Privacy Policy

Last Updated: 26 February 2026

This Privacy Policy explains how Leapswitch Networks Pvt. Ltd. ("Leapswitch", "we", "us", or "our"), a company incorporated under the laws of India with its registered office at Office 410, Spectra Commercial, Pratik Nagar, Paud Road, Pune 411038, Maharashtra, India, collects, uses, stores, shares, and protects your personal data when you use our website (leapswitch.com), client portal, and services.

This policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and the Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent as the lawful basis for processing, we will obtain your explicit consent before collecting or processing your personal data.

1. Definitions

In this Privacy Policy:

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDPA.
  • "Data Fiduciary" means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. Leapswitch acts as a Data Fiduciary for data collected directly from you.
  • "Data Processor" means any person who processes personal data on behalf of a Data Fiduciary. Leapswitch acts as a Data Processor when hosting your data on our infrastructure.
  • "Data Principal" means the individual to whom the personal data relates — i.e., you.
  • "Services" means all products and services offered by Leapswitch, including dedicated servers, GPU servers, virtual private servers (VPS), cloud services, shared hosting, reseller hosting, email hosting, domain registration, SSL certificates, and related infrastructure services.

2. Information We Collect

We collect the following categories of personal data:

a) Information You Provide Directly

  • Account Information: Name, email address, phone number, postal address, company name, and job title when you register for an account or purchase services.
  • Billing Information: Payment method details, billing address, tax identification numbers (GST, PAN, VAT), and transaction records processed through our payment gateways.
  • KYC Information: For services delivered from Indian datacenters, as mandated by CERT-In Direction No. 20(3)/2022-CERT-In — Aadhaar details (via DigiLocker or document upload), selfie for facial verification (via Digio for Indian customers), or government-issued photo ID and selfie (via Stripe Identity for international customers).
  • Support Communications: Information provided in support tickets, live chat conversations, emails, and phone calls with our team.
  • Survey and Feedback Data: Responses to surveys, reviews, or feedback forms you voluntarily complete.

b) Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on pages.
  • Device Information: Device type, screen resolution, unique device identifiers, and language preferences.
  • Service Usage Data: Server resource utilisation, bandwidth consumption, IP addresses allocated, service activation and cancellation dates, and technical configuration details.
  • Cookies and Tracking Data: Information collected through cookies and similar technologies as described in Section 6 below.

c) Information from Third Parties

  • KYC Verification Results: Identity verification outcomes from Digio and Stripe Identity.
  • Fraud Prevention Data: Risk scores and fraud indicators from payment processors and security services.
  • Cloudflare Data: Geolocation data (country-level) derived from your IP address via Cloudflare's network, used for content localisation and security.

3. Lawful Basis for Processing

We process your personal data on the following lawful bases:

  • Consent: Where you have given explicit consent for a specific purpose (e.g., marketing communications, newsletter subscriptions). You may withdraw consent at any time.
  • Performance of Contract: Processing necessary to fulfil our contractual obligations to you — provisioning services, billing, technical support, and account management.
  • Legal Obligation: Processing required to comply with applicable laws, including CERT-In Directions (subscriber data collection and retention), IT Act 2000 requirements, tax laws (GST/income tax record retention), and DPDPA obligations.
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as fraud prevention, network security, service improvement, and abuse detection, provided these interests are not overridden by your rights.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

  • Service Delivery: Provisioning, managing, and maintaining the services you have purchased; allocating server resources and IP addresses; providing technical support.
  • Account Administration: Managing your account, authenticating your identity, processing payments, sending invoices and billing notifications.
  • Regulatory Compliance: Fulfilling KYC obligations under CERT-In Directions, maintaining subscriber records, responding to lawful government requests, and complying with court orders.
  • Security and Abuse Prevention: Detecting and preventing fraud, unauthorised access, DDoS attacks, spam, and other abuse of our network and infrastructure.
  • Service Improvement: Analysing usage patterns to improve our services, website, and customer experience.
  • Communication: Sending service-related notifications (maintenance alerts, security advisories, billing reminders) and, where you have consented, marketing communications about our products and offers.
  • Legal Proceedings: Establishing, exercising, or defending legal claims.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your personal data with the following categories of recipients:

  • Service Providers (Data Processors): Third-party providers who process data on our behalf, as listed in Section 7 below, subject to contractual obligations to protect your data.
  • Payment Processors: To process your payments securely. Payment card details are handled directly by PCI-DSS compliant payment processors and are not stored on our servers.
  • Government and Law Enforcement: Where required by applicable law, court order, or lawful government request, including CERT-In, law enforcement agencies, and regulatory authorities.
  • Legal and Professional Advisors: Lawyers, auditors, and other professional advisors in connection with legal proceedings or regulatory compliance.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, subject to the same privacy commitments.

In addition to the above, Leapswitch may disclose your personal data to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise, or defend its legal rights.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device to help the website function, remember your preferences, and collect analytics data.

Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly — session management, security, and load balancing (served via Cloudflare).
  • Analytics Cookies: Google Analytics (via Google Tag Manager) — to understand how visitors interact with our website, including pages visited, time on site, and traffic sources. These cookies collect anonymised, aggregated data.
  • Session Recording: Microsoft Clarity — to record and analyse user sessions (clicks, scrolls, page navigation) for improving user experience. Session recordings are anonymised and do not capture keystrokes in form fields.
  • Live Chat Cookies: Tawk.to — to enable our live chat widget and remember your chat history for continuity of support.
  • Marketing Cookies: HubSpot — to track interactions with our marketing content, forms, and email campaigns, and to personalise your experience where you have consented.

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may prevent you from using certain features of our website. For more information on managing cookies, visit your browser's help documentation.

7. Third-Party Services and Sub-Processors

We use the following third-party services that may process your personal data:

Service Purpose Data Processed
Cloudflare CDN, DNS, DDoS protection, SSL IP address, geolocation (country), request headers
Google Analytics / GTM Website analytics Anonymised usage data, IP address (anonymised), device info
Microsoft Clarity Session recording, heatmaps Anonymised session data, clicks, scrolls
Tawk.to Live chat support Name, email, chat messages, IP address
HubSpot Marketing, forms, CRM Name, email, company, form submissions, page views
Digio KYC verification (India) Aadhaar data, selfie, identity verification results
Stripe Payment processing, KYC (international) Payment details, government ID, selfie, billing address

Each third-party service operates under its own privacy policy. We ensure that all sub-processors maintain appropriate data protection standards through contractual agreements.

8. Cross-Border Data Transfers

Leapswitch operates datacenters in India, the United States, and Europe. Your personal data may be transferred to and processed in countries other than your country of residence. Such transfers are made in accordance with the DPDPA 2023 and are limited to countries not restricted by the Central Government of India.

Where your data is transferred outside India, we ensure that appropriate safeguards are in place, including contractual data protection obligations with our sub-processors and compliance with the data protection laws of the receiving jurisdiction.

By using our Services, you acknowledge and consent to such cross-border transfers of your personal data as described in this section.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods are as follows:

  • Account and Billing Data: For the duration of your account plus 7 years after account closure, as required by Indian tax laws (GST Act, Income Tax Act).
  • KYC and Subscriber Data: 5 years after cancellation or withdrawal of service registration, as mandated by CERT-In Direction No. 20(3)/2022-CERT-In, or longer if required by applicable law.
  • ICT System Logs: Rolling 180-day period within India, as mandated by CERT-In Directions.
  • Support Communications: For the duration of your account plus 3 years after account closure.
  • Marketing Data: Until you withdraw your consent or unsubscribe.
  • Analytics and Cookie Data: As per the retention settings of each third-party service (typically 14-26 months).

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data destruction procedures.

10. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: You may request a summary of your personal data being processed by us and the processing activities undertaken.
  • Right to Correction: You may request correction of inaccurate or incomplete personal data, and we will update records accordingly.
  • Right to Erasure: You may request erasure of your personal data where the purpose for processing has been fulfilled and retention is no longer necessary under applicable law. Note: Data retained under legal obligations (CERT-In, tax laws) cannot be erased until the mandatory retention period expires.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to withdrawal.
  • Right to Nominate: You have the right to nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the DPDPA.
  • Right to Grievance Redressal: You have the right to file a complaint with our Grievance Officer or, if unsatisfied with our response, with the Data Protection Board of India.

To exercise any of these rights, please contact our Grievance Officer using the details provided in Section 14 below. We will respond to your request within 30 days of receipt.

11. Children's Data

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. Account registration requires the individual to confirm they are at least 18 years of age. If we become aware that we have collected personal data from a child without verifiable parental consent, we will take steps to delete such data promptly.

12. Security Measures

We are committed to ensuring that your personal data is secure. We have implemented appropriate technical and organisational measures to safeguard your data, including:

  • Encryption of data in transit using TLS/SSL (HTTPS enforced across all web properties).
  • Encryption of sensitive data at rest where applicable.
  • Access controls with role-based permissions — only authorised personnel can access personal data on a need-to-know basis.
  • Regular security audits and vulnerability assessments of our infrastructure.
  • Network monitoring and intrusion detection systems across our datacenter facilities.
  • Physical security at our datacenter locations, including biometric access controls, CCTV monitoring, and 24/7 on-site security personnel.
  • Employee training on data protection and information security practices.

While we take all reasonable precautions to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights, we will:

  • Report the breach to the Indian Computer Emergency Response Team (CERT-In) within 6 hours of becoming aware of the incident, as mandated by CERT-In Directions.
  • Notify the Data Protection Board of India as required under the DPDPA.
  • Inform affected Data Principals without undue delay, providing details of the breach, likely consequences, and measures taken or proposed to address it.

14. Grievance Redressal

In accordance with the DPDPA 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address your concerns regarding the processing of your personal data.

Grievance Officer
Leapswitch Networks Pvt. Ltd.
Office 410, Spectra Commercial, Pratik Nagar, Paud Road
Pune 411038, Maharashtra, India
Email: grievance@leapswitch.com
Phone: +91 9599 656 657

We will acknowledge your grievance within 24 hours and endeavour to resolve it within 30 days of receipt. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDPA.

15. Links to Other Websites

Our website may contain links to third-party websites, including our client portal (manage.leapswitch.com), support portal (service.leapswitch.com), blog (blog.leapswitch.com), and partner websites. These external sites are not governed by this Privacy Policy. We encourage you to review the privacy policies of any third-party websites you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify registered customers via email for material changes that affect how their personal data is processed.
  • Where required by law, obtain your consent before implementing changes that affect the lawful basis for processing.

We encourage you to review this page periodically to stay informed about how we protect your personal data.

17. Contact Us

If you have any questions about this Privacy Policy, your personal data, or our data protection practices, please contact us:

Leapswitch Networks Pvt. Ltd.
Office 410, Spectra Commercial, Pratik Nagar, Paud Road
Pune 411038, Maharashtra, India
Phone: +91 9599 656 657
Email: support@leapswitch.com
Grievance Officer: grievance@leapswitch.com

© Leapswitch Networks Pvt. Ltd. All Rights Reserved.