Privacy Policy

Privacy Policy

Last Updated: November 2025
Entity Name: D2CWITHAARJAV PRIVATE LIMITED (“Ecomally”, “we”, “us”, or “our”)
Registered Office: A-25, Sector 16, Noida, Uttar Pradesh 201301, India
Contact: privacy@ecomally.in

1. Scope

This Privacy Policy explains how Ecomally collects, uses, discloses, and protects personal data in connection with our marketing-technology and analytics services (“Services”), including when we place our tracking script on our clients’ websites, connect ad-platform accounts (such as Google Ads, Meta Ads, and others), and provide reporting dashboards.
This Policy applies to all digital personal data collected in India or connected with our Services offered to individuals and businesses in India.

2. Key Definitions (as per the DPDP Act 2023)

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  • Data Principal: The individual to whom the personal data relates.
  • Data Fiduciary: Any person (including a company) who determines the purpose and means of processing personal data.
  • Data Processor: Any person who processes personal data on behalf of a Data Fiduciary.
  • Processing: Any wholly or partly automated operation performed on personal data, such as collection, recording, storage, retrieval, use, or erasure.

3. Categories of Data We Collect

In the past 12 months and on an ongoing basis, we may collect the following categories of personal data for business purposes:

  • Identifiers: e-mail addresses, account IDs, advertising IDs, or unique browser/device IDs.
  • Customer or Business Contact Information: name, company, designation, business contact details.
  • Internet / Network Activity: IP addresses, device type, operating system, user agent, pages viewed, click events, referrers.
  • Commercial and Transaction Information: campaign names, ad-set identifiers, spend, impressions, clicks, and related metrics.
  • Geolocation Data: approximate region derived from IP.
  • Inferences: analytical insights derived from campaign or site interactions.

We do not intentionally collect sensitive personal data (such as financial, health, biometric, or sexual-orientation information).

4. Purpose and Lawful Basis for Processing

We process personal data only for lawful purposes that are not prohibited by law and in accordance with either:

  1. Consent: freely given, specific, informed consent provided by the Data Principal or by our client acting as Data Fiduciary; or
  2. Legitimate Use: where processing is necessary for performance of a contract, network security, preventing fraud, or other legitimate uses permitted under the DPDP Act 2023.

Our purposes include:

  • Operating our marketing analytics and attribution platform.
  • Integrating with third-party advertising APIs (Google Ads, Meta Ads, etc.).
  • Providing reports, dashboards, and insights to our clients.
  • Maintaining, troubleshooting, and improving our Services.
  • Fulfilling legal obligations.

5. How We Collect Data

  • From Clients: when clients connect their ad accounts or install our tracker.
  • From Third-Party Platforms: via authorized API integrations (Google Ads, Meta Ads, etc.).
  • From Browsers: through our tracking script that records relevant events, identifiers, and campaign parameters.
  • From You Directly: when you contact us, register, or use our website.

We provide a clear notice before or at the time of collection, in English or another language from the Eighth Schedule, describing the categories and purposes of processing.

6. Tracking Script

We do not rely on browser cookies.
Instead, our proprietary tracking script collects event data and relevant identifiers directly from a user’s browser in real time.
This enables us to measure marketing performance and attribute outcomes for our clients.
Users can block our tracking script through browser settings, script blockers, or consent-management tools implemented by the client.

We do not track individuals across unrelated websites, nor do we build independent user profiles.

7. Data Sharing and Disclosure

We may disclose personal data only as permitted by law and this Policy:

  • To Clients (Data Fiduciaries): We provide aggregated and attributed reports derived from their own user data.
  • To Authorized Processors or Vendors: e.g., hosting, analytics, and security providers under written contracts requiring confidentiality and compliance with the DPDP Act.
  • For Legal or Compliance Reasons: when required by applicable law, court order, or government request.
    We do not sell personal data.

8. Cross-Border Data Transfers

Where data is transferred outside India (for instance, to cloud-hosting or analytics providers), such transfer occurs under contractual safeguards ensuring an adequate level of protection consistent with Section 16 of the DPDP Act 2023 and other applicable rules.

9. Data Security

We implement technical and organizational measures including encryption in transit and at rest, strict access control, and routine security audits to prevent unauthorized access, alteration, disclosure, or destruction of personal data.
In the event of a personal-data breach, we will notify affected parties and competent authorities as required under Indian law.

10. Retention and Deletion

We retain personal data only for as long as necessary to fulfill the specified purpose or until consent is withdrawn, unless a longer retention period is required by law.
When retention is no longer required, data will be securely deleted or irreversibly anonymized.

11. Your Rights as a Data Principal

Under the DPDP Act 2023, you have the right to:

  • Access your personal data processed by us.
  • Correction or Erasure of inaccurate or outdated data.
  • Nominate another person to exercise rights in case of death or incapacity.
  • Withdraw Consent at any time, using the same ease with which it was given.

To exercise these rights, contact privacy@ecomally.in with sufficient details to verify your identity.

12. Grievance Redressal

We maintain a grievance-redressal mechanism in accordance with Section 13 of the DPDP Act.
You may contact our Grievance Officer at:

Name: Manvendra Tiwary
E-mail: privacy@ecomally.in
Address: A-25, Sector 16, Noida, Uttar Pradesh 201301

We will acknowledge complaints within seven (7) working days and resolve them within one (1) month.
If unsatisfied, you may escalate to the Data Protection Board of India once constituted.

13. Relationship With Clients (Data Fiduciaries)

Ecomally acts primarily as a Data Processor, processing data on behalf of its business clients.
We do so strictly under written contracts that:

  • limit our use of data to the purposes instructed by the client;
  • require appropriate technical and organizational security; and
  • mandate deletion or return of data upon termination of services.

14. Children’s Data

Our Services are not directed at children under 18 years of age, and we do not knowingly collect personal data from them.

15. Updates to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes.
The updated version will be posted on our website with a new “Last Updated” date.
Material changes will be notified to clients or users as required by law.

16. Contact Us

For any queries about this Privacy Policy or our data-handling practices, contact:
privacy@ecomally.in