Privacy Policy

1. Introduction

Poulima InfoTech Private Limited ("Poulima InfoTech," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.poulimainfo.tech, use our services, or interact with us in any way.

This policy applies to all users globally, including visitors from the European Economic Area (EEA), United Kingdom (UK), United States, India, Canada, Australia, and all other jurisdictions. We comply with applicable data protection laws including the GDPR, CCPA/CPRA, India's Digital Personal Data Protection Act (DPDPA) 2023, PIPEDA, and other relevant regulations.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our website or services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, company name, job title
• Inquiry & Project Details: Messages, project requirements, budget range, and timeline preferences submitted through contact forms
• Account Information: Login credentials, profile details if you create an account on our dashboard or client portal
• Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
• Communication Data: Emails, chat messages, phone call records, and meeting notes
• Newsletter Subscriptions: Email address and communication preferences
• Career Applications: Resume, cover letter, portfolio links, work history, and educational details

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

• Device Information: IP address, browser type and version, operating system, device type, screen resolution
• Usage Data: Pages viewed, time spent on pages, click patterns, scroll depth, referring URL, exit pages
• Location Data: Approximate geographic location derived from IP address
• Cookies & Tracking Technologies: Cookies, web beacons, pixel tags, and similar technologies (see our Cookie Policy below)
• Performance Data: Page load times, errors, web vitals metrics

2.3 Information from Third Parties

• Analytics Providers: Google Analytics data and behavioral insights
• Social Media Platforms: Publicly available profile information when you interact with us through social media
• Business Partners: Referral information from partners and affiliates
• Public Sources: Publicly available business information for B2B outreach

2.4 AI & Automation Data

As an AI-focused company, we may process data through AI-powered tools and automation pipelines. This includes:

• Behavioral analytics to personalize your experience on our website
• AI-driven chatbot interactions and support conversations
• Automated lead scoring and communication personalization
• Machine learning models for improving our services (using anonymized/aggregated data)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• To provide, maintain, and improve our software development, AI, and IT services
• To process and manage project engagements and contracts
• To communicate project updates, milestones, and deliverables
• To provide technical support and customer service

3.2 Communication

• To respond to inquiries, requests, and feedback
• To send newsletters, marketing communications, and promotional offers (with your consent)
• To send important notices about changes to our services, terms, or policies
• To schedule and manage meetings and consultations

3.3 Analytics & Improvement

• To analyze website usage patterns and optimize user experience
• To measure the effectiveness of our marketing campaigns
• To conduct research and development for new features and services
• To train and improve our AI models using anonymized and aggregated data

3.4 Legal & Security

• To comply with legal obligations and regulatory requirements
• To protect against fraud, unauthorized access, and security threats
• To enforce our Terms & Conditions and other agreements
• To establish, exercise, or defend legal claims

4. Legal Basis for Processing (GDPR)

For users in the EEA and UK, we process personal data under the following legal bases:

• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing emails, non-essential cookies)
• Contractual Necessity: Where processing is necessary to perform a contract with you or take steps at your request before entering a contract
• Legitimate Interests: Where processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention, direct marketing to existing clients), provided these interests are not overridden by your rights
• Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Consent notice displayed on your first visit.

5.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for website functionality, security, and session management. These cannot be disabled.
• Analytics Cookies: Google Analytics cookies to understand how visitors interact with our website (e.g., _ga, _gid, _gat)
• Functional Cookies: Remember your preferences, language settings, and personalization choices
• Marketing Cookies: Track your activity across websites to deliver relevant advertisements and measure campaign effectiveness

5.2 Third-Party Tracking

• Google Analytics: We use Google Analytics to collect anonymized usage data. Google may transfer data to servers outside your country of residence. Google Privacy Policy
• Google Tag Manager: Used for managing tracking scripts and analytics tags
• Social Media Pixels: We may use pixels from Facebook, LinkedIn, and X (Twitter) for advertising purposes

5.3 Managing Cookies

You can manage cookie preferences through our cookie consent banner, your browser settings, or through opt-out tools provided by third-party analytics providers. Note that disabling certain cookies may limit functionality.

6. Data Sharing & Disclosure

We do not sell your personal information. We may share your information with:

6.1 Service Providers

• Cloud hosting providers (e.g., AWS, Google Cloud, Vercel)
• Email service providers for transactional and marketing communications
• Payment processors for secure payment handling
• Analytics providers (Google Analytics)
• CRM and project management tools
• AI/ML service providers for enhanced service delivery

6.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, government request, or to protect the rights, property, or safety of Poulima InfoTech, our clients, or others.

6.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. International Data Transfers

Poulima InfoTech operates from India and serves clients globally. Your data may be transferred to and processed in countries other than your country of residence, including India, the United States, and other countries where our service providers operate.

For transfers from the EEA/UK, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules where relevant
• Additional technical and organizational security measures

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Client project data: Retained for the duration of the business relationship plus 5 years for legal and compliance purposes
• Contact form submissions: Retained for 2 years from submission unless a business relationship is established
• Newsletter subscriptions: Retained until you unsubscribe
• Analytics data: Aggregated/anonymized data may be retained indefinitely; identifiable analytics data is retained as per Google Analytics data retention settings (up to 26 months)
• Job applications: Retained for 1 year unless you consent to longer retention
• Financial records: As required by applicable tax and accounting laws (typically 7-10 years)

9. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

• SSL/TLS encryption for all data in transit
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability scanning
• Access controls and role-based permissions
• Employee security training and confidentiality agreements
• Secure development practices (OWASP guidelines)
• Regular backups and disaster recovery procedures
• Incident response plan for data breaches

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

10.1 Rights for All Users

• Right to Access: Request a copy of personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data (subject to legal obligations)
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
• Right to Opt-Out: Opt out of marketing communications at any time

10.2 Additional Rights (EEA/UK — GDPR)

• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right Against Automated Decision-Making: Not be subject to decisions based solely on automated processing, including AI profiling, which produce legal or significant effects
• Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority

10.3 Additional Rights (California — CCPA/CPRA)

• Right to Know: Know what personal information is collected, used, shared, or sold
• Right to Delete: Request deletion of personal information
• Right to Opt-Out of Sale/Sharing: We do not sell personal information, but you may opt out of data sharing for advertising purposes
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use of Sensitive Data: Limit the use and disclosure of sensitive personal information

10.4 Additional Rights (India — DPDPA 2023)

• Right to Information: Obtain information about the processing of your personal data
• Right to Correction and Erasure: Correct inaccurate data and erase data no longer needed
• Right of Grievance Redressal: File a grievance with us through our designated grievance officer
• Right to Nominate: Nominate an individual to exercise rights on your behalf in case of death or incapacity

To exercise any of these rights, please contact us at contact@poulimainfo.tech. We will respond within 30 days (or the applicable statutory period).

11. Children's Privacy

Our services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us immediately.

12. Third-Party Links & Services

Our website may contain links to third-party websites, services, or applications that are not operated by us. This includes links to social media platforms, third-party tools (e.g., Spline 3D viewer), analytics services, and partner websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services. We encourage you to review the privacy policies of any third-party services you interact with.

13. AI & Automated Processing Disclosures

As a company specializing in AI and software development, we are transparent about our use of AI technologies:

• Website Personalization: We may use AI-driven tools to personalize your website experience based on browsing behavior and preferences
• Chatbots & Virtual Assistants: AI-powered assistants on our website may process conversation data to provide responses
• Lead Scoring: Automated systems may analyze interactions to prioritize and route inquiries
• Content Recommendations: AI may suggest relevant services, blog posts, or portfolio items based on your interests
• No Fully Automated Critical Decisions: We do not make decisions with legal or similarly significant effects solely through automated processing without human review

You have the right to request human review of any automated decision that significantly affects you. Contact us to exercise this right.

14. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently honor Global Privacy Control (GPC) signals as a valid opt-out mechanism where legally required. For other DNT signals, there is no universally accepted standard for how to respond; however, you can manage tracking preferences through our cookie consent banner.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also provide notice via email or a prominent banner on our website. Your continued use of our services after changes constitutes acceptance of the updated policy.

16. Grievance Officer (India — DPDPA)

In accordance with the Digital Personal Data Protection Act, 2023, the following person has been designated as the Grievance Officer:

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: