Privacy Policy

Skymoon Infotech ("we", "us", or "our") is committed to protecting your personal data with transparency and care. This Privacy Policy describes what personal data we collect, why we collect it, how we use and protect it, and the rights you hold over your data - including rights under India's Digital Personal Data Protection Act, 2023 (DPDPA) and the DPDP Rules, 2025.

Note: This Policy applies to personal data collected through our website (skymooninfotech.com), our client application (app.skymooninfotech.com), our inquiry forms, and any other interaction you have with us. This is not a legal contract - if you require legal advice on data privacy, please consult a qualified professional.

1. Who We Are

Skymoon Infotech is an AI-first digital growth studio registered and operating in India. We help businesses grow through SEO, Generative Engine Optimisation (GEO), Paid Advertising, Content Marketing, Web Design and Development, Conversion Rate Optimisation (CRO), and Branding.

Registered address: 408, Iscon Emporio, Satellite, Ahmedabad, Gujarat 380015, India

Contact: [email protected]  |  011-69320384

Under the DPDPA 2023, Skymoon Infotech acts as a Data Fiduciary - the entity that determines the purpose and means of processing your personal data.

2. Data We Collect & Why

We collect only the data that is necessary for the specific purpose described. We do not collect data we do not need.

Category What We Collect Why We Collect It
Identity & Contact Name, email address, phone number, company name To respond to inquiries, deliver services, and send requested communications
Lead Capture Service interest, business URL, current marketing challenges To provide you with a relevant audit, proposal, or consultation
Payment Data Billing name, billing address, transaction reference (not card numbers) To process payments for services via Razorpay (PCI-DSS compliant)
Usage & Technical IP address, browser type, operating system, pages visited, session duration, referring URL To understand how our website is used, improve performance, and diagnose issues
Communication Data Email correspondence, form submissions, chat messages To provide support, follow up on projects, and maintain service records
Marketing Preferences Newsletter opt-in/opt-out status, campaign engagement To send you relevant updates only when you have opted in
Client Project Data Analytics access, ad account data, website credentials (shared by clients) To deliver contracted digital marketing and SEO services
We do not collect: Government ID numbers, Aadhaar details, financial account numbers, biometric data, health/medical records, or any Sensitive Personal Data as defined under applicable law, unless you explicitly provide it and we explicitly request it for a stated purpose with separate consent.

3. Consent

How we obtain your consent

Under the DPDPA 2023, your consent must be free, specific, informed, unconditional, and unambiguous. We obtain it through an affirmative action - for example, checking a consent box, submitting a form with a clear consent statement, or explicitly opting in to communications.

Pre-ticked boxes, implied consent, or bundled consent are not used on our website.

How to withdraw your consent

You may withdraw your consent at any time by:

  • Emailing [email protected] with the subject line "Withdraw Consent"
  • Clicking the unsubscribe link in any marketing email you receive from us
  • Requesting erasure of your data via our Grievance Officer (see Section 17)

Withdrawal of consent will not affect the lawfulness of data processed before the withdrawal. We will stop processing your data for the withdrawn purpose within 72 hours of receiving your request, unless a legal obligation requires us to retain it.

Legitimate use without consent

In limited circumstances, we may process your data without consent where it is necessary for:

  • Compliance with a court order or statutory requirement under Indian law
  • Responding to a medical emergency involving you or someone else
  • Employment-related processing for our own staff (where applicable law permits)

4. How We Use Your Data

We use personal data strictly for the purposes stated at the time of collection. Specific uses include:

  • Service delivery: To provide, manage, and improve our digital marketing services for clients
  • Audit requests: To analyse your website, ad accounts, or search presence and deliver a customised audit report
  • Communication: To respond to your inquiries, proposals, and support requests
  • Invoicing and payments: To process and record payments for services
  • Marketing: To send newsletters, case studies, or SEO insights - only when you have opted in
  • Website improvement: To understand how visitors interact with our site and improve user experience
  • Legal and compliance: To comply with applicable Indian laws, court orders, or regulatory requirements

We will not use your personal data for any purpose materially different from those described above without first notifying you and obtaining your consent.

5. AI Tools & Artificial Intelligence

AI Transparency Disclosure - Required under India DPDP Act 2023

Skymoon Infotech is an AI-first digital growth studio. We use artificial intelligence tools to enhance the quality, speed, and effectiveness of our work. This section explains how AI is used and what it means for your data.

AI tools we use internally

Tool / Provider Purpose Data That May Be Processed
Claude (Anthropic) Content drafting, SEO strategy, campaign ideation, data analysis Anonymised briefs, general project context - never personal client PII without explicit consent
ChatGPT / OpenAI Content assistance, keyword research, copy variation Anonymised content prompts and project context
Google Gemini Research, content QA, AI Overview analysis General queries, no personal data
Jasper / Copy.ai Marketing copy drafting Brand context, anonymised creative briefs
Midjourney / Adobe Firefly Creative asset generation Text prompts only - no personal data
Internal AI SEO Suite Keyword research, GEO optimisation, rank tracking Website URLs and publicly available search data - no personal user data

Our AI data-handling principles

  • No PII in AI prompts: We do not enter personally identifiable information (names, email addresses, phone numbers, financial data) into third-party AI tools without your explicit consent.
  • Human oversight: All AI-generated content and recommendations are reviewed and approved by a qualified human team member before delivery to clients or publication.
  • No automated decisions about you: We do not use AI to make fully automated decisions that have a legal or similarly significant effect on you as an individual without human review.
  • Third-party AI terms apply: When AI tools process any data, their own privacy policies and terms of service also apply. We recommend reviewing Anthropic's (anthropic.com/privacy) and OpenAI's (openai.com/policies/privacy-policy) policies.
  • AI-generated content disclosure: Where content published on behalf of clients is substantially AI-assisted, we disclose this to the client and follow platform and regulatory guidelines on AI content transparency.
Client data & AI: If you are a client and you share sensitive business data (financial performance, customer databases, audience lists) with us, we will not feed this data into third-party AI systems without your written authorisation. This is part of our standard client engagement agreement.

6. Third-Party Services & Tools

We use trusted third-party service providers to operate our business. These providers are authorised to process your data only for the specific purposes we have engaged them for and are contractually required to maintain confidentiality and security.

Provider Purpose Data Shared Privacy Policy
Razorpay Payment processing (PCI-DSS compliant) Billing name, email, transaction ID - card data never stored by us razorpay.com/privacy
Google Analytics 4 Website traffic analysis and UX insights Anonymised IP, pages visited, session data, device type policies.google.com/privacy
Google Tag Manager Tag and script management No personal data collected directly; manages other tags policies.google.com/privacy
Meta Pixel (Facebook) Ad campaign performance tracking and retargeting Pseudonymised browser identifiers, page events - only when you consent to marketing cookies facebook.com/privacy/policy
Google Ads / Microsoft Advertising Ad conversion tracking Conversion events only - no personal data beyond pseudonymised click IDs policies.google.com/privacy
WordPress (self-hosted) Website CMS Form data, IP addresses, session cookies automattic.com/privacy
Bitform (contact forms) Lead capture and inquiry forms Name, email, phone, message content Data stored on our own server; not shared externally
Email Service Provider (ESP) Newsletter and transactional email delivery Email address, first name, email engagement data Disclosed on opt-in
Rank Math Pro SEO management No user personal data - manages on-site SEO only rankmath.com/privacy-policy
WP Rocket Website performance and caching Server-side caching - processes no personal data directly wp-rocket.me/privacy-policy

Once you leave our website or are redirected to a third-party platform, their privacy policies govern your data. We encourage you to review these independently.

7. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website and to understand how it is used.

Cookie Type Purpose Consent Required?
Strictly Necessary Session management, security, form anti-spam (honeypot tokens) No - essential for the website to function
Analytics Google Analytics 4 - anonymised traffic and behaviour data Yes - only placed after consent
Marketing / Retargeting Meta Pixel, Google Ads conversion tracking Yes - only placed after consent
Preferences Remembering language, display, or form preferences Yes - only placed after consent

You can manage, update, or withdraw your cookie consent at any time by clicking the "Cookie Preferences" link in the footer. You may also control cookies through your browser settings, but note that disabling all cookies may affect the functionality of our website.

8. Your Rights Under DPDPA 2023

As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the following rights. These are in addition to any rights under other applicable laws.

Right to Access

You can request a summary of the personal data we hold about you and how we are processing it, at no charge.

Right to Correction & Completion

You can ask us to correct inaccurate data or complete incomplete data we hold about you.

Right to Erasure

You can request deletion of your personal data once the original purpose has been fulfilled or you have withdrawn consent, subject to any legal retention obligations.

Right to Withdraw Consent

You can withdraw consent for any non-essential processing at any time. We will stop processing within 72 hours of your request.

Right to Grievance Redressal

You can raise a complaint with our Grievance Officer. We will respond within 30 days. If unsatisfied, you may escalate to the Data Protection Board of India.

Right to Nominate

Unique to DPDPA 2023 - you may nominate another individual to exercise your data rights in the event of your death or incapacity. Contact us to register a nomination.

How to exercise your rights: Email [email protected] with the subject line "Data Principal Rights Request". Please include your full name and the right you wish to exercise. We will acknowledge within 7 business days and resolve within 30 days.

9. Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from children. Under the DPDPA 2023, processing personal data of a child (person under 18 years) requires verifiable parental or guardian consent.

If you believe we have inadvertently collected data from a person under 18, please contact us at [email protected] and we will delete it promptly.

10. Data Retention

We retain your personal data only for as long as necessary for the purpose it was collected, or as required by law. Our standard retention periods are:

Data Type Retention Period Reason
Inquiry form / lead data 24 months from last contact To follow up on business inquiries within a reasonable window
Active client project data Duration of engagement + 36 months Legal, billing, and performance reference records
Payment records 7 years Indian tax and financial regulatory requirements
Email marketing data Until unsubscribe or 24 months of inactivity Consent-based; deleted or suppressed on withdrawal
Website analytics data 14 months (GA4 default, anonymised) Traffic and performance analysis
Correspondence / support emails 36 months from last communication Reference for service continuity and dispute resolution

In line with Section 8(7) of the DPDPA 2023, we will erase personal data once the purpose for which it was collected is no longer being served, or upon the withdrawal of your consent, unless a legal obligation requires retention.

11. Cross-Border Data Transfers

Some of our third-party service providers (including Google, Meta, Anthropic, OpenAI, and others listed in Section 6) process or store data on servers located outside India - including in the United States, European Union, and Singapore.

Where data is transferred outside India, we ensure appropriate safeguards are in place, including contractual obligations on the receiving party to maintain a standard of data protection consistent with the DPDPA 2023.

As India's DPDP Rules 2025 finalise the list of permitted and restricted countries for cross-border transfers, we will update our data transfer practices accordingly.

12. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted to and from our website
  • Access controls - personal data is accessible only to authorised personnel who need it for their role
  • Regular security reviews of third-party tools and integrations
  • Password policies and two-factor authentication on internal systems
  • No storage of payment card data on our servers (Razorpay is PCI-DSS Level 1 certified)

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

13. Payment Information

We use Razorpay as our payment processing partner. Razorpay is PCI-DSS Level 1 certified and does not store your card data on its servers in unencrypted form. Your card and bank details are encrypted using AES-256 encryption during transmission.

We receive only a transaction reference ID and payment status - we never see or store your full card number, CVV, or PIN. Purchase transaction data is used only to confirm and record the payment.

For more details on how Razorpay handles your payment data, see: razorpay.com/privacy

14. Email Marketing

With your explicit opt-in, we may send you email communications including SEO insights, case studies, GEO updates, and Skymoon Infotech service news.

  • You will only receive marketing emails if you have actively opted in - no pre-ticked boxes
  • Every marketing email includes a clear and easy one-click unsubscribe link
  • Unsubscribe requests are processed within 48 hours
  • Unsubscribing from marketing does not affect transactional emails related to active services

15. Data Breach Notification

In the event of a personal data breach that is likely to result in harm to you, we will:

  • Notify the Data Protection Board of India within the timeframe required by the DPDPA 2023 and DPDP Rules 2025
  • Notify affected data principals (you) as required by the Board, or sooner if we judge that notification would help you mitigate harm
  • Document the breach, its cause, its impact, and the remedial action taken in our internal breach register

If you believe your data may have been involved in a security incident, please contact us immediately at [email protected].

16. Changes to This Privacy Policy

We review and update this Privacy Policy periodically to reflect changes in our services, technology, and applicable law. The version number and "Last Updated" date at the top of this page will always indicate the most recent revision.

For material changes - changes that significantly affect how we collect or use your personal data - we will notify you by email (if you have provided one) or by a prominent notice on our website at least 15 days before the change takes effect. Continued use of our website after that date constitutes acceptance of the updated policy.

17. Grievance Redressal & Contact

Under Section 13 of the DPDPA 2023, every Data Fiduciary must maintain an effective grievance redressal mechanism. If you have any concerns, questions, or complaints about how we handle your personal data, please reach out to us using the details below. We will acknowledge your grievance within 7 business days and aim to resolve it within 30 days.

Grievance Officer / Data Protection Point of Contact

Skymoon Infotech
Attn: Grievance Officer - Data Privacy
408, Iscon Emporio, Satellite
Ahmedabad, Gujarat 380015, India

Email (Preferred)

[email protected]
Subject: "Data Principal Rights Request"
or "Privacy Grievance"

Phone

011-69320384
Monday – Friday, 10:00 AM – 6:00 PM IST

Escalation - Data Protection Board of India

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once it is operational under the DPDPA 2023. Details of the Board's complaint mechanism will be published at
meity.gov.in

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts of Ahmedabad, Gujarat, India.

Skymoon Infotech  |  408, Iscon Emporio, Satellite, Ahmedabad, Gujarat 380015  |  [email protected]  |  011-69320384
© 2026 Skymoon Infotech. All rights reserved.