ClickCatalyst
HomePrivacy

Privacy Policy

Last updated: 6 May 2025 | Version 1.0

Change history: v1.0 – consolidated global policy (prior versions available on request).

Table of Contents

Welcome to Click Catalyst

Click Catalyst ("Company," "we," "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and how we safeguard it. By accessing our website or using our services (e.g., requesting a proposal, purchasing a service), you consent to the practices described below.

1. Data We Collect

CategoryExamples (non-exhaustive)
Information you provideName, email, phone, billing address, business details, goals, bcrypt-hashed password, files or images you upload.
Usage dataIP address, browser type, pages viewed, time spent, device identifiers. Collected through cookies or similar technologies.
Third-party sourcesPayment processors (transaction IDs), social networks you connect, analytics platforms.

All data we collect is "digital personal data" under the Digital Personal Data Protection Act 2023 ("DPDP Act"). We collect only what is necessary for the purposes in Section 2.

2. How We Use Your Data

  • Service delivery – build and deliver your website, run campaigns, send reports.
  • Communication – respond to inquiries, send confirmations, invoices, updates. Promotional e-mails or newsletters are sent only with your consent and always include an unsubscribe link.
  • Legal compliance – maintain records required by tax or other laws.
  • Improvement & security – analyse usage, enhance features, prevent fraud or unauthorised access.

We never sell your personal data to third parties.

3. Legal Basis & Consent

Under the IT Act 2000 and the DPDP Act 2023, we process personal data:

  • With your consent (e.g., for marketing communications or optional integrations);
  • To perform a contract (providing the services you purchase);
  • To comply with a legal obligation; or
  • For legitimate interests such as improving security—balanced against your rights.

Consent is voluntary and may be withdrawn at any time (see Section 8).

4. Data Retention & Deletion

  • We keep data only as long as needed for the purpose collected and to meet legal duties (e.g., 7–10 years for invoicing records).
  • When data is no longer required—or you request deletion—we erase or anonymise it in line with the DPDP Act.
  • Back-ups are purged on a rolling schedule; some data may persist in encrypted archives until overwritten.

5. Data Security

We implement reasonable security practices and procedures:

  • TLS 1.2+ encryption for data in transit; AES-256/SSE-S3 or equivalent for data at rest.
  • Access controls, two-factor authentication, regular audits.
  • Sub-processors (cloud, e-mail, analytics) must contractually apply similar safeguards.
  • S3 objects use server-side AES-256 (SSE-S3); backups retained 30 days.
  • In the unlikely event of a data breach we will notify the authorities and affected individuals as required by law.

6. Cookies & Tracking Technologies

We use cookies to:

  • Run the site (essential cookies);
  • Analyse traffic (performance/analytics cookies, e.g., Google Analytics in anonymised mode).
  • Essential cookies load by default; analytics cookies load only after explicit ‘Accept’ click in our banner. You may withdraw consent anytime via Cookie Settings

Most browsers let you disable cookies, though some features may break. A cookie-consent banner appears on your first visit; you can revisit preferences anytime via "Cookie Settings" in the footer.

7. Data Sharing & Third Parties

We do not share personal data with unaffiliated third parties except:

  1. Service providers/data processors – payment gateways, e-mail delivery, hosting, analytics—bound by confidentiality agreements.
  2. Legal compliance & safety – when required by law or to protect our rights.
  3. With your consent – e.g., if you connect a social-media account.

If data is transferred or stored outside India (e.g., on AWS or GitHub servers located abroad or Google Firebase (asia-south1 primary, us-central1 fail-over) for authentication and dashboard data), we protect it with contractual Standard Contractual Clauses (SCCs) and strong encryption to ensure an adequate level of protection.

8. Your Rights ("Data Principal")

Under the DPDP Act you may:

  • Access / Port – request a copy of your data in a portable format.
  • Correct – update inaccurate or incomplete data.
  • Withdraw consent – stop processing based on consent (e.g., marketing e-mails).
  • Erase – ask us to delete data no longer needed.
  • Grievance redressal – complain about our data handling.

To exercise any right, email our Grievance Officer (see Section 9). We may verify your identity and will respond within statutory timelines.

9. Grievance Officer / Contact

Grievance Officer: Pujan Motiwala

Email: info@clickcatalyst.digital

Phone: +91 63528 78159

Postal: Sector 2D, Gandhinagar 382007, Gujarat, India

We will acknowledge grievances within 48 hours and aim to resolve them within 30 days.

10. Children's Privacy

Our services are not directed to children under 18. If you are between 13 and 18, you may use our services only with parental consent. We do not knowingly collect their personal data. If we learn we have inadvertently received such data, we will delete it promptly.

11. Policy Updates

We may update this Policy to reflect changes in law or our practices. The "Last updated" date will change when we post a revision. For material changes we will provide prominent notice (e-mail or website banner). Continued use of our services after changes means you accept the revised Policy.

End of Policy