T-Mat Global
T-Mat Global
Transparency, security, and responsible practices are fundamental to how T-Mat Global operates. These policies govern how we protect our clients, partners, systems, and data across every engagement.
T-Mat Global is committed to maintaining the security of our systems, services, and client infrastructure. We actively encourage responsible disclosure of security vulnerabilities by security researchers and the public.
This policy applies to all T-Mat Global owned and operated digital assets including our primary website (t-matglobal.com), client-facing portals, internal systems, and infrastructure managed on behalf of clients where we have explicit authorization to receive disclosures.
Report all suspected vulnerabilities in writing to security@t-matglobal.com. Include a clear description of the vulnerability, steps to reproduce, potential impact assessment, and any supporting evidence such as screenshots or proof-of-concept code. Do not exploit or attempt to access data beyond what is necessary to demonstrate the vulnerability.
We will acknowledge receipt of your report within 48 hours. We will provide a substantive response including our assessment and planned remediation timeline within 10 business days. We will not pursue legal action against researchers acting in good faith under this policy. We will keep you informed of our progress throughout the remediation process.
The following activities are explicitly out of scope and prohibited: denial of service attacks, social engineering of T-Mat Global staff or clients, physical security testing, testing of third-party systems without explicit authorization, automated scanning that impacts system availability, and accessing or exfiltrating client data beyond the minimum necessary to demonstrate the vulnerability.
T-Mat Global follows a coordinated disclosure model. We ask that researchers allow us a reasonable remediation period — typically 90 days — before publicly disclosing confirmed vulnerabilities. We will work with researchers to agree on appropriate disclosure timelines and coordinate any public announcements.
T-Mat Global acknowledges the valuable contribution of security researchers. With the researcher's permission, we will publicly credit individuals who responsibly disclose verified security vulnerabilities that result in a material improvement to our security posture.
T-Mat Global respects your privacy and is committed to protecting all personal data collected through our website, services, and client engagements. This policy describes what data we collect, why we collect it, how we use it, and your rights in relation to it.
We collect personal data in the following categories: Contact information (name, email address, phone number) submitted through our contact forms or email. Business information (company name, role, requirements) provided as part of service inquiries. Technical data (IP address, browser type, pages visited, time on site) collected automatically when you visit our website. Communication records including emails and meeting notes related to client or prospect engagements.
We process personal data under the following legal bases: Contractual necessity — processing required to fulfil a service engagement. Legitimate interests — processing necessary for our business operations where not overridden by your rights. Consent — where you have explicitly opted in to a specific use of your data. Legal obligation — processing required to comply with applicable law.
Personal data is used exclusively to respond to your inquiries and communications, deliver contracted services, send service-related updates and notifications, fulfil legal and regulatory obligations, and improve the quality of our services and website. We do not use personal data for automated decision-making or profiling. We do not sell personal data to third parties.
T-Mat Global does not share personal data with third parties except where necessary to deliver contracted services (for example, cloud infrastructure providers operating under appropriate data processing agreements), where required by applicable law or regulatory authority, or where you have given explicit consent for a specific sharing arrangement. All third-party processors are contractually bound to process data only as instructed.
You have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your data where we have no legal obligation to retain it, object to processing based on legitimate interests, request restriction of processing in certain circumstances, and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at hr@t-matglobal.com.
Where personal data originating in the US, UAE, or UK is processed in India, T-Mat Global ensures appropriate contractual safeguards are in place — including standard contractual clauses and data processing agreements — to protect your data in accordance with applicable data protection law.
T-Mat Global implements comprehensive technical and organizational measures to safeguard all data — client data, employee data, and business data — against unauthorized access, loss, destruction, or misuse.
All data in transit is encrypted using TLS 1.2 or higher. All data at rest is encrypted using AES-256. Access to all systems containing personal or confidential data is protected by multi-factor authentication. All production systems are hosted on major cloud infrastructure (AWS, Azure, GCP) with enterprise-grade physical and logical security controls.
Access to client data and confidential information is governed by role-based access control (RBAC) on a minimum-privilege basis. Access rights are reviewed quarterly and revoked immediately upon employee or contractor offboarding. All access to sensitive systems is logged and monitored. Shared credentials are prohibited.
All T-Mat Global employees and contractors complete data protection training at onboarding and annually thereafter. All personnel with access to client data sign formal confidentiality agreements. Data protection obligations are incorporated into all employment and contractor agreements. A designated data protection point of contact is responsible for overseeing compliance.
T-Mat Global conducts regular vulnerability assessments on all systems used in client delivery. Critical vulnerabilities are remediated within 24 hours, high-severity within 7 days, and medium-severity within 30 days. All third-party dependencies are monitored for known CVEs using automated scanning tools integrated into our CI/CD pipelines.
All client project data and critical operational data is backed up daily with geographically redundant storage. Backup integrity is verified through regular restoration testing. Recovery point objectives (RPO) and recovery time objectives (RTO) are defined per engagement and documented in the applicable SLA.
Where T-Mat Global engages third-party services that process personal or client data — including cloud providers, communication tools, and development platforms — we ensure those providers are subject to appropriate data processing agreements and maintain security standards at least equivalent to our own.
This policy governs the acceptable use of T-Mat Global's systems, services, infrastructure, and platforms — by employees, contractors, clients, and any other authorized users. Compliance with this policy is a condition of all engagements.
T-Mat Global systems and services may be used for legitimate business purposes within the scope of the applicable engagement agreement. This includes accessing systems necessary to perform contracted work, communicating through approved channels, and using authorized tools and platforms as part of the delivery workflow.
The following activities are strictly prohibited: accessing systems or data beyond the scope of authorized access; introducing malware, viruses, or malicious code into any system; attempting to circumvent security controls, monitoring, or access restrictions; sharing access credentials with unauthorized parties; using T-Mat Global systems for personal commercial activity; transmitting unsolicited communications; and any activity that violates applicable law.
Where T-Mat Global team members are granted access to client systems as part of a delivery engagement, that access is used exclusively for the purposes defined in the engagement agreement. Access credentials are stored securely, never shared, and revoked or returned to the client at engagement completion.
T-Mat Global reserves the right to monitor use of its systems and services to the extent permitted by applicable law. Monitoring is used to ensure compliance with this policy, protect system security, and investigate suspected policy violations. Users should have no expectation of privacy when using T-Mat Global provided systems in the context of a professional engagement.
Violations of this policy by employees may result in disciplinary action up to and including termination of employment. Violations by contractors may result in immediate termination of the engagement. Violations by clients may result in suspension of service access. T-Mat Global reserves the right to involve law enforcement in cases involving illegal activity.
Any suspected violation of this policy should be reported immediately to hr@t-matglobal.com. Reports are treated confidentially. Individuals who report in good faith are protected from retaliation under T-Mat Global's whistleblower policy.
T-Mat Global treats all client information as strictly confidential from the first point of contact. Our NDA framework ensures legal protection for both parties across every stage of the engagement lifecycle.
A formally executed Non-Disclosure Agreement is offered to all prospective and active clients prior to any substantive discussion of business requirements, technical architecture, or commercial terms. NDAs are bilateral — both parties are bound by mutual confidentiality obligations. T-Mat Global maintains signed NDA records for the duration required by applicable law.
All information shared by a client in the context of an engagement or potential engagement is treated as confidential unless explicitly designated otherwise in writing. This includes but is not limited to: business strategy and plans, technical architecture and source code, product roadmaps, commercial terms, customer data, and any proprietary processes or methodologies.
Confidential client information is shared internally only on a strict need-to-know basis. All team members with access to client information are bound by confidentiality obligations under their employment or contractor agreements. Confidential information is never discussed in public forums, shared on personal devices, or disclosed to third parties without explicit written consent.
Confidentiality obligations survive the termination of any engagement. T-Mat Global team members remain bound by their confidentiality obligations in respect of client information for a minimum of 3 years following the conclusion of the relevant engagement, or indefinitely for trade secrets and genuinely proprietary information.
T-Mat Global maintains a documented incident response procedure to ensure that security incidents, data breaches, and service disruptions are identified, contained, and resolved rapidly — with transparent communication to affected clients throughout.
T-Mat Global operates continuous monitoring across all production systems and client delivery environments. All anomalous activity, suspected breaches, and system failures are logged, reviewed, and escalated immediately to the designated incident response lead.
Upon confirmation of a security incident, immediate containment measures are activated — including isolation of affected systems, revocation of compromised credentials, and suspension of impacted services where necessary to prevent further damage.
Clients affected by a confirmed security incident or data breach are notified within 24 hours of confirmation. Initial notification includes a summary of the incident, known impact, and immediate actions taken. A full root cause analysis and post-incident report is provided within 72 hours.
Following containment, T-Mat Global conducts a thorough root cause analysis to identify and eradicate the underlying cause of the incident. Systems are restored from clean backups where applicable. All recovery actions are documented and reviewed.
Every significant incident triggers a formal post-incident review within 5 business days of resolution. The review identifies root causes, evaluates the effectiveness of the response, and produces a set of documented remediation actions to prevent recurrence.
Where an incident involves personal data and meets the threshold for mandatory notification under applicable law — including Indian IT Act provisions, UK GDPR, or applicable UAE regulations — T-Mat Global will make the required regulatory notifications within the legally mandated timeframe.
This policy explains how T-Mat Global uses cookies and similar tracking technologies on our website — what they are, what we use them for, and how you can control them.
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function correctly, improve performance, and provide information to website owners. T-Mat Global uses a minimal set of cookies necessary to operate our website.
Essential cookies — required for the website to function, including session management and security tokens. These cannot be disabled without affecting website functionality. Analytics cookies — used to understand how visitors interact with our website, including pages visited and time on site. These are used in aggregate and anonymized form only. We do not use advertising, tracking, or third-party marketing cookies.
You may disable non-essential cookies through your browser settings at any time. Note that disabling cookies may affect the functionality of certain website features. You may also use browser extensions or privacy tools to manage cookies across all websites you visit.
T-Mat Global does not use cookies for advertising targeting, retargeting, or cross-site tracking. We do not share cookie data with advertising networks, social media platforms, or any third party for commercial purposes. Our website is designed to function with minimal cookie footprint.
T-Mat Global retains data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. This policy defines our standard retention periods and secure deletion procedures.
| Data Category | Retention Period | Basis |
|---|---|---|
| Client project files and delivery documentation | 3 years post-engagement | Contractual / Legitimate Interest |
| Client communication records (emails, meeting notes) | 3 years post-engagement | Legitimate Interest |
| Signed contracts, SOWs, and NDAs | 7 years | Legal Obligation |
| Financial records and invoices | 7 years | Legal Obligation (Tax / GST) |
| Employee personnel records | 5 years post-employment | Legal Obligation |
| Contractor engagement records | 3 years post-engagement | Legal Obligation |
| Website enquiry form submissions | 2 years | Legitimate Interest |
| Security incident logs | 3 years | Legal Obligation / Security |
| Access and activity logs | 1 year | Security / Legitimate Interest |
| Marketing communications (with consent) | Until consent withdrawn | Consent |
Upon expiry of the applicable retention period, data is securely deleted or anonymized using methods appropriate to the sensitivity of the data and the medium on which it is stored. For digital data, this includes cryptographic erasure or overwriting. Physical records containing personal data are shredded. Clients may request confirmation of deletion upon request.
For any question, concern, or request relating to these policies — including data subject rights requests, security disclosures, or compliance queries — contact us directly.
These policies were last reviewed and updated: March 2026. T-Mat Global commits to reviewing all policies at least annually or upon any material change to our operations, legal obligations, or service delivery model.