Back to DigiTallyINC

Privacy

Privacy Policy

Version 1.0 · Effective 21 May 2026 · Last updated 21 May 2026

Plain-language summary

We're DigiTallyINC, a digital studio in Mumbai, India. This website (digitallyinc.positivafilms.com) has one contact form and nothing else that collects data — no analytics, no cookies, no tracking, no advertising, no AI training. If you write to us via the form, we keep your message to reply and delete it on request. We name every third party we work with in §7. You have detailed rights under GDPR, CCPA/CPRA, India's DPDP Act, and other laws — see §11. For anything privacy-related, contact us at tally@positivafilms.com. Each of our apps and products has its own separate privacy policy.

1. Introduction

This Privacy Policy (the "Policy") explains how DigiTallyINC ("we", "us", "our") collects, uses, stores, shares, transfers, and protects information that relates to identified or identifiable individuals ("you", "your") when you visit digitallyinc.positivafilms.com (the "Website") or otherwise interact with DigiTallyINC.

We are committed to handling your information lawfully, fairly, and transparently. This Policy describes the standards we apply and the rights you have. We have written it in plain English wherever possible; the Plain-language summary above gives you the essentials in one paragraph.

By using the Website, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Website or submit information through it.

2. Key definitions

In this Policy, the following capitalised terms have the meanings given here:

"Personal Information" / "Personal Data"
Any information relating to an identified or identifiable natural person. Includes names, email addresses, IP addresses, and any data that can be linked to you.
"Processing"
Any operation performed on Personal Information, including collection, recording, storage, use, sharing, disclosure, erasure, or destruction.
"Controller" / "Data Fiduciary"
The entity that determines the purposes and means of Processing Personal Information. DigiTallyINC is the Controller / Data Fiduciary for this Website.
"Processor" / "Data Processor"
A third party that Processes Personal Information on the Controller's instructions and behalf (e.g. our form provider).
"Sensitive Personal Information" / "Special Category Data"
Categories of Personal Information requiring heightened protection — racial or ethnic origin, political opinions, religious beliefs, health, sexual orientation, biometric data, genetic data, financial account information, government-issued identifiers, precise geolocation, and similar. We do not collect any of these through the Website.
"GDPR"
Regulation (EU) 2016/679 (the General Data Protection Regulation) and the UK GDPR.
"CCPA" / "CPRA"
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020.
"DPDP Act"
The Digital Personal Data Protection Act, 2023, of India.
"Data Principal" (DPDP)
An individual to whom Personal Data relates, under India's DPDP Act. Equivalent to "Data Subject" under GDPR.
"Sale" / "Sharing" (CCPA)
Selling, renting, releasing, disclosing, disseminating, making available, or otherwise communicating a consumer's Personal Information to a third party for monetary or other valuable consideration; or sharing for cross-context behavioral advertising. We do neither.

3. Who we are

DigiTallyINC is a digital studio operating since 2013 from Mumbai, India. We are the legal entity behind a small group of brands and products including Positiva Films (cinematography and production), ClipEngine AI (Chrome extension), and software products published on the Apple App Store, Google Play, and the web.

Data Controller / Data Fiduciary: DigiTallyINC, Mumbai, India.

Grievance Officer (India / DPDP Act, Section 8(9)): Tally Talwar, DigiTallyINC, Mumbai, India. Submit privacy complaints via the contact form on this site. We acknowledge complaints within 7 days and aim to resolve within 30 days (or sooner where required by law).

Privacy contact: Send all privacy enquiries via the contact form on the homepage, or by post to DigiTallyINC, Attn: Grievance Officer, Mumbai, India.

4. Scope of this policy

This Policy applies only to digitallyinc.positivafilms.com. It does not apply to:

  • Our mobile or desktop applications (each has its own privacy policy linked from the relevant App Store or product page)
  • The ClipEngine AI Chrome extension (separate policy at clipengineai.positivafilms.com/privacy)
  • The Positiva Films website (separate brand, separate policy at positivafilms.com)
  • Third-party websites we link to (their own policies apply)

Cross-references to product-specific policies are listed in §18.

5. Information we collect (and what we don't)

5.1 Information you provide directly

We collect only what you submit through the contact form on this Website. Specifically:

  • Name — provided by you, used to address you in our reply.
  • Email address — provided by you, used to send our reply.
  • Project field (optional) — free-text describing what you're contacting us about.
  • Message — free-text content of your enquiry.
  • Submission timestamp — automatically attached so we know when you wrote.

All form fields are voluntary — you choose what to write. We collect only what you explicitly send.

5.2 Information collected automatically by our service providers

Standard internet logs maintained by our hosting and form providers (see §7) may include:

  • IP address — logged briefly by our form processor for spam prevention and abuse detection, and by our host for security purposes. We do not access or store IP addresses ourselves.
  • Browser user agent — recorded in server logs for security and debugging.
  • Request timestamps — standard web server logs.

These are operational logs maintained by our service providers under their own privacy practices. Retention is governed by their policies. We do not use this information for any purpose beyond ensuring the Website operates and is not abused.

5.3 Information we explicitly do not collect

For full transparency, the Website does not use, collect, or process any of the following:

  • Cookies of any kind (essential, functional, analytics, advertising, or otherwise)
  • Web analytics (no Google Analytics, Plausible, Fathom, Mixpanel, Hotjar, or similar)
  • Tracking pixels, beacons, or web beacons
  • Session recording or replay tools (no FullStory, LogRocket, Hotjar Recordings, etc.)
  • Advertising scripts or ad networks
  • Cross-site or cross-app tracking
  • Cross-context behavioral advertising
  • Social-media trackers (no Facebook Pixel, LinkedIn Insight Tag, Twitter conversion tracking, etc.)
  • Browser fingerprinting techniques
  • Geolocation data (precise or approximate) beyond IP-derived country at the network level
  • Device sensor data
  • Biometric data
  • Government identifiers (Aadhaar, PAN, SSN, passport, etc.)
  • Financial account information, payment card data, or bank details
  • Health, medical, or genetic information
  • Information used to train artificial-intelligence or machine-learning models
  • Inferences about you (e.g. interests, preferences, demographics)
  • Information about your contacts, address book, or social graph
  • Audio or video recordings

If at any point in the future we add any of the above, we will update this Policy and obtain your consent where required by law.

6. How we use your information and legal bases

6.1 Purposes of processing

We use the information you submit through the contact form only for these purposes:

  • Replying to your enquiry. We read your message and respond by email to the address you provided.
  • Maintaining a record of correspondence. We keep your message so we can refer back to it during any continued exchange, and so we have a record of who contacted us and when.
  • Protecting our Website and inbox from abuse. Detecting and preventing spam, automated submissions, and security threats.
  • Complying with applicable law. Retaining, disclosing, or producing information only where legally required (e.g. response to a valid subpoena, court order, or government request).

We do not use your information for any other purpose. We do not use it for marketing without your explicit opt-in consent, do not sell it, do not share it for cross-context behavioral advertising, and do not feed it into AI training systems.

6.2 Legal bases for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, the lawful bases on which we rely are:

  • Consent — GDPR Article 6(1)(a). When you submit the contact form, you give explicit consent for us to use the information to respond to you. You can withdraw consent at any time by contacting us.
  • Legitimate interests — GDPR Article 6(1)(f). Our legitimate interests include maintaining a record of correspondence, preventing abuse of the Website, and improving the Website. We have considered the impact on your rights and freedoms and concluded these interests do not override yours.
  • Legal obligation — GDPR Article 6(1)(c). Where we must retain or disclose information to comply with applicable law.

6.3 Legal bases (DPDP Act, India)

Under the DPDP Act, we process your Personal Data on the following grounds:

  • Consent — Section 6 of the DPDP Act. You consent by submitting the form after reading our notice (this Policy).
  • Legitimate uses — Section 7 of the DPDP Act, where applicable, including compliance with law and protection of the Data Fiduciary's rights.

7. Sharing your information (sub-processors)

We use the following third-party service providers ("sub-processors") to operate the Website. Each is bound by their own terms of service and privacy policy. Each acts as a Processor on our behalf and may not use your information for their own purposes beyond what is necessary to deliver their service.

Formspree

Formspree Inc., based in the United States.

Purpose: Receives contact form submissions from the Website and forwards them to our inbox at tally@positivafilms.com.

Data processed: Name, email, project field, message, IP address (for spam prevention), submission timestamp, user agent.

Privacy policy: formspree.io/legal/privacy-policy

Vercel

Vercel Inc., based in the United States.

Purpose: Hosts the Website's static files and serves them globally via a content delivery network.

Data processed: IP addresses of visitors (in standard server logs), browser user agent, request paths and timestamps.

Privacy policy: vercel.com/legal/privacy-policy

Google Fonts

Google LLC, based in the United States.

Purpose: Serves the typeface files (Fraunces, Inter) used to render text on the Website.

Data processed: IP address (briefly, for font file delivery). Google Fonts does not set cookies and does not store IPs long-term per its disclosures.

Privacy policy: policies.google.com/privacy

GoDaddy

GoDaddy Inc., based in the United States.

Purpose: Provides DNS hosting for the positivafilms.com domain (including the digitallyinc.positivafilms.com subdomain).

Data processed: DNS query metadata (IP addresses of resolvers, timestamps). GoDaddy does not see the content of your form submissions.

Privacy policy: godaddy.com/legal/agreements/privacy-policy

7.2 Other disclosures

We may disclose Personal Information to third parties outside of the sub-processor list above only:

  • To comply with law. Where required by valid legal process — court order, subpoena, governmental request — or to enforce our legal rights.
  • To protect rights or safety. Where reasonably necessary to protect the rights, property, or safety of DigiTallyINC, our users, or the public.
  • In the event of a corporate transaction. If DigiTallyINC is involved in a merger, acquisition, asset sale, restructuring, or insolvency, your Personal Information may be transferred as part of that transaction. The receiving party will be bound by this Policy or one materially equivalent. We will notify you of any such change.
  • With your explicit consent. If we ever want to share your information for a purpose not described in this Policy, we will ask you first.

7.3 We do not

  • Sell or rent your Personal Information to anyone, ever.
  • Share your information for cross-context behavioral advertising.
  • Share your information with third parties for their own marketing purposes.
  • Add you to a mailing list without your explicit opt-in.
  • Use your information to train AI or machine-learning models, our own or anyone else's.
  • Combine your information with information from other sources (data brokers, public records, etc.) to build profiles.

8. International data transfers

Our sub-processors (Formspree, Vercel, Google Fonts, GoDaddy) are based in the United States. When you submit the form, your information is transferred from your country (which may be in the EU, EEA, UK, India, Canada, Brazil, or elsewhere) to the United States.

Where required by law, these transfers rely on one or more of the following safeguards:

  • EU Standard Contractual Clauses (SCCs). Module 2 ("controller-to-processor") with our processors who do not have a self-certified adequacy mechanism.
  • EU–US Data Privacy Framework (DPF). Where the processor is self-certified to the DPF, this serves as an adequacy mechanism for EU/EEA personal data transferred to the US.
  • UK Addendum to SCCs / UK International Data Transfer Agreement. For UK personal data, equivalent safeguards.
  • Your explicit consent (GDPR Article 49(1)(a)) — by submitting the form with knowledge of these transfers, you consent to them.

For Indian users: Cross-border transfer is permitted under Section 16 of the DPDP Act except to countries notified as restricted by the Central Government of India. We monitor and comply with all such notifications.

You can request a copy of the safeguards we have in place by contacting us.

9. Data retention

We retain Personal Information only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to defend or pursue legal claims.

Specific retention periods:

  • Contact form submissions in our inbox: retained for up to 24 months from the date of last contact, then deleted or anonymised — except where longer retention is required by law or to defend against a legal claim.
  • Formspree side: submissions are stored on Formspree's servers per their retention policy, which we configure to be no longer than necessary. We delete submissions from the Formspree dashboard within 30 days of receiving them in our inbox.
  • Server logs (Vercel): retained by Vercel per their policies, typically 30 days for raw logs.
  • Legal hold: if we receive a valid legal preservation request, we will retain relevant information for as long as required to comply.

You can ask us to delete your information sooner at any time (see §11). We will comply unless we have a lawful basis to retain it.

10. Data security and breach notification

10.1 Technical and organisational measures

We apply reasonable and appropriate measures, including:

  • The Website is served over HTTPS with TLS 1.3 encryption; HTTP is permanently redirected to HTTPS.
  • The TLS certificate is auto-renewed by our host (Let's Encrypt via Vercel).
  • The Website is statically rendered with no server-side database — there is no application database for an attacker to exploit.
  • Form submissions are transmitted to Formspree over HTTPS and stored by Formspree using industry-standard encryption at rest.
  • Our inbox (tally@positivafilms.com) is protected by strong passwords and two-factor authentication.
  • Access to our inbox follows the principle of least privilege — only authorised personnel who need to read enquiries do so.
  • Our hosting (Vercel) maintains its own SOC 2 Type II compliance and other security certifications.
  • We do not store backups of contact form submissions outside the systems described above.
  • We review our security posture periodically and after any incident.

10.2 No system is perfectly secure

Despite our measures, no transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security. By using the Website, you acknowledge that you assume this residual risk.

10.3 Data breach notification

If we become aware of a Personal Data Breach (as defined under GDPR Article 4(12) or equivalent under other laws) that is likely to result in a risk to the rights and freedoms of natural persons, we will:

  • Notify the relevant supervisory authority without undue delay, and where feasible within 72 hours (GDPR Art. 33; DPDP Section 8(6)).
  • Where the breach is likely to result in a high risk to your rights and freedoms, notify you directly without undue delay, by email or other appropriate means.
  • Provide information on the nature of the breach, the categories and approximate number of individuals affected, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to address the breach.
  • Document the breach internally, including the facts, effects, and remedial action taken.

11. Your privacy rights

You have rights with respect to your Personal Information. The specific rights available to you depend on where you live and the applicable law. We honour the rights described below for all users regardless of location, to the extent we can do so consistent with our legal obligations.

11.1 Universal rights

  • Right of access — request a copy of the Personal Information we hold about you.
  • Right to rectification — request that we correct inaccurate or incomplete Personal Information.
  • Right to erasure — request that we delete your Personal Information.
  • Right to withdraw consent — withdraw any consent you have given, at any time.
  • Right to non-discrimination — exercise your rights without us treating you unfavourably.
  • Right to lodge a complaint — file a complaint with the relevant supervisory authority in your jurisdiction (see §11.6, §19, §20, §21).

11.2 Additional rights under GDPR / UK GDPR

  • Right to restriction of processing — ask us to limit how we use your Personal Information in certain circumstances (Article 18).
  • Right to data portability — receive your Personal Information in a structured, commonly-used, machine-readable format, and transmit it to another controller (Article 20).
  • Right to object — object to processing based on legitimate interests or direct marketing (Article 21).
  • Right not to be subject to automated decision-making — including profiling that produces legal effects (Article 22). We do not engage in any such automated decision-making.

11.3 Additional rights under CCPA / CPRA (California)

  • Right to know — what categories of Personal Information we have collected, the sources, purposes, third parties with whom we share it, and specific pieces of information we have collected about you.
  • Right to delete — Personal Information we have collected from you.
  • Right to correct — inaccurate Personal Information.
  • Right to opt out of sale and sharing — note: we do not sell or share your Personal Information (as those terms are defined under the CCPA/CPRA).
  • Right to limit use of sensitive Personal Information — note: we do not collect Sensitive Personal Information as defined under the CPRA.
  • Right to non-discrimination — we will not deny services, charge different prices, or provide a different level of service for exercising your rights.
  • Authorised agent — you may designate an authorised agent to make requests on your behalf. We will verify the agent's authority before fulfilling the request.

We honour the Global Privacy Control (GPC) signal as an opt-out request under the CCPA/CPRA, even though we do not engage in any practice that would otherwise require such an opt-out.

See §19 for additional California-specific disclosures.

11.4 Rights under India's DPDP Act 2023

  • Right to access information about Personal Data processing (Section 11).
  • Right to correction and erasure of Personal Data (Section 12).
  • Right of grievance redressal through the Grievance Officer (Section 13).
  • Right to nominate another individual to exercise rights in the event of death or incapacity (Section 14).
  • Right to withdraw consent at any time, with the same ease as giving it (Section 6(4)).
  • Right to lodge a complaint with the Data Protection Board of India.

See §21 for additional India-specific disclosures.

11.5 Rights under other jurisdictions

We acknowledge and honour rights granted by other privacy laws where they apply to you, including:

  • PIPEDA (Canada) — Personal Information Protection and Electronic Documents Act.
  • LGPD (Brazil) — Lei Geral de Proteção de Dados Pessoais.
  • PIPL (China) — Personal Information Protection Law.
  • POPIA (South Africa) — Protection of Personal Information Act.
  • State privacy laws in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other US states with comprehensive privacy laws.

If you live in one of these jurisdictions and would like to exercise a right specific to your local law, please contact us.

11.6 How to exercise your rights

Submit a request via the contact form on the homepage of this Website. In your message, please:

  • Identify yourself by name and the email address you used to contact us originally (so we can locate your information).
  • State clearly which right you want to exercise.
  • Where applicable, specify what information you are referring to.

11.7 Identity verification

To protect against fraudulent requests, we may need to verify your identity before fulfilling a rights request. We will do this in the least intrusive way possible — typically by confirming you can receive email at the address used in your original submission. We will not require you to create an account.

11.8 Response timeframes

We will acknowledge your request promptly and respond within:

  • 30 days under GDPR / UK GDPR (extendable by up to 60 days for complex requests, with notice to you).
  • 45 days under CCPA / CPRA (extendable by 45 days with notice).
  • 30 days under the DPDP Act (per the Grievance Officer obligations).
  • Other jurisdictions: within the period required by applicable law, or 30 days, whichever is sooner.

11.9 No fee — but exception for unfounded or excessive requests

Exercising your rights is free of charge. We reserve the right to charge a reasonable fee, or refuse to act, on requests that are manifestly unfounded, excessive, or repetitive (as permitted under GDPR Article 12(5) and equivalents).

12. Cookies and tracking technologies

This Website does not use cookies of any kind. We do not use local storage, session storage, or any other browser tracking technology to identify or remember individual visitors.

Because we do not use cookies, no cookie banner is required by law (under the ePrivacy Directive, GDPR, or equivalent regimes).

Do Not Track: This Website does not track you, so the Do Not Track ("DNT") browser signal is moot here. We do not change our behaviour in response to it because there is nothing to change.

Global Privacy Control: We honour the GPC signal as a valid opt-out request under the CCPA/CPRA. Even though we do not engage in any practice that would otherwise require such an opt-out, the signal will be respected if and when our practices change.

13. Children's privacy

This Website is not directed at children. We do not knowingly collect Personal Information from:

  • Children under 13 in the United States (COPPA).
  • Children under 16 in the EU/EEA and UK (GDPR / UK GDPR, unless a member state has set a lower age of digital consent down to 13).
  • Children under 18 in India (DPDP Act, which requires verifiable parental consent for processing children's data and forbids behavioural monitoring or targeted advertising directed at children).

If you are a parent or guardian and you believe a child has provided Personal Information to us through this Website, please contact us immediately at tally@positivafilms.com. We will delete the information promptly.

14. Sensitive personal information

We do not collect, use, store, share, or process any Sensitive Personal Information through this Website. Sensitive Personal Information includes (without limitation):

  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Political opinions or trade-union membership
  • Health, medical, or genetic data
  • Biometric data used to uniquely identify a person
  • Sexual orientation or sex life
  • Financial account information, payment card data, or bank details
  • Precise geolocation
  • Government-issued identifiers (passport, driver's licence, SSN, Aadhaar, PAN, etc.)
  • Contents of communications other than the message you choose to send us
  • Children's data
  • Criminal-conviction data

If we ever change our practices and need to collect any such information, we will update this Policy and obtain your explicit consent.

15. Automated decision-making and profiling

We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, within the meaning of GDPR Article 22 or equivalent laws.

We do not use any algorithm, machine-learning model, or artificial-intelligence system to evaluate, score, classify, categorise, or make decisions about you based on Personal Information collected through this Website.

If this changes, we will update this Policy and ensure the necessary legal basis, transparency, and safeguards are in place — including the right for you to obtain human intervention.

16. Marketing communications

We do not currently send marketing communications. We will not add you to any mailing list, newsletter, or marketing communication channel without your explicit opt-in consent.

If we ever launch marketing communications, you will be able to:

  • Opt in only by clearly indicating your consent at the time we ask.
  • Opt out (unsubscribe) at any time, free of charge, via a link in every marketing email and on request to tally@positivafilms.com.
  • Withdraw consent with the same ease with which you gave it (GDPR Article 7(3); DPDP Section 6(4)).

17. Third-party websites

The Website may contain links to third-party websites (for example, Positiva Films, the Chrome Web Store, our sub-processors' privacy policies, social networks). Those websites are not controlled by us and have their own privacy policies. We are not responsible for the privacy practices of any third-party website.

We encourage you to read the privacy policy of any third-party website you visit before providing them with information.

18. Privacy policies for our products

DigiTallyINC's products and apps have their own privacy policies that cover their specific data practices. Each product's policy governs that product's processing of Personal Information; this Policy does not apply to them.

iOS, macOS, and Android apps published under DigiTallyINC will each have their own app-specific privacy policy linked from their App Store or Google Play listing and from within the app. Those policies will detail the specific data each app collects (which may include data we explicitly do not collect on this Website, such as device identifiers, app usage data, crash reports, etc., as applicable to each app).

19. California-specific disclosures (CCPA / CPRA)

19.1 Categories of Personal Information collected

In the past 12 months, we have collected the following categories of Personal Information (as defined by Cal. Civ. Code §1798.140):

  • Identifiers — name, email address, IP address (briefly, via sub-processors).
  • Customer records (Cal. Civ. Code §1798.80(e)) — contents of communications you send us (your message).
  • Internet activity — only IP address and browser user agent logged briefly by sub-processors for security purposes.

We do not collect: commercial information; biometric information; geolocation data (beyond IP); audio, electronic, visual, thermal, olfactory, or similar information; professional or employment-related information; education information; inferences; or any category of Sensitive Personal Information.

19.2 Sources

We collect Personal Information directly from you (when you submit the contact form) and from our service providers (server logs, see §5.2).

19.3 Business and commercial purposes for collection

See §6. We use Personal Information solely to respond to your enquiry, maintain a record of correspondence, prevent fraud and abuse, and comply with law.

19.4 Categories shared with third parties

We share Personal Information only with the sub-processors listed in §7 (Formspree, Vercel, Google Fonts, GoDaddy). We do not "sell" or "share" Personal Information as those terms are defined under the CCPA/CPRA.

19.5 California "Shine the Light" (Cal. Civ. Code §1798.83)

California residents may request, once per calendar year, a list of categories of Personal Information disclosed to third parties for those third parties' direct marketing purposes during the previous calendar year, and the names and addresses of those third parties. Our answer: we have not disclosed any Personal Information to third parties for their direct marketing purposes in the preceding year, and we do not plan to.

19.6 Retention

We retain each category of Personal Information per the schedule in §9.

20. EU / EEA / UK-specific information (GDPR / UK GDPR)

20.1 Data Protection Officer

Given the limited scope of our processing on this Website (no large-scale processing, no Special Category Data, no automated decision-making, no systematic monitoring), we are not required to appoint a Data Protection Officer under GDPR Article 37. The Grievance Officer named in §3 handles all privacy enquiries.

20.2 EU representative

We do not currently maintain an EU representative under GDPR Article 27. We will appoint one if and when our processing activities trigger that requirement, and update this Policy accordingly.

20.3 Supervisory authorities

If you believe we have processed your Personal Information in violation of GDPR or UK GDPR, you have the right to lodge a complaint with a supervisory authority — typically the one in your country of residence, place of work, or place of the alleged infringement.

We would, of course, appreciate the chance to address your concerns before you approach the authority. Please contact us first.

21. India-specific information (DPDP Act 2023)

21.1 Data Fiduciary

DigiTallyINC is the Data Fiduciary for Personal Data processed on this Website, as defined under Section 2(i) of the DPDP Act.

21.2 Grievance Officer (Section 8(9), DPDP Act)

Tally Talwar serves as our Grievance Officer. Submit complaints via the contact form or by post to:

DigiTallyINC
Attn: Grievance Officer
Mumbai, India

We acknowledge complaints within 7 days and aim to resolve them within 30 days. If we cannot resolve a complaint to your satisfaction, you may approach the Data Protection Board of India (once operational).

21.3 Notice (Section 5, DPDP Act)

This Policy serves as the notice required under Section 5 of the DPDP Act. By submitting the contact form after reading this notice, you give your consent under Section 6.

21.4 Consent Manager

We do not currently use a registered Consent Manager service. If and when the Data Protection Board of India operationalises the Consent Manager framework, we will assess whether to integrate one and update this Policy accordingly.

21.5 Significant Data Fiduciary

We are not a Significant Data Fiduciary as defined under Section 10 of the DPDP Act, given the limited volume and sensitivity of data we process. If we are notified as one in future, we will comply with the additional obligations and update this Policy.

21.6 Language

This Policy is provided in English. We will provide a copy in the official language of any State of India on reasonable written request, in accordance with the Eighth Schedule of the Constitution of India.

22. Changes to this policy

We may update this Policy from time to time — to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Update the "Last updated" date and version number at the top of this Policy.
  • For material changes (e.g. new categories of data collected, new purposes, new categories of third-party recipients, changes that reduce your rights), provide more prominent notice — which may include posting a notice on the Website, emailing you (if we have your email), or requesting renewed consent where required by law.
  • Keep a record of prior versions of this Policy. Send us a request to receive a copy of any prior version.

Continued use of the Website after a change indicates acceptance of the updated Policy, except where applicable law requires renewed consent.

23. Governing law, severability, dispute resolution

23.1 Governing law

This Policy is governed by the laws of India, without regard to its conflict-of-laws principles. Mandatory provisions of any other law that apply to you because of your residence remain available to you and prevail over this clause to the extent required.

23.2 Jurisdiction

Subject to your mandatory consumer-protection rights and the jurisdiction of your local data-protection authority, the courts of Mumbai, India have exclusive jurisdiction over any disputes arising from this Policy.

23.3 Severability

If any provision of this Policy is held to be invalid, illegal, or unenforceable, the remaining provisions remain in full force and effect. The invalid provision will be deemed modified to the minimum extent necessary to make it valid and enforceable while preserving its intent.

23.4 No waiver

Our failure to enforce any right or provision of this Policy is not a waiver of that right or provision. A waiver of any provision is effective only if in writing and signed by us.

23.5 Entire understanding

This Policy, together with any other notices we provide at the time of collection, constitutes the entire understanding between you and DigiTallyINC regarding the processing of Personal Information through the Website.

24. Contact and complaints

For any privacy matter — questions, rights requests, complaints — please contact us:

DigiTallyINC
Attn: Grievance Officer
Mumbai, India

Use the contact form on our homepage. In privacy matters, write to the email address you used to originally contact us (so we can locate your information). Be specific about which right you are exercising.

If we cannot resolve your complaint, you may escalate to the relevant authority:

  • India: Data Protection Board of India (DPBI) — once operational under the DPDP Act 2023.
  • EU/EEA: Your national Data Protection Authority. List at edpb.europa.eu.
  • UK: Information Commissioner's Office — ico.org.uk.
  • California: California Privacy Protection Agency — cppa.ca.gov; or the California Attorney General — oag.ca.gov/privacy/ccpa.
  • Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca.
  • Brazil: Autoridade Nacional de Proteção de Dados — gov.br/anpd.