Last updated: May 12, 2026

This Data Policy describes how Tektra IT Services ("Tektra") handles data across our website, client engagements, and internal operations. It complements our Privacy Policy and should be read together with any contract or statement of work signed with a Tektra client.

1. Scope

This policy applies to all data Tektra processes: personal data of website visitors and candidates, client business data accessed during engagements, and operational data Tektra generates in the course of delivering services.

2. Data Classification

• Public — marketing material, published reports, openly available information.
• Internal — operational data used to run Tektra, not for external release.
• Confidential — client information shared under NDA or contract.
• Restricted — regulated or sensitive data (e.g., PII, PHI, payment data) requiring elevated controls.

3. Handling Principles

• Purpose limitation: data is processed only for purposes documented in the engagement or this policy.
• Minimization: we collect and retain only what is necessary.
• Access control: least-privilege access enforced through role-based controls and MFA.
• Encryption: data is encrypted in transit (TLS 1.2+) and at rest where supported by the underlying platform.
• Logging & monitoring: access to systems containing client or restricted data is logged and reviewed.

4. Client Data

Tektra accesses client systems and data strictly under the terms of the executed agreement. Client data remains the property of the client. We do not use client data to train models, build derivative products, or share it with other clients.

5. Subcontractors & Sub-processors

Where we engage subcontractors or sub-processors, we conduct due diligence and flow down equivalent data-protection obligations through contract. A list of material sub-processors used in cloud, recruiting, and collaboration is available on request.

6. Cross-Border Transfers

Tektra operates a global delivery model. Where personal data is transferred across jurisdictions, we rely on approved transfer mechanisms (e.g., standard contractual clauses, applicable adequacy decisions) and additional safeguards as required.

7. Incident Response

Tektra maintains a documented incident-response process. Suspected data incidents are investigated, contained, and reported to affected clients in line with contractual notification timelines and applicable law.

8. Retention & Disposal

Data is retained per engagement requirements, legal obligations, or our internal retention schedule, whichever applies. On expiry or upon client request, data is securely deleted or returned per the agreed procedure.

9. Standards & Certifications

Tektra aligns its security and data-protection program with industry frameworks including ISO 27001 and SOC 2. Certifications and attestations applicable to a specific service can be shared under NDA on request.

10. Contact

For questions, data-subject requests, or to report a concern, contact us at info@tektrait.com or via our contact page.