Privacy Policy
Last Updated: July 18, 2026 · Effective Date: July 18, 2026
Table of Contents
- 1. Introduction
- 2. Scope of This Policy
- 3. Information We Collect
- 4. Cookies & Tracking Technologies
- 5. How We Use Your Information
- 6. Legal Bases for Processing
- 7. Advertising & Analytics
- 8. How We Share Information
- 9. International Data Transfers
- 10. Data Retention
- 11. Data Security
- 12. Your Privacy Rights
- 13. EEA & UK Residents (GDPR)
- 14. California Residents (CCPA/CPRA)
- 15. Indian Residents (DPDP Act)
- 16. Children’s Privacy
- 17. Do Not Track Signals
- 18. Third-Party Links
- 19. Changes to This Policy
- 20. Contact Us
1. Introduction
Welcome to Aithentics ("Aithentics," "we," "our," or "us"). We are a software consulting and development company headquartered in Ahmedabad, Gujarat, India, providing web and mobile application development, AI and automation solutions, dedicated engineering teams, and related technology services to businesses worldwide.
We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, how long we keep it, and the rights and choices available to you. It is written to satisfy the transparency requirements of the EU/UK General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the CPRA ("CCPA"), and India's Digital Personal Data Protection Act, 2023 ("DPDP Act").
By accessing our website at aithentics.com (the "Site") or using our services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will ask for your consent before collecting or using your personal information.
2. Scope of This Policy
This Privacy Policy applies to personal information we process when you:
- Visit or interact with our Site, including landing pages we operate for advertising campaigns
- Submit an enquiry, request a quote, book a consultation, or otherwise contact us
- Engage us for software development or consulting services as a client or prospective client
- Subscribe to our newsletter or receive marketing communications from us
- Apply for a job or engagement with us
- Interact with us on social media or third-party platforms
This policy does not apply to data we process on behalf of our clients within the software systems we build or maintain for them. In those cases we act as a processor/service provider, the client is the controller of that data, and the client's own privacy policy governs. Our handling of such data is defined by our written agreement with the client.
3. Information We Collect
3.1 Information You Provide Directly
- Contact and identity data: name, email address, phone number, company name, job title, and country, collected when you submit a contact or lead form, email us, or book a call.
- Enquiry and project data: the contents of your message, project requirements, budget range, timelines, technical specifications, and any documents or links you share with us.
- Business and billing data: billing address, tax identifiers (e.g., GSTIN, VAT number), purchase orders, and payment records when you become a client. We do not store full payment card numbers; payments are processed by our payment providers or via bank transfer.
- Marketing preferences: your email address and subscription choices if you opt in to our newsletter or updates.
- Recruitment data: resume/CV, cover letter, portfolio links, work history, and references if you apply to work with us.
- Communications: records of correspondence, meeting notes, and call recordings where you have been informed and applicable law permits.
3.2 Information Collected Automatically
When you visit the Site, we and our service providers automatically collect:
- Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language settings
- Usage data: pages viewed, time spent on pages, links clicked, scroll depth, referring URLs, and the search terms or advertisements that led you to us
- Campaign data: UTM parameters and ad-click identifiers (such as Google's GCLID and Meta's FBCLID) used to measure advertising performance
- Approximate location: city/region-level location inferred from your IP address
3.3 Information from Third Parties
- Advertising platforms: aggregated campaign and audience data from Google and Meta relating to how you interacted with our advertisements
- Business sources: publicly available professional information (e.g., your company website or LinkedIn profile) that we may review when responding to your enquiry
- Referrals: your contact details shared with us by a business partner or existing client who refers you to us, where permitted by law
5. How We Use Your Information
- Responding to enquiries: to answer your questions, prepare proposals and estimates, and schedule consultations
- Delivering services: to plan, build, deliver, and support the software and consulting services you engage us for
- Client and account management: to manage contracts, invoicing, payments, and business records, and to communicate about ongoing projects
- Marketing: to send newsletters, service updates, and promotional communications where you have opted in or where otherwise permitted, always with the ability to unsubscribe
- Advertising measurement: to attribute enquiries and conversions to our marketing campaigns and improve how we spend our advertising budget
- Site improvement: to analyze how the Site is used, diagnose technical issues, and improve content, navigation, and performance
- Security and fraud prevention: to protect the Site, our systems, and our business against spam, abuse, unauthorized access, and other threats
- Recruitment: to evaluate applications and communicate with candidates
- Legal compliance: to comply with accounting, tax, and other legal obligations, respond to lawful requests, and establish, exercise, or defend legal claims
We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you, and we do not sell your personal information for money.
6. Legal Bases for Processing
Where the GDPR or similar laws apply, we rely on the following legal bases:
- Contract: processing needed to take steps at your request before entering into a contract (e.g., preparing a proposal) or to perform our contract with you (e.g., delivering services, invoicing)
- Legitimate interests: operating and securing the Site, understanding how it is used, responding to business enquiries, growing our business through measured marketing, and preventing fraud — balanced against your rights and expectations
- Consent: sending marketing emails where consent is required, and setting non-essential cookies — you may withdraw consent at any time
- Legal obligation: retaining financial records, responding to lawful requests from authorities, and meeting other regulatory requirements
7. Advertising & Analytics Choices
You can limit or opt out of the third-party tools we use:
- Google Analytics: install the Google Analytics opt-out browser add-on (tools.google.com/dlpage/gaoptout)
- Google Ads: manage ad personalization at adssettings.google.com
- Meta (Facebook/Instagram): manage ad preferences in your Meta account settings (facebook.com/adpreferences)
- Industry opt-outs: use the Digital Advertising Alliance (optout.aboutads.info) or Network Advertising Initiative (optout.networkadvertising.org) tools
- Email marketing: click the unsubscribe link in any marketing email, or contact us directly — transactional and project-related emails will still be sent
9. International Data Transfers
We are based in India, and our service providers operate globally (including in the United States and the European Union). Your personal information may therefore be transferred to, stored in, and processed in countries other than your own, which may have different data protection laws. Where we transfer personal information from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK Addendum, adequacy decisions, or our providers' certification under recognized frameworks (such as the EU-U.S. Data Privacy Framework, where applicable). You may contact us for more information about the safeguards we use.
10. Data Retention
We keep personal information only as long as needed for the purposes described in this policy. As a guide:
- Enquiries that do not become engagements: up to 24 months from last contact, so we can respond if you return to us
- Client and contract records: for the duration of the engagement and up to 8 years afterwards, in line with limitation periods and Indian accounting and tax requirements
- Marketing subscriptions: until you unsubscribe or after a prolonged period of inactivity
- Analytics data: per the retention settings of our analytics tools (Google Analytics data is retained for a limited period before aggregation or deletion)
- Recruitment data: up to 12 months after the conclusion of the hiring process, unless you ask us to keep it longer or delete it sooner
When retention is no longer justified, we delete or irreversibly anonymize the information. Where immediate deletion is not possible (for example, in encrypted backups), the information remains protected and is purged on the backup rotation cycle.
11. Data Security
We apply technical and organizational measures appropriate to the risk, including:
- Encryption of data in transit using TLS/HTTPS across the Site
- Anti-abuse controls on public forms, including CSRF protection, rate limiting, and reCAPTCHA
- Access controls and the principle of least privilege for systems holding personal information
- Reputable, security-certified infrastructure providers
- Confidentiality obligations for our team members and subcontractors
- Secure development practices in the software we build and operate
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities where required by applicable law.
12. Your Privacy Rights
Depending on where you live, you may have some or all of the following rights over your personal information:
- Access — obtain confirmation of whether we process your information and receive a copy of it
- Correction — have inaccurate or incomplete information corrected
- Deletion — have your information erased, subject to legal and contractual retention obligations
- Restriction — limit how we process your information in certain circumstances
- Objection — object to processing based on legitimate interests, and to direct marketing at any time
- Portability — receive your information in a structured, commonly used, machine-readable format
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
- Complain — lodge a complaint with your local data protection authority
To exercise any of these rights, contact us using the details in Section 20. We will respond within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before acting on a request, and we will not discriminate against you for exercising your rights.
13. Additional Information for EEA & UK Residents (GDPR)
For personal information covered by this policy, Aithentics is the data controller. The legal bases we rely on are set out in Section 6, and international transfer safeguards in Section 9. In addition to the rights in Section 12, you have the right to lodge a complaint with your national supervisory authority — for example, the Information Commissioner's Office (ICO) in the UK or your member state's data protection authority in the EEA — though we would welcome the chance to address your concerns directly first.
14. Additional Information for California Residents (CCPA/CPRA)
In the preceding 12 months we have collected the categories of personal information described in Section 3: identifiers, professional information, commercial information, and internet activity. We collect them from the sources in Section 3, for the purposes in Section 5, and disclose them to the categories of recipients in Section 8.
- We do not sell personal information for monetary consideration and do not knowingly collect or sell personal information of consumers under 16.
- Our use of advertising cookies and pixels may constitute "sharing" for cross-context behavioral advertising. You can opt out by contacting us, using the platform controls in Section 7, or enabling a recognized opt-out preference signal such as Global Privacy Control (GPC) in your browser, which we honor where required.
- You have the rights to know, access, correct, delete, and opt out of sharing, and the right not to receive discriminatory treatment for exercising these rights.
- You may designate an authorized agent to make requests on your behalf; we will verify the request as permitted by law.
15. Additional Information for Indian Residents (DPDP Act, 2023)
For digital personal data processed under Indian law, Aithentics acts as a data fiduciary. You have the rights to access a summary of your personal data and processing activities, to correction and erasure, to grievance redressal, and to nominate another individual to exercise your rights in the event of death or incapacity. Requests and grievances can be raised with our grievance contact identified in Section 20; if you are not satisfied with our response, you may escalate to the Data Protection Board of India.
16. Children's Privacy
Our Site and services are intended for businesses and are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
17. Do Not Track Signals
Some browsers transmit "Do Not Track" (DNT) signals. There is no common industry standard for responding to DNT, and like most websites we do not currently respond to them. We do, however, honor the Global Privacy Control (GPC) signal where applicable law requires it, as described in Section 14.
18. Third-Party Links
The Site may link to third-party websites, tools, or social platforms. We are not responsible for the privacy practices or content of those third parties, and this Privacy Policy does not apply to them. We encourage you to review the privacy policy of every site you visit.
19. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we do, we will post the revised policy on this page and update the "Last Updated" date above. For material changes, we will provide more prominent notice — for example, by email where we hold your address, or a notice on the Site. We encourage you to review this page periodically.
20. Contact Us
If you have questions or concerns about this Privacy Policy, want to exercise your rights, or wish to raise a grievance, contact us at:
Company: Aithentics
Privacy / Grievance Contact: sales@aithentics.com (Attn: Privacy Officer)
Address: 532 TNTC, Nikol, Ahmedabad, Gujarat 382350, India
We aim to acknowledge privacy requests within 72 hours and resolve them within the timeframes required by applicable law.