Privacy Policy

Effective Date: November 10, 2025
Last Updated: November 10, 2025

Questions about this Policy? Email writetokushaldsamant@gmail.com. We're committed to transparency about data practices.

Kushal Dhananjay Samant ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS development services, proprietary software platforms, and related offerings (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this policy.

1. Quick Summary

What We Collect:

Contact information (name, email, phone)
Account and payment information
Usage data and device information
Project-related content and communications

How We Use It:

Provide and improve our Services
Process payments and fulfill contracts
Communicate with you
Ensure security and prevent fraud

Who We Share With:

Service providers (hosting, payment processing, analytics)
We do NOT sell your personal data

Your Rights:

Access, correct, delete, or export your data
Object to processing or withdraw consent
File complaints with supervisory authorities

Contact Us:
Email: writetokushaldsamant@gmail.com

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

Full name
Email address
Phone number
Company name and job title (for business accounts)
Billing address
Password (encrypted and never stored in plain text)

Payment Information:

Payment details are processed securely by Stripe
We do not store complete credit card numbers
We retain billing history and transaction records

Project and Communication Data:

Project requirements, specifications, and documentation
Files, content, and materials you upload
Messages, emails, and support tickets
Feedback, survey responses, and testimonials
Meeting notes and consultation records (with your consent)

Consultation Booking Information:

Meeting preferences and availability
Information provided through Setmore scheduling
Calendar integration data (with permission)

2.2 Information Collected Automatically

Device and Browser Information:

IP address and geolocation (city/country level)
Device type, operating system, and version
Browser type, version, and language settings
Screen resolution and device identifiers
Referring URLs and exit pages

Usage Data:

Pages visited and features accessed
Time spent on pages
Click patterns and navigation paths
Search queries within our Platform
Session duration and frequency of use
Performance metrics and error logs

Cookies and Tracking Technologies:

Essential Cookies: Authentication, security, session management
Analytics Cookies: Google Analytics, usage patterns, performance monitoring
Preference Cookies: Language, display settings, saved preferences
Marketing Cookies: Conversion tracking, remarketing (with consent)

See Section 9 for detailed information about cookies.

Location Data:

Approximate location based on IP address (always collected)
Precise location (only with explicit permission)

2.3 Information from Third Parties

Payment Processors (Stripe):

Payment confirmation and transaction status
Fraud detection signals
Billing-related information

Scheduling Services (Setmore):

Booking confirmation details
Meeting attendance information
Calendar availability data

Authentication Providers:

Profile information from OAuth providers (Google, GitHub, etc.) if you choose to use social login
Email address and basic profile data

Public Sources:

Company information for verification purposes
Publicly available business details

3. Legal Basis for Processing (GDPR Article 6)

For users in the European Union/EEA, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity (Article 6(1)(b))

Processing necessary to:

Provide the Services you've requested
Process payments and billing
Deliver customer support
Fulfill our obligations under agreements with you

3.2 Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate business interests:

Improve and develop our Services
Analyze usage patterns and optimize performance
Prevent fraud and ensure security
Conduct business operations and administration
Maintain and improve our systems

3.3 Consent (Article 6(1)(a))

Processing based on your explicit consent for:

Marketing communications and newsletters
Non-essential cookies and tracking
Third-party integrations you enable
Sharing data beyond what's necessary for the Services

3.4 Legal Obligations (Article 6(1)(c))

Processing required to comply with:

Tax and accounting regulations
Government reporting requirements
Court orders and legal processes
Regulatory compliance obligations

3.5 Vital Interests (Article 6(1)(d))

Processing necessary to protect vital interests in emergency situations.

4. How We Use Your Information

4.1 Service Delivery and Performance

Create and manage your account
Process transactions and maintain billing records
Provide access to our Platform and Services
Deliver custom development work and deliverables
Provide technical support and customer service
Send service-related notifications and updates

4.2 Communication

Respond to your inquiries and requests
Send important updates about your account or services
Notify you of changes to our Terms or policies
Share security alerts and system status updates
Send marketing communications (with your consent)

4.3 Improvement and Development

Analyze how users interact with our Services
Identify trends and usage patterns
Test new features and conduct A/B testing
Conduct research to improve user experience
Optimize performance and fix bugs
Develop new products and features

4.4 Security and Fraud Prevention

Detect and prevent fraudulent transactions
Monitor for suspicious activity and security threats
Investigate and respond to security incidents
Verify identity and prevent unauthorized access
Enforce our Terms of Service

4.5 Legal Compliance and Protection

Comply with applicable laws and regulations
Respond to legal requests and court orders
Protect our rights, property, and safety
Protect the rights and safety of our users
Resolve disputes and enforce agreements

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We never have, and we never will.

5.2 Service Providers (Data Processors)

We share data with trusted service providers who assist us in operating our business:

Hosting and Infrastructure:

Cloud hosting providers (AWS, Google Cloud, or similar)
Content delivery networks (CDNs)
Database hosting services

Payment Processing:

Stripe (payment processing and fraud detection)
Banking partners as required for transactions

Communication Tools:

Email service providers
Setmore (appointment scheduling)
Video conferencing platforms (for consultations, with consent)

Analytics and Performance Monitoring:

Google Analytics
Error tracking and monitoring services
Performance optimization tools

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy:

Your information may be transferred to the successor entity
You will be notified via email and website notice
This Privacy Policy will continue to apply to your information
You may have the option to delete your account before the transfer

5.4 Legal Requirements and Protection

We may disclose your information when required by law or when necessary to:

Comply with court orders, subpoenas, or legal processes
Respond to lawful requests from government authorities
Enforce our Terms of Service
Protect our rights, property, and safety
Protect the rights, property, and safety of our users or the public
Prevent fraud, security threats, or illegal activity

5.5 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so, such as:

Third-party integrations you enable
Partners or collaborators you designate
Public sharing features you choose to use

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

Statistical analysis and reporting
Industry benchmarks and trends
Research and publications

6. International Data Transfers

6.1 Data Storage Locations

Your data may be stored and processed in:

Primary: India and/or United States
Backup: European Union and/or United States
CDN: Distributed globally for performance

6.2 Transfer Safeguards

For EU/EEA Users (GDPR Articles 45-46):

Standard Contractual Clauses (SCCs): We use EU-approved SCCs when transferring data from the EU to countries without adequacy decisions
Adequacy Decisions: We rely on EU Commission adequacy decisions where available
Additional Safeguards: Encryption, access controls, and contractual protections

For UK Users:

UK-approved International Data Transfer Agreement (IDTA)
Standard Contractual Clauses approved by UK ICO
Additional security measures

For Other Jurisdictions:

Appropriate safeguards consistent with local data protection laws
Contractual commitments with data recipients
Technical and organizational security measures

6.3 Your Rights Regarding Transfers

Request information about how your data is transferred
Object to specific transfers (subject to limitations if necessary for service delivery)
File complaints with your local supervisory authority

7. Data Retention

We retain your information only as long as necessary for the purposes described in this Privacy Policy or as required by law.

7.1 Account Data

Active Accounts: Retained while your account is active
Closed Accounts: Deleted within 30 days of account closure
Backup Copies: Purged from backups within 90 days

7.2 Project and Development Data

Active Projects: Retained during project execution
Completed Projects: Retained for 3 years after project completion
Purpose: Support, warranty obligations, dispute resolution

7.3 Financial Records

Invoices and Payment Records: 7 years (required by Indian tax law)
Transaction Details: Via Stripe per their retention policy

7.4 Marketing Data

Retained until you withdraw consent or unsubscribe
Deleted within 30 days of unsubscribe request
You may unsubscribe at any time

7.5 Usage Logs and Analytics

Access Logs: 90 days (rolling)
Security Logs: 1 year
Aggregated Analytics: Indefinitely (anonymized)

7.6 Support Communications

Support Tickets and Emails: 3 years from last interaction
Purpose: Service improvement, training, dispute resolution

7.7 Deletion Methods

When data is deleted:

Secure deletion from production systems
Removal from active databases
Purging from backup systems during scheduled cycles
Irreversible anonymization where retention is required for legal or legitimate business purposes

8. Your Privacy Rights

8.1 Rights for EU/EEA Users (GDPR)

Right to Access (Article 15):

Confirm whether we process your personal data
Receive a copy of your personal data
Obtain information about how we process your data

Right to Rectification (Article 16):

Correct inaccurate or incomplete personal data

Right to Erasure – "Right to be Forgotten" (Article 17):

Request deletion of your personal data
Exceptions apply (e.g., legal obligations, legitimate interests, ongoing contracts)

Right to Restrict Processing (Article 18):

Limit how we use your data in certain circumstances
During dispute resolution or verification processes

Right to Data Portability (Article 20):

Receive your data in a structured, commonly used format (JSON, CSV)
Transmit your data to another service provider

Right to Object (Article 21):

Object to processing based on legitimate interests
Object to direct marketing (always honored immediately)

Right to Withdraw Consent (Article 7(3)):

Withdraw consent at any time (doesn't affect prior lawful processing)

Right Not to be Subject to Automated Decision-Making (Article 22):

Request human review of decisions made solely by automated means

Right to Lodge a Complaint:

File complaints with your local Data Protection Authority
Contact the European Data Protection Board

8.2 Rights for California Residents (CCPA/CPRA)

Right to Know:

Know what categories of personal information we collect
Know the sources of personal information
Know the business purposes for collection
Know the categories of third parties with whom we share data

Right to Delete:

Request deletion of your personal information
Exceptions apply (e.g., completing transactions, legal obligations)

Right to Opt-Out of Sale:

We do not sell personal information, so this right is not applicable

Right to Non-Discrimination:

We will not discriminate against you for exercising your CCPA rights
Equal service and pricing regardless of rights exercised

Right to Correct:

Request correction of inaccurate personal information

Right to Limit Use of Sensitive Personal Information:

Where applicable, limit use of sensitive personal information

8.3 Rights for Indian Users

Under the Information Technology Act, 2000 and SPDI Rules:

Right to Access: Review personal information we hold
Right to Correction: Correct inaccurate or incomplete data
Right to Withdraw Consent: Withdraw consent for data collection
Right to Disclosure: Know with whom your data has been shared

8.4 How to Exercise Your Rights

Request Methods:

Email: writetokushaldsamant@gmail.com
Subject Line: "Privacy Rights Request – [Type of Request]"
Include: Your name, email address, and specific request

Verification Process:

We must verify your identity before processing requests (for security)
We may request additional information to confirm your identity
Authorized agents must provide proof of authorization

Response Time:

GDPR/CCPA: 30 days for most requests
Complex Requests: May extend up to 30 additional days with notice
Acknowledgment: Within 5 business days

Cost:

First request is free
Excessive, repetitive, or manifestly unfounded requests may incur fees

Account Settings: Many rights can be exercised directly in your account settings:

Update profile information
Manage communication preferences
Download your data
Delete your account

9. Cookies & Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Services.

9.2 Types of Cookies We Use

Essential Cookies (Always Active):

Authentication and login sessions
Security and fraud prevention
Load balancing and system functionality
CSRF (Cross-Site Request Forgery) protection
Session management

Analytics Cookies (Can Opt-Out):

Google Analytics: Traffic analysis, user behavior
Performance monitoring and error tracking
Feature usage and engagement metrics
A/B testing and optimization

Preference Cookies:

Language and region settings
Display preferences (dark mode, layout)
Saved filters and customizations

Marketing Cookies (Require Consent):

Google Ads: Conversion tracking and remarketing
Social media pixels (Facebook, LinkedIn) if enabled
Campaign effectiveness measurement

9.3 Third-Party Cookies

Google Analytics:

Tracks website usage and performance
Privacy Policy: https://policies.google.com/privacy

Stripe:

Fraud detection and payment processing
Privacy Policy: https://stripe.com/privacy

Social Media Platforms:

Sharing buttons and social features (if you choose to use them)
Subject to their respective privacy policies

9.4 Cookie Management

Browser Settings:

Most browsers allow you to block or delete cookies
Blocking cookies may affect functionality

Opt-Out Tools:

Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Cookie Consent Banner:

Manage preferences when you first visit our site
Update preferences via account settings

Effect of Blocking Cookies:

Essential cookies are required for the Services to function
Blocking analytics cookies reduces our ability to improve the Services
Blocking preference cookies may result in losing custom settings

9.5 Do Not Track (DNT)

We honor Do Not Track signals where technically feasible. Enabling DNT may limit some analytics and personalization features.

10. Security Measures

We implement comprehensive security measures to protect your information:

10.1 Technical Safeguards

Encryption:

In Transit: TLS 1.3 or higher for all data transmission
At Rest: AES-256 encryption for stored data
End-to-End Encryption: Where applicable for sensitive communications
Encrypted Backups: All backup data is encrypted

Access Controls:

Multi-Factor Authentication (MFA): Required for administrative access
Role-Based Access Control (RBAC): Minimum necessary access principle
Strong Password Requirements: Enforced complexity and regular rotation
Session Management: Automatic timeout, secure session tokens

Infrastructure Security:

Firewalls: Network and application-level firewalls
Intrusion Detection/Prevention (IDS/IPS): Real-time threat monitoring
DDoS Mitigation: Protection against distributed denial-of-service attacks
Network Segmentation: Isolated production, staging, and development environments

10.2 Organizational Safeguards

Personnel Security:

Security awareness training for all employees
Background checks (where legally permitted)
Confidentiality agreements and NDAs
Principle of least privilege

Policies and Procedures:

Written security policies and standards
Regular policy reviews and updates
Incident response procedures
Data breach notification protocols

10.3 Monitoring and Response

24/7 Security Monitoring:

Real-time monitoring of system activity
Automated alerting for suspicious behavior
Log analysis and correlation

Vulnerability Management:

Regular vulnerability scanning
Security patch management
Timely application of critical updates

Penetration Testing:

Annual third-party penetration testing
Remediation of identified vulnerabilities
Regular security assessments

Incident Response:

Documented incident response plan
Rapid containment and investigation procedures
Notification protocols per legal requirements

10.4 Limitations

While we implement industry-standard security measures:

No method of transmission or storage is 100% secure
Internet transmission always carries some risk
You are responsible for maintaining the security of your account credentials

Report Security Issues: If you discover a security vulnerability, immediately contact writetokushaldsamant@gmail.com

11. Data Breach Notification

11.1 Discovery and Assessment

Upon discovering a potential data breach:

Immediate investigation and containment
Assessment of scope and impact
Determination of affected individuals and data types

11.2 Notification Timelines

Regulators:

GDPR (EU): Within 72 hours of becoming aware of the breach
Indian CERT-In: Per Information Technology Act requirements
Other Jurisdictions: Per applicable local laws

Affected Individuals:

Notified without undue delay if breach poses high risk to rights and freedoms
Clear, plain language explanation
Via email to registered address or account notification

11.3 Notification Contents

Breach notifications will include:

Nature of the breach and data types affected
Likely consequences of the breach
Measures taken or proposed to address the breach
Contact information for questions and concerns
Recommendations for steps you should take to protect yourself

11.4 Remediation

We commit to:

Taking immediate steps to contain and mitigate harm
Investigating root causes
Implementing additional safeguards to prevent recurrence
Cooperating with regulatory authorities

12. Children's Privacy

12.1 Age Restrictions

Our Services are not directed at, marketed to, or intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16.

12.2 Parental Consent

If you are between 16 and 18 years of age, you must have consent from a parent or legal guardian to use our Services and provide personal information.

12.3 If We Discover Child Data

If we become aware that we have collected personal information from a child under 16 without parental consent:

We will delete that information as quickly as possible
We will notify parents/guardians if contact information is available
We will take steps to prevent future unauthorized access

12.4 Parent Rights

Parents or guardians may:

Review information we have collected from their child
Request deletion of their child's information
Refuse to permit further collection or use of their child's information

Contact Us: If you believe we have collected information from a child under 16, please contact writetokushaldsamant@gmail.com immediately.

13. Third-Party Links and Services

13.1 External Links

Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties.

13.2 Review Third-Party Policies

Before providing personal information to any third-party site:

Review their privacy policies
Understand their data practices
Make informed decisions about sharing your information

13.3 No Endorsement

Links to third-party sites do not constitute endorsement of their content, products, services, or privacy practices.

13.4 Third-Party Services We Use

Our use of third-party service providers (e.g., Stripe, Setmore, Google Analytics) is governed by their privacy policies in addition to this Privacy Policy.

14. Marketing Communications

14.1 Types of Marketing

We may send you:

Service updates and new feature announcements
Company news and blog posts
Educational content and best practices
Promotional offers and discounts
Event invitations and webinars

14.2 Consent

Explicit Consent: Required for marketing communications
Opt-In: During registration or through separate consent
Separate from Service Communications: Marketing consent is independent of service-related communications

14.3 Unsubscribe Options

Unsubscribe Methods:

Click "Unsubscribe" link in any marketing email
Update preferences in account settings
Email writetokushaldsamant@gmail.com with subject "Unsubscribe"

Processing Time:

Unsubscribe requests processed within 48 hours
May take up to 10 days for systems to fully update

Confirmation:

You'll receive confirmation of your unsubscribe request

14.4 Transactional Emails

You cannot opt out of essential service communications:

Account notifications (password resets, security alerts)
Billing and payment confirmations
Service updates affecting your use
Legal notices and policy changes

15. Business Transfers

15.1 Merger, Acquisition, or Sale

If we are involved in a merger, acquisition, asset sale, or similar transaction:

Your personal information may be transferred to the acquiring entity
This Privacy Policy will continue to apply to your information
The successor entity will assume our obligations under this Privacy Policy

15.2 Notification

In the event of a business transfer:

We will notify you via email and prominent notice on our website
Notice will be provided at least 30 days before transfer (where feasible)
You will be informed of any changes to data handling practices

15.3 Your Options

Before a business transfer is completed:

You may have the opportunity to delete your account and data
You may exercise your data portability rights to retrieve your information
Contact us at writetokushaldsamant@gmail.com with questions or concerns

16. Updates to This Privacy Policy

16.1 Right to Modify

We reserve the right to update this Privacy Policy at any time to reflect:

Changes to our Services or business practices
New legal or regulatory requirements
Technological developments
User feedback and improvements

16.2 Notification of Changes

For material changes, we will provide notice through:

Email: To your registered email address (30 days' advance notice)
Website: Prominent notice on our website
In-App: Notification within the Platform (where applicable)

16.3 Continued Use

Continued use of our Services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

16.4 Review Regularly

We encourage you to:

Review this Privacy Policy periodically
Check the "Last Updated" date at the top
Stay informed about how we protect your information

16.5 Version History

Previous versions of this Privacy Policy are available upon request. Contact writetokushaldsamant@gmail.com for historical versions.

17. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

17.1 Privacy Inquiries

Email: writetokushaldsamant@gmail.com
Subject: "Privacy Inquiry"
Response Time: 3-5 business days

17.2 Data Protection Officer (DPO)

Email: writetokushaldsamant@gmail.com
Purpose: GDPR-related matters, data protection questions

17.3 Mailing Address

Kushal Dhananjay Samant
H.No. 2337, "Visava"
Swami Samarth Nagar, Near Dattanagar
Kavilgaon, Nerur
Kudal – 416520
Sindhudurg, Maharashtra, India

17.4 General Support

Website: https://kushalsamant.github.io/getintouch.html
Phone: +91 87796 32310
Support Hours: Monday–Saturday, 10:00 AM – 8:00 PM IST

18. Supervisory Authorities

If you have concerns about our data practices or believe your privacy rights have been violated, you may contact:

18.1 India

Ministry of Electronics & Information Technology (MeitY)
Website: https://www.meity.gov.in

Indian Computer Emergency Response Team (CERT-In)
Website: https://www.cert-in.org.in

Consumer Protection:
National Consumer Helpline: 1800-11-4000

18.2 European Union/EEA

Your Local Data Protection Authority
Find your DPA: https://edpb.europa.eu/about-edpb/board/members_en

European Data Protection Board
Website: https://edpb.europa.eu

18.3 United Kingdom

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

18.4 California, USA

California Attorney General
Website: https://oag.ca.gov/privacy

California Office of Privacy Protection
Website: https://oag.ca.gov/privacy

19. Jurisdiction-Specific Provisions

19.1 India

Information Technology Act, 2000:

Compliance with Section 43A and Section 72A
Reasonable security practices and procedures

Sensitive Personal Data or Information (SPDI) Rules, 2011:

Collection, storage, and handling of sensitive personal data
Consent requirements and disclosure obligations

CERT-In Directions:

Cyber incident reporting
Synchronization of ICT clocks
Log maintenance requirements

Consumer Protection Act, 2019:

Consumer rights for service deficiency
Complaint mechanisms and remedies

19.2 European Union

GDPR (Regulation 2016/679):

Full compliance with all GDPR requirements
Data subject rights implementation
Lawful bases for processing
Data Protection Impact Assessments (DPIAs) where required
Records of processing activities

EU Representative:

If required in the future, we will appoint an EU representative per GDPR Article 27

Data Transfer Mechanisms:

Standard Contractual Clauses (SCCs) for transfers outside the EU
Adequacy decisions where applicable

19.3 United Kingdom

UK GDPR and Data Protection Act 2018:

Compliance with UK data protection laws post-Brexit
ICO guidance and codes of practice

UK Representative:

If required, we will appoint a UK representative

International Transfers:

UK-approved transfer mechanisms (IDTA or SCCs)

19.4 California, USA

California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA):

Consumer rights implementation
Right to know, delete, correct, and opt-out
Non-discrimination for exercising rights

"Do Not Sell My Personal Information":

We do not sell personal information
No opt-out required as we don't engage in data sales

Categories of Personal Information Collected:

Identifiers, commercial information, internet activity
Professional information, geolocation data

19.5 Other US States

We comply with privacy laws in other US states with comprehensive privacy legislation:

Virginia (CDPA):

Consumer Data Protection Act requirements

Colorado (CPA):

Colorado Privacy Act requirements

Connecticut (CTDPA):

Connecticut Data Privacy Act requirements

Other States:

We monitor and comply with emerging state privacy laws

20. Additional Information

20.1 Data Accuracy

We strive to maintain accurate personal information. You can help by:

Keeping your account information up to date
Promptly notifying us of changes
Reviewing your data periodically

20.2 Data Minimization

We collect only the personal information necessary to provide our Services and fulfill the purposes described in this Privacy Policy.

20.3 Transparency

We are committed to transparency about our data practices. If you have questions or need clarification about any aspect of this Privacy Policy, please contact us.

20.4 Your Trust

Your privacy and trust are important to us. We continuously review and improve our data protection practices to safeguard your information.

This Privacy Policy was last updated on November 10, 2025.

For the most current version, please visit: https://kushalsamant.github.io/privacypolicy.html