Misrouted Email Handling Policy

Anthropic India (Anthropic Softwares Pvt Ltd)

Effective Date: 02 May 2026

Preface

**Anthropic India (Anthropic Softwares Pvt. Ltd.)** is a separate and distinct legal entity. In the recent past, it has encountered situations where electronic communications, correspondence, and digital messages intended for unrelated third parties have been inadvertently transmitted to, received by, or routed through its domain and communication infrastructure. A substantial portion of such misdirected communications appear to relate to **Anthropic PBC**, its subsidiaries, affiliates, sister concerns, customers, vendors, or other associated third parties, with whom Anthropic India has no corporate affiliation, relationship, or responsibility. Given the recurring nature of such incidents and the potential risks arising therefrom, including concerns relating to confidentiality, privacy, data protection, cybersecurity, operational burden, and legal compliance, Anthropic India considered it necessary to establish a structured framework and working protocol for the identification, handling, processing, filtering, monitoring, and redirection of misrouted electronic communications. Accordingly, this protocol has been thoughtfully designed and formulated in good faith to safeguard the legitimate interests of Anthropic India, its personnel, systems, and stakeholders, while ensuring that any actions undertaken in relation to misdirected communications are carried out in a responsible, transparent, and legally compliant manner. The provisions contained herein are intended to operate within the framework and spirit of the applicable laws, regulations, and legal principles referenced below, as may be amended from time to time.

1. Purpose & Background

Anthropic India (Anthropic Softwares Pvt Ltd) operates across India and international markets in Education, Cyber Security, Wi-Fi Monetisation, and Agent OS. Due to similarity between anthropic.in and anthropic.com, email misrouting has been consistently observed.

This creates risks including business loss, customer confusion, brand dilution, and potential exposure of confidential or sensitive data.

This policy is established as a proactive compliance and risk mitigation measure in accordance with:

This policy serves as documented evidence of due diligence, good faith, and reasonable security practices.

2. Good Faith & Ethical Commitment

Anthropic India (Anthropic Softwares Pvt Ltd) implements this policy strictly in good faith to prevent business disruption, customer confusion, and data risks.

Anthropic India (Anthropic Softwares Pvt Ltd) does not intend to access, analyse, use, retain, or derive any benefit from communications not intended for it.

Minimum Necessary Access:
Only limited access required for identifying and redirecting misrouted emails. No content is used, stored, or exploited.

Any incidental exposure occurs without intent and without negligence.

3. Email Categorisation

Format: [TOWHOME]

4. Handling of Misrouted Emails

Any email received at the anthropic.in domain name that appears to be misrouted shall be forwarded to:

misrouted-legal-archives@anthropic.in

The original sender(s) and recipient(s) shall be retained without alteration to preserve the communication trail.

Upon identification, the email shall be categorized in accordance with the Email Categorisation System defined in this policy. The subject line shall be updated to reflect the categorisation, for example:

“Misrouting Red Alert – ANTHROPIC_PBC – ENQ”

As part of due diligence, a reply-all communication may be initiated including:

This process is undertaken solely to notify relevant parties, ensure timely correction, and mitigate risks arising from misrouting.

  • Mandatory Archival:
    All misrouted emails shall be forwarded to misrouted-legal-archives@anthropic.in by an automated system and handled strictly in accordance with this policy.

    • 6. Legal Positioning & Data Responsibility

    Email misrouting is a foreseeable risk due to user of identical names/nomenclature for the respective domain name to carry out business.

    All stakeholders are deemed to have constructive notice of this risk.

    Anthropic India (Anthropic Softwares Pvt Ltd) acts as a Data Fiduciary under the DPDP Act, 2023.

    Controlled Access Principle: Only minimal necessary access is performed.

    This supports protection under Section 79 (Safe Harbour) of the IT Act.

    7. Reservation of Rights

    Anthropic India (Anthropic Softwares Pvt Ltd) reserves all rights relating to:

    No delay or omission shall be treated as waiver of rights.

    8. Limitation of Responsibility

    Anthropic India (Anthropic Softwares Pvt Ltd) is not responsible for misrouting caused by third parties.

    Sending emails to multiple domains name is at sender’s own risk.

    9. Legal Clarification

    This policy is a preventive compliance measure and does not constitute admission of liability.

    All rights are expressly reserved.

    10. Use of Misrouting Records for Legal and Regulatory Purposes

    Anthropic India (Anthropic Softwares Pvt Ltd) maintains limited records of misrouted communications strictly for the purposes of compliance, audit, risk mitigation, and legal protection.

    Such records may be preserved and, where required, disclosed to:

    • Courts of law, judicial authorities, or regulatory bodies;
    • Law enforcement agencies or competent authorities;
    • Legal advisors for the purpose of obtaining legal advice for further neccesary action.

    Any such use or disclosure shall be carried out strictly in accordance with applicable laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, and shall be limited to what is reasonably necessary for the relevant legal or regulatory purpose.

    Anthropic India does not use or disclose misrouted communications for any commercial, competitive, or unrelated purposes. Any reliance on such records will be strictly for lawful protection of rights, compliance, and evidentiary requirements.

    11. Limitation of Liability in Context of Proactive Risk Mitigation

    Anthropic India (Anthropic Softwares Pvt Ltd) has proactively identified and addressed the risk of email misrouting arising from domain name similarity, recognising that such misrouting may potentially result in serious and irreversible consequences, including exposure of sensitive or confidential information relating to intellectual property, financial data, commercial transactions, or other protected information.

    In response, Anthropic India (Anthropic Softwares Pvt Ltd) has implemented documented procedures, technical safeguards, and operational protocols under this policy to prevent, detect, and mitigate such risks in a timely and responsible manner.

    Accordingly, Anthropic India (Anthropic Softwares Pvt Ltd) has exercised reasonable security practices, due diligence, and good-faith conduct as required under applicable laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

    In light of the above, any unintended receipt, limited handling, or incidental exposure to misrouted communications shall be deemed to occur despite the implementation of reasonable safeguards and not as a result of negligence, wilful misconduct, or unlawful intent on the part of Anthropic India (Anthropic Softwares Pvt Ltd).

    To the extent permitted under applicable law, Anthropic India (Anthropic Softwares Pvt Ltd) shall not be held liable for any loss, damage, or consequence arising solely from misrouting of communications caused by third-party actions, domain name similarity, or incorrect addressing, where such events occur despite the implementation of this policy and reasonable safeguards.

    This clause shall be read in conjunction with applicable statutory protections, including safe harbour provisions under Section 79 of the Information Technology Act, 2000.

    12. Comprehensive Legal Framework & Statutory Support

    This policy is implemented and interpreted in accordance with applicable Indian laws, supported by relevant international legal principles, to ensure lawful handling of misrouted communications, protection of data, and prevention of consumer confusion.

    Primary Indian Legal Framework:

    • Information Technology Act, 2000:
      • Section 43A – reasonable security practices and compensation for failure to protect data;
      • Sections 72 & 72A – protection of confidentiality and prevention of unauthorised disclosure;
      • Section 79 – safe harbour protection where due diligence and good-faith actions are demonstrated.
    • Information Technology Rules, 2011 – mandating documented security practices and procedures for handling sensitive information.
    • Digital Personal Data Protection Act, 2023 – including obligations of a Data Fiduciary such as purpose limitation, data minimisation, and implementation of appropriate safeguards.
    • Trade Marks Act, 1999 – including protection against deceptive similarity, likelihood of confusion, and passing off arising from similar domain names and brand identifiers.
    • Common Law Principles of Passing Off – protecting goodwill and preventing misrepresentation leading to confusion among customers and stakeholders.

    Supporting International Legal Principles (where applicable):

    • Lanham Act (United States) – relating to trademark infringement, false designation of origin, and likelihood of confusion in cross-border commercial interactions;
    • General Data Protection Regulation (GDPR – European Union) – specifically principles of data minimisation, purpose limitation, and lawful processing, as internationally recognised standards;
    • Global Best Practices – including industry-recognised standards for responsible handling of unintended or misdirected communications.
    This policy demonstrates that Anthropic India (Anthropic Softwares Pvt Ltd) has adopted a multi-layered legal compliance approach, combining statutory obligations, judicial principles, and international best practices to ensure responsible handling of misrouted communications and protection against liability.

    All actions undertaken under this policy shall be interpreted in light of the above legal framework, reinforcing that Anthropic India (Anthropic Softwares Pvt Ltd) acts with due diligence, in good faith, and in compliance with applicable laws.

    13. Scope, Applicability & Implementation

    This policy shall apply to all email communications received at or processed through the anthropic.in domain name, including but not limited to:

    • sales@anthropic.in
    • support@anthropic.in
    • legal@anthropic.in
    • and any other official email accounts operated under the anthropic.in domain name.

    This policy shall apply to:

    • All existing and previously received emails (retrospective application); and
    • All future incoming and outgoing email communications.

    The retrospective application of this policy is implemented solely for the purposes of compliance, audit, risk identification, and mitigation, and to ensure consistent handling of misrouted communications.

    This policy is issued under the direction of management of Anthropic India (Anthropic Softwares Pvt Ltd), and all relevant personnel, systems, and processes are required to adhere to and implement this policy with immediate effect.

    All teams and authorised personnel shall ensure that misrouted email handling, classification, archiving, and redirection processes are carried out in accordance with this policy for both historical and future communications.

    This policy shall be treated as a binding internal compliance framework and shall be followed in conjunction with applicable laws and organisational procedures.

    5. Automated Processing & Restricted Access

    To ensure data integrity and compliance with the DPDP Act 2023, Anthropic India manages misrouted communications through a strict technical protocol:

    • Automated Handling: Incoming communications to sales@, support@, and legal@anthropic.in identified as misdirected are processed exclusively by an automated system.
    • Restricted Access Policy: While technical access to the misrouted-legal-archives@anthropic.in mailbox exists for system administration, Anthropic India enforces a strict No-Read Policy prohibiting the manual review of email content by any employee or director. Any unauthorized access is subject to strict disciplinary action.
    • Purpose-Bound Archiving: Access is limited strictly to the Data Protection Officer (DPO) who in consultation with managment can himself/herself either through management or in consultation of management solicit any legal advice concerning the same for appropriate legal action.

    Content Deletion & Data Disposal (Data Minimisation Principle)

    In accordance with the Data Minimisation and Storage Limitation principles under the DPDP Act, 2023:

    • Substantive email content and attachments are retained for a maximum of 90 calendar days for technical verification and audit purposes.
    • After 90 days, all substantive content is automatically and permanently deleted/purged.
    • Only limited, non-sensitive metadata (sender address, date, subject) may be retained solely for ongoing trademark litigation evidence, in a secure and access-restricted archive.
    • No personal data is used for any commercial, analytical, or training purposes whatsoever.

    Data Protection Officer (DPO) Contact

    For any queries, rights requests, or grievances related to personal data processing under this policy, please contact:

    Email: dpo@anthropic.in
    Response Timeline: Acknowledgment within 48 hours and full response within 7–30 days as per DPDP Act requirements.

    Grievance Redressal Mechanism (As per DPDP Act, 2023 – Section 13)

    Anthropic India (Anthropic Softwares Pvt Ltd) is committed to providing a readily available and effective grievance redressal mechanism for all Data Principals whose personal data may be processed under this policy.

    How to Raise a Grievance:

    • Email us at: dpo@anthropic.in
    • Clearly mention “Misrouted Email Grievance” in the subject line along with your email ID and details of the issue.

    Our Commitment:

    • Acknowledgment within 48 hours of receipt.
    • Resolution within 7–30 days (depending on complexity), as required under the DPDP Act.
    • If you are not satisfied with our response, you have the right to escalate the matter to the Data Protection Board of India.

    Data Principal Rights

    You have the right to:

    • Access, correct, or request erasure of your personal data processed under this policy.
    • Withdraw any implied processing consent (where applicable).
    • Lodge a grievance using the mechanism provided above.

    All requests will be handled in compliance with the Digital Personal Data Protection Act, 2023.

    Disclaimer: This protocol has been voluntarily established by Anthropic India (Anthropic Softwares Pvt. Ltd.) for internal administrative and operational purposes only. It does not constitute a law, regulation, contractual undertaking, admission, or legally enforceable obligation and shall not be relied upon or used against the company before any court, tribunal, regulatory authority, enforcement agency, or other forum as creating any right, liability, or obligation not otherwise imposed by applicable law.

    Anthropic India (Anthropic Softwares Pvt Ltd) • anthropic.in
    Confidential • Internal Policy • Good Faith Implementation
    Anthropic India (Anthropic Softwares Pvt Ltd) • anthropic.in
    Confidential • Internal Policy • Good Faith Implementation