Legal
Srasta is published by Gandiva Tech, Inc. This policy explains how we handle information on srasta.ai, pilot requests, product-update requests, investor pitch interactions, and customer communications.
When you submit a form, we collect contact details you provide, such as name, email, company, role, inquiry message, requested feature, security interest, and selected pilot intent.
When you consent to analytics, we collect first-party website events such as page path, page title, referrer, UTM campaign fields, CTA clicks, pitch-deck opens/downloads, booking clicks, country, and a randomly generated anonymous browser ID stored in localStorage. We do not store raw IP addresses for website analytics.
We use this information to operate the site, respond to inquiries, qualify pilot fit, understand which product and security topics are useful, attribute campaigns, route investor or buyer follow-up, improve the site, and maintain abuse/security defenses.
Srasta currently uses first-party localStorage for analytics consent and, if accepted, an anonymous visitor ID. We do not use third-party advertising cookies or cross-site behavioral tracking on srasta.ai. You can decline analytics in the banner and still use the site.
Anonymous website activity is used only as aggregated or anonymous intent signal. We do not create fake CRM People records for anonymous visitors. If you submit a form, request a pilot, subscribe for updates, or use an investor pitch link tied to your email, we may associate your known contact record with your request and related campaign interactions.
If we add account-level visitor identification or enrichment later, we will use it to understand company-level interest and sales fit. We will update this policy before enabling it. We do not sell personal information.
Anonymous website analytics are retained for up to 13 months. Raw pitch and web interaction events used for funnel diagnostics are kept only as long as needed for sales operations, security, and debugging. Contact-form, pilot, feature-request, product-update, and customer communication records are retained for up to 24 months after last interaction unless a longer contractual, legal, security, or accounting retention period applies.
Where GDPR, UK GDPR, CCPA/CPRA, or similar laws apply, you may request access, correction, deletion, portability, restriction, or objection to certain processing. You may also withdraw consent for marketing communications or analytics where consent is the applicable basis.
We do not sell personal information. We may share data with service providers that support hosting, analytics, form processing, CRM, email, scheduling, support, security, and website operations, subject to contractual controls.
We use reasonable technical and organizational measures to protect data. No system is completely risk-free, and security controls are continuously improved.
Srasta is designed to run inside customer-controlled infrastructure. Customer prompts, responses, documents, audit logs, identity records, and deployment data are governed by the customer’s own configuration, agreements, and privacy obligations unless voluntarily shared with Srasta for support.
Privacy requests can be sent to privacy@srasta.ai. General inquiries can be sent to info@srasta.ai.