Yashvi Konnect
Book a Call Free Audit

Privacy Policy

Effective Date: November 2025 · Last Updated: November 2025

Working draft. Counsel review required before publication.

This is a working draft. Indian counsel familiar with the Digital Personal Data Protection Act 2023 and the Information Technology Act 2000 must review and finalize this Privacy Policy before publication. Do not publish without sign-off.

Yashvi Konnect ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, how we keep it secure, and your rights under applicable Indian law including the Digital Personal Data Protection Act, 2023 (DPDP Act).

Yashvi Konnect operates from Ahmedabad, Gujarat, India. For privacy questions or to exercise your rights, contact our Data Protection Officer at privacy@yashvikonnect.com.

1. What Personal Data We Collect

We collect personal data in three categories.

1.1 Information you provide directly

  • Contact details: name, email, phone, company
  • Form submissions: audit requests, contact form, newsletter sign-ups
  • Strategy call data: information you share during scheduled calls (which we may take notes on)
  • Engagement data: information shared during active client engagements (treated under separate Master Service Agreement)

1.2 Information collected automatically

  • Usage data via Google Analytics 4 (GA4): pages viewed, time on site, referrer, device type
  • Cookies and similar technologies (see Section 5)
  • IP address and approximate geographic location

1.3 Information from third parties

  • Public business information from LinkedIn, company websites, public registers (used for business outreach where lawful)
  • Marketing platforms (Google, Meta) attribution data

We do not knowingly collect personal data of children under 18. If you believe a minor has submitted data through our site, contact us and we will delete it.

2. How We Use Your Personal Data

We process personal data for the following purposes, each with a lawful basis under the DPDP Act and applicable law.

  • Responding to inquiries: Audit requests, strategy call bookings, general contact form submissions. Lawful basis: legitimate interest in providing requested service.
  • Service delivery: Performing services contracted under engagement agreements. Lawful basis: contract performance.
  • Marketing communications: Sending newsletters or follow-ups (only with explicit consent). Lawful basis: consent.
  • Website analytics: Understanding site performance. Lawful basis: legitimate interest in improving the website.
  • Legal compliance: Tax records, GST invoicing, regulatory requirements. Lawful basis: legal obligation.
  • Security: Detecting and preventing fraud, abuse, or unauthorized access. Lawful basis: legitimate interest in protecting our systems and users.

We do not use automated decision-making or profiling that produces legal or significant effects on you.

3. Who We Share Your Data With

We share personal data only with the following categories of recipients, each under appropriate contractual safeguards.

  • Service providers: Email providers (Google Workspace), CRM (HubSpot or similar), website hosting (Cloudflare or similar), analytics (Google), calendaring (Calendly), payment processors (Razorpay, Stripe). Each is bound by data processing agreements limiting their use of your data.
  • Legal and regulatory authorities: When required by Indian law, court order, or regulatory request.
  • Professional advisors: Lawyers, accountants, and auditors bound by confidentiality.
  • Business successors: In the event of merger, acquisition, or sale of assets, your data may transfer to the successor entity under the same protections.

We do not sell your personal data. We do not share it with advertisers for their independent marketing purposes.

4. Cross-Border Data Transfers

Some of our service providers (Google, Meta, Calendly, certain analytics platforms) are based outside India and may process your data in their jurisdictions, primarily the United States and European Union.

We rely on contractual safeguards (Standard Contractual Clauses or equivalent) and the legitimate-transfer mechanisms permitted under the DPDP Act for these cross-border processing activities. The DPDP Act allows transfers to countries notified by the Central Government as appropriate destinations; for non-notified countries, we rely on lawful processing bases under the Act.

5. Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

  • Strictly necessary cookies: Site functionality, preference storage. Cannot be disabled.
  • Analytics cookies: Google Analytics 4. Anonymized where possible. Disabled by default until you accept the cookie banner.
  • Marketing cookies: Meta Pixel, Google Ads conversion tracking. Disabled by default until you accept marketing cookies via the cookie banner.

You can manage cookie preferences via the cookie banner shown on first visit, or via your browser settings at any time. Disabling certain cookies may impact site functionality.

6. How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law.

  • Form submissions and inquiries: 24 months from last interaction, unless converted to engagement.
  • Active client engagement data: Duration of engagement plus 36 months for warranty and dispute purposes.
  • Marketing consent and email subscribers: Until you withdraw consent, plus 6 months for unsubscribe verification.
  • Financial records: 8 years per Indian tax law and GST requirements.
  • Website analytics: 26 months in Google Analytics 4 (configurable; this is our current setting).

After the retention period, we delete or anonymize the data unless legal obligations require longer retention.

7. Your Rights Under the DPDP Act

Under the Digital Personal Data Protection Act 2023 and other applicable law, you have the following rights:

  • Right to access: Request a summary of personal data we hold about you and how it is processed.
  • Right to correction: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data, subject to legal retention requirements.
  • Right to nominate: Nominate another individual to exercise your rights in case of death or incapacity.
  • Right to grievance redressal: Submit a grievance to our Data Protection Officer; if unresolved within 30 days, escalate to the Data Protection Board of India.
  • Right to withdraw consent: Where processing is based on consent, withdraw consent at any time without affecting prior lawful processing.

To exercise any right, email privacy@yashvikonnect.com with the request and proof of identity. We respond within 30 days as required by law.

8. How We Protect Your Data

We implement technical and organizational measures appropriate to the risk, including:

  • HTTPS and TLS encryption for all data in transit
  • Encryption at rest for stored data where supported by service providers
  • Access controls limiting employee access to data on a need-to-know basis
  • Multi-factor authentication on critical systems
  • Regular review of data processing activities and security controls

No security system is impenetrable. In the event of a personal data breach, we notify affected individuals and the Data Protection Board of India in accordance with the DPDP Act timelines.

9. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be notified via the website (banner notification) and, where applicable, via email to active clients and subscribers.

10. How to Contact Us

Data Protection Officer
Email: privacy@yashvikonnect.com
Postal: Yashvi Konnect, Office No. 3B, OM Complex, Near Swastik Cross Rd Vasant Vihar, Navrangpura, Ahmedabad, Gujarat 380009

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India.