Privacy Policy

Digispot AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Digispot AI: Only uses Google user data (from Google Search Console, Google Analytics, and other connected Google services) to provide and improve user-facing features of the Digispot AI platform. Does not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising. Does not use Google user data to train artificial intelligence (AI) or machine learning (ML) models, whether general-purpose or otherwise. Does not sell, rent, lease, or sublicense Google user data to third parties. Does not transfer Google user data to third parties unless doing so is necessary to provide or improve user-facing features, you provide explicit prior consent, it is necessary for security purposes (such as investigating abuse), or it is required to comply with applicable law. Does not allow humans to read Google user data unless you have provided affirmative consent for specific messages, it is necessary for security purposes, it is required to comply with applicable law, or the data has been aggregated and anonymized and is used only for internal operations. These restrictions apply specifically to data obtained via Google APIs. You can revoke Digispot AI's access to your Google data at any time by visiting your Google Account permissions page at https://myaccount.google.com/permissions and removing Digispot AI from the list of connected applications.

We use the information we collect for the following purposes: Service Delivery: To provide, operate, and maintain the SEO platform, including performing website audits, generating reports, delivering AI-powered recommendations, and displaying data from connected integrations. Account Management: To create and manage your account, process subscriptions and payments, and communicate account-related information. Service Improvement: To analyze usage patterns, identify bugs, improve features, develop new functionality, and enhance overall platform performance. For this purpose, we use only anonymized and aggregated data that cannot identify you or your business. Communication: To respond to your inquiries, provide customer support, send service-related notices (such as maintenance alerts, security notifications, billing reminders, and Terms or Privacy Policy updates), and with your explicit consent, send marketing communications about new features, content, or offers. Security & Fraud Prevention: To detect, investigate, and prevent unauthorized access, abuse, fraud, and other illegal activities. Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following: Performance of Contract: Processing necessary to provide the Service you have subscribed to, including account management, website crawling, data retrieval through integrations, and report generation (Article 6(1)(b) GDPR). Legitimate Interests: Processing for our legitimate business interests, including platform improvement, security, and fraud prevention, where these interests are not overridden by your data protection rights (Article 6(1)(f) GDPR). Consent: Processing based on your freely given, specific, and informed consent, including marketing communications and optional analytics cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Article 6(1)(a) GDPR). Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject (Article 6(1)(c) GDPR).

We do not sell your personal information. We share your data only in the following limited circumstances: Service Providers (Sub-Processors): We share data with trusted third-party service providers who assist us in operating the Service, including cloud infrastructure and hosting providers (servers located in the United States), payment processing providers, email delivery services, and analytics and monitoring tools. All sub-processors are contractually bound to process data only on our instructions and to maintain appropriate security measures. A list of current sub-processors is available upon request by emailing info@digispot.ai. Third-Party Integrations: When you connect integrations (such as Google Search Console or Google Analytics), data flows between those platforms and Digispot AI in accordance with the permissions you granted during setup. We encourage you to review the privacy policies of any third-party services you connect. Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request. Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent in-app notice before your information becomes subject to a different privacy policy. With Your Consent: We may share information with third parties when you have explicitly consented to such sharing.

Digispot AI's business operations are based in Bengaluru, India, and our primary servers and infrastructure are located in the United States. Depending on your location, your data may be transferred to and processed in the United States, India, and other jurisdictions where our sub-processors operate. These countries may have data protection laws that differ from the laws of your jurisdiction. Safeguards for EU/EEA/UK Transfers: Where we transfer personal data from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, UK International Data Transfer Agreements or Addenda where applicable, and additional technical and organizational measures to protect data in transit and at rest. You may request a copy of the relevant transfer safeguards by contacting info@digispot.ai. Safeguards for Other Jurisdictions: For transfers involving data from other jurisdictions with cross-border transfer requirements, we comply with the applicable legal mechanisms and maintain contractual commitments with our sub-processors.

We implement and maintain industry-standard technical and organizational security measures designed to protect your personal information, including encryption of data in transit using TLS/SSL and encryption of data at rest, role-based access controls ensuring only authorized personnel can access personal data, regular security audits, penetration testing, and vulnerability assessments, secure software development lifecycle (SDLC) practices, multi-factor authentication for internal systems, logging and monitoring of access to personal data, and regular staff training on data protection and security awareness. While we employ robust security measures, no method of transmission over the internet or electronic storage is entirely without risk. We cannot guarantee absolute security but commit to promptly addressing any security incidents and continuously improving our security posture.

Active Accounts: We retain your personal data and Customer Data for as long as your account is active and as necessary to provide the Service, comply with legal obligations, and resolve disputes. Crawl & Integration Data: Website crawl data and data retrieved from third-party integrations are retained for the duration of your active subscription to enable historical comparison, trend analysis, and reporting. When you disconnect an integration, the associated data will be retained for your continued reference unless you request its deletion. After Cancellation or Subscription Expiry: Upon account cancellation, subscription expiry, or termination, your Customer Data will be retained for up to 30 days to allow for reactivation or data export. After 30 days, your personal data and Customer Data will be permanently deleted from our active systems and backups. Inactive Accounts: If your paid subscription expires or is terminated due to non-payment, your account and associated data may be deleted or anonymized after 30 days of inactivity. For free-plan accounts, data may be deleted or anonymized after 60 days of inactivity. Legal Retention: Certain information may be retained beyond the above periods where required by law, for tax and accounting compliance, or to establish, exercise, or defend legal claims. Such retained data will be securely stored and accessed only for those specific purposes. Anonymized Data: Aggregated and anonymized data that can no longer identify you may be retained for platform improvement, benchmarking, and research purposes.

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data: Right of Access: You may request a copy of the personal data we hold about you. Right to Rectification: You may request that we correct inaccurate or incomplete personal data. Right to Erasure (Right to be Forgotten): You may request that we delete your personal data, subject to certain legal exceptions. Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format and have it transmitted to another service provider where technically feasible. Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances. Right to Object: You may object to our processing of your personal data based on legitimate interests or for direct marketing purposes. Right to Withdraw Consent: Where we process data based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights. CCPA/CPRA Rights (California Residents): If you are a California resident, you have the right to know what personal information we collect, use, and disclose; the right to request deletion of your personal information; the right to opt-out of the sale of personal information (we do not sell personal information); and the right to non-discrimination for exercising your privacy rights. Indian Data Protection Rights: Under the Digital Personal Data Protection Act, 2023 (once fully in force), you may have rights including the right to access, correction, erasure, and grievance redressal regarding your personal data. How to Exercise Your Rights: To exercise any of these rights, please contact us at info@digispot.ai with the subject line "Privacy Rights Request." We will verify your identity before processing your request and will respond within the timeframes required by applicable law, or otherwise without undue delay. If we need additional time for complex requests, we will notify you of the extension and the reasons. We will not charge a fee for processing your request unless the request is manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable administrative fee or refuse to act on the request, with explanation.

What Are Cookies: Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies (such as local storage) for various purposes. Essential Cookies: These are strictly necessary for the operation of the Service, including authentication, session management, security, and load balancing. They cannot be disabled without affecting core functionality. Analytics Cookies: With your consent, we use analytics cookies to understand how users interact with our platform, identify popular features, detect issues, and improve the user experience. These may include third-party analytics services. Marketing Cookies: With your explicit consent only, we may use cookies to deliver relevant marketing content and measure the effectiveness of our campaigns. Your Cookie Choices: When you first visit our platform, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can modify your cookie preferences at any time through our cookie settings accessible in the platform footer, your browser settings (note: blocking all cookies may affect functionality), or through opt-out mechanisms provided by third-party analytics providers. Do Not Track: We respect Do Not Track (DNT) browser signals. When we detect a DNT signal, we disable non-essential tracking and analytics cookies for that session.

The Service is designed for business use and is not intended for children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal data from a person under 18, we will take immediate steps to delete that information. If you believe we may have collected information from a minor, please contact us at info@digispot.ai.

The Service may contain links to third-party websites, tools, or services that are not operated by Digispot AI. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party services you interact with, including Google Search Console, Google Analytics, and any other platforms you connect to Digispot AI.

If you are a business customer subject to GDPR or other data protection regulations that require a DPA between controllers and processors, we offer a standard DPA that covers the scope and purpose of data processing, categories of personal data processed, technical and organizational security measures, sub-processor obligations, data subject rights assistance, data breach notification procedures, and data return and deletion upon termination. To request a DPA, please contact info@digispot.ai with the subject line "DPA Request." We will provide our standard DPA for review and execution in a timely manner.

We may update this Privacy Policy from time to time to reflect changes in our data practices, the Service, or applicable laws. For material changes, we will provide reasonable advance notice via email to the address associated with your account or through a prominent notice within the Service. Non-material changes (such as formatting, typographical corrections, or minor clarifications) may take effect immediately upon posting. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acknowledgment and acceptance of the changes. The date of the most recent revision is indicated at the top of this policy.

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your privacy rights, please contact us: Pravar Pro (operating as Digispot AI) Email: info@digispot.ai Privacy Officer: info@digispot.ai Subject Line for Privacy Matters: "Data Protection Inquiry" Response Time: We will respond to privacy inquiries within 30 days of verification. EU Representatives: For EU-related matters, you may also contact your local data protection authority.