Privacy Policy

Last updated: 19 May 2026

1. Who we are

Blacklotus Audits (“we,” “us”) operates this site at blacklotusaudits.com. We can be reached at gujja.aakash333@gmail.com.

2. What data we collect

  • Contact form submissions. If you fill in the contact form, we collect the name, work email, company name, team size, and any message you provide.
  • Server logs. Our hosting provider (Vercel) maintains standard request logs (IP, timestamp, URL, user agent) for operational and security purposes. We do not maintain analytics or tracking pixels on this site.
  • Customer service data (if you become a customer). Separately and only after you contract with us, we process the employee list you provide for the purpose of running phishing-simulation training. That data flow is governed by the Data Processing Agreement we'll sign with you as a customer, not by this Policy.

3. Why we use it

  • To respond to your inquiry (contact form data).
  • To operate, secure, and improve the site (server logs).
  • To send you operational communications about anything you specifically ask about.
We do not sell your personal data. We do not use it for advertising. We do not share it with third parties beyond the subprocessors below.

4. Subprocessors

We use a small number of vendors to operate the site:
  • Vercel — site hosting and TLS termination. Privacy policy.
  • Resend — delivers contact-form submissions to our inbox. Privacy policy.
  • GoDaddy — domain registration only; does not see traffic.
  • Google Workspace / Gmail — where we read inquiries.

5. Cookies

The site uses only the essential cookies needed to operate (e.g., a session cookie your browser may set when you submit the contact form, and any standard cookies set by Vercel for its content delivery). We do not use analytics cookies or third-party advertising cookies.

6. Retention

We retain contact-form submissions for as long as we're actively in conversation with you, plus up to 24 months of records-keeping. You can ask us to delete your data sooner (see “Your rights” below). Server logs are kept for the period our hosting provider retains them by default (typically 30 days).

7. Your rights

Depending on your jurisdiction (EU/UK GDPR, California CCPA, and similar laws), you may have the right to access, correct, delete, restrict, port, or object to our processing of your data. Email gujja.aakash333@gmail.com and we'll respond within 30 days.

8. International transfers

If you are outside the United States, your data may be transferred to and processed in the United States by us and our subprocessors. Where required, we rely on Standard Contractual Clauses (SCCs) and the providers' certifications.

9. Children

The site is not directed at children under 16, and we do not knowingly collect data from children.

10. Changes

If we change this Policy materially, we'll update the date at the top and, if you've contacted us, notify you by email.