Privacy Policy

This Privacy Policy ("Policy") constitutes a legally binding agreement between you ("User," "you," or "your") and Sugamaya Governance LLP, a limited liability partnership organized under the laws of India ("Company," "we," "us," or "our"), governing the collection, processing, storage, transmission, disclosure, and utilization of information, including but not limited to personal data, personal information, personally identifiable information, and any other data or information that may be collected, directly or indirectly, through your interaction with our digital properties, including without limitation our website, web applications, mobile applications, application programming interfaces, and any associated services, platforms, or technologies (collectively, the "Services").

By accessing, browsing, using, or otherwise interacting with our Services, you expressly acknowledge that you have read, understood, and agree to be bound by the terms and conditions set forth in this Policy, and you further acknowledge that your continued use of the Services constitutes your ongoing acceptance of any modifications, amendments, or updates to this Policy that may be implemented by the Company from time to time, in its sole discretion, without prior notice to you, except as may be required by applicable law.

The Company may collect, acquire, gather, receive, obtain, process, store, maintain, retain, and utilize various categories and types of information, data, and content, including but not limited to personal data, personal information, personally identifiable information, non-personal information, aggregate data, anonymized data, pseudonymized data, metadata, behavioral data, transactional data, technical data, usage data, device information, network information, location data, biometric data, financial information, commercial information, professional information, educational information, and any other information that may be collected, directly or indirectly, through your interaction with our Services, whether such information is provided voluntarily by you, collected automatically through technological means, obtained from third-party sources, or derived through analytical processes, data mining, machine learning, artificial intelligence, or other computational methods.

Without limiting the generality of the foregoing, the categories of information that may be collected include, but are not limited to, information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device, including without limitation names, aliases, postal addresses, unique personal identifiers, online identifiers, internet protocol addresses, email addresses, account names, social security numbers, driver's license numbers, passport numbers, or other similar identifiers, characteristics of protected classifications under applicable law, commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, biometric information, internet or other electronic network activity information, including but not limited to browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement, geolocation data, audio, electronic, visual, thermal, olfactory, or similar information, professional or employment-related information, education information, and inferences drawn from any of the foregoing information to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

The Company may also collect, process, and utilize information that is not considered personal data under applicable law, including but not limited to aggregated data, anonymized data, statistical information, market research data, and other information that does not identify, and cannot reasonably be used to identify, a particular individual, and the Company reserves the right to use such information for any lawful purpose, including without limitation for business analytics, product development, service improvement, marketing purposes, and commercial exploitation.

The Company may process, use, disclose, share, transfer, and otherwise utilize the information collected through the Services for various purposes, including but not limited to providing, maintaining, improving, developing, and enhancing the Services, processing transactions, managing accounts, communicating with users, responding to inquiries, providing customer support, conducting research and analysis, performing data analytics, developing new products and services, personalizing user experiences, delivering targeted advertising and marketing communications, detecting and preventing fraud, ensuring security and preventing unauthorized access, complying with legal obligations, enforcing our rights and agreements, protecting the rights, property, or safety of the Company, our users, or others, and for any other lawful business purpose, whether such purpose is directly related to the provision of the Services or otherwise.

The legal bases for processing personal data may include, without limitation, the necessity of processing for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the necessity of processing for compliance with a legal obligation to which the Company is subject, the necessity of processing in order to protect the vital interests of the data subject or of another natural person, the necessity of processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company, and the necessity of processing for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

The Company may also process personal data based on the consent of the data subject, and where processing is based on consent, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, provided that such withdrawal may impact the Company's ability to provide certain services or features that require such processing. The Company may combine information collected from different sources, including information collected directly from you, information collected automatically through the Services, and information obtained from third parties, and may use such combined information for any of the purposes described in this Policy.

The Company implements, maintains, and employs various technical, administrative, and organizational measures, safeguards, and controls designed to protect the security, confidentiality, integrity, and availability of personal data against unauthorized access, use, disclosure, alteration, destruction, or loss, including without limitation encryption technologies, access controls, authentication mechanisms, firewalls, intrusion detection systems, security monitoring, employee training, and other security practices and procedures that are appropriate to the nature of the information and the risks presented by processing such information. However, no method of transmission over the internet, or method of electronic storage, is completely secure, and while the Company strives to use commercially acceptable means to protect personal data, the Company cannot guarantee absolute security, and you acknowledge and agree that you provide information at your own risk, and that the Company shall not be liable for any unauthorized access, use, disclosure, alteration, or destruction of personal data, except to the extent required by applicable law.

The Company will retain personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, resolving disputes, enforcing our agreements, and protecting our legal rights. The criteria used to determine the retention period include the nature of the personal data, the purposes for which we process it, the legal and regulatory requirements applicable to such data, and the potential risk of harm from unauthorized use or disclosure. After the retention period expires, personal data will be securely deleted or anonymized, except where the Company is required by law to retain such data for a longer period, or where such data is necessary for the establishment, exercise, or defense of legal claims. Personal data may be stored and processed in any country in which the Company or its affiliates, subsidiaries, service providers, or agents maintain facilities, and by using the Services, you consent to the transfer of information to countries outside of your country of residence, which may have different data protection laws than your country of residence.

The Company may disclose, share, transfer, or otherwise make available personal data to various categories of recipients, including but not limited to affiliates, subsidiaries, parent companies, and other entities under common control with the Company, service providers, vendors, contractors, consultants, and other third parties who perform services on behalf of the Company, including without limitation hosting providers, cloud service providers, payment processors, analytics providers, advertising networks, marketing service providers, customer support providers, and other business partners, business partners and joint venture partners with whom the Company collaborates or enters into business relationships, legal and regulatory authorities, government agencies, law enforcement officials, and other public authorities when required by law or when the Company believes in good faith that such disclosure is necessary to comply with legal obligations, protect the rights, property, or safety of the Company, its users, or others, prevent or investigate possible wrongdoing, respond to government requests, or enforce our agreements, potential or actual acquirers, successors, or assigns in connection with any merger, acquisition, reorganization, sale of assets, or other business transaction, and any other third parties with your consent or at your direction.

The Company may also share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for various purposes, including without limitation for business analytics, market research, product development, and commercial purposes. The Company does not sell personal data in the traditional sense, but may share personal data with third parties for purposes that may be considered a "sale" under certain privacy laws, including for targeted advertising and marketing purposes, and you may have the right to opt out of such sharing, subject to applicable law and the specific provisions of this Policy.

Subject to applicable law and the specific provisions of this Policy, you may have certain rights with respect to your personal data, including without limitation the right to access, receive a copy of, or obtain information about the personal data that the Company holds about you, the right to request correction or rectification of inaccurate or incomplete personal data, the right to request deletion or erasure of personal data under certain circumstances, the right to object to or restrict certain processing of personal data, the right to data portability, which allows you to receive your personal data in a structured, commonly used, and machine-readable format and to transmit such data to another controller, the right to withdraw consent where processing is based on consent, the right to lodge a complaint with a supervisory authority, and other rights as may be provided by applicable law. To exercise any of these rights, you may contact the Company using the contact information provided in this Policy, and the Company will respond to your request in accordance with applicable law, provided that the Company may require verification of your identity before processing such requests, and may charge a reasonable fee or refuse to act on a request if such request is manifestly unfounded or excessive, or if the Company is not required by law to comply with such request.

You may also have choices regarding the collection, use, and sharing of your personal data, including without limitation the ability to opt out of certain marketing communications, the ability to control cookies and similar technologies through your browser settings, and the ability to adjust your privacy settings within the Services, if such settings are available. However, please note that limiting the collection, use, or sharing of personal data may impact the functionality of the Services or prevent the Company from providing certain services or features. The Company will honor your choices to the extent required by applicable law and as described in this Policy, but the Company may continue to process personal data as necessary to comply with legal obligations, enforce our agreements, protect our rights, or for other legitimate business purposes, even if you have exercised certain rights or choices with respect to such data.