GDPR & Data Protection
Your Data, Your Rights: Under GDPR and other data protection laws, you have the right to access, correct, delete, and export your personal data. We respect these rights and make it easy to exercise them.
Table of Contents
1. Overview & Scope
This GDPR & Data Protection Policy explains how AWESOMECLIENT SOFTWARE PRIVATE LIMITED ("AwesomeClient," "we," "us," or "our") collects, processes, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
This policy applies to:
- Visitors to our website (awesomeclient.com)
- Business users who create accounts and use our platform
- Clients who access portals created by our business users
- Anyone who contacts us via email or other channels
Does GDPR apply to you? If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under GDPR. However, we extend similar protections to all users regardless of location.
2. Data Controller
For the purposes of GDPR, the data controller responsible for your personal data is:
- Company: AWESOMECLIENT SOFTWARE PRIVATE LIMITED
- Address: Flat no A-081, Tower A, Gulshan Ikebana, Sector 143, Noida, India
- Email: [email protected]
- Data Protection Contact: [email protected]
2.1 Processor vs Controller
When we act as a Data Controller: When you create an account with us, subscribe to our services, or contact us directly, we determine how and why your data is processed.
When we act as a Data Processor: When business users store their client data on our platform (e.g., client contact information, project files), we process that data on behalf of the business user. In this case, the business user is the Data Controller for their client's data.
3. Data We Collect
3.1 Data You Provide
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email, phone, company name | Account creation, authentication, communication |
| Payment Data | Billing address, payment method (processed by Razorpay/Stripe/PayPal) | Payment processing, invoicing |
| Content Data | Services, projects, files you upload | Service delivery, platform functionality |
| Communication Data | Support tickets, emails, feedback | Customer support, product improvement |
3.2 Data Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, time spent | Analytics, product improvement |
| Device Data | Browser type, OS, device type | Compatibility, security |
| Location Data | Country, region (from IP address) | Localization, fraud prevention |
| Cookie Data | Session cookies, preference cookies | Authentication, personalization |
4. Legal Basis for Processing
Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following:
| Legal Basis | When We Use It |
|---|---|
| Contract Performance | Processing necessary to provide services you've signed up for (account management, service delivery) |
| Legitimate Interest | Analytics, product improvement, fraud prevention, marketing to existing customers |
| Consent | Marketing emails, non-essential cookies, sharing data with third parties for marketing |
| Legal Obligation | Tax records, responding to legal requests, regulatory compliance |
Note: You can withdraw consent at any time for processing based on consent. This won't affect the lawfulness of processing before withdrawal.
5. Your Rights Under GDPR
If you are in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:
📋 Right to Access
Request a copy of the personal data we hold about you, including the purposes of processing and categories of data.
✏️ Right to Rectification
Request correction of inaccurate or incomplete personal data. You can also update most data directly in your account settings.
🗑️ Right to Erasure
Request deletion of your personal data ("right to be forgotten") when it's no longer necessary or you withdraw consent.
⏸️ Right to Restriction
Request that we limit how we use your data while we verify its accuracy or assess a legitimate interest claim.
📦 Right to Portability
Request your data in a structured, machine-readable format (JSON/CSV) and transfer it to another service.
🚫 Right to Object
Object to processing based on legitimate interests, direct marketing, or profiling. We'll stop unless we have compelling grounds.
🤖 Automated Decisions
Not be subject to decisions based solely on automated processing that significantly affects you (we don't do this).
📞 Right to Complain
Lodge a complaint with your local data protection authority if you believe we've violated your rights.
5.1 How to Exercise Your Rights
To exercise any of these rights, please:
- Email us at [email protected] with subject "GDPR Request"
- Use the data request form at the bottom of this page
- Log in to your account and use the privacy settings
We will respond to your request within 30 days (or 60 days for complex requests). We may need to verify your identity before processing certain requests.
6. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including India (where we are based) and other countries where our service providers operate.
6.1 Safeguards for Transfers
When we transfer data outside the EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved contract terms with our processors
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Vendor Agreements: Contracts requiring GDPR-equivalent protections
6.2 Our Key Processors & Their Locations
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Payments (India) | Razorpay | India | Payment processing |
| Payments (Intl) | Stripe, PayPal | USA | Payment processing |
| Mailgun | USA/EU | Transactional emails | |
| AI Features | OpenAI | USA | AI assistant |
| Media Storage | Cloudinary | USA/EU | File storage |
| Analytics | Google Analytics | USA | Website analytics |
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Service provision, recovery period |
| Transaction records | 7 years after transaction | Tax and legal compliance (India) |
| Support tickets | 3 years after resolution | Service quality, dispute resolution |
| Marketing preferences | Until consent withdrawn | Marketing communications |
| Analytics data | 26 months | Product improvement |
| Backups | 30 days | Disaster recovery |
After deletion: When you delete your account, we retain your data for 30 days (recovery period), then permanently delete it from our active systems. Backup copies are purged within 30 additional days.
8. Third-Party Services
We share your data with third parties only as necessary to provide our services:
8.1 Categories of Recipients
- Payment processors: To process your payments (Razorpay, Stripe, PayPal)
- Cloud infrastructure: To host and store your data securely
- Email services: To send transactional and marketing emails (Mailgun)
- Analytics: To understand how our service is used (Google Analytics)
- AI services: To power AI features (OpenAI - data anonymized where possible)
8.2 We Never Sell Your Data
🔒 Our Promise: We do NOT sell your personal data to third parties for their marketing purposes. We do NOT share your data with data brokers. Your data is used solely to provide and improve our services.
9. Cookies & Tracking
We use cookies and similar technologies. For full details, see our cookie consent banner, but here's a summary:
9.1 Types of Cookies We Use
| Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential | Authentication, security, core functionality | No (required for service) |
| Functional | Remember preferences, language settings | Yes |
| Analytics | Understand usage patterns, improve service | Yes |
| Marketing | Currently not used; may be added in future | Yes |
9.2 Managing Cookies
You can manage your cookie preferences by:
- Using our cookie consent banner when you first visit
- Adjusting your browser settings to block or delete cookies
- Using browser extensions for cookie management
Note: Blocking essential cookies may prevent you from using our service.
10. Submit a Data Request
Use the form below to submit a GDPR data request. We'll respond within 30 days.
📋 Data Subject Request Form
10.1 Contact Our Data Protection Team
For any questions about this policy or your data protection rights:
- Email: [email protected]
- Subject Line: "GDPR Inquiry" or "Data Protection Request"
- Response Time: Within 30 days (may extend to 60 days for complex requests)
10.2 Supervisory Authority
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at EDPB Members List.