Privacy Policy

1. Overview

This Privacy Policy describes how Adviita ("we," "us," or "our") collects, uses, stores, and protects personal data when you use adviita.com ("the Service"). It is compliant with India's Digital Personal Data Protection Act, 2023 ("DPDPA") and other applicable Indian laws. By using the Service, you consent to the practices described in this Policy. If you do not agree, please stop using the Service. In the context of the DPDPA, Adviita acts as a "Data Fiduciary" with respect to personal data you provide to us as a user of the Service, and as a "Data Processor" with respect to personal data that visitors to your published website provide to you.

2. Information We Collect

3. Legal Basis for Processing

Under the DPDPA, 2023, we process your personal data on the following bases: (a) Consent — you provide consent when you create an account and agree to this Policy; (b) Contract performance — processing is necessary to deliver the Service you have signed up for, including hosting your website and managing your subscription; (c) Legitimate interests — we process certain technical and usage data to maintain security, prevent fraud, and improve the Service, where such interests are not overridden by your privacy rights; and (d) Legal obligation — we may process or retain data where required to comply with applicable laws, court orders, or regulatory requirements.

4. How We Use Your Information

We use the personal data we collect to: (a) create and manage your account; (b) provide, operate, and improve the Service, including AI website generation and hosting; (c) process payments and manage your subscription; (d) send you transactional emails such as login links, payment receipts, and account notifications — we do not send marketing emails without your separate opt-in; (e) respond to your support requests; (f) detect, investigate, and prevent fraudulent or unauthorised activity; (g) comply with legal obligations; and (h) analyse aggregate, anonymised usage trends to improve our product. We will never sell your personal data to third parties.

5. How We Share Your Information

We do not sell or rent your personal data. We share data only in the following circumstances: (a) Service Providers — we share data with trusted third-party vendors who process data on our behalf, including our payment processor (Dodo Payments), cloud infrastructure providers, AI model providers (for generating website content from your prompts), analytics provider (Google Analytics), image library (Pexels), and font provider (Google Fonts). Each is bound by a data processing agreement and may only use your data for the specific purpose we have engaged them for. (b) Legal Requirements — we may disclose your data if required by Indian law, court order, or lawful request from a government authority, or where we reasonably believe disclosure is necessary to protect our legal rights, the safety of any person, or to investigate fraud. (c) Business Transfers — if Adviita is acquired, merges with, or transfers assets to another entity, your data may be transferred as part of that transaction. We will notify you via email before your data becomes subject to a materially different privacy policy. (d) With Your Consent — we may share data for any other purpose with your explicit prior consent.

6. Cross-Border Data Transfers

Your data is stored on servers operated by our cloud infrastructure providers, which may be located outside India. AI processing involves servers operated by third-party AI providers in the United States and other countries. Analytics data is processed by Google Analytics, whose servers are located in the United States. By using the Service and consenting to this Policy, you consent to the transfer of your personal data to these countries. We take reasonable steps to ensure that any data transferred outside India is afforded a level of protection consistent with this Policy and applicable Indian law, including by entering into appropriate data processing agreements with our service providers.

7. Cookies & Local Storage

We use the following browser storage mechanisms: (a) Authentication cookies — to keep you signed in and maintain your session; (b) Browser localStorage — to cache your website drafts and preferences for performance; (c) Google Analytics — we use Google Analytics to understand how visitors use adviita.com (page views, session duration, traffic sources, device and browser type). Google Analytics sets its own cookies and sends this data to Google's servers in the United States. Google Analytics data is anonymised and aggregated; we do not use it to identify individual users. You can opt out of Google Analytics tracking across all websites by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout, or by using a browser that blocks tracking cookies. We do not use advertising cookies, remarketing pixels, or cross-site tracking for ad targeting. You can clear cookies or localStorage through your browser settings at any time; clearing cookies will sign you out of the Service.

8. Your Published Website & Visitor Data

When visitors interact with websites you have published through Adviita, we collect anonymised analytics data on your behalf (page views, referrer sources, country-level location) to populate your analytics dashboard. In this context, you — the site owner — are the Data Fiduciary for your visitors' personal data, and Adviita acts as your Data Processor. You are responsible for maintaining an appropriate privacy policy on your own published website if you collect any personal data from your visitors (for example, through a contact form). Contact form submissions made by your visitors are stored securely and accessible only to you through your dashboard. We do not use your visitors' data for any purpose other than delivering this Service to you.

9. Data Retention

We retain your account data and website content for as long as your account is active. If you delete your account, we will permanently delete your personal data and site content within 30 days, except where we are required by applicable law to retain certain records (for example, financial transaction records may be retained for up to 7 years under Indian accounting law). Anonymised, aggregated usage data that cannot be linked back to you may be retained indefinitely for product improvement purposes.

10. Data Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption of data at rest and in transit (TLS), access controls limited to authorised personnel, regular security reviews, and secure infrastructure. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk. You are responsible for keeping your account access secure — if you suspect unauthorised access, contact us immediately at support@adviita.com.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in harm to you, we will notify you and, where required, the relevant Indian data protection authority, within the timeframe specified by applicable law. Notification will be sent to the email address on your account and will describe the nature of the breach, the data affected, the likely consequences, and the steps we are taking to address it.

12. Your Rights

Under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal data: (a) Right to Access — you may request a summary of the personal data we hold about you and the purposes for which it is processed; (b) Right to Correction — you may request that inaccurate or incomplete data be corrected; (c) Right to Erasure — you may request deletion of your personal data and account where we are no longer required by law to retain it; (d) Right to Withdraw Consent — you may withdraw your consent to processing at any time, which will not affect the lawfulness of processing prior to withdrawal; (e) Right to Grievance Redressal — you may raise a grievance with our Grievance Officer (see Section 14) and expect a response within 48 hours and resolution within 30 days; and (f) Right to Nominate — you may nominate another individual to exercise your data rights in the event of your death or incapacity. To exercise any of these rights, contact us at support@adviita.com or use the relevant options in your account settings.

13. Children's Privacy

The Service is not intended for use by individuals under the age of 18. In accordance with the DPDPA, 2023, we do not knowingly process personal data of children under 18 without verifiable parental consent. If we become aware that a person under 18 has created an account without such consent, we will take steps to delete that data promptly. If you believe a minor is using the Service without appropriate consent, please contact us at support@adviita.com so we can take appropriate action.

14. Grievance Officer

15. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — such as new categories of data collected or new purposes for processing — we will notify you via email at least 14 days before the changes take effect. For minor clarifications, we will update the "Last updated" date without separate notification. Your continued use of the Service after the effective date of any change constitutes your acceptance of the updated Policy.

16. Contact

For any questions about this Privacy Policy, how we handle your data, or to exercise your rights, contact us at support@adviita.com. For grievances specifically, refer to Section 14.