Privacy Policy

1. Introduction

SHIRO BPO Service (“SHIRO,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website, use our services, or interact with us. We operate from Mysuru, Karnataka, India and serve clients primarily in the United States.

2. Information We Collect

2.1 Website Visitors

When you visit our website, we may collect: browser type and version, IP address, pages visited and time spent, referring website, device type and operating system. This information is collected through cookies and analytics tools to improve our website experience.

2.2 Contact Form Submissions

When you submit a contact form or request a quote, we collect: name, company name, email address, phone number, service interests, and message content. This information is used solely to respond to your inquiry and provide relevant services.

2.3 Client Data (Service Delivery)

In the course of providing BPO services, we may process data on behalf of our clients, including datasets for annotation, business records, customer information, and financial data. This data is processed solely as directed by the client and governed by individual Service Agreements and Data Processing Agreements.

3. How We Use Your Information

We use collected information to: respond to inquiries and provide requested services, improve our website and user experience, send relevant communications about our services (with your consent), comply with legal obligations, and protect our rights and prevent misuse. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Processing for AI Annotation Services

For our AI Training Data Annotation service, we process datasets provided by clients exclusively for the purpose of annotation and labeling as specified in the service agreement. We implement the following safeguards: data is processed only within secure, access-controlled environments; annotators access data only through controlled workstations; no client data is stored on personal devices; all annotation data is deleted or returned upon project completion; we do not use client data to train our own models or for any purpose beyond the agreed scope.

5. GDPR Compliance (EU Data Subjects)

For individuals in the European Economic Area (EEA) or United Kingdom, SHIRO complies with the General Data Protection Regulation (GDPR). Your rights include: the right to access your personal data, the right to rectification of inaccurate data, the right to erasure (“right to be forgotten”), the right to restrict processing, the right to data portability, the right to object to processing, and rights related to automated decision-making and profiling. To exercise any of these rights, please contact us at info@shirobpo.com. We will respond to your request within 30 days.

6. DPDP Act 2023 Compliance (India)

SHIRO complies with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) of India. As a Data Fiduciary, we: process personal data only for lawful purposes with informed consent, implement reasonable security safeguards to protect personal data, provide data principals with the right to access, correct, and erase their data, appoint a Data Protection Officer as required, and notify the Data Protection Board and affected individuals of any data breach.

7. SOC 2 Readiness & Security Measures

SHIRO maintains SOC 2-ready security practices aligned with the Trust Service Criteria. Our security measures include: access controls with role-based permissions and multi-factor authentication, encryption of data in transit (TLS 1.2+) and at rest (AES-256), regular vulnerability assessments and penetration testing, employee background checks and security awareness training, incident response procedures and breach notification protocols, secure data destruction and media sanitization, physical security controls at our Mysore facility, and regular third-party security audits.

8. Data Security for US Clients

For our US-based clients, we implement additional safeguards including: compliance with applicable US data protection regulations, Standard Contractual Clauses (SCCs) for cross-border data transfers, dedicated secure environments for sensitive projects, regular compliance reporting and audit support, and cooperation with US regulatory requirements as needed.

9. Cookies

Our website uses cookies to: analyze website traffic and usage patterns (analytics cookies), remember your preferences (functional cookies), and improve website performance (performance cookies). You can control cookie settings through your browser. Disabling cookies may affect some website functionality. We do not use cookies for advertising or tracking across third-party websites.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected. Contact form submissions are retained for 2 years. Client service data is retained as specified in each Service Agreement. Website analytics data is retained for 26 months. Financial records are retained for 7 years as required by Indian tax law. Upon expiration of the retention period, data is securely deleted or anonymized.

11. Third-Party Services

We may use third-party services for website analytics, email communication, and cloud infrastructure. These providers are selected based on their security practices and data protection commitments. We enter into Data Processing Agreements with all third-party processors to ensure your data is handled appropriately.

12. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at info@shirobpo.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

14. Contact Us

For privacy-related inquiries, data subject requests, or complaints:

SHIRO BPO Service — Data Protection Officer
2nd Floor, #442, Jaya Chama Rajendra Rd
Vijayanagar 1st Stage, Vijayanagar
Mysuru, Karnataka 570017, India
Email: info@shirobpo.com
Phone: +91 76766 66844