Legal
Privacy Policy
Last updated: 15 July 2026
This Privacy Policy describes how BWE Consulting Private Limited ("BWE", "we", "our") collects, uses and protects information across the QUANTRA platform and the marketing website at bwequantra.lovable.app. It is written to reflect the principles of India's Digital Personal Data Protection Act, 2023 (DPDP Act) and, where applicable, the EU GDPR.
1. Who we are
BWE is the data fiduciary for information collected via this website. For engagement data processed inside QUANTRA on behalf of a client organisation, BWE acts as a data processor and the client organisation is the data fiduciary.
2. Information we collect
Marketing website
- Information you submit via the contact form (name, work email, organisation, role, sector, message).
- Standard server logs (IP address, user agent, referrer, timestamps) retained for security and abuse-prevention purposes.
QUANTRA platform
- Account identifiers (email, name, organisational role), MFA enrolment metadata.
- Engagement data your team uploads: system inventories, cryptographic assets, certificates, algorithm metadata.
- Audit-trail metadata: timestamps, approver identities, report versions.
3. How we use information
- To respond to enquiries and deliver contracted engagements.
- To operate, secure and improve the QUANTRA platform.
- To satisfy regulator, statutory and audit obligations.
We do not sell personal data. We do not use engagement data to train AI models.
4. Legal basis
We rely on legitimate interest (secure platform operation), consent (marketing outreach where applicable) and contract necessity (delivery of engagements).
5. Sharing
We share information only with sub-processors necessary to operate QUANTRA (cloud hosting, transactional email, error monitoring). A current list is available in our Data Processing Addendum. We do not disclose engagement data except under lawful process or with the client organisation's written direction.
6. Data residency
QUANTRA engagement data is stored in Indian cloud regions. Sub-processor locations are disclosed in the DPA.
7. Retention
Marketing enquiries are retained for up to 24 months. Engagement data is retained per the client contract; on termination, data is deleted or returned within 30 days unless a legal obligation requires longer retention.
8. Security
The QUANTRA platform enforces row-level security at the database layer, mandatory MFA for all human users, role-scoped access, immutable audit logging and private engagement-scoped storage. See the Security page for details.
9. Your rights
Subject to applicable law, you may request access, correction, erasure, portability or withdrawal of consent for personal data we hold about you. Contact privacy@bwe.one.
10. Grievance officer
In accordance with the DPDP Act, our grievance officer can be reached at grievance@bwe.one. We aim to acknowledge within 72 hours and resolve within 30 days.
11. Changes
We will post material changes to this policy on this page with an updated "last updated" date and, where required, notify affected users directly.
