Privacy Policy
How Appsmediaz Technologies collects, uses, and protects your personal information — written plainly and in full.
01Introduction
Appsmediaz Technologies LLP (referred to in this Privacy Policy as "Appsmediaz", "we", "our", or "us") is an Indian limited-liability partnership with its registered office at C1-1404, JKG Palm Court, Sector 16C, Greater Noida West, Uttar Pradesh 201307, India.
This Privacy Policy explains how we collect, use, store, share, and protect personal information when you visit www.appsmediaz.com (the "Website"), engage us for software development services, or otherwise interact with us. It also describes your rights as a data subject and how to exercise them.
We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (India), the EU General Data Protection Regulation (GDPR) where applicable, and the California Consumer Privacy Act (CCPA) where applicable.
The short version: we collect only what we need to respond to enquiries and deliver projects, we never sell personal data, and you can ask us at any time to show, correct, or delete what we hold about you. The detail below explains exactly how.
02Information we collect
We collect personal information directly from you when you submit a form, send an email, sign a contract, or otherwise interact with us. We do not buy personal data from third parties.
Information you give us
- Contact information — full name, work email address, phone number, company name, country, and job title.
- Project enquiry information — service interest, budget range, timeline, and the project description you write into the form or send by email.
- Contractual information — for engaged clients, this includes billing address, GSTIN or VAT number, bank details for invoicing, and authorised signatory names.
- Recruitment information — for job applicants, your CV, work history, references, and any information you choose to share during the interview process.
Information collected automatically
- Log data — IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on each page.
- Cookies and similar technologies — small data files stored on your device. See section 6 for full details.
- Analytics data — anonymised behavioural data via Google Analytics 4 (page views, session duration, traffic source).
Information from third parties
If you reach out through LinkedIn, our partner referral programme, or a third-party platform like Clutch or GoodFirms, we may receive your name, email, and the message you sent through that platform. We treat that information under this same policy.
03How we use your information
We process your personal information for the following purposes, each with a clear lawful basis under the GDPR and the DPDP Act, 2023:
| Purpose | Legal basis | Retention |
|---|---|---|
| Responding to project enquiries | Pre-contractual measures at your request | 2 years from last contact |
| Delivering contracted services | Performance of contract | 7 years post-engagement (tax compliance) |
| Invoicing & tax records | Legal obligation (GST & income tax) | 8 years per Indian tax law |
| Marketing communications | Consent (opt-in only) | Until you unsubscribe |
| Website analytics | Legitimate interest in improving the site | 14 months (Google Analytics 4 default) |
| Recruitment | Pre-contractual measures, consent | 1 year unless you ask us to delete sooner |
| Security & fraud prevention | Legitimate interest in protecting our systems | 1 year (rolling logs) |
We will never use your information for automated decision-making with legal or similarly significant effects on you.
04How we share your information
We do not sell, rent, or trade your personal information. We share it only in the following narrow circumstances and only with parties we trust:
Service providers (data processors)
We use third-party service providers to operate our business. These include:
- Cloud hosting — Amazon Web Services (Mumbai region, AWS GDPR DPA in place)
- Email & productivity — Google Workspace (Standard Contractual Clauses in place)
- CRM & analytics — HubSpot, Google Analytics 4
- Communication — Slack, Zoom, Microsoft Teams (for client meetings)
- Invoicing & accounting — Zoho Books, QuickBooks, Razorpay (for clients who choose to pay by card or UPI)
Each processor is bound by a written data-processing agreement that obliges them to handle your data only on our instructions and to implement appropriate security measures.
Legal & regulatory disclosure
We will disclose personal information if required by law, by a court order, or by a regulatory authority with valid jurisdiction. Where legally permitted, we will notify you before disclosure.
Corporate transactions
If Appsmediaz is involved in a merger, acquisition, or sale of assets (we are 100% founder-owned at the time of writing, so this is hypothetical), personal information may be transferred. We will notify affected individuals via email and through this Website before any such transfer.
We do not share personal information with data brokers, ad networks, third-party advertising platforms, or any party that would use it for purposes other than those listed above.
05International data transfers
We are based in India and primarily store data in AWS Mumbai (ap-south-1). Some of our service providers (such as Google Workspace and HubSpot) may process data in the United States, the EU, or other jurisdictions.
Whenever personal data leaves the country where it was collected, we ensure the transfer is protected by one of the following safeguards:
- EU Standard Contractual Clauses (SCCs) for transfers to/from the European Economic Area
- EU–US Data Privacy Framework certification (where the recipient is certified)
- Adequacy decisions issued by the European Commission or India's Data Protection Board (when applicable)
- Your explicit consent, where the law allows you to provide it
06Cookies and tracking technologies
The Website uses cookies and similar technologies to function correctly, to remember your preferences, and to help us understand how visitors use the site.
Types of cookies we use
| Type | Purpose | Examples |
|---|---|---|
| Strictly necessary | Required for the site to function (e.g. session management, security) | session_id, csrf_token |
| Functional | Remember your preferences (e.g. language, accepted cookie banner) | cookie_consent |
| Analytics | Anonymised behavioural data via Google Analytics 4 | _ga, _ga_* |
| Marketing | Only loaded if you opt in via the cookie banner | LinkedIn Insight Tag (paused by default) |
Managing cookies
You can accept, reject, or selectively allow non-essential cookies through the cookie banner that appears on your first visit. You can also clear cookies through your browser settings at any time. Blocking strictly necessary cookies may break parts of the Website.
07Data security
We follow industry-standard practices to protect your personal information from unauthorised access, disclosure, alteration, and destruction.
Technical measures
- Encryption — all data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access controls — role-based access, principle of least privilege, multi-factor authentication on all administrative accounts.
- Network security — VPC isolation, web application firewall (WAF), DDoS protection.
- Vulnerability management — automated dependency scanning, quarterly penetration testing, monthly OS patching.
- Backups — encrypted daily backups with 30-day retention, restoration tested quarterly.
Organisational measures
- Mandatory annual security and data-protection training for all team members.
- Written information security policy reviewed annually.
- Background checks on all engineers before joining.
- Mutual NDAs signed with every contractor and vendor.
- Incident response procedure with a 72-hour breach-notification commitment.
If we ever experience a personal-data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it, as required by the GDPR and the DPDP Act, 2023.
08Your rights
Depending on your jurisdiction, you have the following rights with respect to your personal information. We honour these rights for everyone, regardless of jurisdiction, unless local law provides for a stronger right.
- Right to access — request a copy of the personal information we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete information.
- Right to erasure ("right to be forgotten") — ask us to delete your information when it is no longer necessary for the purposes we collected it, subject to legal retention obligations.
- Right to restrict processing — ask us to stop processing your information while we verify a complaint or correction request.
- Right to data portability — receive your information in a structured, machine-readable format and transmit it to another controller.
- Right to object — object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent — withdraw consent at any time without affecting prior lawful processing.
- Right to lodge a complaint — file a complaint with India's Data Protection Board, your national Data Protection Authority (in the EU/UK), or the California Attorney General (under CCPA).
To exercise any of these rights, email [email protected]. We respond within 30 days (45 days for complex requests, where we'll tell you the reason for the extension). There is no fee unless a request is manifestly unfounded or excessive.
09Children's privacy
The Website and our services are not directed at children under the age of 18. We do not knowingly collect personal information from children under 18.
If you believe a child has provided us with personal information, please contact us at [email protected] and we will delete it from our records as quickly as possible.
Under the Indian Digital Personal Data Protection Act, 2023, processing of personal data of children (under 18) requires verifiable parental consent. We do not process such data in the ordinary course of our business.
10Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, new legal requirements, or changes in our services. The "Last updated" date at the top of this page shows when the most recent revision was published.
If we make material changes, we will:
- Post a prominent notice on this Website at least 30 days before the changes take effect
- Email registered clients and subscribers using the address we have on file
- Where consent was the lawful basis for processing, we will obtain fresh consent before relying on the updated terms
Continued use of the Website or our services after the effective date of the updated policy constitutes acceptance, unless your jurisdiction requires explicit re-consent.
11Contact us
If you have questions, concerns, or requests about this Privacy Policy or how we handle your personal information, please get in touch.
Data Protection Officer
Appsmediaz Technologies LLP
Attn: Data Protection Officer
C1-1404, JKG Palm Court, Sector 16C
Greater Noida West, Uttar Pradesh 201307
India
Email: [email protected]
General contact: [email protected]
Phone: +91 9120 318 2631
You may also lodge a complaint with India's Data Protection Board once it becomes operational, or with the supervisory authority in your country of residence.