Surya.← Back to site

/ Legal · Privacy Policy

How we handle the information you share with us.

This Policy covers personal information we collect through our website and marketing — what we collect, why, who we share it with, and how to exercise your rights. Data we process for clients under contract is handled separately under the MSA and, where applicable, the Business Associate Agreement.

Effective
June 24, 2026
Entity
Surya Technologies, Inc.
Scope
Website & Marketing

/ Short Version

We collect the information you submit (contact forms, email) plus standard request and analytics data. We use it to reply, deliver Services, and improve our site — we don't sell it. Data we process for clients under contract (including PHI) is governed by the MSA and BAA, not this Policy. Pair this with our Terms.

/ Contents

  1. 01Two Data Worlds
  2. 02Information We Collect
  3. 03How We Use Information
  4. 04Legal Bases
  5. 05Cookies & Analytics
  6. 06Sharing & Subprocessors
  7. 07International Transfers
  8. 08Retention
  9. 09Security
  10. 10Your Rights
  11. 11Client Data Under Contract
  12. 12Children's Privacy
  13. 13Changes to This Policy
  14. 14Contact

Section 01

Two Data Worlds

Surya handles information in two distinct contexts. Understanding the line matters:

  • +Site & Marketing Data — information collected when you visit suryatechnologies.com, fill out a contact form, request a quote, or correspond with us. This Privacy Policy governs that data.
  • +Client Data — information we process on behalf of a client under a signed MSA, SOW, or BAA, including employee records, device assignments, and (where applicable) Protected Health Information. That data is governed by the contract with the client, not this Policy. The client is the data controller; Surya is the processor.

Section 02

Information We Collect

From the website and marketing, we may collect:

  • +Identifiers you submit — name, business email, phone, company, role, message content
  • +Engagement data — pages viewed, referring URLs, time on page, form interactions
  • +Technical data — IP address, browser and device type, approximate location derived from IP, timestamps
  • +Communications — emails, calendar invites, and meeting notes related to inquiries

We do not knowingly collect sensitive categories of personal information through the site.

Section 03

How We Use Information

  • +Respond to inquiries and prepare quotes or proposals
  • +Schedule and run meetings and discovery calls
  • +Operate, secure, and improve our website
  • +Send relevant operational and (where permitted) marketing communications
  • +Comply with legal obligations and enforce our Terms

Section 04

Legal Bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on the following bases: performance of a contract or pre-contractual steps at your request; our legitimate interest in running and improving the business; compliance with legal obligations; and, where required, your consent (which you may withdraw at any time).

Section 05

Cookies & Analytics

We use a small number of first-party and third-party cookies for site functionality and analytics. Analytics providers process visit data to help us understand traffic patterns. You can control cookies through your browser settings; disabling them may affect site functionality.

Section 06

Sharing & Subprocessors

We share site and marketing information with:

  • +Service providers running our website, email, CRM, analytics, and trust center
  • +Professional advisors (legal, accounting, insurance)
  • +Acquirers or successors in connection with a merger, financing, or sale of assets
  • +Authorities where required by law or to protect rights and safety

We do not sell personal information and do not share it for cross-context behavioral advertising.

Section 07

International Transfers

Surya operates from the United States and works with a delivery team in Bangalore, India. Personal information may be transferred to and processed in those jurisdictions. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

Section 08

Retention

We retain information for as long as needed for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. Inquiry records are typically retained for the duration of the commercial relationship plus a reasonable archival period.

Section 09

Security

Surya's security and privacy practices are aligned to NIST 800-171 and HIPAA. A SOC 2 Type 2 report will be available on August 1, 2026 via our Vanta trust center. No system is perfectly secure; we cannot guarantee absolute security but we work to maintain controls appropriate to the data we handle.

Section 10

Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal information, to object to or restrict processing, and to withdraw consent. To make a request, email sales@suryatechnologies.com. We will verify your identity and respond within the period required by law. You may also have the right to lodge a complaint with your local supervisory authority.

Section 11

Client Data Under Contract

Business Associate Agreements are available for engagements involving Protected Health Information. PHI is never used for our own marketing or analytics.

Section 12

Children's Privacy

Our website is directed at businesses. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact us so we can delete it.

Section 13

Changes to This Policy

We may update this Policy from time to time. The current version is posted at this URL with its effective date. Material changes will be communicated through the site or to contacts of record.

Section 14

Contact

Surya Technologies, Inc.
Research Triangle Park, NC 27703
sales@suryatechnologies.com