Privacy Policy

Last Updated: March 2026

Kairosinfra (“the Firm,” “we,” “us,” or “our”), is committed to protecting the privacy and confidentiality of the data entrusted to us. This Privacy Policy outlines how we collect, use, and safeguard information in compliance with the Information Technology Act, 2000 and global data protection standards. Kairos Infra is a professional services brand operated by S4Fortune Consulting LLP and Pluto Consulting.

1. Information We Collect
We collect only the minimum data required to perform technical due diligence and process professional service payments:

Client Information: Name, corporate email, designation, and billing address.

Transaction Data: Payment identifiers, GST numbers, and invoice history.

Technical Asset Data (Phase 1 Only): Temporary, read-only access to code repositories (GitHub/GitLab) and cloud infrastructure (AWS/GCP/Azure) provided by the target company.

2. How We Use Your Information
To perform technical “Phase 0” and “Phase 1” risk assessments.

To generate and deliver the Kairos Verdict Memo.

To process secure payments through our authorized partner, PayU.

To comply with statutory tax and regulatory requirements in India.

3. The “Read-Only” Data Mandate
Security is our core product. We strictly adhere to a Forensic Read-Only Protocol:

No Storage: We do not clone, download, or store target source code on our local servers.

Encrypted Analysis: We use secure, ephemeral environments to analyze architecture.

Access Control: Access to client data is restricted to the specific lead auditors assigned to the deal and is revoked immediately upon project completion.

4. Third-Party Sharing (Payment Processing)
We do not sell, rent, or trade your data. To facilitate transactions, your billing information is shared with PayU Payments Private Limited. PayU acts as an independent data controller for payment information and maintains PCI-DSS compliance. S4Fortune Consulting LLP does not store credit card numbers, CVVs, or net banking credentials on its servers.

5. Data Retention
Audit Documentation: We retain our final “Verdict Memos” for the period required by professional indemnity standards.

Billing Records: Retained as per Indian Tax Law (GST) requirements.

Target Data: All temporary access to target repositories is revoked and session data is wiped immediately upon delivery of the final report.

6. Disclosure Required by Law
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency like the RBI/SEBI).

7. Your Rights & Grievances
In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below:
Email: contact at kairosinfra dot com