Legal

Privacy Policy

Last updated: 20 June 2026 · Effective: 20 June 2026

Skedara Technology Private Limited ("Skedara", "we", "us", or "our") respects your privacy and is committed to protecting the personal data we collect through the website at www.skedara.com (the "Website"). This Privacy Policy explains what we collect, why, how we use and share it, the international transfers we make, how long we keep it, and the rights available to you under applicable data protection laws.

This Policy is designed to comply with the Digital Personal Data Protection Act, 2023 of India ("DPDPA"), the EU General Data Protection Regulation 2016/679 and the UK GDPR (together, "GDPR"), and the privacy and security principles reflected in the SOC 2 Trust Services Criteria. Where local law in your jurisdiction grants you additional rights, those rights apply in addition to the rights set out below.

1. Who we are

Skedara Technology Private Limited is a private limited company incorporated in India under the Companies Act, 2013 (CIN: U62020KA2024PTC184219), with its registered office at 3rd and 4th floor, Jupiter Block, Prestige Tech Park, Kadubeesanahalli, Bengaluru, Karnataka, India - 560037. We provide technology services in energy and commodity trading platforms (ETRM/CTRM), market data operations, data engineering and AI.

Skedara is the controller of personal data collected through the Website. Where you subsequently engage with us under a written agreement (for example, a Master Services Agreement or Statement of Work), that agreement, together with any data processing terms within it, will govern Skedara's role in respect of personal data processed for that engagement.

2. Scope of this Policy

This Policy applies to personal data Skedara processes when you:

  • Visit the Website.
  • Submit the Contact form on the Website.
  • Otherwise communicate with us in connection with an enquiry that originated on the Website.

This Policy does not apply to personal data we process strictly on behalf of a client under that client's instructions and pursuant to a data processing agreement. In those cases, the client is the controller and you should refer to the client's privacy notice.

3. Personal data we collect

3.1 Information you provide through the Contact form

The Contact form is the only place on the Website where we ask you for personal data. The fields we collect are:

  • Name (required).
  • Email address (required).
  • Company (optional).
  • Your message (required).

The Contact form also includes a hidden anti-spam field. This field is not displayed to visitors and is used only to detect automated submissions; its content is not stored, emailed, or written to logs by the form handler.

We do not knowingly collect sensitive personal data through the Website (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic or biometric data, health data, or data concerning a person's sex life or sexual orientation). Please do not include such information in your message.

3.2 Information collected automatically

Like virtually all websites, ours records standard technical request data so that pages can be delivered to you and the site can be operated securely. For Skedara's Website, this server-log data is collected by our hosting provider, Google Firebase / Google Cloud, and typically includes:

  • IP address.
  • Browser type and version, and operating system (user-agent string).
  • Date and time of the request.
  • URL requested and the referring URL.

Under the GDPR, an IP address is treated as personal data, so we disclose this server-log collection even though it is purely operational. The Website itself does not use analytics, tracking or advertising technologies. Fonts are served from the Website (not from a third-party font CDN), so no font provider receives your IP address when you load a page.

3.3 What we do not collect

To be clear, the Website does not offer or use any of the following: newsletter or marketing signup, user accounts or login, e-commerce, comments, third-party social or chat widgets, or analytics, tracking or advertising scripts. If any of these are added in the future, this Policy and the Cookies Policy will be updated and, where applicable, your consent will be requested before that change takes effect.

4. Why we use your personal data and our lawful basis

We process your personal data only for the purposes set out below. For each purpose, the lawful basis under GDPR is identified in brackets. For data principals in India, the corresponding ground under the DPDPA is either your consent or a "legitimate use" recognised by Section 7 of that Act.

  • Responding to your enquiries (GDPR Art. 6(1)(b) performance of a contract or steps prior to a contract; DPDPA consent or legitimate use): to receive and reply to messages you submit through the Contact form, and to follow up on the resulting discussion.
  • Operating, securing and improving the Website (GDPR Art. 6(1)(f) legitimate interests; DPDPA legitimate use): to deliver and maintain the Website, prevent abuse and fraud, defend against attacks, and diagnose technical issues using server-log data.
  • Legal and regulatory compliance (GDPR Art. 6(1)(c); DPDPA compliance with law): to comply with applicable laws and respond to lawful requests from public authorities.
  • Defence of legal claims (GDPR Art. 6(1)(f); DPDPA enforcement of legal right): to establish, exercise or defend legal claims.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, and we do not profile visitors.

5. How we share personal data

We do not sell personal data. We share personal data only where necessary for the purposes set out in Section 4, and only with recipients bound by appropriate confidentiality and data protection obligations. The recipients are:

  • Google Firebase / Google Cloud — our hosting and Cloud Functions provider. Google operates the platform that serves the Website and processes Contact-form submissions. The Cloud Function that handles submissions runs in Google Cloud's asia-south1 (Mumbai, India) region; the static site is delivered through Google's global content delivery network.
  • Our business email provider (Microsoft 365 hosted email) — receives, transmits and stores the email generated from your Contact-form submission so we can read and respond to it.
  • Professional advisers such as legal counsel, auditors and insurance brokers, where reasonably necessary.
  • Government, regulatory, judicial or law-enforcement authorities where required by law or where strictly necessary to protect our rights, your safety, or the security of our systems.
  • Acquirers and their advisers in the event of a corporate transaction such as a merger, acquisition or sale of assets, subject to confidentiality undertakings.

We engage Google and our business email provider as processors. They process personal data only on our documented instructions, are bound by written contractual data protection terms, and implement appropriate security measures.

6. International transfers of personal data

The Cloud Function that processes Contact-form submissions runs in Google Cloud's asia-south1 (Mumbai, India) region. If you submit the form from outside India, this involves a transfer of your personal data to India. Where the transfer originates from the European Economic Area or the United Kingdom, we rely on the European Commission's Standard Contractual Clauses (or the UK International Data Transfer Agreement or UK Addendum, as applicable). For transfers from Switzerland, we rely on Standard Contractual Clauses adapted for Swiss data. A copy of the relevant transfer mechanism can be requested by contacting us as set out in Section 14.

7. How long we keep personal data

We retain personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, audit or reporting requirements. Our default retention periods are:

  • Server-request logs collected by our hosting provider: retained in accordance with our hosting provider's default retention, typically a short period of weeks to months, after which they are aggregated or deleted.
  • Emails generated from Contact-form submissions: retained in our mailbox for up to 12 months from the date of last interaction, unless an active business relationship arises, in which case longer retention applies under the relevant engagement.
  • Records of legal or regulatory significance: retained for the period required by Indian tax, corporate or other applicable law typically up to 7 years.

Where retention is mandated by law, we retain personal data for the period required by that law and then delete or anonymise it. We do not maintain a database of Website visitors; the only stored record of a Contact-form submission is the email in our mailbox.

8. How we secure personal data

Skedara is certified to ISO/IEC 27001 for information security management. We are also working towards SOC 2, ISO 9001 and broader GDPR-readiness assurance. Our technical and organisational measures for the Website include:

  • HTTPS / TLS encryption for all traffic between your browser and the Website.
  • Authenticated SMTP for the delivery of Contact-form emails to our mailbox.
  • Server-side validation of all form inputs, including strict length limits on each field, to reduce the risk of misuse and abuse.
  • Anti-spam controls (a hidden honeypot field) and rate-limiting on the form handler to mitigate automated abuse.
  • Self-hosted fonts, with no third-party font CDN, to avoid exposing your IP address to providers that are not necessary for delivering the Website.
  • Data minimisation — we collect only the fields listed in Section 3.1 through the Contact form, and the form handler does not write the contents of submissions to logs (it logs only technical errors, with no submitted field values).
  • Access controls based on the principle of least privilege, multi-factor authentication for systems holding personal data, and periodic security training for personnel.
  • Documented incident-response procedures, including notification of affected individuals and regulators where required by law.

No system is entirely secure. While we work hard to protect personal data, we cannot guarantee absolute security and you are responsible for keeping your own credentials confidential.

9. Cookies and similar technologies

The Website does not currently set any cookies or use any tracking, analytics or advertising technologies. Please see our Cookies Policy for further details and for the position we will take if this changes in the future.

10. Children's personal data

The Website is intended for business users. We do not knowingly collect personal data from individuals under the age of eighteen (18). Under the DPDPA, where we become aware that we have collected personal data of a child without verifiable parental consent, we will delete it promptly. If you believe a child has provided us with personal data, please contact us using the details in Section 14.

11. Your rights

11.1 Rights under the GDPR

Subject to applicable conditions and exceptions, you have the right to:

  • Be informed about the processing of your personal data.
  • Access the personal data we hold about you and obtain a copy.
  • Rectify inaccurate or incomplete personal data.
  • Request erasure of your personal data in certain circumstances.
  • Restrict our processing of your personal data in certain circumstances.
  • Object to processing carried out on the basis of our legitimate interests.
  • Data portability, where applicable, to receive a copy of your data in a structured, commonly used and machine-readable format.
  • Withdraw your consent at any time where we rely on consent as the lawful basis, without affecting the lawfulness of processing carried out before withdrawal.
  • Lodge a complaint with a supervisory authority in the EU/EEA, the UK or Switzerland.

11.2 Rights under the DPDPA

If you are a Data Principal under the DPDPA, you have the right to:

  • Receive a summary of the personal data being processed by us and the processing activities undertaken.
  • Correction, completion, updating and erasure of your personal data, subject to applicable conditions.
  • Grievance redressal in accordance with Section 13 of the DPDPA.
  • Nominate any other individual to exercise these rights on your behalf in the event of your death or incapacity.

11.3 How to exercise your rights

You may exercise your rights by writing to us at the addresses set out in Section 14. We will respond within the timeframes required by applicable law. We may need to verify your identity before fulfilling a request. There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request, as permitted by law.

12. Marketing

The Website does not currently offer a newsletter or marketing signup, and we do not generate marketing emails from your use of the Website. If you become a client, vendor or partner of Skedara, any marketing communications under that relationship will be sent in accordance with applicable law and you may opt out at any time.

13. Changes to this Policy

We may update this Policy from time to time to reflect changes in the Website, our services, legal requirements or business practices. In particular, if we add analytics, marketing tools or any third-party embed that collects personal data, this Policy and the Cookies Policy will be updated before that change takes effect. When we make material changes, we will update the "Last updated" date at the top of this Policy and, where appropriate, notify you through the Website.

14. Contact us

For questions, requests or complaints about this Policy, please contact us:

Privacy enquiries: contact@skedara.com

Skedara Technology Private Limited, 3rd and 4th floor, Jupiter Block, Prestige Tech Park, Kadubeesanahalli, Bengaluru, Karnataka, India - 560037.

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India or, where applicable, your local supervisory authority.