Privacy Policy

1. Who we are

DigiTallyINC ("we", "us", "our") is a digital studio based in Mumbai, India. We are the legal entity behind a small group of brands and products including Positiva Films and ClipEngine AI, along with iOS, macOS, Android, and web apps we design, build, and ship.

Data Controller: DigiTallyINC, Mumbai, India.

Grievance Officer (India / DPDP Act 2023): Tally Talwar, reachable at tally@positivafilms.com. We acknowledge complaints within 7 days and aim to resolve within 30 days.

2. Scope of this policy

This policy applies only to this website, digitallyinc.positivafilms.com.

Our products and apps have their own separate privacy policies that describe their specific data practices. These are linked from each product's App Store listing, Google Play listing, or product website, and are also listed in section 14 of this policy.

3. Information we collect on this website

We collect only what you submit through the contact form on this site. Specifically:

• Your name — provided by you in the contact form
• Your email address — provided by you in the contact form so we can reply
• Project field (optional) — a short free-text description of what you're contacting us about
• Your message — the content you write in the message field
• Time of submission and IP address — temporarily logged by our form processor (Formspree) for spam prevention and security. We do not access these ourselves.

We do not use:

• Cookies of any kind
• Web analytics (no Google Analytics, no Plausible, no Fathom)
• Tracking pixels or beacons
• Session recording or replay tools
• Advertising scripts
• Cross-site or cross-app tracking
• Social media trackers (no Facebook Pixel, no LinkedIn Insight Tag)
• Fingerprinting techniques

4. How we use your information

We use the information you submit only to:

• Reply to your enquiry
• Maintain a record of our correspondence
• Comply with legal obligations (if any apply)

We do NOT:

• Sell or rent your information to any third party
• Share your information with third parties for their own marketing purposes
• Add you to a mailing list or send you marketing without your explicit, opt-in consent
• Use your data to train AI models
• Combine your data with information from other sources

5. Legal basis for processing (GDPR, DPDP Act)

Where the GDPR or DPDP Act applies to you, our legal bases for processing your data are:

• Consent (GDPR Art. 6(1)(a); DPDP Sec. 6): You submit the contact form voluntarily and explicitly agree to us using your data to respond. You can withdraw this consent at any time.
• Legitimate interests (GDPR Art. 6(1)(f)): Maintaining a record of correspondence, preventing spam, and protecting our services from abuse.
• Legal obligation (GDPR Art. 6(1)(c)): Where we must retain or disclose data to comply with law, court order, or government request.

6. Service providers (sub-processors)

We use the following third-party services to operate this site. Each operates under their own privacy policy:

• Formspree (Formspree Inc., USA) — processes contact form submissions and forwards them to our inbox. Privacy policy: formspree.io/legal/privacy-policy.
• Vercel (Vercel Inc., USA) — hosts this website's static files and serves them globally. Privacy policy: vercel.com/legal/privacy-policy.
• Google Fonts (Google LLC, USA) — serves the Fraunces and Inter font files used on this site. Google Fonts is privacy-friendly and does not set cookies, but does log IP addresses for short periods. Privacy policy: policies.google.com/privacy.

These providers act as our processors and may only use your data on our instructions and for the purposes described above.

7. International data transfers

Our processors (Formspree, Vercel) are based in the United States. Your submission may therefore be transferred from your country (including from the EU, UK, India, or Canada) to the US. Where required by law (GDPR Chapter V, DPDP Sec. 16), these transfers are covered by:

• EU Standard Contractual Clauses (SCCs) with our processors
• The EU–US Data Privacy Framework where applicable to the processor
• Your explicit consent when you submit the form, given knowledge of this transfer

8. How long we keep your data

We keep your contact form submission for as long as needed to respond and to maintain a reasonable record of our communication — typically up to 24 months from the date of last contact.

After that, we delete or anonymise the data, except where retention is required by law (for example, for tax or accounting purposes).

You can ask us to delete your data sooner — see section 10.

9. Security

We take reasonable technical and organisational measures to protect your data:

• This site is served entirely over HTTPS with TLS 1.3
• Form submissions are transmitted over HTTPS to Formspree, which uses industry-standard encryption in transit and at rest
• Access to our inbox at tally@positivafilms.com is protected by two-factor authentication
• We follow the principle of least privilege — only the people who need to read your message do

No system is perfectly secure. If a breach affects your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Art. 33 and DPDP Sec. 8(6).

10. Your rights

Depending on where you live, you have rights under privacy laws that apply to you. We honour these rights regardless of your location, to the extent we can.

Under the GDPR (EU/EEA, UK, and similar laws)

• Right of access — request a copy of the data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability — receive your data in a portable format
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with your local supervisory authority (for example, the ICO in the UK or your national DPA in the EU)

Under the CCPA / CPRA (California)

• Right to know what personal information we collect about you
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of the "sale" or "sharing" of personal information — note: we do not sell or share your personal information for cross-context behavioural advertising
• Right to limit use of sensitive personal information — we do not collect sensitive personal information through this site
• Right to non-discrimination for exercising any of these rights
• We honour Global Privacy Control (GPC) signals as an opt-out request

Under the DPDP Act 2023 (India)

• Right to access personal data (Sec. 11)
• Right to correction and erasure (Sec. 12)
• Right to grievance redressal (Sec. 13)
• Right to nominate (Sec. 14)
• Right to withdraw consent at any time
• Right to file complaints with the Data Protection Board of India (DPBI)

How to exercise any of these rights

Email tally@positivafilms.com with a clear description of the right you want to exercise. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before acting on the request, which we will do in the least intrusive way possible.

Exercising your rights is free of charge. We will not discriminate against you for exercising any of them.

11. Children's privacy

This website is not directed at children. We do not knowingly collect personal information from:

• Children under 13 (under COPPA in the United States)
• Children under 16 (under GDPR, unless your member state sets a lower limit)
• Children under 18 (under India's DPDP Act 2023)

If you believe a child has provided personal information to us through this site, please contact us immediately at tally@positivafilms.com and we will delete it.

12. Do Not Track and Global Privacy Control

This site does not track you, so the Do Not Track ("DNT") browser signal is moot. We do however honour Global Privacy Control (GPC) signals as a valid opt-out request under the CCPA/CPRA, even though we do not currently engage in any practice that triggers GPC obligations.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or in applicable law. When we do, we will update the "Last updated" date at the top of the page.

For material changes — such as adding a new category of data collected or a new sharing practice — we will provide more prominent notice, which may include posting a notice on the site or emailing users where we have an email address.

Continued use of the site after a change indicates acceptance of the updated policy.

14. Privacy policies for our products and apps

DigiTallyINC's products have their own privacy policies that cover their specific data practices. These are linked from each product's store listing or product website:

• ClipEngine AI privacy policy
• Positiva Films (positivafilms.com)

iOS, macOS, and Android apps published under DigiTallyINC will each have their own app-specific privacy policy linked from their App Store or Google Play listing.

15. Contact and complaints

For any privacy matter — questions, requests to exercise rights, complaints — write to:

DigiTallyINC
Attn: Grievance Officer
Mumbai, India
tally@positivafilms.com

If we cannot resolve your complaint, you can also escalate to:

• India: the Data Protection Board of India (DPBI) once operational under the DPDP Act 2023
• EU/EEA: your national Data Protection Authority (find yours at edpb.europa.eu)
• UK: the Information Commissioner's Office (ico.org.uk)
• California: the California Privacy Protection Agency (cppa.ca.gov)