IDEA Foundation
Privacy

Privacy Policy

This page summarises how IDEA Foundation collects, uses, retains, and protects personal data. It is aligned with the Indian Digital Personal Data Protection Act 2023 (DPDPA) and the EU General Data Protection Regulation (GDPR).

Who we are

IDEA Foundation is a technology and AI consulting organisation headquartered in India, with distributed delivery across 18+ countries. For privacy-related questions or grievance redressal under DPDPA, contact business@ideafoundation.co.in.

What we collect

We collect personal data you provide directly through:

  • Our contact form (name, email, company, country, role, industry).
  • Our careers process (CV content, contact details, application metadata).
  • Direct email and phone communication with our teams.

We also collect limited technical data through analytics — page views, referrers, anonymised session signals — to understand site usage and improve content.

Why we collect it
  • Respond to enquiries and continue conversations you have initiated.
  • Send service updates, perspectives, and event invitations where you have consented to receive them.
  • Assess and process job applications.
  • Operate, secure, and improve this site.
Retention

We retain personal data only as long as needed for the purposes above, or as required by law. Contact-form enquiries are retained for engagement lifecycle plus 24 months. Careers data is retained per applicable employment-law timelines.

Your rights

Under DPDPA and GDPR you have rights of access, correction, erasure, withdrawal of consent, and grievance redressal. To exercise any of these, email business@ideafoundation.co.in. We respond within statutory timelines.

Sharing

We do not sell personal data. We share it only with service providers operating on our behalf under contractual data-protection commitments, or where required by law.

Cross-border transfers

Engagements may involve transfer of personal data across jurisdictions where IDEA Foundation operates. We rely on standard contractual clauses and equivalent safeguards where required. For sovereign-deployment engagements with the public sector, data residency is configured per programme — typically with no cross-border transfer.

Security

We operate under ISO/IEC 27001:2022 information security management. Our delivery estates follow CERT-In incident reporting expectations including 6-hour breach notification where applicable.

Updates

We may update this policy. Material changes will be notified through the site or by direct communication where appropriate.