Privacy Policy

1. INTRODUCTION Welcome to Purple Grail. We are a branding and digital consultancy based in Delhi, India. We provide services including website development, design, hosting, graphic design, content writing, social media strategy, and logo design. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the Digital Personal Data Protection (DPDP) Act, 2023, and the 2025 Rules. This policy applies to our clients, website visitors, and individuals whose data we process as part of our professional services.

2. DATA WE COLLECT AND THE PURPOSE We only collect personal data that is necessary for the specified purposes of our business relationship.

• Identity and Contact Data: Includes names, email addresses, phone numbers, and job titles. We use this to communicate with you regarding project milestones, invoicing, and service updates.
• Technical and Usage Data: Includes IP addresses, browser types, and device information collected via our website and hosting servers. We use this to ensure the security of hosted websites and to optimize user experience.
• Business and Branding Data: Includes brand assets, social media handles, and marketing information. We use this to execute your branding, content, and social media strategies.
• Financial Data: Includes GSTIN and billing details. We use this for legal tax compliance and processing payments under Indian law.

3. CONSENT AND YOUR RIGHTS By engaging our services, you provide consent for the processing of your data for the purposes listed above. Under the DPDP Act, you have the following rights:

• Right to Access: You may request a summary of the personal data we hold about you.
• Right to Correction/Erasure: You may ask us to update inaccurate data or delete your data once the purpose of collection has been fulfilled.

• Right to Withdraw: You may withdraw your consent at any time. Withdrawal of consent will not affect the legality of processing carried out prior to the withdrawal.
• Right to Grievance Redressal: You have the right to lodge a complaint regarding data processing (see Section 7).

4. DATA SHARING AND THIRD PARTIES We do not sell your personal data. We only share data with third-party service providers (Data Processors) when essential for service delivery, such as:

• Web Hosting Providers: To store and serve your website files.
• Email and Communication Tools: To manage project workflows.
• Advertising Platforms: To manage social media ad campaigns on your behalf. All third-party partners are vetted to ensure they maintain reasonable security safeguards as required by Indian law.

5. DATA SECURITY AND STORAGE We implement industry-standard security measures, including encryption and access controls, to protect your data. While we may use global cloud infrastructure for efficiency, we prioritize data residency within India for sensitive project data where required by law or client preference. We retain your data only for as long as necessary to fulfil our service obligations and legal requirements.

6. CHILDREN’S PRIVACY Our services are primarily directed at business entities. We do not knowingly collect or process data from individuals under the age of 18 without verifiable parental consent. If we become aware that we have inadvertently collected such data, we will take steps to delete it immediately.

7. GRIEVANCE REDRESSAL OFFICER In compliance with the DPDP Act, we have appointed a Grievance Officer to address any concerns you may have regarding your privacy.

• Name: Ajay Kumar
• Email: ak.purplegrail@gmail.com

We will acknowledge your grievance within 72 hours and aim to resolve all queries within 30 days. If you are not satisfied with our response, you may escalate your concern to the Data Protection Board of India (DPB).

8. UPDATES TO THIS POLICY We may update this policy from time to time to reflect changes in our practices or legal obligations. The "Effective Date" at the top will indicate when the latest changes were made.