About

Who we are

Raksa is a compliance infrastructure platform designed for modern teams. We provide tools for data mapping, privacy assessments, regulatory intelligence, cookie consent management, and data discovery — unified in one platform.

When we say “Raksa”, “we”, “us”, or “our” in this notice, we are referring to the entity responsible for processing your personal data as the data controller.

Collection

What data we collect

We collect the following categories of personal data:

Account Information

Name, email address, organisation name, job title, and authentication credentials.

Usage Data

How you interact with the platform — pages visited, features used, timestamps, and session duration.

Cookies & Technical

Device type, browser, IP address, and information collected through cookies and similar technologies.

Purpose

Why we collect it

We process your personal data for the following purposes:

Provide our service — To create and manage your account, deliver platform functionality, and provide customer support.
Improve the platform — To understand how our tools are used, identify issues, and develop new features that serve your compliance needs.
Communicate with you — To send service-related notifications, respond to your enquiries, and (where you have opted in) share product updates.
Security & fraud prevention — To protect our platform and users from unauthorised access, abuse, and security threats.
Legal compliance — To meet our own regulatory obligations, including record-keeping and responding to lawful requests.

GDPR

How we use it — lawful bases

Under the General Data Protection Regulation (GDPR), we rely on the following lawful bases for processing your personal data:

Contract

Processing necessary to perform our contract with you — delivering the platform and supporting your account.

Legitimate Interests

Improving our services, understanding usage patterns, and ensuring security, where our interests do not override your rights.

Consent

Where you have given clear consent — for example, opting in to marketing communications or non-essential cookies.

Legal Obligation

Processing required to comply with applicable laws, regulations, or court orders.

Sharing

Who we share your data with

We do not sell your personal data. We share it only in the following limited circumstances:

Sub-processors — Trusted third-party services that help us operate the platform — such as cloud hosting, email delivery, and analytics providers. Each is bound by data processing agreements.
Legal obligations — Where required by law, regulation, or valid legal process — for example, in response to a court order or regulatory request.
Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to the same protections.
With your consent — Where you have explicitly authorised us to share data with a third party.

Transfers

International transfers

Your data may be processed outside the European Economic Area (EEA) or the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where the destination country provides an adequate level of protection
Other recognised transfer mechanisms under applicable data protection law

Rights

Your rights

Under data protection law, you have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@raksa.one.

Access

Request a copy of the personal data we hold about you.

Rectification

Ask us to correct inaccurate or incomplete data.

Erasure

Request deletion of your personal data where there is no compelling reason for continued processing.

Portability

Receive your data in a structured, commonly used, machine-readable format.

Objection

Object to processing based on legitimate interests or direct marketing.

Restriction

Request that we limit how we use your data in certain circumstances.

We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

Retention

Data retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this notice, or as required by law. Specifically:

Account data — Retained for the duration of your account and deleted within 90 days of account closure.
Usage data — Retained in aggregated, anonymised form for analytics purposes. Identifiable usage data is deleted within 12 months.
Communication records — Retained for up to 3 years for support and compliance purposes.
Legal hold data — Retained for as long as required by applicable legal obligations.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS) and at rest
Role-based access controls and least-privilege principles
Regular security assessments and penetration testing
Incident response procedures and breach notification processes
Staff training on data protection and information security

Updates

Changes to this notice

We may update this privacy notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by email or in-platform notification.

We encourage you to review this notice periodically to stay informed about how we are protecting your data.

Contact

Contact us

If you have any questions about this privacy notice or how we handle your personal data, please get in touch:

Emailprivacy@raksa.one

Subject linePrivacy Enquiry — [your topic]

We aim to respond to all privacy-related enquiries within 5 business days.