, or biometric data beyond what is listed above.

4.6 Data from Minors

Our Services are not directed at individuals under 18 years of age. In compliance with Section 9 of the DPDPA 2023, any processing of data belonging to a minor requires verifiable parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact our Grievance Officer immediately and we will delete it promptly. We do not engage in targeted advertising or tracking directed at minors.

5. Purpose and Legal Basis for Processing

We process your personal data only for the following specified, lawful purposes:

  • Account registration and service delivery — Contract performance; Legal obligation — Retained for the duration of the account plus 5 years
  • Billing and payment processing — Contract performance; Legal obligation — Retained for 7 years as required by Indian tax and accounting law
  • Customer support and communications — Contract performance; Legitimate interest — Retained for 3 years after last interaction
  • Security, fraud prevention, and network integrity — Legitimate interest; Legal obligation — Logs retained for 1 year; fraud records for 5 years
  • Analytics and service improvement — Legitimate interest (anonymised data only) — Retained for 2 years in aggregated form
  • Marketing and promotional emails — Explicit consent (opt-in only) — Until consent is withdrawn
  • Legal compliance and regulatory requests — Legal obligation — As required by applicable law
  • Infrastructure and server operations — Contract performance; Legitimate interest — Duration of contract plus 1 year

Where processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing. Where processing is based on contractual necessity, withdrawal may affect our ability to provide Services.

6. How We Use Your Information

We use the collected data to:

  • Create and manage your account and provide the Services you have subscribed to
  • Process payments and issue invoices and receipts
  • Send service-related communications, including account alerts, renewal reminders, and scheduled maintenance notices
  • Respond to your support queries and resolve technical issues
  • Monitor, audit, and improve the performance, security, and reliability of our infrastructure
  • Detect and prevent fraud, abuse, and security threats
  • Comply with applicable laws, regulations, and court orders
  • Send marketing communications where you have given explicit consent, with a clear and easy opt-out in every message
  • Conduct aggregated, anonymised analytics to understand usage patterns (no individual is identified in this process)

We will not use your personal data for any purpose materially different from those stated herein without providing prior notice and, where required, obtaining your consent.

7. Information Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

7.1 Service Providers and Data Processors

We engage trusted third-party processors to operate our Services:

  • Razorpay (Payment Gateway) — processes all payment transactions; we do not receive or store card numbers. Razorpay’s Privacy Policy is available at https://razorpay.com/privacy/
  • Data centre operators and cloud infrastructure providers — for server hosting
  • Email service providers — for transactional communications
  • Analytics and monitoring tools — using anonymised or pseudonymised data only

All processors are contractually bound by Data Processing Agreements requiring them to process data only on our documented instructions, implement appropriate security measures, not sub-process without our written authorisation, assist with data subject rights requests, and notify us of any breach within 24 hours.

7.2 Group Companies

Data may be shared with our subsidiaries or affiliated entities solely for the purposes described in this Policy, under equivalent data protection obligations.

7.3 Legal and Regulatory Obligations

We may disclose personal data when required to:

  1. Comply with applicable law, regulation, legal process, or enforceable governmental or judicial request
  2. Enforce our Terms of Service and investigate potential violations
  3. Detect, prevent, or address fraud, security, or technical issues
  4. Protect the rights, property, or safety of our users, staff, or the public

We will, to the extent permitted by law, attempt to notify you before disclosing your data in response to legal process.

7.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the successor entity. You will be notified in advance of any such transfer and of any material change to the processing of your data.

7.5 Aggregated and Anonymised Data

We may share aggregated, statistical, or anonymised data that does not identify any individual with third parties for research, industry analysis, or business development purposes.

8. Cookie Policy

We use cookies and similar tracking technologies on our website and client portal. A cookie is a small text file stored on your device that helps us deliver a better experience.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Required for the website to function (e.g., session management, login authentication). These cannot be disabled without affecting site functionality.
  • Performance and Analytics Cookies: Collect anonymised data on how visitors use our site. Used to improve our Services.
  • Functionality Cookies: Remember your preferences (e.g., language, region) to personalise your experience.
  • Marketing Cookies: Used to deliver relevant advertisements. Set only with your explicit consent.

8.2 Cookie Durations

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Retained for 30 days to 2 years depending on type

8.3 Managing Cookie Preferences

On your first visit, you will see a cookie consent banner where you may accept all, reject non-essential, or customise your preferences. You can update your preferences at any time via the Cookie Settings link in our website footer. Disabling certain cookies may impair some features of our Services.

9. International Data Transfers

Our primary infrastructure is located in India. In certain cases, personal data may be processed by third-party service providers in other countries, including the European Union, United States, or Singapore.

Where personal data is transferred outside India, we ensure appropriate safeguards are in place as required by the DPDPA 2023 and, for EU residents, GDPR Chapter V. These safeguards may include Standard Contractual Clauses (SCCs), adequacy decisions, Binding Corporate Rules (BCRs), or your explicit consent where no other lawful transfer mechanism applies.

You may request details of the safeguards applicable to any specific transfer by contacting our Grievance Officer.

10. Information Security

We implement a comprehensive, risk-based information security programme aligned with ISO/IEC 27001 principles and the SPDI Rules 2011 (Rule 8).

10.1 Technical Measures

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest using AES-256
  • Multi-factor authentication (MFA) for administrative access
  • Regular vulnerability assessments and penetration testing
  • Firewalls, intrusion detection/prevention systems, and DDoS protection
  • Automated log monitoring and anomaly detection

10.2 Organisational Measures

  • Role-based access control — data access is restricted to personnel with a documented need
  • All employees and contractors with data access are bound by confidentiality agreements
  • Regular data protection and security awareness training
  • Incident response plan with defined escalation procedures

10.3 Data Breach Notification

In the event of a personal data breach likely to result in harm to you, we will notify the Data Protection Board of India as required under Section 8(6) of the DPDPA 2023, notify affected individuals without undue delay (and within 72 hours for GDPR purposes) via email, and maintain a breach register as required by law.

Please report any suspected security vulnerabilities to security@iamemhost.com.

11. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law:

  • Account and identity data: 5 years after account closure
  • Financial and billing records: 7 years (as required by Indian law)
  • Support and communication logs: 3 years from last interaction
  • Server and access logs: 1 year (rolling)
  • Marketing consent records: Until consent is withdrawn plus 2 years
  • Anonymised analytics: Indefinite (no personal data retained)

Upon expiry of the retention period, personal data is securely deleted or irreversibly anonymised.

12. Your Rights as a Data Principal

Under the DPDPA 2023 and applicable international law, you have the following rights. To exercise any right, contact our Grievance Officer at grievance@iamemhost.com. We will respond within 30 days.

12.1 Right to Access (Section 11, DPDPA 2023) You have the right to obtain confirmation of whether we process your personal data and to receive a summary of the data we hold, the purposes of processing, and the categories of persons with whom it has been shared.

12.2 Right to Correction and Erasure (Section 12, DPDPA 2023) You have the right to request correction of inaccurate or incomplete data, and erasure of data that is no longer necessary. Erasure requests are subject to our legal retention obligations.

12.3 Right to Withdraw Consent Where processing is based on your consent, you may withdraw it at any time by contacting us or using the opt-out link in any marketing communication. Withdrawal does not affect the lawfulness of prior processing.

12.4 Right to Data Portability (GDPR Art. 20) EU residents have the right to receive their personal data in a structured, machine-readable format and to transmit it to another controller where technically feasible.

12.5 Right to Restrict Processing (GDPR Art. 18) EU residents may request restriction of processing in specific circumstances, such as when contesting the accuracy of data or objecting to processing based on legitimate interests.

12.6 Right to Object (GDPR Art. 21) EU residents have the right to object to processing based on legitimate interests or for direct marketing. Where you object to direct marketing, we will cease that processing immediately.

12.7 Right of Nomination (Section 14, DPDPA 2023) You have the right to nominate an individual who may exercise your data rights on your behalf in the event of your death or incapacity. To register a nominee, please contact our Grievance Officer.

12.8 Right to Complain to a Supervisory Authority If unsatisfied with our response, you may lodge a complaint with:

  • Data Protection Board of India (under DPDPA 2023)
  • EU/EEA residents: The data protection supervisory authority in your Member State
  • UK residents: The Information Commissioner’s Office (ICO) — www.ico.org.uk

13. Grievance Redressal Procedure

Step 1 — Contact the Grievance Officer: Submit your grievance in writing to grievance@iamemhost.com. We will acknowledge within 48 hours and respond within 30 days.

Step 2 — Escalation: If unresolved, escalate to senior management at legal@iamemhost.com, referencing your original ticket number.

Step 3 — Regulatory Authority: If still unresolved, you may approach the Data Protection Board of India or your applicable authority as described in Section 12.8.

14. No-Spam and Marketing Communications Policy

We maintain a strict no-spam policy. All marketing emails require your explicit opt-in consent and will include a one-click unsubscribe mechanism. We comply with the Telecom Commercial Communications Customer Preference Regulations (TCCCPR) issued by TRAI for SMS and voice communications.

To opt out of all marketing communications, you may click the unsubscribe link in any marketing email, update your communication preferences in the client portal, or email privacy@iamemhost.com with the subject line “Unsubscribe”.

We will never sell, rent, or lease your contact information to third parties for marketing purposes.

15. Children’s Privacy

Our Services are not intended for use by individuals under 18 years of age. In accordance with Section 9 of the DPDPA 2023, we will not process any personal data of a child without verifiable parental or guardian consent. We prohibit the use of our Services for tracking, behavioural advertising, or profiling directed at children. If we become aware that data of a child has been collected without appropriate consent, we will immediately delete it and notify the concerned parent or guardian.

16. Third-Party Links and Services

Our website and client portal may contain links to third-party websites, payment platforms, or integrated tools. This Privacy Policy applies only to our Services. We are not responsible for the privacy practices of third-party sites and recommend that you review their policies before providing any personal data. Our integration with Razorpay is governed by their separate privacy policy available at https://razorpay.com/privacy/

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will publish the updated Policy on this page with a revised effective date, send an email notification to all registered customers at least 30 days before material changes take effect, and display a prominent notice on our website for 30 days following any material change. Your continued use of our Services after the effective date constitutes your acceptance.

18. Relationship to Other Agreements

This Privacy Policy is to be read in conjunction with our Terms of Service (https://iamemhost.com/terms-of-service/) and the Iamem Customer Master Agreement. In the event of any conflict regarding personal data, this Policy shall prevail.

19. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the IT (SPDI) Rules, 2011. Any disputes shall be subject to the exclusive jurisdiction of the courts in Hyderabad, Telangana, India. For EU residents, this Policy is also governed by the General Data Protection Regulation (EU) 2016/679.

20. Contact Us

For any queries, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Grievance Officer: Sharon Ankita — Iamem IT Consulting Grievance Email: grievance@iamemhost.com Privacy Queries: privacy@iamemhost.com Security Concerns: security@iamemhost.com Phone: +91-40-48213085 (Monday to Friday, 9 AM – 6 PM IST) Postal Address: Iamem IT Consulting, 13th Floor, Building No. 9, Raheja Mindspace IT Park, Mindspace, HITEC City, Madhapur, Telangana – 500081, India

This Privacy Policy was last updated on 10 May 2025 and supersedes all prior versions. Version 2.0.