Privacy Policy
Last updated: July 11, 2026 | Effective date: January 1, 2026
Important notice
This Privacy Policy has been prepared as an initial baseline. For enterprise engagements or regulated industries, we recommend engaging your legal counsel to review for specific applicable requirements. This document is scheduled for professional legal review within 30 days of publication.
Contents
- 1. Who we are
- 2. Information we collect
- 3. How we use your information
- 4. Legal basis for processing
- 5. Information sharing and disclosure
- 6. Data retention
- 7. Your rights
- 8. Cookies
- 9. Cross-border data transfers
- 10. Children's data
- 11. Data security
- 12. Changes to this policy
- 13. Contact us
1. Who we are
CODLINH10 TECHNOLOGIES PRIVATE LIMITED (“Codlinh10”, “we”, “us”, or “our”) is a company incorporated under the Companies Act 2013, with Corporate Identity Number (CIN) U72900PN2021PTC202195, registered at FLNO A/2-704, SNEHA VIHAR, SNO 82/10, SHIVANE, PUNE, Maharashtra 411023, India.
Codlinh10 operates a multi-channel business messaging platform accessible at https://codlinh10.inand related subdomains. We are the Data Fiduciary (under India's Digital Personal Data Protection Act 2023) and the Data Controller (under GDPR) for personal data processed in connection with our website and services.
2. Information we collect
2.1 Information you provide directly
- Contact and registration data: When you submit a demo request, contact form, or newsletter signup — your name, business email address, phone number, company name, and message content.
- Account data: For customers using our platform — business details, billing information, WhatsApp Business Account credentials, and team member information.
- Communications: When you contact us by email or through forms — the content of those communications.
2.2 Information collected automatically
- Technical data: IP address, browser type and version, operating system, referring URL, pages visited, and time spent on pages.
- Cookies and tracking: We use cookies and similar technologies as described in our Cookie Policy. Analytics data is collected only with your consent.
- Usage data: For platform customers — message volumes, API call logs, template usage, and dashboard activity.
2.3 Information from third parties
- Meta / WhatsApp: Webhook data about message delivery status, read receipts, and conversation metadata when you use our WhatsApp Business API integration.
- Payment processors: Transaction status and billing reference numbers (we do not store full card details).
3. How we use your information
- Providing our services: To operate and maintain the Codlinh10 platform, process demo requests, respond to enquiries, and deliver contracted services.
- Communication: To send service-related communications, product updates, invoices, and support responses.
- Marketing (with consent): To send newsletters, product announcements, and promotional content — only where you have opted in.
- Analytics and improvement: To understand how our website and platform are used, and to improve features and user experience — only with analytics consent.
- Legal compliance: To comply with applicable laws including the DPDP Act 2023, GST requirements, and other Indian regulations.
- Security: To detect, investigate, and prevent fraudulent activity and security incidents.
4. Legal basis for processing
Under GDPR Article 6 and analogously under DPDP Act 2023:
- Contract performance: Processing necessary to deliver services to customers who have engaged Codlinh10.
- Legitimate interests: Website analytics (with consent), fraud prevention, service improvement.
- Consent: Marketing emails, analytics cookies, Meta Pixel. You may withdraw consent at any time.
- Legal obligation: Tax records, regulatory compliance, law enforcement requests under Indian law.
5. Information sharing and disclosure
We do not sell your personal data. We share data only as follows:
5.1 Sub-processors and service providers
- Meta Platforms, Inc.: WhatsApp Business Platform — message routing and delivery. Meta's Privacy Policy governs data within WhatsApp's infrastructure.
- Vercel, Inc.: Website and API hosting. Data may be stored in Vercel's edge network globally, including India. Vercel Privacy Policy.
- Resend: Transactional email delivery for form submissions and notifications.
- Google LLC: Google Analytics 4 — website analytics (with your consent).
- Microsoft Corporation: Microsoft Clarity — heatmap analytics (with your consent).
5.2 Legal disclosures
We may disclose your information if required by Indian law, court order, or a competent regulatory authority including but not limited to requests under the Code of Criminal Procedure 1973, the IT Act 2000, or DPDP Act 2023.
5.3 Business transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to equivalent privacy protections.
6. Data retention
- Website enquiry data: Retained for 2 years from the date of last contact.
- Customer account data: Retained for the duration of the contract, plus 5 years for GST and audit compliance.
- Marketing opt-in records: Retained until you withdraw consent, plus 1 year thereafter for compliance evidence.
- Security logs: Retained for 1 year.
- Analytics data: Retained for up to 26 months (Google Analytics default).
7. Your rights
Under the DPDP Act 2023 and GDPR, you have the following rights:
- Right to access: Request a copy of your personal data we hold.
- Right to rectification: Request correction of inaccurate personal data.
- Right to erasure: Request deletion of your personal data (subject to legal retention obligations).
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: Withdraw consent for marketing or analytics at any time without affecting prior processing.
- Right to nominate: Under DPDP Act 2023, you may nominate another individual to exercise your rights on your behalf in the event of incapacity or death.
To exercise any right, contact us at dpo@codlinh10.in. We will respond within 30 days (72 hours for data breach notifications).
8. Cookies
We use cookies and similar tracking technologies. Please see our Cookie Policy for full details. In summary:
- Necessary cookies: Always active — required for the website to function.
- Analytics cookies: Google Analytics 4, Microsoft Clarity — only with your consent.
- Marketing cookies: Meta Pixel — only with your marketing consent.
9. Cross-border data transfers
Codlinh10's primary platform data for Indian customers is stored in India. However, some service providers (Vercel, Resend, Google Analytics) may process data outside India. Where required, we rely on appropriate safeguards for cross-border transfers as permitted under the DPDP Act 2023 and applicable rules.
10. Children's data
Codlinh10's services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you are an educational institution using our platform to communicate with students, you are responsible for ensuring you have obtained verifiable parental consent as required by the DPDP Act 2023 before processing minors' data through Codlinh10.
11. Data security
We implement technical and organisational measures appropriate to the risk of the processing, including:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access controls with mandatory MFA for team members
- Regular security assessments and dependency scanning
- Incident response procedures with 72-hour breach notification capability
See our Security page for detailed information.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email (for customers) or a prominent notice on our website, at least 7 days before the change takes effect. Your continued use of our services after the effective date constitutes acceptance of the updated policy.
13. Contact us
Data Protection Officer / Grievance Officer (India)
Name: To be designated
Email: dpo@codlinh10.in
Address: FLNO A/2-704, SNEHA VIHAR, SNO 82/10, SHIVANE, PUNE, Maharashtra 411023, India
Under the DPDP Act 2023, you may file a grievance with our Grievance Officer at the above address. We will acknowledge your grievance within 48 hours and resolve it within 30 days.
Supervisory authority
You have the right to lodge a complaint with India's Data Protection Board (when established and operational under the DPDP Act 2023), or with a supervisory authority in your country of residence if you are in the EU/EEA.