Privacy Policy

1. About this policy

This Privacy Policy explains how Inspirito Ventures Pvt Ltd (“Inspirito”, “we”, “us”, “our”) collects, uses, retains, and protects personal information when you visit our website at inspirito.in, contact us through any of our communication channels, or engage us as a service provider.

This policy is governed by the Digital Personal Data Protection Act, 2023 (“DPDP Act”), applicable rules thereunder, and the Information Technology Act, 2000 read with relevant rules. By using our website or sharing personal information with us, you acknowledge that you have read and understood this policy.

2. Who we are (data fiduciary)

Inspirito Ventures Private Limited is the “data fiduciary” for the purposes of the DPDP Act in respect of personal data we collect through this website and our services. Our identification details:

• Legal name: Inspirito Ventures Pvt Ltd
• CIN: U93000MH2013PTC245437
• GSTIN: 27AATCS7542M2ZE
• Head office: 102, Shanti Niwas Building, Above Airtel 5G, Opp. Mauli Garden, Baner, Pune — 411045, Maharashtra, India
• Registered office: 2104/1/11, DP Laxminarayan Mill Compound, RP Road, Jalna — 431203, Maharashtra, India
• Email for privacy queries: info@inspirito.in
• Phone / WhatsApp: +91 91380 81210

3. Personal data we collect

We collect personal data only when you provide it voluntarily, or when essential for site operation. The categories include:

3.1 Information you submit directly. When you complete an enquiry form, request an audit, send us an email, or message us on WhatsApp, you typically provide: your name, email address, phone number, business name, industry, current website URL, and the details of your enquiry. For ongoing client engagements, we also collect billing details, GST numbers, designated point-of-contact details, and project-related information that you choose to share.

3.2 Information collected automatically. When you visit inspirito.in, our hosting provider and analytics tools automatically log certain technical information: IP address (truncated where possible), browser type and version, device type, operating system, referring URL, the pages you visit, the duration of your visit, and broad geographic location (typically city level).

3.3 Cookies and similar technologies. See Section 9 for full details on cookies and how to manage them.

3.4 What we do NOT collect. We do not knowingly collect: payment card numbers (we use third-party processors that handle these directly); biometric data; sensitive personal data as defined under sectoral laws (e.g., medical records, sexual orientation); data of children under 18 years of age (see Section 11).

4. Lawful basis and purpose of processing

We process personal data only on lawful bases recognised under the DPDP Act — primarily your consent (when you fill out a form, email us, or engage us), or on legitimate uses (such as fulfilling a service contract you have entered into with us, or compliance with legal obligations).

Specific purposes for which we use your personal data:

• Responding to enquiries and conducting initial discovery conversations.
• Preparing and delivering audits, proposals, and engagement documents.
• Performing services under a signed engagement contract.
• Sending project updates, invoices, and operational communication.
• Sending occasional marketing emails (only with your consent, and always with an unsubscribe option).
• Improving the website’s performance and content based on aggregated analytics.
• Complying with legal, tax, accounting, and regulatory obligations under Indian law.

We do not sell, rent, trade, or share your personal data with third parties for marketing or advertising purposes.

5. Sharing of personal data

We disclose personal data only in the following limited circumstances:

5.1 Service providers (data processors). We use carefully selected third-party service providers to operate our business — for example, email infrastructure, hosting, analytics, accounting software, payment gateways, and project-management tools. These processors handle data only on our instructions and under contractual obligations to safeguard it. Current processors include Google (Workspace, Analytics), Cloudflare/Netlify (hosting), and our chartered-accountancy firm. The list is reviewed periodically.

5.2 Legal and regulatory obligations. We may disclose personal data when required by Indian law, court order, or legitimate request from a law-enforcement authority — in which case we will notify you unless legally prohibited from doing so.

5.3 Business transfers. In the unlikely event of a merger, acquisition, or business reorganisation, personal data may transfer to the successor entity, subject to that entity continuing to honour this policy or providing equivalent protection.

5.4 With your explicit consent. For example, if a case study features your company by name, we will obtain explicit written consent before publishing.

6. Data retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by Indian tax and corporate law.

• Enquiries that did not lead to engagement: retained for up to 24 months, then deleted.
• Active client engagements: retained for the duration of the engagement plus 8 years thereafter (to comply with the Income Tax Act and Companies Act record-keeping requirements).
• Email and WhatsApp correspondence: retained for 7 years.
• Anonymised analytics data: retained for up to 26 months on Google Analytics, after which it is auto-deleted.

Once retention periods expire, we delete or irreversibly anonymise the data. You may request earlier deletion under Section 8.

7. Data security

We take reasonable technical and organisational measures to safeguard personal data against unauthorised access, disclosure, alteration, or destruction. These include: encrypted data transmission (HTTPS), access-controlled internal systems with multi-factor authentication, periodic password rotation, principle-of-least-privilege access for team members, and contractual confidentiality obligations on every team member and service provider.

No system is 100% secure. In the event of a data breach that is likely to result in significant harm, we will notify the Data Protection Board of India and affected individuals as required under the DPDP Act.

8. Your rights as a data principal

Under the DPDP Act, 2023, you have the following rights with respect to your personal data:

• Right to access: request a summary of personal data we hold about you.
• Right to correction: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of personal data we no longer need a lawful basis to hold.
• Right to grievance redressal: contact our Grievance Officer (Section 13) for any concern.
• Right to nominate: nominate another individual to exercise these rights on your behalf in case of death or incapacity.
• Right to withdraw consent: withdraw consent at any time for any processing based on consent (this does not affect the lawfulness of processing already performed).

To exercise any of these rights, write to info@inspirito.in with the subject line “DPDP Rights Request”. We will respond within 30 days in line with statutory timelines.

9. Cookies and analytics

Inspirito.in uses two categories of cookies:

9.1 Essential cookies. These are required for the website to function (e.g., remembering your cookie preferences, session continuity). They cannot be disabled.

9.2 Analytics cookies. When enabled (currently planned via Google Analytics 4), these help us understand how visitors use the site — pages visited, time on site, traffic sources. We have configured analytics to anonymise IP addresses where the underlying tool supports it. You can opt out by adjusting browser settings to block cookies, by installing the Google Analytics opt-out browser add-on, or by declining the cookie banner when it is published.

We do not use third-party advertising cookies, retargeting pixels, or social-media-tracking pixels at present.

10. Cross-border data transfers

Some of our service providers (notably Google) operate servers outside India. Where personal data is transferred outside India for processing, we ensure equivalent safeguards through contractual commitments and selection of providers with strong data-protection postures. In keeping with the DPDP Act, we will not transfer personal data to countries notified as restricted by the Central Government.

11. Children’s data

Our services are intended for businesses and adult professionals. We do not knowingly collect or process personal data of individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this policy from time to time, particularly as the DPDP Act rules evolve or as our services change. The current version, with last-updated date, will always be available at this URL. Material changes will be communicated by email to active clients and a homepage notice for at least 14 days.

13. Grievance Officer

In line with the IT Rules, 2021 and the DPDP Act, the contact for any privacy-related grievance is:

• Name: Sooraj Bagdia (Founder & Director)
• Email: info@inspirito.in (subject: “Privacy Grievance”)
• Postal address: 102, Shanti Niwas Building, Baner, Pune — 411045, Maharashtra
• Response timeline: We acknowledge grievances within 48 hours and aim to resolve within 30 days.

If you are not satisfied with our response, you may escalate to the Data Protection Board of India once notified by the Central Government, or to other competent authorities under Indian law.

14. Contact

For any other questions about this policy or our privacy practices, write to info@inspirito.in or the head-office address above.