Privacy Policy
Last Updated: March 2026
GDPR CompliantDPDP Act 2023IT Rules 2011This Privacy Policy describes how Ecogo Software Solutions Pvt Ltd (“ecogo.ai”, “we”, “us”, or “our”) collects, uses, and protects your personal information when you use our website (www.ecogo.ai) or contact us for our services.
This policy complies with the EU General Data Protection Regulation (GDPR), India’s Digital Personal Data Protection Act 2023 (DPDP Act), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
1. Data Controller / Data Fiduciary
Under GDPR, ecogo.ai is the Data Controller for personal data collected through this website. Under India’s DPDP Act 2023, ecogo.ai is the Data Fiduciary.
Ecogo Software Solutions Pvt Ltd
CIN: (Private Limited, incorporated in India)
HiLite Platino, 409, Shankar Nagar, Jaya Nagar, Maradu,
Kochi, Kerala 682304, India
Email: sales@ecogo.ai
2. Grievance Officer (India — IT Rules 2011 & DPDP Act)
In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 and IT (SPDI) Rules 2011, the details of the Grievance Officer are provided below. If you have any complaints or concerns regarding the processing of your personal data, please contact:
Designation: Data Protection Officer & Grievance Officer
Organisation: Ecogo Software Solutions Pvt Ltd
Email: sales@ecogo.ai
Address: HiLite Platino, 409, Maradu, Kochi, Kerala 682304, India
Grievances will be acknowledged within 24 hours and resolved within 30 days of receipt, in accordance with applicable law.
3. What Personal Data We Collect
We collect the following categories of personal data when you submit our contact or demo request form:
- Full name
- Business email address
- Company or organisation name
- Phone number (optional)
- Agency type and booking volume (to qualify your enquiry)
- Product or service of interest
- Message / requirements you choose to share
We also collect non-personal technical data automatically, including your IP address (anonymised), browser type, operating system, pages visited, and visit timestamps — primarily for security and website stability (server logs). We do not currently use analytics cookies or third-party tracking pixels.
4. Legal Basis for Processing (GDPR Art. 6)
We rely on the following legal bases for processing your personal data:
Consent (Art. 6(1)(a))
Where you tick the consent checkbox on our contact form, consenting to us contacting you about our services.
Legitimate Interests (Art. 6(1)(f))
To respond to your business enquiry, improve website security, and prevent fraud — where these interests are not overridden by your rights.
Contract (Art. 6(1)(b))
Where data processing is necessary to provide the services you have requested or to take steps at your request before entering a contract.
Under India’s DPDP Act 2023, processing is carried out based on consent of the Data Principal and for legitimate uses as permitted by the Act.
5. How We Use Your Information
We use your personal data solely for the following purposes:
- To respond to your demo request or enquiry
- To send you relevant information about our products and services (only where you have given consent)
- To improve our website and services based on aggregate, anonymised usage patterns
- To comply with legal obligations
- To protect the security and integrity of our systems
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Cross-Border Data Transfers
Your data may be transferred to and processed in countries outside India and the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place:
Email transmission of your contact form submission
United States · Standard Contractual Clauses (SCCs) under GDPR
Headless CMS for blog content (no personal data stored)
United States · Server-side only; no personal data transferred
Office location map embedded on Contact page
United States · Google's EU-US Data Privacy Framework compliance
Website hosting infrastructure
United States (us-west1) · Google Cloud Terms of Service + GDPR DPA
7. Data Retention
We retain your personal data only for as long as necessary for the purposes set out in this policy:
- Contact form submissions: retained for up to 24 months to follow up on business enquiries, then securely deleted.
- Email correspondence: retained in accordance with our email provider's standard storage settings.
- Server logs (IP addresses, technical data): retained for up to 90 days for security purposes.
- Cookie consent records (localStorage): stored in your browser until you clear your browser data or withdraw consent.
8. Your Rights
Depending on your location, you have the following rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Request that we limit how we use your data.
Right to Object
Object to processing based on legitimate interests.
Right to Portability
Request your data in a structured, machine-readable format.
Right to Withdraw Consent
Withdraw consent at any time without affecting past processing.
Grievance Redressal (India)
Lodge a complaint with our Grievance Officer (see Section 2).
To exercise any of these rights, please contact us at sales@ecogo.ai. We will respond within 30 days.
9. Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, or alteration. These include:
- HTTPS/TLS encryption for all data in transit
- Server-side form submission processing (no direct database exposure)
- Access controls limiting who can access contact form data
- No storage of sensitive personal data (financial information, passwords) on our public website
However, no method of transmission over the Internet is 100% secure. If you believe your data has been compromised, please contact us immediately.
10. Cookies
We use minimal cookies. When you first visit our website, we display a Cookie Consent banner where you can choose your preferences. For full details, see our Cookie Policy.
11. Children's Privacy
Our website is a B2B platform directed at businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has submitted data to us, please contact us immediately for deletion.
Under India’s DPDP Act 2023, we do not process personal data of children (under 18) without verifiable parental consent, and we do not undertake tracking or behavioural monitoring of children.
12. Regulatory Complaints
You have the right to lodge a complaint with a supervisory authority:
🇮🇳 India — Data Protection Board
Once established under the DPDP Act 2023, you may file a complaint with the Data Protection Board of India. Until then, contact our Grievance Officer (Section 2).
🇪🇺 EU/EEA — Your Local Data Protection Authority
If you are in the EU/EEA, you may contact your local Data Protection Authority (e.g., ICO in the UK, CNIL in France). A list is available at edpb.europa.eu.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. We encourage you to review this policy periodically.
14. Contact & Grievances
For any privacy-related queries, data subject requests, or grievances:
Ecogo Software Solutions Pvt Ltd
Grievance Officer / Data Protection Officer
HiLite Platino, 409, Maradu, Kochi, Kerala 682304, India
Email: sales@ecogo.ai
Response time: within 24 hours (acknowledgement) · 30 days (resolution)