Privacy Policy

Last Updated: July 18, 2026 · Effective Date: July 18, 2026

1. Introduction

Welcome to Aithentics ("Aithentics," "we," "our," or "us"). We are a software consulting and development company headquartered in Ahmedabad, Gujarat, India, providing web and mobile application development, AI and automation solutions, dedicated engineering teams, and related technology services to businesses worldwide.

We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, how long we keep it, and the rights and choices available to you. It is written to satisfy the transparency requirements of the EU/UK General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the CPRA ("CCPA"), and India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

By accessing our website at aithentics.com (the "Site") or using our services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will ask for your consent before collecting or using your personal information.

2. Scope of This Policy

This Privacy Policy applies to personal information we process when you:

  • Visit or interact with our Site, including landing pages we operate for advertising campaigns
  • Submit an enquiry, request a quote, book a consultation, or otherwise contact us
  • Engage us for software development or consulting services as a client or prospective client
  • Subscribe to our newsletter or receive marketing communications from us
  • Apply for a job or engagement with us
  • Interact with us on social media or third-party platforms

This policy does not apply to data we process on behalf of our clients within the software systems we build or maintain for them. In those cases we act as a processor/service provider, the client is the controller of that data, and the client's own privacy policy governs. Our handling of such data is defined by our written agreement with the client.

3. Information We Collect

3.1 Information You Provide Directly

  • Contact and identity data: name, email address, phone number, company name, job title, and country, collected when you submit a contact or lead form, email us, or book a call.
  • Enquiry and project data: the contents of your message, project requirements, budget range, timelines, technical specifications, and any documents or links you share with us.
  • Business and billing data: billing address, tax identifiers (e.g., GSTIN, VAT number), purchase orders, and payment records when you become a client. We do not store full payment card numbers; payments are processed by our payment providers or via bank transfer.
  • Marketing preferences: your email address and subscription choices if you opt in to our newsletter or updates.
  • Recruitment data: resume/CV, cover letter, portfolio links, work history, and references if you apply to work with us.
  • Communications: records of correspondence, meeting notes, and call recordings where you have been informed and applicable law permits.

3.2 Information Collected Automatically

When you visit the Site, we and our service providers automatically collect:

  • Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language settings
  • Usage data: pages viewed, time spent on pages, links clicked, scroll depth, referring URLs, and the search terms or advertisements that led you to us
  • Campaign data: UTM parameters and ad-click identifiers (such as Google's GCLID and Meta's FBCLID) used to measure advertising performance
  • Approximate location: city/region-level location inferred from your IP address

3.3 Information from Third Parties

  • Advertising platforms: aggregated campaign and audience data from Google and Meta relating to how you interacted with our advertisements
  • Business sources: publicly available professional information (e.g., your company website or LinkedIn profile) that we may review when responding to your enquiry
  • Referrals: your contact details shared with us by a business partner or existing client who refers you to us, where permitted by law

4. Cookies & Tracking Technologies

We use cookies, pixels, local storage, and similar technologies on the Site. These fall into the following categories:

  • Strictly necessary: required for the Site to function — for example, security tokens that protect our contact form against cross-site request forgery, and Google reCAPTCHA v3, which helps us distinguish genuine enquiries from automated abuse.
  • Analytics: Google Analytics 4 and Vercel Analytics, which help us understand how visitors use the Site — which pages are popular, where visitors come from, and where they encounter problems.
  • Advertising and measurement: Google Ads conversion tracking and the Meta (Facebook) Pixel with the Meta Conversions API, which measure whether our advertising is effective and may be used to show you relevant advertisements on those platforms.

You can control cookies through your browser settings, including blocking or deleting them, though blocking strictly necessary cookies may prevent parts of the Site (such as the contact form) from working. You can also opt out of specific tools as described in Section 7. Where required by law, we request your consent before setting non-essential cookies.

5. How We Use Your Information

  • Responding to enquiries: to answer your questions, prepare proposals and estimates, and schedule consultations
  • Delivering services: to plan, build, deliver, and support the software and consulting services you engage us for
  • Client and account management: to manage contracts, invoicing, payments, and business records, and to communicate about ongoing projects
  • Marketing: to send newsletters, service updates, and promotional communications where you have opted in or where otherwise permitted, always with the ability to unsubscribe
  • Advertising measurement: to attribute enquiries and conversions to our marketing campaigns and improve how we spend our advertising budget
  • Site improvement: to analyze how the Site is used, diagnose technical issues, and improve content, navigation, and performance
  • Security and fraud prevention: to protect the Site, our systems, and our business against spam, abuse, unauthorized access, and other threats
  • Recruitment: to evaluate applications and communicate with candidates
  • Legal compliance: to comply with accounting, tax, and other legal obligations, respond to lawful requests, and establish, exercise, or defend legal claims

We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you, and we do not sell your personal information for money.

7. Advertising & Analytics Choices

You can limit or opt out of the third-party tools we use:

  • Google Analytics: install the Google Analytics opt-out browser add-on (tools.google.com/dlpage/gaoptout)
  • Google Ads: manage ad personalization at adssettings.google.com
  • Meta (Facebook/Instagram): manage ad preferences in your Meta account settings (facebook.com/adpreferences)
  • Industry opt-outs: use the Digital Advertising Alliance (optout.aboutads.info) or Network Advertising Initiative (optout.networkadvertising.org) tools
  • Email marketing: click the unsubscribe link in any marketing email, or contact us directly — transactional and project-related emails will still be sent

8. How We Share Information

We do not sell your personal information for money, and we do not share it with third parties for their own independent marketing. We share information only as described below:

  • Hosting and infrastructure: our Site is hosted on Vercel, and enquiry data passes through their infrastructure
  • Email delivery: we use Resend (with an SMTP fallback provider) to deliver contact-form notifications and email communications
  • Analytics and advertising partners: Google (Analytics, Ads, reCAPTCHA) and Meta receive the data described in Sections 3.2 and 4. Sharing hashed contact data with advertising platforms for conversion measurement may be considered "sharing" for cross-context behavioral advertising under the CCPA; see Section 14 for your opt-out rights.
  • Professional advisers: accountants, auditors, lawyers, insurers, and bankers, where necessary for our legitimate business operations
  • Project partners and subcontractors: vetted specialists engaged on client projects, bound by confidentiality obligations
  • Legal and safety: courts, regulators, law enforcement, or other parties where disclosure is required by law or reasonably necessary to protect our rights, users, or the public
  • Business transfers: a buyer or successor in the event of a merger, acquisition, financing, or sale of assets, subject to this Privacy Policy

All service providers processing personal information on our behalf are bound by contractual obligations to protect it and to use it only for the services they provide to us.

9. International Data Transfers

We are based in India, and our service providers operate globally (including in the United States and the European Union). Your personal information may therefore be transferred to, stored in, and processed in countries other than your own, which may have different data protection laws. Where we transfer personal information from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK Addendum, adequacy decisions, or our providers' certification under recognized frameworks (such as the EU-U.S. Data Privacy Framework, where applicable). You may contact us for more information about the safeguards we use.

10. Data Retention

We keep personal information only as long as needed for the purposes described in this policy. As a guide:

  • Enquiries that do not become engagements: up to 24 months from last contact, so we can respond if you return to us
  • Client and contract records: for the duration of the engagement and up to 8 years afterwards, in line with limitation periods and Indian accounting and tax requirements
  • Marketing subscriptions: until you unsubscribe or after a prolonged period of inactivity
  • Analytics data: per the retention settings of our analytics tools (Google Analytics data is retained for a limited period before aggregation or deletion)
  • Recruitment data: up to 12 months after the conclusion of the hiring process, unless you ask us to keep it longer or delete it sooner

When retention is no longer justified, we delete or irreversibly anonymize the information. Where immediate deletion is not possible (for example, in encrypted backups), the information remains protected and is purged on the backup rotation cycle.

11. Data Security

We apply technical and organizational measures appropriate to the risk, including:

  • Encryption of data in transit using TLS/HTTPS across the Site
  • Anti-abuse controls on public forms, including CSRF protection, rate limiting, and reCAPTCHA
  • Access controls and the principle of least privilege for systems holding personal information
  • Reputable, security-certified infrastructure providers
  • Confidentiality obligations for our team members and subcontractors
  • Secure development practices in the software we build and operate

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities where required by applicable law.

12. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights over your personal information:

  • Access — obtain confirmation of whether we process your information and receive a copy of it
  • Correction — have inaccurate or incomplete information corrected
  • Deletion — have your information erased, subject to legal and contractual retention obligations
  • Restriction — limit how we process your information in certain circumstances
  • Objection — object to processing based on legitimate interests, and to direct marketing at any time
  • Portability — receive your information in a structured, commonly used, machine-readable format
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
  • Complain — lodge a complaint with your local data protection authority

To exercise any of these rights, contact us using the details in Section 20. We will respond within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before acting on a request, and we will not discriminate against you for exercising your rights.

13. Additional Information for EEA & UK Residents (GDPR)

For personal information covered by this policy, Aithentics is the data controller. The legal bases we rely on are set out in Section 6, and international transfer safeguards in Section 9. In addition to the rights in Section 12, you have the right to lodge a complaint with your national supervisory authority — for example, the Information Commissioner's Office (ICO) in the UK or your member state's data protection authority in the EEA — though we would welcome the chance to address your concerns directly first.

14. Additional Information for California Residents (CCPA/CPRA)

In the preceding 12 months we have collected the categories of personal information described in Section 3: identifiers, professional information, commercial information, and internet activity. We collect them from the sources in Section 3, for the purposes in Section 5, and disclose them to the categories of recipients in Section 8.

  • We do not sell personal information for monetary consideration and do not knowingly collect or sell personal information of consumers under 16.
  • Our use of advertising cookies and pixels may constitute "sharing" for cross-context behavioral advertising. You can opt out by contacting us, using the platform controls in Section 7, or enabling a recognized opt-out preference signal such as Global Privacy Control (GPC) in your browser, which we honor where required.
  • You have the rights to know, access, correct, delete, and opt out of sharing, and the right not to receive discriminatory treatment for exercising these rights.
  • You may designate an authorized agent to make requests on your behalf; we will verify the request as permitted by law.

15. Additional Information for Indian Residents (DPDP Act, 2023)

For digital personal data processed under Indian law, Aithentics acts as a data fiduciary. You have the rights to access a summary of your personal data and processing activities, to correction and erasure, to grievance redressal, and to nominate another individual to exercise your rights in the event of death or incapacity. Requests and grievances can be raised with our grievance contact identified in Section 20; if you are not satisfied with our response, you may escalate to the Data Protection Board of India.

16. Children's Privacy

Our Site and services are intended for businesses and are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

17. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is no common industry standard for responding to DNT, and like most websites we do not currently respond to them. We do, however, honor the Global Privacy Control (GPC) signal where applicable law requires it, as described in Section 14.

19. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we do, we will post the revised policy on this page and update the "Last Updated" date above. For material changes, we will provide more prominent notice — for example, by email where we hold your address, or a notice on the Site. We encourage you to review this page periodically.

20. Contact Us

If you have questions or concerns about this Privacy Policy, want to exercise your rights, or wish to raise a grievance, contact us at:

Company: Aithentics

Privacy / Grievance Contact: sales@aithentics.com (Attn: Privacy Officer)

Address: 532 TNTC, Nikol, Ahmedabad, Gujarat 382350, India

We aim to acknowledge privacy requests within 72 hours and resolve them within the timeframes required by applicable law.