Legal

GDPR and Data Protection

This page explains how we comply with data-protection law, including the EU and UK GDPR for visitors and clients in those regions, and the Digital Personal Data Protection Act, 2023 for users in India. It sets out your rights and how to use them. Read it alongside our Privacy Policy.

Last updated: June 2026 Effective: June 2026

1Scope

We respect the data-protection rights of everyone we deal with. Where you are in the European Economic Area or the United Kingdom, the GDPR applies to our handling of your personal data. Where you are in India, the Digital Personal Data Protection Act, 2023 applies. This page describes the rights and safeguards under those frameworks. Our full data practices are in our Privacy Policy.

2Controller and processor

For the personal data we collect about our own visitors, enquirers and clients, Ainygo Technologies acts as the data controller. When we deliver a service and process personal data contained in your systems on your instructions, we act as a data processor on your behalf, and you remain the controller. In that case we process the data only to provide the service, keep it confidential, use appropriate security, and assist you with data-subject requests as reasonably required. A separate data-processing agreement is available on request for engagements that need one.

3Lawful bases

We process personal data only where we have a lawful basis: performance of a contract, your consent, our legitimate interests (balanced against your rights), or a legal obligation. For analytics and marketing we rely on your consent, which you can withdraw at any time.

4Your rights

Subject to the applicable law and its conditions, you have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your data ("right to be forgotten") where there is no overriding reason to keep it.
Restrict or object to certain processing, including direct marketing.
Data portability: receive your data in a portable format.
Withdraw consent at any time, without affecting prior lawful processing.

Indian users have equivalent rights under the DPDP Act, including access, correction, completion, updating and erasure of personal data, the right to grievance redressal, and the right to nominate another person to exercise rights in the event of death or incapacity.

5How to exercise your rights

The easiest way is our secure data request form. To protect your data, we email a one-time code to verify the request is really from you before we act on it. You can also email legal@ainygo.com. We will respond within the period required by the applicable law (for the GDPR, generally within one month; we aim for the same under the DPDP Act). There is normally no charge, though we may decline or charge for clearly unfounded or excessive requests, as the law allows.

6How long we keep data

We keep personal data only as long as necessary for the purpose it was collected, then delete or anonymise it. Indicative periods: enquiry and proposal details up to 24 months from last contact; client and project records for the contract term plus three years; invoices, payment and tax records for up to eight years where the law requires; sign-in security logs for 30 days; and website analytics per the consent you give. Some records, such as tax invoices, must be retained by law even if you ask us to erase your data — in that case we restrict the data and keep only what we are legally required to.

7International transfers

We are based in India and use service providers in other countries. Where we transfer personal data internationally, we use appropriate safeguards, such as standard contractual clauses or a provider's approved transfer mechanism, so that protections travel with your data.

8Sub-processors

We use carefully selected providers to operate, including payment gateways (Razorpay, PayPal), analytics and tag services (Google), business email/CRM (Zoho), and hosting infrastructure. Each is bound by contract to handle personal data only as instructed and to keep it secure. Our current, maintained list is on the sub-processors page.

9Data breaches

We maintain measures to prevent personal-data breaches and a process to respond if one occurs. Where a breach is likely to affect your rights and the law requires it, we will notify the relevant supervisory authority and affected individuals without undue delay.

10Automated decisions

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing or profiling.

11Complaints

If you are unhappy with how we handle your data, please contact us first so we can put it right. For India's DPDP Act, our Grievance Officer can be reached at legal@ainygo.com and will respond within the statutory timeframe. For the GDPR you may also email legal@ainygo.com. You also have the right to complain to a supervisory authority: in the EEA or UK, your local data-protection authority; in India, the Data Protection Board once operational.

12Changes and contact

We may update this page as the law and our practices evolve, and will post updates here with a new "last updated" date. For any data-protection question, email legal@ainygo.com.

Who we are

Ainygo Technologies
140, Akodha, Karachhana, Prayagraj, Uttar Pradesh - 212301, India

General enquiries: connect@ainygo.com
Legal & data requests: legal@ainygo.com

This document is provided for transparency. If anything here is unclear, email us and a real person will explain it in plain English.

Website Development

Web App Development

Mobile App Development

IT Support

Emergency Fixes

Web Maintenance

Digital Marketing

SEO

GEO