Privacy Policy

Last Updated: January 15, 2025
Effective Date: January 15, 2025

Actuals ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://actuals.co.in and use our AI-powered analytics platform and services.

1. Information We Collect

1.1 Personal Information

We collect the following categories of personal information:

• Contact Information: Name, email address, phone number, company name, job title
• Account Information: Username, password (encrypted), profile information
• Business Information: Company size, industry, business requirements
• Communication Data: Messages, feedback, support requests
• Technical Information: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent, features used, click patterns
• Analytics Data: Performance metrics, user interactions, system logs

1.2 Sensitive Personal Information

We may process the following categories of sensitive personal information:

• Business financial data (when uploaded to our platform)
• Proprietary business information and trade secrets
• Employee data (when processing HR analytics)

1.3 Sources of Information

We collect information from:

• Directly from you when you provide it to us
• Automatically through cookies and tracking technologies
• From third-party integrations you authorize
• From publicly available sources
• From our business partners and service providers

2. How We Use Your Information

2.1 Legal Basis for Processing (GDPR)

We process your personal information based on the following legal grounds:

• Consent: When you have given us clear consent to process your data for specific purposes
• Contract Performance: To provide our services and fulfill our contractual obligations
• Legitimate Interests: To improve our services, conduct analytics, and grow our business
• Legal Obligation: To comply with applicable laws and regulations

2.2 Purposes of Processing

We use your information for:

• Providing and maintaining our AI analytics platform
• Processing your requests and transactions
• Communicating with you about our services
• Improving our platform and developing new features
• Conducting research and analytics
• Marketing and promotional activities (with your consent)
• Ensuring security and preventing fraud
• Complying with legal obligations
• Resolving disputes and enforcing agreements

3. Information Sharing and Disclosure

We may share your information with the following categories of third parties:

• Service Providers: Cloud hosting, payment processing, analytics, customer support
• Technology Partners: Integration providers, API partners, development tools
• Professional Services: Legal advisors, auditors, consultants
• Business Partners: Strategic partners, resellers (with your consent)
• Legal Authorities: When required by law or to protect our rights

We do not sell your personal information. Any sharing is done in accordance with this Privacy Policy and applicable data protection laws.

4. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including India, the United States, and other countries where our service providers operate.

When we transfer personal information from the European Economic Area (EEA) to countries outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules or other legally recognized transfer mechanisms

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our retention periods are based on:

• Account Data: Retained while your account is active and for 3 years after closure
• Transaction Data: Retained for 7 years for accounting and legal purposes
• Marketing Data: Retained until you unsubscribe or withdraw consent
• Technical Logs: Retained for 12 months for security and performance monitoring
• Support Communications: Retained for 3 years for quality assurance

6. Your Privacy Rights

6.1 Rights Under GDPR (EU Residents)

If you are a resident of the European Union, you have the following rights:

• Right of Access: Request copies of your personal information
• Right to Rectification: Request correction of inaccurate information
• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Request limitation of processing
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local supervisory authority

6.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: Request information about personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use of sensitive personal information

6.3 How to Exercise Your Rights

To exercise any of these rights, please:

• Email us at: privacy@actuals.co.in
• Use our online privacy request form: [Link to be added]
• Contact us at: +91 8073 879 031

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

7. Security Measures

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption: Data encryption in transit and at rest using industry-standard protocols
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and secure network architecture
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Regular security awareness training for all staff
• Data Minimization: Collecting only necessary information
• Secure Development: Security by design in our development processes

Compliance Frameworks: We are working toward compliance with industry standards including ISO 27001, SOC 2 Type II, and other recognized security frameworks.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. Our Cookie Policy provides detailed information about:

• Types of cookies we use (essential, analytics, marketing)
• How to manage cookie preferences
• Third-party cookies and integrations
• Your choices regarding tracking

9. Automated Decision-Making and Profiling

Our AI platform may use automated decision-making for:

• Generating business insights and recommendations
• Personalizing user experience
• Detecting security threats and fraud

You have the right to request human intervention, express your point of view, and contest automated decisions that significantly affect you.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours (where required)
• Notify affected individuals without undue delay
• Provide clear information about the nature and scope of the breach
• Describe measures taken to address the breach
• Provide guidance on steps you can take to protect yourself

11. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

12. California Residents - Do Not Sell or Share

We do not sell or share your personal information as defined under the California Consumer Privacy Act (CCPA). If our practices change, we will update this policy and provide you with the right to opt-out.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will:

• Post the updated policy on our website
• Update the "Last Updated" date
• Notify you of material changes via email or prominent notice
• Obtain your consent for material changes where required by law

14. Contact Information

15. Supervisory Authority Contacts

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant supervisory authority:

• EU Residents: Your local Data Protection Authority
• UK Residents: Information Commissioner's Office (ICO)
• California Residents: California Attorney General's Office
• Indian Residents: [To be updated when Data Protection Authority is established]

16. Jurisdiction and Governing Law

This Privacy Policy is governed by the laws of India. However, we also comply with applicable data protection laws in jurisdictions where our users are located, including GDPR, CCPA, and other relevant privacy regulations.