Devasaa

Stay Connected

Linkedin
Menu
Request A Quote

Privacy Policy

At a Glance

What our Privacy Policy means for you

Effective 28 May 2026  ·  Governed by the DPDP Act 2023, India

📋

What we collect

Name, email, phone number when you contact us. IP address and browsing data via analytics.

🎯

Why we collect it

To respond to enquiries, deliver services, improve the website, and detect security issues.

🔒

Who sees it

Only Devasaa and our processors. We never sell your data. All processors are contractually bound.

📅

How long we keep it

Contact: 24 months. Analytics: 14 months. Server logs: 90 days. Legal records: 7 years.

Your rights

Access, correct, or delete your data. Withdraw consent. Raise a grievance. All requests answered within 30 days.

Questions? Email info@devasaa.com — we respond within 7 business days.

Effective Date: 28 May 2026   
Version: 4.0   
Governing Law: Digital Personal Data Protection Act 2023, India

Devasaa is a technology and digital marketing agency based in Mumbai, India. We are committed to protecting the personal data of everyone who visits our website or engages with our services. This policy explains clearly what data we collect, how we use it, and what rights you have.

1. Who We Are

Devasaa acts as the Data Fiduciary under the DPDP Act 2023 for all personal data collected through our website (devasaa.com) and our direct business communications. Where we manage digital platforms on behalf of clients — such as ad accounts, analytics dashboards, or social media profiles — we act as a Data Processor for those clients, and processing in those contexts is governed by our engagement agreements.

2. What We Collect

We collect two types of data:

Information you give us directly —

  • Name, email address, and phone number
  • Company name and designation (where provided)
  • Any other information you include in your message

Information collected automatically when you visit our website —

  • IP address and approximate location
  • Browser type, device type, and operating system
  • Pages visited, time spent, and referring website
  • Clicks and navigation behaviour
We do not collect sensitive personal data such as financial details, health information, religious beliefs, or government identification numbers.

3. How and Why We Use Your Data

We process your data only for specific, lawful purposes:

  • Responding to enquiries and delivering services — Lawful basis: consent / contract.
  • Improving our website and understanding visitor behaviour — Lawful basis: legitimate interest.
  • Sending marketing and promotional communications — Lawful basis: consent. You can opt out at any time.
  • Analytics and performance reporting — Lawful basis: legitimate interest.
  • Fraud detection and website security — Lawful basis: legitimate interest / legal obligation.
  • Compliance with Indian law — Lawful basis: legal obligation.

We will not use your data for any new purpose without informing you and, where required, obtaining fresh consent.

4. Cookies and Tracking Technologies

Our website uses cookies and Google Tag Manager to manage analytics and tracking. Cookies fall into three categories:

  • Strictly necessary — Required for the website to function. Cannot be disabled.
  • Analytics — Used to understand how visitors use the site via Google Analytics. These activate only with your consent.
  • Functional — Used to remember your preferences on return visits.

You can manage or disable non-essential cookies through your browser settings at any time.

5. Who We Share Your Data With

We do not sell, rent, or lease your personal data. We share it only with the following trusted processors, all bound by formal Data Processing Agreements:

  • Google LLC (Google Analytics, Google Tag Manager) — Website analytics and script management. Data may be processed on servers outside India under standard contractual clauses.
  • Website hosting provider — Secure storage and delivery of our website.
  • Google Workspace — Internal communications and document management.
  • Legal and regulatory authorities — Where we are legally required to disclose information.
If we engage any new processor that handles your personal data, this policy will be updated to reflect that.

6. Cross-Border Data Transfers

Some of our service providers, including Google LLC, process data on servers located outside India. We ensure all such transfers are protected by appropriate safeguards — including standard contractual clauses and data processing agreements — consistent with the DPDP Act 2023. By using our website, you acknowledge this.

7. Data Security

We take reasonable and appropriate steps to protect your personal data, including:

  • HTTPS encryption for all data transmitted through our website.
  • Restricted internal access — only authorised personnel can access personal data.
  • Periodic review of our processors’ security practices.

In the event of a personal data breach that is likely to affect your rights, we will notify you and the appropriate regulatory authority in accordance with the DPDP Act 2023.

8. How Long We Keep Your Data

  • Contact form data — Up to 24 months from your last interaction.
  • Website analytics data — 14 months.
  • Server logs — Up to 90 days.
  • Legal and financial records — As required by Indian law, typically up to 7 years.

When data is no longer needed, we securely delete or irreversibly anonymise it.

9. Your Rights as the Data Principal

Under the Digital Personal Data Protection Act 2023, you have the following rights. All requests are free of charge and responded to within 30 calendar days.

Your RightWhat It Means
AccessRequest a summary of the personal data we hold about you.
CorrectionAsk us to correct inaccurate or incomplete data.
ErasureAsk us to delete your data when it is no longer needed or you withdraw consent.
Withdraw ConsentStop consent-based processing at any time by emailing info@devasaa.com.
NominationNominate someone to exercise these rights on your behalf in the event of your death or incapacity.
GrievanceFile a complaint with us. If unresolved, escalate to the Data Protection Board of India (DPBI).

To exercise any right, email info@devasaa.com with the subject line “Data Rights Request — [Your Name].”

To opt out of marketing communications, email us with the subject line “Marketing Opt-Out.” We will action this within 7 business days.

10. Children

Our website is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor’s data has been submitted to us, please contact info@devasaa.com immediately and we will delete it without delay.

11. Updates to This Policy

We may update this policy from time to time. The Effective Date at the top of this page will reflect the most recent version. For material changes, we will notify you via our website or by email at least 14 days before the change takes effect.

12. Contact Us

For any questions about this policy or to exercise your rights, please contact our Grievance Officer at:

Website   devasaa.com
Address   Mumbai, Maharashtra, India

We acknowledge all enquiries within 7 business days and aim to resolve them within 30 calendar days. If you are not satisfied with our response, you have the right to escalate your complaint to the Data Protection Board of India (DPBI), the supervisory authority under the DPDP Act 2023.

This policy was last reviewed and updated on 28 May 2026 (v4.0)  ·  Devasaa  ·  Technology | Marketing | Growth

Get A Quote
Get A Quote