Privacy Policy
Last updated: 31 October 2025 | Version 1.2
Change history: v1.2 – added Google API Services compliance requirements; v1.1 – added Meta Platform compliance requirements; v1.0 – consolidated global policy.
Table of Contents
- Welcome to Click Catalyst
- 1. Data We Collect
- 1.1 Integration with Meta (Facebook & Instagram)
- 1.2 Google User Data and API Scopes
- 2. How We Use Your Data
- 3. Legal Basis & Consent
- 4. Data Retention & Deletion
- 5. Data Security
- 6. Cookies & Tracking Technologies
- 7. Data Sharing & Third Parties
- 8. Your Rights ("Data Principal")
- 9. Grievance Officer / Contact
- 10. Children's Privacy
- 11. Policy Updates
Welcome to Click Catalyst
Click Catalyst ("Company," "we," "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and how we safeguard it. By accessing our website or using our services (e.g., requesting a proposal, purchasing a service), you consent to the practices described below.
1. Data We Collect
| Category | Examples (non-exhaustive) |
|---|---|
| Information you provide | Name, email, phone, billing address, business details, goals, bcrypt-hashed password, files or images you upload. |
| Usage data | IP address, browser type, pages viewed, time spent, device identifiers. Collected through cookies or similar technologies. |
| Third-party sources | Payment processors (transaction IDs), social networks you connect, analytics platforms. |
All data we collect is "digital personal data" under the Digital Personal Data Protection Act 2023 ("DPDP Act"). We collect only what is necessary for the purposes in Section 2.
1.1 Integration with Meta (Facebook & Instagram)
When you connect your Meta Business assets, we collect:
- Your public Meta User ID and a non‑persistent OAuth token
- Names and IDs of your Facebook Pages & Instagram Business Accounts
We use that solely to let you view and manage those assets in ClickHub.
Meta Platform Compliance
We comply with Meta's Platform Terms and Platform Policy in our handling of this data. We do not:
- Share any Meta Platform Data with third parties
- Use Meta data for discrimination, surveillance, or eligibility determinations
- Sell, license, or purchase Meta Platform Data
- Process Meta data for purposes other than those explicitly permitted by Meta
Service Providers
Any service providers processing Meta data do so only at our direction and solely to provide services to you, not for their own purposes.
Data Security
We protect Meta user IDs, access tokens, and app secrets. We never request or collect your Meta login credentials.
Data Retention
We retain Meta data only while your account is linked. We delete Meta data immediately upon unlinking or when no longer necessary for legitimate business purposes.
Revocation & Deletion
- Revoke Access: You can "Unlink" anytime in your Facebook Business Integrations—when you do, Meta notifies us at
https://clickcatalyst.digital/api/hub/meta/deauthorizeand we immediately delete your tokens. - Delete All My Data: Click our "Delete My Data" button in Settings (or via Meta) to visit
https://clickcatalyst.digital/api/hub/meta/delete-datawhere, after confirmation, we purge every piece of Meta‑related data we have.
1.2 Google User Data and API Scopes
To provide our core analytics dashboard feature, ClickCatalyst uses Google's APIs to access data from your Google Ads and Google Analytics accounts. Our use of this data is subject to the Google API Services User Data Policy, including its Limited Use requirements.
1. What Data We Access
When you grant consent, our application securely accesses the following types of data in a read-only capacity:
- Google Ads Data (via the
.../auth/adwordsscope): We access campaign performance metrics, including ad spend, clicks, impressions, conversions, and keyword data. - Google Analytics 4 Data (via the
.../auth/analytics.readonlyscope): We access website traffic and audience data, including sessions, user counts, conversion events, revenue, and breakdowns by device and geographic location.
2. How We Use Your Data
The data accessed from the Google APIs is used exclusively to:
- Populate your private, user-specific analytics dashboard within the ClickCatalyst application.
- Calculate derived metrics for your benefit, such as Return On Ad Spend (ROAS) and Conversion Rate.
- Provide you with performance insights and optimization recommendations.
3. How We Do NOT Use Your Data
Your Google user data is never used for any other purpose. Specifically:
- We do not transfer or sell your Google user data to any third parties, such as advertising platforms or data brokers.
- We do not use your Google user data for serving advertisements.
- We do not allow humans to read your Google user data unless we have your explicit consent for a specific support issue.
4. How to Delete Your Data
You have full control over your data. You can disconnect your Google account and permanently delete all associated data from our systems at any time from the settings panel within your ClickHub dashboard.
2. How We Use Your Data
- Service delivery – build and deliver your website, run campaigns, send reports.
- Communication – respond to inquiries, send confirmations, invoices, updates. Promotional e-mails or newsletters are sent only with your consent and always include an unsubscribe link.
- Legal compliance – maintain records required by tax or other laws.
- Improvement & security – analyse usage, enhance features, prevent fraud or unauthorised access.
For Meta Platform Data specifically: We process Meta data solely for permitted purposes as defined by Meta's Platform Policy and never sell or license this data.
We never sell your personal data to third parties.
3. Legal Basis & Consent
Under the IT Act 2000 and the DPDP Act 2023, we process personal data:
- With your consent (e.g., for marketing communications or optional integrations);
- To perform a contract (providing the services you purchase);
- To comply with a legal obligation; or
- For legitimate interests such as improving security—balanced against your rights.
Consent is voluntary and may be withdrawn at any time (see Section 8).
4. Data Retention & Deletion
- We keep data only as long as needed for the purpose collected and to meet legal duties (e.g., 7–10 years for invoicing records).
- When data is no longer required—or you request deletion—we erase or anonymise it in line with the DPDP Act.
- Back-ups are purged on a rolling schedule; some data may persist in encrypted archives until overwritten.
5. Data Security
We implement reasonable security practices and procedures:
- TLS 1.2+ encryption for data in transit; AES-256/SSE-S3 or equivalent for data at rest.
- Access controls, two-factor authentication, regular audits.
- Sub-processors (cloud, e-mail, analytics) must contractually apply similar safeguards.
- S3 objects use server-side AES-256 (SSE-S3); backups retained 30 days.
- In the unlikely event of a data breach we will notify the authorities and affected individuals as required by law.
6. Cookies & Tracking Technologies
We use cookies to:
- Run the site (essential cookies);
- Analyse traffic (performance/analytics cookies, e.g., Google Analytics in anonymised mode).
- Essential cookies load by default; analytics cookies load only after explicit ‘Accept’ click in our banner. You may withdraw consent anytime via Cookie Settings
Most browsers let you disable cookies, though some features may break. A cookie-consent banner appears on your first visit; you can revisit preferences anytime via "Cookie Settings" in the footer.
7. Data Sharing & Third Parties
We do not share personal data with unaffiliated third parties except:
- Service providers/data processors – payment gateways, e-mail delivery, hosting, analytics—bound by confidentiality agreements.
- Legal compliance & safety – when required by law or to protect our rights.
- With your consent – e.g., if you connect a social-media account.
If data is transferred or stored outside India (e.g., on AWS or GitHub servers located abroad or Google Firebase (asia-south1 primary, us-central1 fail-over) for authentication and dashboard data), we protect it with contractual Standard Contractual Clauses (SCCs) and strong encryption to ensure an adequate level of protection.
8. Your Rights ("Data Principal")
Under the DPDP Act you may:
- Access / Port – request a copy of your data in a portable format.
- Correct – update inaccurate or incomplete data.
- Withdraw consent – stop processing based on consent (e.g., marketing e-mails).
- Erase – ask us to delete data no longer needed.
- Grievance redressal – complain about our data handling.
To exercise any right, email our Grievance Officer (see Section 9). We may verify your identity and will respond within statutory timelines.
9. Grievance Officer / Contact
Grievance Officer: Pujan Motiwala
Email: info@clickcatalyst.digital
Phone: +91 63528 78159
Postal: Sector 2D, Gandhinagar 382007, Gujarat, India
We will acknowledge grievances within 48 hours and aim to resolve them within 30 days.
10. Children's Privacy
Our services are not directed to children under 18. If you are between 13 and 18, you may use our services only with parental consent. We do not knowingly collect their personal data. If we learn we have inadvertently received such data, we will delete it promptly.
11. Policy Updates
We may update this Policy to reflect changes in law or our practices. The "Last updated" date will change when we post a revision. For material changes we will provide prominent notice (e-mail or website banner). Continued use of our services after changes means you accept the revised Policy.
End of Policy