Privacy Policy
Written in plain language, because a policy nobody can read protects nobody.
Last updated: 10 July 2026
This policy explains what personal data Aarhit Consultancy collects through this website and in the course of our work, why we collect it, and what you can do about it.
Who we are
Aarhit Consultancy is an offshore software development and outsourcing company registered in India, part of the Acmez group. Our head office is at #1328 Ganga Enclave, Near Sainik Colony, Right Bank Canal Road, Roorkee 247667, District Haridwar, Uttarakhand, India.
For the purposes of Indian data protection law we act as a data fiduciary for the personal data described below. Where we process data on behalf of a client, for example inside their systems during an engagement, we act as a data processor and the client remains the fiduciary.
What we collect
Through this website, only what you type into a form:
- Contact form: your name, email address, telephone number, company name, the engagement you are interested in, an indicative budget if you choose to give one, and your message.
- Careers form: your name, email address, telephone number, years of experience, the role you are applying for, a link to your work, your resume, and any note you add.
Our web server also records, as every web server does, the internet protocol address of the device making a request, the time of the request, and the page requested. We use this only to apply rate limits and to investigate abuse.
We do not collect special category data. Please do not include health information, financial account details, government identifiers, or passwords in any message to us.
Why we collect it
- To reply to your enquiry and, if it leads somewhere, to prepare a proposal.
- To assess a job application and communicate with you about it.
- To keep a record of what was submitted, so that a failure in our mail system does not lose your message.
- To defend against automated abuse of our forms.
We do not sell personal data. We do not use it to build advertising profiles. We do not send marketing email to people who contacted us about something else.
Legal basis
We process contact form data on the basis of your consent, given when you tick the box before submitting, and on the basis of our legitimate interest in responding to enquiries about our services.
We process application data on the basis of your consent and in order to take steps at your request before entering an employment contract.
Where the Digital Personal Data Protection Act 2023 applies, consent is obtained through an affirmative action and can be withdrawn at any time by writing to the address below.
How long we keep it
| What | How long | Why |
|---|---|---|
| Contact enquiries that go nowhere | 12 months | So we recognise you if you return |
| Contact enquiries that become proposals | 7 years | Tax and contractual record keeping |
| Job applications, unsuccessful | 12 months | To consider you for a later opening |
| Job applications, successful | Duration of employment plus 7 years | Statutory employment records |
| Server request logs | 90 days | Abuse investigation |
| Form submission log | 90 days | Recovery if mail delivery fails |
If you ask us to delete an unsuccessful application sooner, we will, unless we are required to keep it.
Who we share it with
Personal data submitted through this site reaches our own mail server and our own inbox. It is not passed to a third party marketing platform.
We use a small number of processors that are unavoidable in running a website: our hosting provider, our email provider, and the content delivery networks that serve the Bootstrap and font files this page loads. Those networks receive the internet protocol address of your browser, as they would for any site that uses them.
We disclose personal data to a government authority only where we are legally compelled to, and where permitted we will tell you that we have done so.
Client code and data
During an engagement our engineers may access systems containing your customers' personal data. In that relationship you are the fiduciary and we are the processor. We act only on your documented instructions.
Every engineer signs a confidentiality and intellectual property assignment agreement before receiving access to a client repository. Access is granted per project, reviewed on rotation, and revoked on the day an engineer leaves the engagement.
We do not copy client production data onto local machines. Where test data is needed, it is masked or synthesised.
Candidate information
Your resume is read by our hiring team and by the engineering manager for the role you applied to. It is not shared with a client, and it is never used as evidence of our capability in a proposal.
If you are unsuccessful and you would rather we did not keep your application for the twelve months described above, say so in your application or write to us afterwards, and we will delete it.
Cookies and tracking
This website sets no cookies of its own. There is no analytics script, no advertising pixel, and no session cookie, because the site does not need one.
Your browser will fetch stylesheets, fonts, and one JavaScript bundle from Google Fonts and jsDelivr. Those providers see the request. We receive nothing from them about you.
How we protect it
- The site is served over HTTPS and requests over plain HTTP are redirected.
- Form submissions are validated on the server, not only in your browser.
- Our form handlers are protected against mail header injection and rate limited per address.
- Submission logs are stored outside the publicly reachable part of the web server.
- Access to our mail inbox requires multi factor authentication.
No system is perfectly secure. If we discover a breach affecting your personal data we will notify you and the Data Protection Board of India as required, without undue delay.
Your rights
You may ask us to:
- tell you what personal data of yours we hold, and why;
- correct it if it is wrong, or complete it if it is partial;
- erase it, where we have no legal obligation to keep it;
- stop processing it, by withdrawing the consent you gave;
- nominate another person to exercise these rights if you are unable to.
Write to info@aarhit.com. We will respond within thirty days. There is no charge. We may ask you to confirm your identity before we act, so that we do not disclose your data to somebody else.
If you are unhappy with our response you may complain to the Data Protection Board of India.
Grievance officer
As required by the Information Technology Act 2000 and the rules made under it, and by the Digital Personal Data Protection Act 2023, our grievance officer can be reached at:
Grievance Officer, Aarhit Consultancy
#1328 Ganga Enclave, Near Sainik Colony, Right Bank Canal Road
Roorkee 247667, District Haridwar, Uttarakhand, India
info@aarhit.com
+91 75791 85775
Complaints are acknowledged within twenty four hours and resolved within fifteen days.
Changes to this policy
When we change this policy we update the date at the top of this page. If a change materially affects how we handle data you have already given us, we will write to you rather than rely on you noticing.
This policy is a description of our practice. It is not legal advice, and it does not create rights beyond those the law already gives you.