Privacy Policy
Your privacy is paramount. We protect your data with enterprise-grade security and comply with GDPR, CCPA, and India DPDP Act 2023.
20
Comprehensive Privacy Sections
Multi-jurisdiction compliance & your data rights
Last Updated: November 16, 2025
01
Introduction & Commitment
This Privacy Policy governs how AIDA Corporation collects, uses, maintains and discloses information from users of aidacorp.in (Website) and dashboard.aidacorp.in (Dashboard), collectively "Sites"
We are committed to protecting your privacy in compliance with GDPR (General Data Protection Regulation)
Full compliance with CCPA (California Consumer Privacy Act)
02
Information We Collect
Personal Information:
Name, email address, phone number
Company name and job title
Billing address and payment information
Technical Information:
IP address, browser type and version
Device information and operating system
Screen resolution and unique device identifiers
Usage Data:
Pages visited and time spent on each page
Clickstream data and referring/exit pages
Date and time stamps
Feature usage patterns
Communication Data:
All chat messages and email correspondence
Support tickets and video call recordings
Project requests and proposals submitted
Feedback, reviews, and newsletter subscriptions
Business Intelligence:
Industry sector and company size
Project requirements and budget ranges
Strategic objectives shared for proposal development
03
How We Use Your Information
Service Delivery:
Provide requested services and process transactions
Deliver project proposals and assets
Manage your account and dashboard access
Provide customer support through multiple channels
Service Improvement:
Analyze usage patterns and optimize website performance
Conduct A/B testing for user experience enhancement
Develop new features and services
Fix bugs and technical issues
Improve AI/ML algorithms and data models
Communication:
Send order confirmations and invoices
Provide project updates and status reports
Respond to inquiries and support requests
Send marketing communications with your consent
Share important service announcements
Security & Compliance:
Protect against fraud, unauthorized access, and cyber attacks
Comply with legal obligations and regulatory requirements
Enforce our Terms and Conditions
Resolve disputes and troubleshoot problems
Conduct internal audits and security assessments
04
Chat Messages, Communications & Support
Recording & Storage:
All chat conversations, email exchanges, and support tickets are recorded
Video calls and messages stored securely
Industry-standard AES-256 encryption at rest
TLS 1.3 encryption in transit
Purpose of Processing:
Providing timely customer support and service delivery
Quality assurance and service improvement
Training our support team and AI assistants
Legal compliance and dispute resolution
Fraud detection and security monitoring
Analyzing customer satisfaction and feedback
Confidentiality Protection:
All communications protected under confidentiality obligations
Attorney-client privilege where applicable
Accessible only to authorized personnel with need-to-know access
Not shared with third parties without your explicit consent
Subject to strict data retention and deletion policies
Data Retention:
Communication logs retained for 3 years for service quality and legal compliance
Deleted upon request subject to legal retention requirements
Archived securely with restricted access after initial retention period
05
Proposals, AIDA Assets & Shared Customer Data
AIDA Assets Protection:
All proposals, strategic documents, and designs remain AIDA's exclusive intellectual property
Reports, data analyses, and AI/ML algorithms are copyrighted
Marketing materials, website designs, and dashboard configurations are protected
Presentations and technical specifications are proprietary
Full ownership until payment received and explicit written transfer of rights provided
Customer Data Protection:
Any data, information, or business intelligence shared by customers is protected
Project requirements, strategic plans, and financial data secured
Proprietary methodologies and competitive intelligence safeguarded
Strict confidentiality agreements and data protection law compliance
Access controls, encryption, and security measures prevent unauthorized access
Non-Disclosure Obligations:
We will not disclose, sell, share, or distribute your proprietary information
Customer lists, business strategies, and technical specifications kept confidential
No sharing with third parties, competitors, or unauthorized personnel
Explicit written consent required for any disclosure
Exceptions only for legal requirements, court orders, or regulatory authority
Secure Storage & Access:
SOC 2 Type II certified cloud infrastructure
Encryption at rest and in transit
Multi-factor authentication for access
Regular security audits and penetration testing
Intrusion detection and prevention systems
Comprehensive backup and disaster recovery procedures
06
Cookies & Tracking Technologies
Essential Cookies (Cannot be disabled):
Site functionality and security
Authentication and session management
Load balancing and CSRF protection
Cookie consent preferences
Performance/Analytics Cookies:
Google Analytics (_ga, _gid, _gat) for user behavior analysis
Page views, time spent, and navigation paths
Device, browser, and geographic location data
Bounce rates, conversion tracking, and custom event tracking
Functional Cookies:
Language preferences and UI customizations
Form auto-fill data and chat widget history
Video player settings
Personalized content preferences
Marketing/Targeting Cookies:
Building interest profiles for targeted advertisements
Retargeting campaigns and ad effectiveness measurement
Social media pixels (Facebook, LinkedIn)
Conversion tracking and attribution modeling
Cookie Management:
Control preferences through browser settings
Use our cookie banner and opt-out mechanisms
Third-party tools available
Withdraw consent at any time
Detailed information in our Cookie Policy
07
Website & Dashboard Usage Monitoring
User Activity Tracking:
Login/logout times and IP addresses
Pages and features accessed
Actions performed and transactions completed
File uploads and downloads
API calls and database queries
Search queries and filters applied
Form submissions and input validation
Error messages and system exceptions
Security Monitoring:
Failed login attempts and brute force detection
Suspicious activity patterns and anomaly detection
Unauthorized access attempts
SQL injection and XSS attack prevention
DDoS protection and rate limiting
Malware scanning and threat intelligence
Compliance with acceptable use policies
Performance Metrics:
Page load times and Core Web Vitals
Server response times and latency
Database query performance
API endpoint performance
CDN cache hit rates
Bandwidth usage and data transfer
Concurrent user sessions
Resource utilization (CPU, memory, storage)
Dashboard Analytics:
Feature usage and adoption rates
User engagement and session duration
Workflow completion rates
Report generation and exports
Collaboration and team activities
Integration usage with third-party services
Custom dashboard configurations
Account Actions:
We reserve the right to suspend or terminate accounts for:
Policy violations and security threats
Malicious activities and non-payment
Breach of terms
08
Third-Party Services & Data Sharing
Payment Processors:
Stripe for credit card processing
PayPal for alternative payments
Razorpay for Indian payment methods
Wire transfer banking partners
All payment data processed per PCI DSS standards
Analytics & Marketing:
Google Analytics for website analytics
Google Ads for advertising campaigns
Facebook Pixel for social media advertising
LinkedIn Insight Tag for B2B marketing
Mixpanel for product analytics
Hotjar for user behavior analysis
Cloud Infrastructure:
Amazon Web Services (AWS) for cloud hosting and storage
Google Cloud Platform for AI/ML services
Microsoft Azure for enterprise services
Cloudflare for CDN and DDoS protection
09
Data Security Measures
Encryption Standards:
TLS 1.3 for data in transit
AES-256 for data at rest
End-to-end encryption for sensitive communications
Encrypted database fields for passwords and payment data
SSL certificates for all Sites and APIs
Access Controls:
Role-based access control (RBAC)
Multi-factor authentication (MFA) for admin access
Principle of least privilege
Session timeout and automatic logout
IP whitelisting for administrative functions
Regular access reviews and revocations
Network Security:
Firewalls and intrusion detection/prevention systems
DDoS protection and rate limiting
Web application firewall (WAF)
Regular vulnerability scanning and penetration testing
Security information and event management (SIEM)
Network segmentation and isolation
10
Data Retention Policies
Account Information:
Retained for duration of your account plus 1 year after closure
Necessary for legal obligations, dispute handling, and fraud prevention
Transaction & Payment Records:
Kept for 7 years
Comply with tax laws, accounting standards, and financial regulations
Applicable in India and internationally
Communication Logs:
Chat messages, emails, and support tickets retained for 3 years
For service quality, legal compliance, and dispute resolution
Earlier deletion available upon request (subject to legal requirements)
11
Your Data Protection Rights (GDPR - EU/EEA)
Right to Access (Article 15):
Request copies of your personal data
Information about how we process your data
Details of third parties who receive your data
Data retention periods and criteria
Right to Rectification (Article 16):
Request correction of inaccurate personal data
Complete incomplete personal data
Right to Erasure / Right to be Forgotten (Article 17):
Request deletion when data no longer necessary
When you withdraw consent
When you object to processing
When data was unlawfully processed
When deletion required by law
Exceptions apply for legal compliance and legitimate interests
12
CCPA Privacy Rights (California Residents)
Right to Know / Access:
Request disclosure of categories and specific pieces of personal information collected
Categories of sources from which information collected
Business/commercial purposes for collecting information
Categories of third parties with whom we share information
Specific pieces of personal information we hold about you
Right to Delete:
Request deletion of personal information collected from you
Subject to exceptions for legal compliance, security, and legitimate business purposes
Right to Opt-Out of Sale:
Direct us not to sell your personal information to third parties
Note: We do not sell personal information as defined by CCPA
13
India DPDP Act 2023 Compliance
Right to Access Personal Data:
Request information about personal data we hold
Purposes of processing
Identities of data processors and fiduciaries
Retention periods
Right to Correction & Updation:
Request correction of inaccurate, misleading, or incomplete data
Update personal information to ensure accuracy
Right to Erasure & Right to be Forgotten:
Request deletion when no longer necessary for purposes collected
When you withdraw consent with no legal grounds for retention
When retention violates DPDP Act provisions
14
International Data Transfers & Safeguards
Countries & Jurisdictions:
India (primary data storage and processing)
United States (cloud services, analytics, payment processing)
European Union (CDN, enterprise services)
Singapore (Asia-Pacific data center)
Legal Mechanisms for Transfers:
Standard Contractual Clauses (SCCs) approved by European Commission for GDPR compliance
Binding Corporate Rules (BCRs) for intra-group transfers
Adequacy Decisions recognizing equivalent protection levels
Specific derogations for explicit consent, contract performance, legal claims, public interest, vital interests
Safeguards & Protection Measures:
Technical measures: encryption in transit and at rest, secure protocols, access controls
Organizational measures: data processing agreements, privacy impact assessments, vendor due diligence
Compliance measures: GDPR Article 46, CCPA provisions, DPDP Act Section 16 requirements
15
Children's Privacy Protection
Age Restrictions:
Our Sites not intended for children under 18 years (or 13 in certain jurisdictions)
We do not knowingly collect, use, or disclose personal information from children
No Targeted Collection:
We do not knowingly solicit data from children
No child-specific accounts or profiles created
No marketing to children
Parental Rights & Controls:
Parental consent required for processing children's data where required by law
Parents can review, access, and delete children's data
Parents can withdraw consent and refuse further collection
16
Data Breach Notification & Incident Response
Breach Detection & Monitoring:
24/7 security monitoring and alerting systems
Intrusion detection and prevention systems
Log analysis and anomaly detection
Threat intelligence feeds
Employee reporting mechanisms
Third-party security audits
Incident Classification:
Severity: critical, high, medium, low
Scope: number of affected individuals, types of data compromised
Impact: financial, reputational, operational
Containment & Investigation:
Immediate containment of breach
Forensic analysis to determine scope and root cause
Evidence preservation for legal/regulatory purposes
Engagement of cybersecurity experts as needed
17
Marketing Communications & Consent Management
Types of Marketing Communications:
Service updates and new feature announcements
Educational content and industry insights
Promotional offers and discounts
Event invitations and webinars
Newsletter subscriptions
Product recommendations based on usage
Consent Requirements:
Explicit opt-in for marketing emails and SMS
Pre-checked boxes prohibited
Clear description of what you're consenting to
Separate consent for different communication types
Easy withdrawal mechanisms
Opt-Out & Unsubscribe Rights:
One-click unsubscribe in every marketing email
SMS opt-out via STOP command
Account settings for preference management
Honored within 48 hours maximum
Confirmation of unsubscribe request
18
Privacy by Design & Default
Privacy by Design Integration:
Data protection embedded from onset of system design
Privacy impact assessments for new features
Security and privacy architecture reviews
Secure development lifecycle (SDL)
Threat modeling and risk assessments
Privacy engineering best practices
Data Minimization Principle:
Collect only data necessary for specified purposes
Avoid excessive data collection
Regular reviews of data collection practices
Automatic deletion of unnecessary data
Anonymization where identifiers not needed
Privacy by Default Settings:
Strictest privacy settings by default
Users must opt-in for additional data processing
Minimal data sharing with third parties
Short data retention periods unless extended by user
Secure default configurations
19
Changes to Privacy Policy
We Update This Policy to Reflect:
Changes in laws & regulations (new privacy legislation, regulatory guidance, court decisions)
Business changes (new services/features, mergers/acquisitions, changes in data processing)
Security updates (enhanced measures, new encryption, incident response procedures)
User feedback & requests (privacy concerns, data access requests, best practice adoption)
Notification Process:
Updated policy posted on this page with revised "Last Updated" date
Reasonable notice period before changes take effect (typically 30 days)
Email notification for material changes to registered users
Prominent website banner or notice
Summary of key changes provided
Material vs. Non-Material Changes:
Material: new data collection categories, new processing purposes, new third-party sharing, reduction of user rights, changes to retention periods
Non-material: clarifications and formatting, contact information updates, minor technical corrections
20
Contact Information & Data Protection Officer
Data Protection Officer Contact:
Primary email: dpo@aidacorp.in
Secondary email: privacy@aidacorp.in
Legal inquiries: legal@aidacorp.in
Security incidents: security@aidacorp.in
General information: info@aidacorp.in
Mailing Address:
AIDA Corporation Private Limited
Data Protection Officer
Park Avenue Building, RTO Road
Andheri West, Mumbai 400 053
Maharashtra, INDIA
Response Timeline:
Acknowledgment within 48 hours for urgent privacy matters
Response within 30 days for data subject requests
Extendable by 60 days for complex requests
Immediate action for security incidents and breaches
Priority handling for children's data inquiries
Data Protection Officer
| Privacy Email | info@aidacorp.in |
| Compliance | GDPR | CCPA | India DPDP Act 2023 |
| Response Time | Within 30 days (48 hours for urgent matters) |
Your Privacy Matters: We handle all privacy inquiries with confidentiality, respect, and urgency. Contact us anytime to exercise your data protection rights.