Privacy Policy
Effective Date: June 8, 2026
Introduction
Infinijith Apps & Technologies (P) Ltd ("Infinijith", "we", "us") provides AI-powered software development, design, and digital services from Coimbatore, Tamil Nadu. This Privacy Policy explains how we collect, use, disclose, retain, transfer, and protect personal data when you interact with our website, forms, communications, products, or related services.
Registered office: 1st Floor, Kayalvizhi Complex, Erode Main Road, Karattur, Gobichettipalayam - 638476, Tamil Nadu, India.
This policy is intended to address applicable privacy obligations including the Digital Personal Data Protection Act, 2023 and rules made under it, the EU/UK GDPR where applicable, and other privacy laws that may apply to our services.
Personal Data We Collect
We may collect information that you submit directly, including your name, email address, phone number, company name, project details, resume or CV files, and any message sent through our forms. We also collect limited technical information such as IP address, browser type, device information, page usage, and cookie or analytics data.
In some cases, we may also receive data from email conversations, support interactions, live chat, lead forms, job applications, or business communication tools used to help us respond to your enquiry.
We may also collect information when you request a proposal, sign up for updates, submit a support request, use chat features, or interact with pages that use embedded forms, maps, analytics, or third-party content.
Purposes and Lawful Basis
We process personal data only for specific business, service, security, compliance, and consent-based purposes. The table below explains the main processing activities and legal basis we rely on.
| Purpose | Personal Data | Lawful Basis |
|---|---|---|
| Responding to enquiries and proposal requests | Name, email, phone number, company details, project requirements, and communication history. | Pre-contract steps, contract performance, legitimate interests, and consent where required. |
| CRM, live chat, business email, and customer communication management | Contact details, enquiry details, chat messages, email communications, visitor context, lead status, and communication history. | Legitimate interests, pre-contract steps, contract performance, and consent where required. |
| Recruitment, resume review, and candidate communication | Candidate name, email, phone number, resume or CV files, work history, skills, and related application details. | Consent, pre-contract or employment-related steps, legitimate interests, and legal obligation where applicable. |
| Providing software, AI-powered development, design, and digital services | Project information, business contact details, support messages, files, and agreed delivery records. | Contract performance, legitimate interests, and legal obligation where records must be kept. |
| Website security, fraud prevention, and spam protection | IP address, device/browser data, form metadata, and reCAPTCHA signals. | Legitimate interests, legal obligation, and certain legitimate uses where applicable. |
| Analytics, performance measurement, and cookie preference handling | Cookie identifiers, page usage, device/browser data, consent status, and analytics events. | Consent for non-essential analytics or marketing cookies, with legitimate interests for essential security and preference storage. |
| Legal, accounting, tax, dispute, and compliance records | Contracts, invoices, payment records, correspondence, and request handling records. | Legal obligation, contract performance, and legitimate interests. |
Cookies and Analytics
We use strictly necessary cookies for core website functions, security, and consent preference storage. Where required by law, we use analytics, preference, and marketing cookies only after consent. In other regions, these optional cookies may be enabled by default, and you can reject or change them at any time through our cookie preference controls or your browser settings.
Our cookie categories include strictly necessary, preference, analytics, and marketing cookies. You can withdraw or change non-essential cookie consent through the site's cookie preference controls, through the footer Cookie Preferences link, or by adjusting your browser settings.
For more detail, read our Cookies Policy.
Disclosure of Personal Data
We do not sell your personal data. We may share personal data with trusted service providers that help us host the website, secure forms, manage CRM records, operate live chat, send and receive business email, measure analytics, provide AI-assisted resume parsing or internal workflows, process SaaS payments where enabled, or deliver contracted services.
We may also disclose information where required by law, to protect our rights, users, or systems, or as part of a business transaction such as a merger, acquisition, financing, restructuring, or sale of assets. Any such transfer will be handled with appropriate safeguards and notice where required.
Service Providers and Recipients
The providers below may process personal data for us when the relevant website feature, product feature, internal workflow, or client service is enabled. We review providers periodically and may update this list as tools change.
| Provider | Use | Location | Policy |
|---|---|---|---|
| DigitalOcean | Cloud hosting, infrastructure, backups, and operational security where used. | Configured hosting regions, including India, the EEA, the UK, or the United States where applicable. | DigitalOcean Privacy Policy |
| Google Tag Manager and Google Analytics | Analytics, campaign measurement, and consent-controlled website tags. | United States and global Google infrastructure. | Google Privacy Policy |
| Google reCAPTCHA | Spam, abuse, and automated form submission prevention. | United States and global Google infrastructure. | Google Privacy Policy |
| Zoho CRM, Zoho SalesIQ, and Zoho Mail | CRM, lead management, live chat, visitor engagement, and business email communications. | India, the United States, the EEA, and global Zoho infrastructure depending on service and account configuration. | Zoho Privacy Policy |
| OpenAI | Resume parsing and limited AI-assisted internal or service workflows where enabled. | United States and global service infrastructure. | OpenAI Privacy Policy |
| Razorpay | Payment processing, billing, fraud checks, and invoice support for SaaS products where enabled. | India and global service infrastructure where applicable. | Razorpay Privacy Policy |
Cross-Border Data Transfers
Because we are based in India and use cloud hosting, analytics, CRM, communication, form-protection, and AI service providers, personal data may be transferred to or accessed from India, the United States, the EEA, the UK, and other countries where our providers operate.
For EU/UK personal data, we rely on appropriate safeguards such as Standard Contractual Clauses, UK-approved transfer mechanisms, vendor data processing terms, transfer assessments where required, and security controls. For Indian personal data, we transfer data in line with the DPDP Act, 2023 and applicable rules or government notifications when they apply.
Where a customer contract includes separate data processing terms, those terms may provide additional transfer safeguards for project data.
Retention and Security
We retain personal data only for as long as needed for the purpose for which it was collected, including to respond to enquiries, manage recruitment, deliver services, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, and protect our systems. Retention periods vary by record type and are reviewed periodically. Where law requires a specific retention period, we retain the relevant records for that period.
| Record Type | Retention Criteria |
|---|---|
| Website contact, enquiry, CRM, and chat data | Retained while the enquiry, opportunity, live chat, or customer relationship remains active, then reviewed periodically unless needed for legal, dispute, security, or business record purposes. |
| Proposal, contract, project, and support records | Retained while the customer relationship, project, support need, warranty, dispute, legal claim period, or related business record need remains relevant. |
| Recruitment and resume records | Retained for the hiring process and future role consideration where appropriate, unless deletion is requested or longer retention is needed for legal, compliance, or dispute purposes. |
| Invoice, tax, accounting, and payment records | Retained for the period required by applicable tax, accounting, company, payment, and audit laws, or longer where a dispute or legal requirement applies. |
| Security logs, spam prevention records, and abuse investigation records | Retained for security monitoring, abuse prevention, investigation, fraud prevention, compliance, and system integrity needs, then deleted or anonymized when no longer required. |
| Cookie consent and privacy request records | Cookie preference records stored in the visitor’s browser, and privacy request correspondence or case records where a request is submitted to us. |
We use reasonable administrative, technical, and organizational safeguards to protect data, including access controls, secure hosting practices, encrypted transport where supported, spam prevention, and vendor security review. No online system is fully secure, so we continue to review controls as systems and risks change.
AI and Automated Processing
Infinijith builds AI-powered products and may use AI-assisted tools in service delivery, internal review, support, content drafting, code assistance, proposal preparation, or client-approved product workflows. We also internally use the OpenAI API to help parse resumes submitted through our recruitment forms. If personal data is submitted to an AI API, we limit the data to what is reasonably needed for the service, feature, or internal workflow.
Unless we clearly tell you otherwise and obtain any required consent, we do not permit personal data submitted through our website, resume workflows, or service workflows to be used to train public AI models. We configure available provider controls and contractual terms to restrict training and retention where applicable.
We do not make solely automated decisions using website personal data that produce legal effects or similarly significant effects without appropriate human review.
India DPDP Rights and Grievance Officer
If you are a Data Principal in India, you may have rights under the Digital Personal Data Protection Act, 2023 and applicable rules, including the right to access information about your personal data, request correction, completion, updating, or erasure, withdraw consent where processing is based on consent, nominate another person to exercise rights where permitted, and raise a grievance.
Privacy and Grievance Officer: Privacy and Grievance Officer, Infinijith Apps & Technologies (P) Ltd. Email: privacy@infinijith.com. Postal contact: 1st Floor, Kayalvizhi Complex, Erode Main Road, Karattur, Gobichettipalayam - 638476, Tamil Nadu, India.
We aim to respond to privacy requests and grievances within 30 days after receiving the request and any information needed to verify identity or understand the request. If we decline a request, we will explain the reason where required by law. If you are not satisfied with our response, you may escalate to the Data Protection Board of India or another applicable authority when available under law.
EU, UK, and Other Privacy Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, withdraw consent, request portability, or complain to a supervisory authority. For EU/UK users, we generally respond within one month unless an extension is permitted by law.
If we need to verify your identity before responding, we may ask for limited information to confirm that the request is legitimate. If a request is refused or limited because of legal, security, contractual, or rights-related reasons, we will explain the reason where required and tell you how to escalate.
EU and UK users may complain to their local data protection authority, including the ICO in the UK or the relevant EU supervisory authority. Indian users may escalate eligible grievances to the Data Protection Board of India when the applicable legal mechanism is available.
Children's Privacy
Our services are not directed to children under 18, or the applicable age of majority in your jurisdiction if different. We do not knowingly collect children's personal data without appropriate consent or authorization where required by law.
If a parent or guardian believes a child has submitted personal data through our website, we should be contacted so we can review and remove it where appropriate.
Do Not Sell or Share for Cross-Context Advertising
We do not sell personal data. We also do not knowingly share personal data for cross-context behavioral advertising unless we provide the required notice and choice under applicable law.
Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, services, or legal requirements. The latest version will always be posted on this page with the updated effective date.
| Version | Date | Summary |
|---|---|---|
| v1 | January 20, 2019 | Original public privacy policy. |
| v2 | June 8, 2026 | Plain-English rewrite with DPDP, lawful basis, AI, transfer, retention, processor, and rights disclosures. |
Contact Information
If you have questions about this policy, want to make a privacy request, or need to raise a grievance, contact privacy@infinijith.com or use our Contact Us page. Commercial enquiries should continue to use sales@infinijith.com.