1. Policy Overview
CapEngage provides data residency options to help customers meet local regulatory requirements. This policy outlines where we store data, how data transfers are protected, and the options available to customers.
Our cross-border data transfer practices comply with GDPR, India's DPDP Act, and other applicable regulations.
2. Data Center Locations
| Region | Location | Data Types |
|---|---|---|
| India (IN) | Mumbai, Hyderabad | Primary storage for India customers |
| European Union (EU) | Frankfurt, Dublin | EU customer data (GDPR) |
| United States (US) | Virginia, Oregon | US customer data, global backups |
| Singapore (SG) | Singapore | APAC customer data, regional hub |
3. Data Residency Options
3.1 Default Residency
Default data residency by customer location:
- India: Data stored in India data centers
- European Union: Data stored in EU data centers
- United States: Data stored in US data centers
- Other APAC: Data stored in Singapore data centers
3.2 Custom Residency
Enterprise customers can request custom data residency:
- Specify preferred data center region
- Require data to remain within specific jurisdiction
- Implement geographic restrictions on data access
Custom residency may require Enterprise plan and additional fees.
4. Cross-Border Data Transfers
4.1 Transfer Mechanisms
Cross-border transfers are protected by:
- Standard Contractual Clauses (SCCs): EU-approved SCCs for GDPR transfers
- Adequacy Decisions: Transfers to countries with adequacy decisions
- Binding Corporate Rules: For intra-group transfers (where applicable)
- DPDP Compliance: Compliance with India's cross-border transfer requirements
4.2 Transfer Scenarios
Cross-border transfers may occur for:
- Global backup and disaster recovery
- Customer support operations (with consent)
- Analytics and processing (with consent)
- Third-party subprocessor access (with safeguards)
5. Data Protection Measures
5.1 Encryption
All data is encrypted:
- At Rest: AES-256 encryption in all data centers
- In Transit: TLS 1.3 for all network transfers
- Key Management: Region-specific key management
5.2 Access Controls
Access to data is restricted based on geographic location and role. Support staff may only access data with customer consent and for specific support purposes.
6. Compliance Certifications
- GDPR: Full compliance for EU data processing
- DPDP: Compliance with India's Digital Personal Data Protection Act
- ISO 27001: Information security management
- SOC 2 Type II: Security and availability controls
7. Customer Rights
Customers can:
- Request information about data storage location
- Request data to be stored in specific regions
- Object to cross-border transfers where legally permitted
- Request data transfer to another region
Submit requests to privacy@capengage.com.
8. Changes to Data Residency
We may change data storage locations with 60 days notice. Customers with specific residency requirements will be notified of any changes affecting their data.
9. Contact Information
Data Residency Inquiries: privacy@capengage.com
DPO Contact: dpo@capengage.com
Address: Building No 4B, Flat No 304, Olympeo Riverside PH Karjat, Avasare, Raigad, Maharashtra, India - 410101
Company Information
CAPENGAGE TECHNOLOGY SOLUTIONS PRIVATE LIMITED
Building No 4B, Flat No 304, Olympeo Riverside PH Karjat,
Avasare, Raigad, Maharashtra, India - 410101