Privacy Policy

Last Updated: [09-09-2025]

1. Scope and Applicability

This Privacy Policy (“Policy”) sets forth the principles, rights, and obligations governing the collection, processing, storage, transfer, and disclosure of personal data and non-personal data by Ipathy Tech Solutions, with registered address at 3-29, Khajipet, Kadapa, Andhra Pradesh, India, 516203 (“Company,” “we,” “us,” or “our”), through its digital properties including but not limited to DeleteAIFootprint.com, associated mobile applications, APIs, SaaS platforms, and any future online or offline products and services (collectively, the “Services”).

This Policy is binding on all natural persons and legal entities who access or use the Services (“User,” “you,” “data subject”) and is intended to comply with applicable international data protection legislation, including without limitation:

  • General Data Protection Regulation (EU) 2016/679 (GDPR),
  • UK Data Protection Act 2018,
  • California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA),
  • India’s Information Technology Act, 2000,
  • Digital Personal Data Protection Act (DPDP Act), 2023 (India),
  • Children’s Online Privacy Protection Act (COPPA, USA),
  • Personal Information Protection and Electronic Documents Act (PIPEDA, Canada), and
  • any other equivalent jurisdictional law where our Services are accessed.

2. Categories of Data Collected

We reserve the right to collect, record, store, and process the following categories of information in accordance with the principle of data minimization under GDPR, but subject to contractual necessity and legitimate interests under applicable laws:

a) Personally Identifiable Information (PII)

  • Full name, address, email address, phone numbers, date of birth.
  • Government-issued identifiers (PAN, Aadhaar, passport, social security number) where required for KYC, anti-fraud, or regulatory compliance.
  • Payment credentials (bank account details, card information, UPI IDs, PayPal accounts).

b) Device and Telemetry Data

  • Internet Protocol (IP) address, Media Access Control (MAC) address.
  • Browser type, version, user-agent string, operating system.
  • Device model, hardware identifiers, geolocation (GPS, cell-tower triangulation, Wi-Fi signals).
  • Log files, session identifiers, crash dumps, diagnostic telemetry.

c) Behavioral and Interaction Data

  • Clickstream activity, heatmaps, session recordings.
  • File uploads, downloads, metadata manipulation activities.
  • Frequency, duration, and sequence of usage sessions.
  • Preferences, saved settings, personalization profiles.

d) Special Categories of Data (Sensitive Personal Data under Art. 9 GDPR / Sec. 3 DPDP Act)

  • Biometric identifiers (facial scans, voice samples, keystroke patterns).
  • Health-related data if voluntarily submitted.
  • Any other “sensitive personal data” as defined by applicable laws, collected only with explicit, informed consent.

e) Automated Data Collection Mechanisms

  • Cookies and Local Storage: HTTP cookies, HTML5 local storage, session storage.
  • Tracking Technologies: Web beacons, pixels, tags, fingerprinting scripts.
  • Third-Party SDKs integrated with advertising, affiliate, or analytics networks.

3. Legal Basis for Processing

Processing of personal data shall be undertaken strictly in accordance with Article 6 GDPR and analogous provisions under international frameworks. Legal bases include:

  1. Consent (freely given, specific, informed, and unambiguous).
  2. Performance of a Contract (where processing is necessary to deliver Services).
  3. Compliance with Legal Obligations (taxation, record-keeping, KYC/AML).
  4. Legitimate Interests (service improvement, security monitoring, fraud prevention).
  5. Vital Interests (protection of life or health in emergencies).

For processing of special categories of data, explicit consent under Art. 9 GDPR or equivalent statutory authorization shall be obtained.

4. Purposes of Data Processing

We process data for the following purposes, without limitation:

  1. Provision of Services – enabling upload, storage, editing, manipulation, and download of user files.
  2. Transactional Processing – executing payments, subscriptions, and refunds.
  3. Personalization & Profiling – customizing user experience, targeted recommendations, behavioral advertising (within lawful limits).
  4. Analytics & Metrics – conducting statistical analysis, A/B testing, traffic monitoring, and operational optimization.
  5. Marketing & Direct Communications – promotional emails, push notifications, affiliate marketing campaigns, subject to opt-out rights.
  6. Regulatory Compliance – fulfilling obligations under taxation, anti-fraud, anti-money laundering statutes, and lawful interception requests.
  7. Security & Fraud Detection – anomaly detection, account integrity checks, DDoS prevention.
  8. Artificial Intelligence & Machine Learning – anonymized or pseudonymized data may be used for training models, developing automated systems, or improving algorithms, provided such use is consistent with applicable law.

5. Data Sharing and Transfers

Personal data may be disclosed to the following categories of recipients:

  • Affiliates and Subsidiaries of Ipathy Tech Solutions for internal administrative purposes.
  • Third-Party Processors: hosting providers, payment gateways, CRM systems, cloud platforms, analytics services.
  • Advertising and Affiliate Networks: including but not limited to Google Ads, Meta (Facebook) Ads, Amazon Affiliates.
  • Regulatory and Judicial Authorities: in compliance with lawful orders, subpoenas, or investigative requests.
  • Corporate Successors: in case of merger, acquisition, restructuring, or insolvency proceedings.

International Transfers: Data may be transferred across borders, including jurisdictions lacking adequate protection (as per GDPR Art. 45). In such cases, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or equivalent safeguards will be implemented.

6. Retention Policy

  • Personal data will be retained only as long as necessary for the fulfillment of purposes stated herein or as required by applicable law.
  • Uploaded files (e.g., metadata-related content) are retained for the processing window and thereafter automatically purged unless explicitly preserved by the User.
  • Backup and archival data may persist for extended periods in disaster recovery systems.
  • Anonymized and aggregated datasets may be retained indefinitely.

7. User Rights

Subject to jurisdiction, Users are entitled to the following rights:

  • Right of Access (Art. 15 GDPR): Obtain a copy of your personal data.
  • Right to Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”) (Art. 17 GDPR).
  • Right to Restrict Processing (Art. 18 GDPR).
  • Right to Data Portability (Art. 20 GDPR).
  • Right to Object (Art. 21 GDPR), including objections to profiling or direct marketing.
  • Right to Withdraw Consent without affecting the lawfulness of prior processing.
  • CCPA/CPRA Rights: right to opt out of sale/sharing, right to limit use of sensitive personal data.
  • Indian DPDP Act Rights: right to grievance redressal, right to correction, right to nominate.

Requests must be directed to privacy@deleteaifootprint.com with adequate proof of identity.

8. Children’s Data

We do not knowingly process data from children under 13 years (COPPA, USA) or under 16 years (GDPR, EU), unless verifiable parental consent is obtained. If such data is inadvertently collected, we will promptly delete it.

9. Security Safeguards

We implement industry-standard organizational and technical measures, including but not limited to:

  • Transport Layer Security (TLS 1.2+), end-to-end encryption of data in transit.
  • AES-256 or equivalent encryption of data at rest.
  • Firewalls, intrusion detection/prevention systems, vulnerability scanning.
  • Strict access controls, multi-factor authentication for staff.
  • Routine penetration testing and audits.

Despite these measures, no system is invulnerable. Users are advised to maintain personal backups and exercise caution.

10. Cookies, Trackers, and Behavioral Advertising

  1. The Services utilize cookies, beacons, pixels, tags, fingerprinting scripts, and third-party SDKs.
  2. Categories include Strictly Necessary, Performance/Analytics, Functional, and Targeting/Advertising cookies.
  3. Users may withdraw cookie consent through browser settings or cookie banners.
  4. Disabling cookies may impair Service functionality.

11. Automated Decision-Making and Profiling

  • We may employ algorithms to create behavioral profiles for personalization or fraud detection.
  • No decision producing significant legal or economic effects shall be made solely by automated processing without human intervention (Art. 22 GDPR), unless required by contract or authorized by law.

12. Amendments and Updates

We reserve the right to amend this Policy at our sole discretion. Users will be notified of material changes via the Website, email, or in-app notices at least 14 days prior to enforcement. Continued use of the Services post-update constitutes deemed acceptance.

13. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of India, without prejudice to mandatory protections afforded by other jurisdictions.

Disputes shall be subject to the exclusive jurisdiction of the courts of Kadapa, Andhra Pradesh, India, save where consumer protection statutes mandate otherwise.

14. Contact Information

For data protection inquiries, rights requests, or complaints, contact:

Data Protection Officer (DPO)

Ipathy Tech Solutions

3-29, Khajipet, Kadapa, Andhra Pradesh, India, 516203

Email: privacy@deleteaifootprint.com

If unresolved, EU/UK Users may escalate to their national supervisory authority. California residents may escalate to the California Privacy Protection Agency.