Thank you for visiting ‘https://apicritique.com/’. API Critique offers SaaS based solutions and services which can identify security risks managed and provided by Entersoft Information Systems Pvt. Ltd. hereinafter referred to as ENTERSOFT SECURITY. This Privacy Statement describes the practices that API CRITIQUE/ENTERSOFT SECURITY will follow with respect to the personal information it collects from visitors to "Our website", https://apicritique.com/ and other ENTERSOFT SECURITY websites or hosted websites that link to this Privacy Statement. It also describes how we collect and use personal information from our users/members with whom we may or we may not have a business relationship.
This policy (together with our terms of service and any other documents referred to in it) sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed:
API Critique is SaaS based solution that can identify security risks managed and provided by ENTERSOFT SECURITY. ENTERSOFT SECURITY offers services in the field of cyber security, SOC as a services in the field of cyber security, Risk and Compliance services. [SP1] Developers or security teams in an organization can perform scans on APIs to identify security risks using the user friendly solution offered by API CRITIQUE/ENTERSOFT SECURITY. The services offered primarily focus on identifying OWASP API Security weaknesses within RESTful web services which are public facing and can also identify risks within private or internal APIs based on the configuration.
“Personal information” is information that can be used to identify, locate or contact you. It may include information filled voluntarily by the user at the time of registering and may be a combination of pieces of information that could reasonably allow him to be identified. Personal information may consist of full name, personal contact numbers, residential address, email address, gender or date of birth.
Contact Information that allows us to communicate with you, such as your name, username, location, mailing address, telephone numbers, email address or other addresses that allow us to send you messages.
Relationship Information that helps us keep track of your preferences, history of transactions, feedback and ratings on such services availed or offered as well as the types of products and services that may interest you.
Transaction Information about how you interact with other users, including your purchase history, customer account information and information about how you use our Platform/website, websites and applications.
Non-Personal Information/ Log data: Non-Personal Information such as internet protocol address, operating system, browser type, internet service provider, aggregate user data, browser type, software and hardware attributes, pages you request, and cookie information.
Sensitive personal data or information such as personal information such as financial information such as bank account or credit card or debit card or other payment instrument details, mode of payments, UPI information that may be collected, received, stored, transmitted or processed in "Our website" directly or indirectly through Information from Third Parties, consisting of Passwords; Physical, physiological and mental health condition; Sexual orientation; Medical records and history; Biometric information; transactional data from providers of payment services or information from our partners. Any detail relating to the above personal information categories as provided to API CRITIQUE/ENTERSOFT SECURITY for availing service; and Any of the information received under above personal information categories by API CRITIQUE/ENTERSOFT SECURITY for processing, stored or processed under lawful contract or otherwise. Please note that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 in India or any other law for the time being in force shall not be regarded as sensitive personal information. The Financial Information collected from the Users is transacted through secure digital Platform/websites of approved payment gateways which are under encryption, thereby complying with reasonably expected technology standards. While API CRITIQUE/ENTERSOFT SECURITY shall make reasonable endeavours to ensure that the User’s personal information and the Financial Information is duly protected by undertaking security measures prescribed under applicable laws, the User is strongly advised to exercise discretion while providing personal information or Financial Information while using the Services given that the Internet is susceptible to security breaches.
When user(s) access and/or use "Our website" through their mobile/handheld device, API CRITIQUE/ENTERSOFT SECURITY may receive information about their locations and mobile device, including a unique identification number for the device. API CRITIQUE/ENTERSOFT SECURITY may use this information to provide you with location-based Services including but not limited to search results and other personalized content. When you use the Platform/website through the telecommunication device, we collect your location data. If you permit the Platform/website to access your location through the permission system used by your mobile operating system, you may also collect the precise location of your device when the App is running in the foreground or background. We may also derive your approximate location from your IP address.
User communications: When you send emails/chat or other communications to us and any other user(s), the same including the chat history may be retained in order to keep tab on the history, process your inquiries, respond to your requests and improve Our Services.
On receiving personal information about a user, API CRITIQUE/ENTERSOFT SECURITY may use this information to do internal research on your demographics, interests, and behaviour to better understand, protect and serve you better. This information is compiled and analysed on an aggregated basis and in a manner that does not personally identify you. We indicate fields that are mandatorily required to be filled and fields that are optional. You may decide whether or not to provide such information to us. Our mission is to provide a safe, efficient, and high-quality Platform, and we – or our authorized third-party service providers who assist us in providing the Platform – process your personal information for this purpose. Specifically, personal information is processed in order to:
Provide you with access to and the ability to use the Platform.
Process and complete transactions and send you related information, including purchase confirmations and invoices.
Respond to your queries and requests or otherwise communicate directly with you;
Improve the content and general administration of the Platform and enhance user experience;
Provide customer support;
Detect fraud, illegal activities, or security breaches;
Provide you with notices regarding purchases or other important information;
Ensure compliance with applicable laws;
Perform system maintenance and upgrades and enable new features;
Conduct statistical analyses and analytics;
Increase the number of customers who use our Platform through advertising and marketing;
To send you marketing communications if you have opted in to receive them (depending on your location); and
Any User(s) can access, edit and modify, correct and eliminate the data about one self which has been collected pursuant to such user’s decision to become a User. Any valid grievances in relation to the information shared by the User with API CRITIQUE/ENTERSOFT SECURITY may be brought to the attention of grievance officer.
In the process of availing the services, you may be required to pay directly and or through API CRITIQUE/ENTERSOFT SECURITY with a credit card, wire-transfer, UPI or debit card through API CRITIQUE/ENTERSOFT SECURITY’s third party payment gateway provider and such third party payment gateway provider may collect certain financial information from you including, but not restricted to, your UPI, credit/debit card number or your bank account details (collectively referred to as “Financial Information”). All Financial Information collected from the Users’ by API CRITIQUE/ENTERSOFT SECURITY’s third party payment gateway providers will be used only for payment processes. The verification of the Financial Information shall be accomplished only by the User through a process of authentication in which API CRITIQUE/ENTERSOFT SECURITY shall have no role to play.
API CRITIQUE/ENTERSOFT SECURITY may communicate to the registered users, at its discretion, also for the following reasons:
to manage and offer the Platform/website to users and to enhance the availability of Services through users to meet the User’s requirements;
To identify the User, to understand his/her/its needs and location, if any;
To customize User experience and to provide ongoing service;
To meet legal and regulatory requirements;
To resolve technical issues and troubleshoot problems; to detect and protect API CRITIQUE/ENTERSOFT SECURITY from error, fraud and other criminal activities
To aid the users providing service through API CRITIQUE/ENTERSOFT SECURITY in collecting money from Users for transactions carried out on the Platform/websites;
To keep Users apprised of API CRITIQUE/ENTERSOFT SECURITY’s (or third parties’) promotions and offers;
Due to the communications standards on the Internet, when a user visits the Platform/websites, API CRITIQUE/ENTERSOFT SECURITY automatically receives the uniform resource locator of the site from which such User visits the Platform/websites, details of the website such User is visiting on or leaving the Platform/websites, the internet protocol (“IP”) address of each User’s computer operating system, type of web browser the User is using, email patterns, and the name of the User’s internet service provider. This information is used solely to analyse overall User trends and to help API CRITIQUE/ENTERSOFT SECURITY in improving its Services. Please note that the link between the User’s IP address and the User’s personally identifiable information is not shared with third parties without such User’s permission or except when required by law or to provide or facilitate the User with the Services or except as provided in this policy. Notwithstanding the above, the User acknowledges API CRITIQUE/ENTERSOFT SECURITY’s right to share some of the aggregate findings, including the personal information provided by the Users generally in an unidentifiable form, and not the specific data with advertisers, sponsors, investors, strategic partners, and others in order to help grow the business. The amount of information sent to API CRITIQUE/ENTERSOFT SECURITY depends on the settings of the Platform/website and web browser used by the User to access the Platform/websites. The User may refer to the browser used, if the User wishes to learn what information is provided to API CRITIQUE/ENTERSOFT SECURITY.
The Platform/websites use temporary cookies to store certain data. API CRITIQUE/ENTERSOFT SECURITY does not store personally identifiable information in the cookies. Information collected by API CRITIQUE/ENTERSOFT SECURITY, by any means whatsoever, that does not personally identify the User as an individual (such as patterns of utilization described above) is exclusively owned by API CRITIQUE/ENTERSOFT SECURITY and may be used by API CRITIQUE/ENTERSOFT SECURITY and third party service providers for technical administration of the Platform/websites, user administration, research, development, and other purposes. Additionally, API CRITIQUE/ENTERSOFT SECURITY may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to its parent API CRITIQUE/ENTERSOFT SECURITY, group companies, subsidiaries, associates, affiliates, suppliers, vendors, sister concerns, service providers and service partners and other third parties (collectively referred to as “Other Parties”).
A User may set or amend one’s web browsers to delete or disable cookies. If a user chooses to disable cookies on one’s computer or Platform/website or application or mobile telecommunication device, it may impair, degrade or restrict access to certain areas of the Platform/websites. Merely closing the web browser should ordinarily clear all temporary cookies installed by API CRITIQUE/ENTERSOFT SECURITY. However, Users are encouraged to use the “clear cookies” functionality of their browsers to ensure deletion, as API CRITIQUE/ENTERSOFT SECURITY cannot guarantee, predict or provide for the behaviour of the equipment of all the Users of the Platform/websites.
API CRITIQUE/ENTERSOFT SECURITY may allow third parties or other companies or entities or Hosting and content delivery network services; Analytics services; CRM providers; Lead generation partners; Marketing and social media partners; Customer support services; Payment processors; Functionality and debugging services; and Professional service providers, such as auditors, lawyers, consultants, accountants, and insurers for the respective services. These companies or entities include third party advertisement servers, advertisement agencies, advertisement technology vendors and research firms. API CRITIQUE/ENTERSOFT SECURITY may target some advertisements to users that fit a certain general profile. API CRITIQUE/ENTERSOFT SECURITY does not use personally identifiable information to target advertisements to specific Users.
API CRITIQUE/ENTERSOFT SECURITY may keep records of telephone calls received from and made to Users for the purpose of administration of Services, research and development, training, business intelligence, business development, or for User administration. API CRITIQUE/ENTERSOFT SECURITY may share the telephone records with third parties when required by law or when required to provide or facilitate the User with the Services.
API CRITIQUE/ENTERSOFT SECURITY has implemented security policies, rules and technical measures, as required under applicable law including firewalls, transport layer security and other physical and electronic security measures to protect the Financial and personal information that it has under its control from breach, unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. It is expressly stated that API CRITIQUE/ENTERSOFT SECURITY shall not be responsible for any breach of security or for any action of any third parties that receive Users’ personal data or events that are beyond the reasonable control of API CRITIQUE/ENTERSOFT SECURITY including, acts of government, computer hacking, unauthorized access to computer data and storage device, computer crashes, breach of security and encryption, etc.
API CRITIQUE/ENTERSOFT SECURITY has procedures in place to deal with any suspected data security breach. If required, API CRITIQUE/ENTERSOFT SECURITY shall notify you and any applicable regulator of a suspected data security breach. API CRITIQUE/ENTERSOFT SECURITY also requires those parties to whom it transfers your personal information to provide acceptable standards of security.
API CRITIQUE/ENTERSOFT SECURITY may share/use personal information and personally identifiable information provided by Users with the Other Parties for the purposes of:
detecting and preventing identity theft, fraud or any other potentially illegal acts;
monitoring and enhancing User interest and engagement, including through promotional activity, personal messages to Users using personally identifiable information provided by Users, etc; or
processing the service including purchase of Products using the Platform/websites.
Hosting and content delivery network services;
Lead generation partners;
Marketing and social media partners;
Customer support services; Payment processors;
Functionality and debugging services;
Professional service providers, such as auditors, lawyers, consultants, accountants, and insurers for the respective services
To the extent that Other Parties have access to the personal information, API CRITIQUE/ENTERSOFT SECURITY shall make efforts to ensure that the Other Parties treat such personal information at least as protectively as they treat personally identifiable information obtained from their users or members.
API CRITIQUE/ENTERSOFT SECURITY may also disclose or transfer the personal and other information provided by users, to any third party as a part of reorganization or a sale of the assets, division or transfer of a part or whole of API CRITIQUE/ENTERSOFT SECURITY . Any third party to which API CRITIQUE/ENTERSOFT SECURITY transfers or sells its assets will have the right to continue to use the personal and other information that Users provide to API CRITIQUE/ENTERSOFT SECURITY.
All ENTERSOFT SECURITY employees and data processors, who have access to and are associated with the processing of personal information or Financial Information provided by users are obliged to respect the confidentiality of every User’s personal information or Financial Information.
The User consents to API CRITIQUE/ENTERSOFT SECURITY reproducing/publishing all testimonials and reviews given by the User (whether on the Website, social media Platform/websites, or in any other manner whatsoever) in relation to API CRITIQUE/ENTERSOFT SECURITY or any of the Products, together with the User’s name and location, on the Website, on such page and in such position as API CRITIQUE/ENTERSOFT SECURITY may determine in its sole discretion. The User agrees that API CRITIQUE/ENTERSOFT SECURITY may edit the testimonials and reviews provided by the User and reproduce/publish such edited or paraphrased versions of the testimonials and reviews on the Website. If the User has any concerns with the reproduction/publication of any testimonial or review provided by the User on the Website, the User may contact Entersoft email@example.com
All information disclosed by you/user shall be deemed to be disclosed willingly and without any coercion. No liability pertaining to the authenticity/genuineness/ misrepresentation/ fraud/ negligence, etc. of the information disclosed shall lie on API CRITIQUE/ENTERSOFT SECURITY nor will API CRITIQUE/ENTERSOFT SECURITY in any way be responsible to verify any information obtained from you/user.
Withdraw consent: You/user may choose to withdraw one’s consent provided hereunder at any point in time. Such withdrawal of the consent must be sent in writing to firstname.lastname@example.org. In case you do not provide or later withdraw your consent, API CRITIQUE/ENTERSOFT SECURITY reserves the option to not allow you/user to undertake any transaction on the Platform/website or access the Service available on the Platform/website for which the said information was sought on the Platform/website. However, if you/user are a part of any on-going transaction on the Platform/website, API CRITIQUE/ENTERSOFT SECURITY reserves the right to retain all your information until completion of the transaction. Further, you/user acknowledge and agree that in case of such withdrawal of your consent, API CRITIQUE/ENTERSOFT SECURITY reserves the right to store your information in an anonymised form such that the information stored will not be attributable to you or identify you in any manner whatsoever. API CRITIQUE/ENTERSOFT SECURITY shall complete the anonymizing the data within 60 days from the date of withdrawal of consent.
Alteration/Rectification: You represent and warrant that any and all information, including but not limited to your Personal Information is absolutely correct and complete in all aspects. You further undertake to immediately update any change or variation of your Personal Information on the Platform/website by sending us a request in writing to email@example.com to rectify or update Your Account. Once you send us an email to us, you agree to comply with the instructions as may be provided/communicated by us.
If you are accessing the Platform/websites from outside India, it is solely your responsibility to ensure that your access does not breach or violate any local or national law applicable in the place from where you are making the access, for the time being in force.
We provide all Users with the opportunity to opt-out of receiving non-essential (promotional, marketing-related) communications from API CRITIQUE/ENTERSOFT SECURITY on behalf of our partners, and from API CRITIQUE/ENTERSOFT SECURITY in general, after providing API CRITIQUE/ENTERSOFT SECURITY with personal information. If you want to remove your contact information from all lists and newsletters, please contact firstname.lastname@example.org. If you choose to opt out, API CRITIQUE/ENTERSOFT SECURITY may still send you non-promotional emails/communications/messages, such as emails/communications/messages with respect to the Platform/website and your account and related transactions.
If a User wishes to remove his/her/its contact information from all API CRITIQUE/ENTERSOFT SECURITY’s lists and newsletters, the User can click on the "unsubscribe" link or follow the instructions in each e-mail message. Alternatively, the User can contact API CRITIQUE/ENTERSOFT SECURITY at email@example.com. API CRITIQUE/ENTERSOFT SECURITY reserves the right to limit membership based on availability of contact information. All Users will be notified by email prior to any actions taken.
This Section applies to users/individuals located in the EEA.
Categories of Recipients of Personal Data. The categories of recipients of personal data with whom we may share your personal data are listed in the "Disclosure of Your Personal Information" section above.
Performance of a Contract. We may process your personal data for the purposes of a contract to which you are a party. For instance, if you want to use our Platform, we need to process your account registration information, location information, and payment information in order to enable you to do so.
Legitimate Interests. We may process personal data where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. We generally rely on legitimate interests to: provide and maintain a Platform that works well and securely; comply with applicable laws; carry out fraud prevention; and generally improve the Platform. When we rely on this legal basis, we’ll carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative) and your rights under applicable data protection laws.
Consent. API CRITIQUE/ENTERSOFT SECURITY may rely on consent where it is required, such as with respect to certain information collected via cookies and similar technologies (other than strictly necessary cookies) or when we’re asking you to confirm your marketing preferences. When we rely on consent, you’ll be asked to confirm that you give your permission to API CRITIQUE/ENTERSOFT SECURITY to process your personal information. You have the right to withdraw your consent at any time if you no longer wish to have API CRITIQUE/ENTERSOFT SECURITY process your personal data.
Legal Obligation. API CRITIQUE/ENTERSOFT SECURITY will on occasion be under a legal obligation to obtain and disclose your personal data. Where possible, we will notify you when processing your data due to a legal obligation, but this may not always be possible. For instance, API CRITIQUE/ENTERSOFT SECURITY may need to provide your data in order to prevent criminal activity or to help to detect criminal activity, in which case we may share information with law enforcement without providing notice to you. This is done in a safe and secure manner. It’s essential that API CRITIQUE/ENTERSOFT SECURITY complies with its legal, regulatory, and contractual requirements, so if you object to this processing then API CRITIQUE/ENTERSOFT SECURITY will not be able to provide its Platform to you.
Your Rights and Choices under GDPR. If the GDPR applies to you because you are in the EEA, you have the following rights in relation to your personal data:
The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’);
The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data;
The right to data portability – your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object – your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules around when you can exercise them. If are located in the EEA and wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org or at the addresses provided below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
In case of any dissatisfaction in relation to the Platform/website, you/user shall first file a formal complaint with the customer service of API CRITIQUE/ENTERSOFT SECURITY, prior to pursuing any other recourse. The complaints can be lodged at email@example.com, and upon lodging a complaint you/user agree to provide complete support to the customer service team with such reasonable information as may be sought by them from you/user. The decision of API CRITIQUE/ENTERSOFT SECURITY on the complaints shall be final and you/user agree to be bound by the same.
For feedback or concern, if any, kindly contact Grievance Officer at: firstname.lastname@example.org
Name and address
Entersoft Information Systems Pvt. Ltd.
Plot 162, Road No 72, Prashashan Nagar, Jubilee Hills, Hyderabad, Telangana 500033.
Entersoft Australia Pty Ltd, 375 Wickham Terrace, Spring Hill, Brisbane, QLD 4000, Queensland, Australia
Entersoft US LLC, 100 Enterprise Drive, Suite # 301, Rockaway, NJ 07866, New Jersey, USA