Skymoon Infotech ("we", "us", or "our") is committed to protecting your personal data with transparency and care. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and the rights you hold over your data - including rights under India's Digital Personal Data Protection Act, 2023 (DPDPA) and the DPDP Rules, 2025.
Note: This Policy applies to personal data collected through our website (skymooninfotech.com), our client application (app.skymooninfotech.com), our inquiry forms, and any other interaction you have with us. This is not a legal contract - if you require legal advice on data privacy, please consult a qualified professional.
Skymoon Infotech is an AI-first digital growth studio registered and operating in India. We help businesses grow through SEO, Generative Engine Optimisation (GEO), Paid Advertising, Content Marketing, Web Design and Development, Conversion Rate Optimisation (CRO), and Branding.
Registered address: 408, Iscon Emporio, Satellite, Ahmedabad, Gujarat 380015, India
Contact: [email protected] | 011-69320384
Under the DPDPA 2023, Skymoon Infotech acts as a Data Fiduciary - the entity that determines the purpose and means of processing your personal data.
We collect only the data that is necessary for the specific purpose described. We do not collect data we do not need.
| Category | What We Collect | Why We Collect It |
|---|---|---|
| Identity & Contact | Name, email address, phone number, company name | To respond to inquiries, deliver services, and send requested communications |
| Lead Capture | Service interest, business URL, current marketing challenges | To provide you with a relevant audit, proposal, or consultation |
| Payment Data | Billing name, billing address, transaction reference (not card numbers) | To process payments for services via Razorpay (PCI-DSS compliant) |
| Usage & Technical | IP address, browser type, operating system, pages visited, session duration, referring URL | To understand how our website is used, improve performance, and diagnose issues |
| Communication Data | Email correspondence, form submissions, chat messages | To provide support, follow up on projects, and maintain service records |
| Marketing Preferences | Newsletter opt-in/opt-out status, campaign engagement | To send you relevant updates only when you have opted in |
| Client Project Data | Analytics access, ad account data, website credentials (shared by clients) | To deliver contracted digital marketing and SEO services |
Under the DPDPA 2023, your consent must be free, specific, informed, unconditional, and unambiguous. We obtain it through an affirmative action - for example, checking a consent box, submitting a form with a clear consent statement, or explicitly opting in to communications.
Pre-ticked boxes, implied consent, or bundled consent are not used on our website.
You may withdraw your consent at any time by:
Withdrawal of consent will not affect the lawfulness of data processed before the withdrawal. We will stop processing your data for the withdrawn purpose within 72 hours of receiving your request, unless a legal obligation requires us to retain it.
In limited circumstances, we may process your data without consent where it is necessary for:
We use personal data strictly for the purposes stated at the time of collection. Specific uses include:
We will not use your personal data for any purpose materially different from those described above without first notifying you and obtaining your consent.
Skymoon Infotech is an AI-first digital growth studio. We use artificial intelligence tools to enhance the quality, speed, and effectiveness of our work. This section explains how AI is used and what it means for your data.
| Tool / Provider | Purpose | Data That May Be Processed |
|---|---|---|
| Claude (Anthropic) | Content drafting, SEO strategy, campaign ideation, data analysis | Anonymised briefs, general project context - never personal client PII without explicit consent |
| ChatGPT / OpenAI | Content assistance, keyword research, copy variation | Anonymised content prompts and project context |
| Google Gemini | Research, content QA, AI Overview analysis | General queries, no personal data |
| Jasper / Copy.ai | Marketing copy drafting | Brand context, anonymised creative briefs |
| Midjourney / Adobe Firefly | Creative asset generation | Text prompts only - no personal data |
| Internal AI SEO Suite | Keyword research, GEO optimisation, rank tracking | Website URLs and publicly available search data - no personal user data |
We use trusted third-party service providers to operate our business. These providers are authorised to process your data only for the specific purposes we have engaged them for and are contractually required to maintain confidentiality and security.
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Razorpay | Payment processing (PCI-DSS compliant) | Billing name, email, transaction ID - card data never stored by us | razorpay.com/privacy |
| Google Analytics 4 | Website traffic analysis and UX insights | Anonymised IP, pages visited, session data, device type | policies.google.com/privacy |
| Google Tag Manager | Tag and script management | No personal data collected directly; manages other tags | policies.google.com/privacy |
| Meta Pixel (Facebook) | Ad campaign performance tracking and retargeting | Pseudonymised browser identifiers, page events - only when you consent to marketing cookies | facebook.com/privacy/policy |
| Google Ads / Microsoft Advertising | Ad conversion tracking | Conversion events only - no personal data beyond pseudonymised click IDs | policies.google.com/privacy |
| WordPress (self-hosted) | Website CMS | Form data, IP addresses, session cookies | automattic.com/privacy |
| Bitform (contact forms) | Lead capture and inquiry forms | Name, email, phone, message content | Data stored on our own server; not shared externally |
| Email Service Provider (ESP) | Newsletter and transactional email delivery | Email address, first name, email engagement data | Disclosed on opt-in |
| Rank Math Pro | SEO management | No user personal data - manages on-site SEO only | rankmath.com/privacy-policy |
| WP Rocket | Website performance and caching | Server-side caching - processes no personal data directly | wp-rocket.me/privacy-policy |
Once you leave our website or are redirected to a third-party platform, their privacy policies govern your data. We encourage you to review these independently.
We use cookies and similar tracking technologies to improve your experience on our website and to understand how it is used.
| Cookie Type | Purpose | Consent Required? |
|---|---|---|
| Strictly Necessary | Session management, security, form anti-spam (honeypot tokens) | No - essential for the website to function |
| Analytics | Google Analytics 4 - anonymised traffic and behaviour data | Yes - only placed after consent |
| Marketing / Retargeting | Meta Pixel, Google Ads conversion tracking | Yes - only placed after consent |
| Preferences | Remembering language, display, or form preferences | Yes - only placed after consent |
You can manage, update, or withdraw your cookie consent at any time by clicking the "Cookie Preferences" link in the footer. You may also control cookies through your browser settings, but note that disabling all cookies may affect the functionality of our website.
As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the following rights. These are in addition to any rights under other applicable laws.
You can request a summary of the personal data we hold about you and how we are processing it, at no charge.
You can ask us to correct inaccurate data or complete incomplete data we hold about you.
You can request deletion of your personal data once the original purpose has been fulfilled or you have withdrawn consent, subject to any legal retention obligations.
You can withdraw consent for any non-essential processing at any time. We will stop processing within 72 hours of your request.
You can raise a complaint with our Grievance Officer. We will respond within 30 days. If unsatisfied, you may escalate to the Data Protection Board of India.
Unique to DPDPA 2023 - you may nominate another individual to exercise your data rights in the event of your death or incapacity. Contact us to register a nomination.
Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from children. Under the DPDPA 2023, processing personal data of a child (person under 18 years) requires verifiable parental or guardian consent.
If you believe we have inadvertently collected data from a person under 18, please contact us at [email protected] and we will delete it promptly.
We retain your personal data only for as long as necessary for the purpose it was collected, or as required by law. Our standard retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Inquiry form / lead data | 24 months from last contact | To follow up on business inquiries within a reasonable window |
| Active client project data | Duration of engagement + 36 months | Legal, billing, and performance reference records |
| Payment records | 7 years | Indian tax and financial regulatory requirements |
| Email marketing data | Until unsubscribe or 24 months of inactivity | Consent-based; deleted or suppressed on withdrawal |
| Website analytics data | 14 months (GA4 default, anonymised) | Traffic and performance analysis |
| Correspondence / support emails | 36 months from last communication | Reference for service continuity and dispute resolution |
In line with Section 8(7) of the DPDPA 2023, we will erase personal data once the purpose for which it was collected is no longer being served, or upon the withdrawal of your consent, unless a legal obligation requires retention.
Some of our third-party service providers (including Google, Meta, Anthropic, OpenAI, and others listed in Section 6) process or store data on servers located outside India - including in the United States, European Union, and Singapore.
Where data is transferred outside India, we ensure appropriate safeguards are in place, including contractual obligations on the receiving party to maintain a standard of data protection consistent with the DPDPA 2023.
As India's DPDP Rules 2025 finalise the list of permitted and restricted countries for cross-border transfers, we will update our data transfer practices accordingly.
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.
We use Razorpay as our payment processing partner. Razorpay is PCI-DSS Level 1 certified and does not store your card data on its servers in unencrypted form. Your card and bank details are encrypted using AES-256 encryption during transmission.
We receive only a transaction reference ID and payment status - we never see or store your full card number, CVV, or PIN. Purchase transaction data is used only to confirm and record the payment.
For more details on how Razorpay handles your payment data, see: razorpay.com/privacy
With your explicit opt-in, we may send you email communications including SEO insights, case studies, GEO updates, and Skymoon Infotech service news.
In the event of a personal data breach that is likely to result in harm to you, we will:
If you believe your data may have been involved in a security incident, please contact us immediately at [email protected].
We review and update this Privacy Policy periodically to reflect changes in our services, technology, and applicable law. The version number and "Last Updated" date at the top of this page will always indicate the most recent revision.
For material changes - changes that significantly affect how we collect or use your personal data - we will notify you by email (if you have provided one) or by a prominent notice on our website at least 15 days before the change takes effect. Continued use of our website after that date constitutes acceptance of the updated policy.
Under Section 13 of the DPDPA 2023, every Data Fiduciary must maintain an effective grievance redressal mechanism. If you have any concerns, questions, or complaints about how we handle your personal data, please reach out to us using the details below. We will acknowledge your grievance within 7 business days and aim to resolve it within 30 days.
Skymoon Infotech
Attn: Grievance Officer - Data Privacy
408, Iscon Emporio, Satellite
Ahmedabad, Gujarat 380015, India
[email protected]
Subject: "Data Principal Rights Request"
or "Privacy Grievance"
011-69320384
Monday – Friday, 10:00 AM – 6:00 PM IST
If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once it is operational under the DPDPA 2023. Details of the Board's complaint mechanism will be published at
meity.gov.in
This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts of Ahmedabad, Gujarat, India.
Skymoon Infotech | 408, Iscon Emporio, Satellite, Ahmedabad, Gujarat 380015 | [email protected] | 011-69320384
© 2026 Skymoon Infotech. All rights reserved.