CODATO
Loading...
Codato
← Back to Home

Privacy Policy

Last updated: February 12, 2025

1. Introduction

Welcome to the website of Codato Private Limited ("Codato," "we," "us," or "our"). We are an AI solutions company incorporated in India, providing services to businesses worldwide.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website codato.ai (the "Website") or interact with our services. This policy applies to all visitors, users, and clients regardless of location.

We are committed to protecting your privacy in compliance with applicable data protection laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act), the European Union's General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

By using our Website, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Website.

2. Information We Collect

2.1 Information You Provide Directly

When you use our contact form, you voluntarily provide us with the following personal information:

  • Name — to address you personally
  • Email address — to respond to your inquiry and send a confirmation
  • Service interest — to understand which of our services you are interested in
  • Message — the content of your inquiry

2.2 Information Collected Automatically

When you visit our Website, certain information may be collected automatically by our hosting infrastructure:

  • IP address
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent on pages
  • Date and time of access

This information is collected through standard web server logs and is used solely for maintaining the security and performance of our Website.

2.3 Chatbot Interactions

Our Website features an AI assistant chatbot. This chatbot operates entirely on your device (client-side) using pre-programmed keyword matching. Your chatbot conversations are:

  • Not transmitted to any server or external service
  • Not stored in any database
  • Held only in your browser's temporary memory and are lost when you close or refresh the page

2.4 Cookies and Tracking

Our Website does not use analytics cookies, marketing cookies, or tracking pixels. We do not use Google Analytics or any similar analytics service. Essential cookies may be set by our hosting infrastructure for basic functionality (such as load balancing), but these do not track your personal activity.

3. How We Use Your Information

We use the personal information we collect to:

  • Respond to your inquiries submitted through the contact form
  • Send you a confirmation email acknowledging receipt of your message
  • Communicate with you about our services as requested
  • Maintain the security and performance of our Website
  • Comply with legal obligations

We do not use your personal information for automated decision-making, profiling, targeted advertising, or marketing purposes unless you explicitly opt in to such communications.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent (DPDP Act / GDPR Article 6(1)(a)): When you submit the contact form with the privacy consent checkbox selected, you provide explicit consent for us to process your data for the stated purposes.
  • Legitimate Interest (GDPR Article 6(1)(f)): We have a legitimate interest in responding to business inquiries and maintaining the security of our Website.
  • Contractual Necessity (GDPR Article 6(1)(b)): Where processing is necessary to take steps at your request prior to entering into a contract for our services.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to any third party. We may share your data only with the following service providers who assist in operating our Website:

  • Google (Gmail SMTP): Contact form submissions are delivered via Google's Gmail service. Google's privacy policy applies to the processing of emails through their infrastructure. See: Google Privacy Policy
  • Google Fonts: We use Google Fonts to display typography on our Website. When you visit our site, your browser may connect to Google's servers to load font files, which may expose your IP address to Google. See: Google Privacy Policy
  • Hosting Provider: Our Website is hosted on cloud infrastructure that may process standard server logs (including IP addresses) for security and performance purposes.

These service providers are bound by their own privacy policies and are only permitted to process your data as necessary to provide their services to us.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: Retained in our email inbox until the inquiry is resolved, and for a reasonable period thereafter for record-keeping purposes, not exceeding 3 years.
  • Server logs: Automatically collected data is retained by our hosting provider in accordance with their retention policies, typically not exceeding 90 days.
  • Chatbot conversations: Not retained at all — these exist only in your browser's temporary memory.

You may request deletion of your data at any time by contacting us (see Section 11 below).

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 Under India's DPDP Act, 2023

As a Data Principal, you have the right to:

  • Access a summary of your personal data and processing activities
  • Request correction and completion of inaccurate or incomplete data
  • Request erasure of your personal data
  • Nominate another individual to exercise your rights on your behalf
  • File a grievance with us and, if unresolved, with the Data Protection Board of India

7.2 Under the GDPR (European Union)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure ("right to be forgotten")
  • Restrict processing of your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time without affecting the lawfulness of prior processing
  • Lodge a complaint with your local data protection supervisory authority

7.3 Under the CCPA (California, USA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information (note: we do not sell your data)
  • Non-discrimination for exercising your privacy rights
  • Request correction of inaccurate personal information

To exercise any of these rights, please contact us using the details in Section 11 below. We will respond to your request within the timeframe required by applicable law (typically 30 days under DPDP/GDPR, 45 days under CCPA).

8. Children's Privacy

Our Website and services are not intended for or directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

9. International Data Transfers

Codato Private Limited is based in India. If you access our Website from outside India, please be aware that your information may be transferred to, stored, and processed in India and other countries where our service providers operate (including the United States, where Google's servers are located).

For transfers of personal data from the EU/EEA, we rely on appropriate safeguards as required by the GDPR, including Standard Contractual Clauses (SCCs) where applicable. Under India's DPDP Act, cross-border data transfers are permitted unless the Indian government restricts transfers to specific jurisdictions.

10. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS/TLS encryption for all data transmitted to and from our Website
  • Secure email transmission via authenticated SMTP
  • Access controls limiting who can view contact form submissions
  • Regular review of our data collection and processing practices

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Website after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Codato Private Limited

Data Protection Contact: Rishit Mathur (Founder)

Email: codatoai@gmail.com

Registered Address: [To be updated]

For grievances under India's DPDP Act, you may also contact the Data Protection Board of India if your complaint is not resolved to your satisfaction within a reasonable timeframe.

For complaints under the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.