Legal
Privacy Policy
CoEfficiant ("we", "us", or "our") is committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 (IT Act), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules). This policy explains what data we collect, how we use it, and your rights as a Data Principal.
1. Who We Are
CoEfficiant ("CoEfficiant", "we", "us") is a technology consulting business operating in India. Our registered address and contact details are available on our Contact page.
For the purposes of the DPDPA 2023, CoEfficiant acts as the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.
2. Personal Data We Collect
Contact and enquiry data: Name, business email address, phone number, company name, job title, and the content of any message you submit through our contact or lead-generation forms.
Account data (blog platform): Email address, display name, profile photograph, and password hash if you register as a reader or writer on the Akshar blog platform.
Usage and analytics data: Pages visited, referral source, approximate geographic region (derived from hashed IP address — we do not store raw IP addresses), browser type, device category, and campaign attribution parameters. We use first-party analytics and Google Analytics for aggregate website measurement and lead attribution.
Communications data: Records of emails or messages exchanged with us for support or business purposes.
Sensitive Personal Data or Information (SPDI) under IT (SPDI) Rules 2011: We do not intentionally collect SPDI such as financial information, passwords (other than hashed credentials), health data, sexual orientation, or biometric data. If you inadvertently provide such data, please notify us immediately so we can delete it.
3. Legal Basis for Processing (DPDPA 2023)
Under Section 4 of the DPDPA 2023, we process your personal data only on the following lawful grounds:
Consent (Section 6): Where you have given free, specific, informed, unconditional, and unambiguous consent — for example, when submitting a contact form or creating an account. You may withdraw consent at any time; withdrawal does not affect lawfulness of prior processing.
Legitimate use (Section 7): Processing that is necessary for purposes specified by the State, performance of a contract to which you are a party, compliance with a legal obligation, or protection of vital interests.
We do not use your personal data for any purpose other than those stated in this Policy or as required by applicable law.
4. How We Use Your Data
To respond to your enquiries, provide requested services, and fulfil contractual obligations.
To manage your account on the Akshar blog platform, including authentication and access control.
To send service-related communications such as onboarding emails, account notifications, and security alerts.
To send marketing communications where you have separately opted in. You may opt out at any time via the unsubscribe link in any marketing email.
To analyse aggregate, anonymised website usage, marketing campaign performance, and lead attribution for improving our services. No individual-level profiling is performed.
To comply with legal, regulatory, or judicial requirements.
5. Sharing and Disclosure
We do not sell, rent, or trade your personal data. We share data only as described below:
Service providers (Data Processors): Third-party vendors who process data on our behalf under written contracts that bind them to adequate data protection standards. These include cloud infrastructure providers, transactional email services (SendGrid), and analytics tools such as Google Analytics.
Legal obligation: Where required by Indian law, court order, or government authority.
Business transfers: In the event of a merger, acquisition, or sale of business assets, data may be transferred to the successor entity, who will remain bound by this Policy.
All our sub-processors are required to implement reasonable security practices as mandated by Rule 8 of the SPDI Rules 2011.
6. Cross-Border Data Transfers
Our cloud infrastructure and some service providers may process data outside India. Pursuant to Section 16 of the DPDPA 2023, such transfers are made only to countries notified by the Central Government as permitting adequate data protection, or subject to contractual safeguards equivalent to those applicable in India.
Where data is transferred to countries without an adequacy determination, we implement Standard Contractual Clauses or equivalent measures to protect your rights.
7. Data Retention
We retain personal data only for as long as necessary for the purposes stated in this Policy or as required by applicable law.
Contact enquiry data is retained for up to 3 years after the last interaction.
Account data is retained for the duration of the account and for 12 months after account deletion, after which it is permanently erased, except where retention is required by law.
Analytics data is aggregated and anonymised; individual-level data is not retained beyond 90 days.
You may request earlier deletion at any time; see Section 8 below.
8. Your Rights as a Data Principal (DPDPA 2023)
Under Chapter III of the DPDPA 2023, you have the following rights:
Right to access (Section 11): Obtain a summary of personal data being processed and the processing activities undertaken.
Right to correction and erasure (Section 12): Request correction of inaccurate or incomplete data, or erasure of data that is no longer necessary for the stated purpose or for which consent has been withdrawn.
Right to grievance redressal (Section 13): Have your grievances addressed within 30 days. If unsatisfied, escalate to the Data Protection Board of India.
Right to nominate (Section 14): Nominate another individual to exercise your rights in the event of your death or incapacity.
Right to withdraw consent: Withdraw consent at any time without affecting lawfulness of processing prior to withdrawal.
To exercise any of these rights, contact our Grievance Officer at privacy@coefficiant.com. We will respond within 30 days. We may need to verify your identity before acting on a request.
9. Security Practices
We implement reasonable security practices as mandated by Rule 8 of the IT (SPDI) Rules 2011 and the DPDPA 2023, including:
Encryption of data in transit (TLS 1.2+) and at rest for sensitive data.
Access controls and role-based permissions ensuring staff access data only on a need-to-know basis.
Regular security assessments of our systems and infrastructure.
Hashing of passwords using industry-standard algorithms; we never store or transmit plaintext passwords.
Hashing of IP addresses before storage; we do not retain raw IP addresses in logs.
In the event of a personal data breach that is likely to cause harm to Data Principals, we will notify the Data Protection Board of India and affected individuals as required by Section 8(6) of the DPDPA 2023.
10. Cookies and Tracking Technologies
We use minimal first-party cookies strictly necessary for website operation (session management and CSRF protection). Google Analytics may set measurement cookies to help us understand aggregate site usage and campaign performance.
You may configure your browser to refuse cookies; however, certain features of the platform and analytics measurement may not function without them.
We configure Google tags with advertising personalization disabled by default and do not use cookies for individual-level profiling or behavioural advertising.
11. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.
Under Section 9 of the DPDPA 2023, we obtain verifiable parental or guardian consent before processing data of children where applicable.
If you believe a child has provided us with personal data without appropriate consent, contact us immediately at privacy@coefficiant.com and we will take prompt action to delete such data.
12. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.
13. Grievance Officer
In accordance with the IT Act 2000 and SPDI Rules 2011, we have appointed a Grievance Officer. If you have any complaint, concern, or query regarding this Policy or the processing of your personal data, please contact:
Name: Grievance Officer, CoEfficiant
Organisation: CoEfficiant Technology Services
Email:privacy@coefficiant.com
Postal Address: India
Response time: We will acknowledge your grievance within 24 hours and resolve it within 30 days of receipt.
14. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified via email or a prominent notice on our website at least 15 days before taking effect. Continued use of our services after the effective date constitutes acceptance of the revised Policy. The "Last updated" date at the top of this page reflects the most recent revision.