Data trust for AI, cloud, security, and growth programs.

1. Who we are

FourteenCloud ("we", "us", "our") is a Software-as-a-Service (SaaS) provider offering AI & agentic consulting, machine learning & RAG builds, DevOps & cloud engineering, cybersecurity & compliance, intelligent automation, software engineering, digital growth, and YouTube advisory services to enterprises and high-growth teams. We operate from India with pods across APAC and North America. This Privacy Policy applies to fourteencloud.com, wendesk.com, our SaaS platforms, collaboration environments (Notion, Linear, GitHub, etc.), and any engagement where we act as a service provider or processor.

Business Type: Software & SaaS Products Provider
Our Products & Services: We provide Software-as-a-Service (SaaS) platforms and software products including:

• wendesk.com - Customer support and helpdesk SaaS software platform
• Other proprietary SaaS software products and platforms
• Software development and licensing services
• IT consulting services (AI, DevOps, Cybersecurity, Compliance, Digital Transformation)

All services are provided subject to our Terms & Conditions and this Privacy Policy. We operate as a software products and SaaS services provider.

2. Personal data we collect

We collect personal data necessary to provide our services, process payments, and comply with legal obligations. All data collection complies with the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian laws.

• Business contact data: names, job titles, company details, email addresses, phone numbers, locations, and communication preferences.
• Payment and billing information: When you purchase our SaaS services (including wendesk.com subscriptions), we collect payment information through secure, PCI-DSS compliant payment gateways. This includes:
  • Billing name, address, and contact information
  • Payment method details (processed securely by payment processors)
  • Transaction IDs, payment reference numbers, and order IDs
  • Subscription details, plan information, and billing cycles
  • Invoice and receipt data
  • Bank account details (for refunds via NEFT/RTGS)
  Important: We do not store full credit card numbers, CVV codes, or complete payment card details on our servers. All payment data is processed and stored by our PCI-DSS compliant payment gateway partners.
• Account and subscription data: Account credentials, subscription plans, usage metrics, service access logs, billing history, and account settings for our SaaS platforms (fourteencloud.com, wendesk.com).
• Service usage data: For wendesk.com and other SaaS platforms, we collect usage data including tickets created, responses sent, API usage, feature utilization, and performance metrics to provide and improve our services.
• Engagement artifacts: briefs, datasets, architecture diagrams, infrastructure credentials, security policies, content calendars, video scripts, or other materials you voluntarily provide for project delivery.
• Usage telemetry: website analytics (page views, referrers, device/browser metadata), collaboration activity logs, and product feedback collected via privacy-conscious tools. We do not sell this data.
• Tax and compliance data: GST numbers, PAN details, tax identification numbers, and other information required for invoicing and tax compliance as per Indian tax laws.
• Sensitive information: Only processed if explicitly agreed in a Data Processing Agreement (DPA) or regulatory addendum (e.g., DPDPA, GDPR, HIPAA, PCI DSS). Such data is tokenised, encrypted, and access-controlled.

3. How we use personal data

• To scope, contract, and deliver the services defined in our proposals, SoWs, and MSAs.
• To process payments, manage subscriptions, issue invoices, and handle refunds as per our Refund Policy.
• To provide access to SaaS platforms, authenticate users, and manage account settings.
• To operate support channels (email, Slack, video calls, Loom recaps, Notion updates) and honor SLAs.
• To monitor infrastructure, AI pipelines, and automation bots for security, quality, and performance.
• To send operational or marketing communications (you may opt out of marketing at any time).
• To comply with legal obligations, audits, tax requirements, and law-enforcement requests where required.
• To prevent fraud, abuse, and ensure payment security in compliance with RBI guidelines and payment gateway requirements.

4. Lawful bases

We rely on contractual necessity, legitimate interests (e.g., securing environments, improving services), legal obligations, and your explicit consent where applicable. When acting as a processor, we only process data according to your documented instructions.

5. Security & retention

• AES-256 encryption at rest, TLS 1.2+ in transit, hardware MFA, least-privilege access, and quarterly reviews.
• Segregated environments for AI/ML sandboxes, DevOps pipelines, VAPT tooling, and content repositories.
• Default retention: 90 days for collaboration artifacts, 30 days for prompts/logs, unless contracts specify otherwise.
• Secure disposal via cryptographic wipe and written confirmation upon client request or project closure.

6. Service-specific provisions

In addition to the above, the following measures apply per practice line:

• AI, ML, Agentic & RAG: client-owned datasets remain in isolated buckets; we employ pseudonymisation, prompt red-teaming, and LLM safety controls.
• DevOps & Cloud: IaC-first workflows, secrets scanning, OIDC-based access, and cost anomaly alerts. Client cloud accounts remain under their control.
• Cybersecurity & Compliance: findings stored in encrypted vaults; regulator-facing evidence includes hash proofs and audit histories.
• Automation & IPA: bot credentials scoped to workflows; human-in-loop approvals logged; telemetry mirrored to your SIEM on request.
• Digital Growth & YouTube: campaign data accessed via client-authorised APIs; creative assets housed in segregated workspaces; no sale of behavioral data.

7. Sharing & international transfers

We share personal data only as necessary to provide our services, process payments, and comply with legal obligations. All data sharing complies with DPDPA and RBI guidelines.

• Service providers: Data may be shared with trusted employees, contractors, or sub-processors (e.g., Vercel, AWS, GitHub, Notion) strictly to deliver the contracted services. All sub-processors are bound by data processing agreements.
• Payment processors: We share payment information with authorized, RBI-approved payment gateways that are PCI-DSS compliant. These payment processors handle card payments, UPI, net banking, wallet payments, and refunds according to their privacy policies, RBI guidelines, and PCI-DSS standards. We do not store full payment card details, CVV, or complete payment credentials on our servers.
• Financial institutions: We may share billing and transaction data with banks and financial institutions as required for:
  • Payment processing and settlement
  • Refund processing (NEFT/RTGS/IMPS)
  • Fraud prevention and risk management
  • Regulatory compliance and reporting (RBI, tax authorities)
  • Dispute resolution
• Tax and regulatory authorities: We may share transaction and billing data with GST authorities, income tax department, and other regulatory bodies as required by Indian law for tax compliance and reporting.
• Legal and law enforcement: We may disclose information if required by law, court order, government request, or regulatory authority (including RBI, SEBI, tax authorities), and will notify you unless legally prohibited.
• Business transfers: In case of merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity, subject to the same privacy protections.
• International transfers: Cross-border transfers rely on Standard Contractual Clauses (SCCs), intra-group agreements, or local equivalents. Processing occurs primarily in India and Singapore, with mirrors in the EU/US when required. All transfers comply with DPDPA and applicable data localization requirements. Payment data is primarily stored and processed in India as per RBI guidelines.

8. Your rights

• Access, correction, deletion, restriction, portability, and objection, subject to applicable law.
• Right to withdraw consent without affecting prior lawful processing.
• Right to lodge complaints with relevant data protection authorities (e.g., DPDPA, GDPR, CCPA regulators).
• Exercise rights via [email protected]. We respond within 48 hours and complete requests within statutory timelines.

9. Data Protection Officer (DPO) & Contact

For questions about this policy, data subject rights, or our data practices under the Digital Personal Data Protection Act, 2023 (DPDPA), please contact:

We respond to data subject requests within 30 days as per DPDPA requirements. For payment-related queries, contact [email protected]. For refund requests, see our Refund Policy. We may update this policy to reflect operational, legal, or regulatory changes. The "last updated" date below indicates the latest revision.

Last updated: 19 January 2026.