Privacy Policy

Introduction

SF Web Solutions Private Limited ("SF Web Solutions", "we", "us", or "our") is a company registered in India, headquartered in Hyderabad, Telangana. We provide web development, digital marketing, custom software, and SaaS products and related support services.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our websites (including sfwebsolutions.in), web applications, SaaS products, and when you interact with us for sales, support, or marketing. We are committed to handling your data in line with applicable Indian law, including the Information Technology Act 2000 and its rules, and the Digital Personal Data Protection Act 2023 (DPDPA).

Scope. This policy applies to website visitors, prospective and existing clients, users of our SaaS products, support and contact form users, and anyone whose data we process in connection with our services. By using our services or providing your data, you acknowledge that you have read and understood this policy.

Legal basis and applicability

Our processing of personal data is governed primarily by the laws of India, including the Information Technology Act 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, and the Digital Personal Data Protection Act 2023 (DPDPA). Where we process data of individuals located outside India, we also consider applicable local laws; such users are encouraged to review their own jurisdiction's requirements.

We process personal data only where we have a lawful basis: your consent where required (e.g. for marketing or non-essential cookies), performance of a contract with you, compliance with legal obligations, or our legitimate interests in providing and improving our services, subject to your rights under applicable law.

Types of data we collect

We may collect the following categories of data, where relevant to your use of our services:

• Identity and contact data: name, email address, phone number, company name, job title, and similar details you provide via contact forms, quote forms, support tickets, or account registration.
• Technical and device data: IP address, browser type and version, device type, operating system, and general location (e.g. country or city) where derived from IP or similar technical means.
• Usage and analytics data: pages visited, time spent, clicks, and other interaction data collected through our websites and applications, including via cookies and similar technologies.
• Communication and support data: content of enquiries, support tickets, and correspondence you send to us.
• Marketing and preferences: subscription to newsletters or marketing communications, and your preferences where you have provided them.

Data is collected through our website forms, quote and contact flows, support channels, newsletter sign-ups, cookies and similar technologies, and third-party tools we use (e.g. analytics, CRM, email). We do not collect more data than is necessary for the purposes set out in this policy.

Purpose of data processing

We use your data for the following purposes:

• Delivering and maintaining our services, including web development, maintenance, SaaS products, and support.
• Managing accounts, billing, and contractual relationships.
• Responding to enquiries, quote requests, and support tickets.
• Improving our websites, products, and user experience, including through analytics and feedback.
• Security, fraud prevention, and compliance with legal obligations.
• Marketing communications (e.g. newsletters, product updates) where you have opted in, with a clear option to opt out in every such communication.

We will not use your personal data for purposes materially different from those described here without notifying you and, where required by law, obtaining your consent.

Lawful basis and consent

Where Indian law (including DPDPA and the IT rules) requires consent for processing, we obtain your explicit consent before such processing. For example, we seek consent before using non-essential cookies or sending marketing emails. You may withdraw consent at any time by contacting us or using the opt-out mechanisms we provide (e.g. unsubscribe links, cookie preferences).

For processing necessary to perform a contract with you or to provide services you have requested, we rely on that lawful basis. We may also process data where necessary for our legitimate interests (e.g. improving services, security) in a manner that respects your rights under applicable law.

Cookies and tracking technologies

We use cookies and similar technologies (e.g. local storage, pixels) on our websites and in our products. At a high level we use:

• Strictly necessary: required for the site to function (e.g. session, security).
• Performance/analytics: to understand how visitors use our site and improve it.
• Functional: to remember choices and provide enhanced features.
• Marketing: only where you have given consent, for relevant advertising or remarketing.

For full details, including how to manage your preferences, please see our Cookie Policy. Non-essential cookies are used only after your explicit consent, in line with DPDPA and our commitment to user control.

Data sharing and third parties

We may share your data with third parties only as necessary to operate our business and provide our services. Such parties may include:

• Hosting and infrastructure providers that run our websites and applications.
• Analytics and monitoring tools to improve performance and security.
• Payment processors for billing, where applicable.
• CRM, email, and support tools to manage client relationships and communications.
• Professional advisers or authorities when required by law or to protect our rights.

We require these parties to use your data only for the purposes we specify and in accordance with applicable law. We do not sell your personal data. We may disclose data where required by law, court order, or government request, or to protect the rights, property, or safety of SF Web Solutions Private Limited, our users, or the public.

International transfers

Your data may be processed on servers located in India or, where we use service providers abroad, in other countries. Where we transfer data outside India, we take steps to ensure appropriate safeguards are in place (e.g. contracts, standard contractual clauses, or other mechanisms recognised under applicable law) so that your data remains protected in line with this policy and Indian law.

Data retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, including:

• For the duration of your account or contractual relationship with us, and for a reasonable period thereafter for support and legal compliance.
• As required by law (e.g. tax, regulatory, or dispute resolution).
• Where you have consented to marketing, until you withdraw consent or we no longer use the data for that purpose.

After the retention period, we delete or anonymise your data so it can no longer identify you, except where we must retain it for legal reasons.

Your rights

Subject to applicable law (including the DPDPA and IT rules), you may have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction and update: request correction or update of inaccurate or incomplete data.
• Erasure/deletion: request deletion of your data where the law permits.
• Withdraw consent: withdraw consent for processing based on consent, without affecting the lawfulness of processing before withdrawal.
• Complaints: lodge a complaint with us or with the relevant data protection authority.

To exercise these rights, please contact us using the details in the "Grievance Officer" section below. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing your request.

Security practices

We implement reasonable security practices and procedures as required under the Indian IT Act and its rules, including technical and organisational measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, encryption where appropriate, secure development practices, and staff training. No method of transmission or storage is completely secure; we cannot guarantee absolute security but we are committed to maintaining safeguards appropriate to the nature of the data we process.

Children's data

Our services are not directed at children below the age prescribed under applicable law (e.g. under 18 where relevant). We do not knowingly collect personal data from such children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will take steps to delete such data from our systems.

Grievance Officer / Data Protection Contact

Under the Information Technology Act 2000 and its rules, we have designated a Grievance Officer to address your concerns regarding this Privacy Policy and the processing of your data. You may contact our Grievance Officer at:

Policy updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top of this page will be revised when we make changes. We encourage you to review this page periodically. Where required by law, we will notify you of material changes (e.g. by email or a notice on our website). Continued use of our services after the effective date of changes constitutes acceptance of the updated policy to the extent permitted by law.