Privacy Policy.

Effective Date : 01 May 2025

Last Updated : 01 May 2025

1. Introduction

At WebToAI (“WebToAI”, “Company”, “we”, “us” or “our”), we recognize the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws.

This Privacy Policy (“Policy”) governs the manner in which we collect, use, disclose, and protect your information. It applies to all visitors, users, and others who access our website [https://www.webtoai.tech] (the “Site”) or use our services.

This Policy is in accordance with:

  • Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT Rules"). (for indian residents)
  • General Data Protection Regulation (GDPR) (EU Regulation 2016/679).
  • California Consumer Privacy Act (CCPA) (for California residents).

By using our Site or services, you accept the practices described in this Privacy Policy. If you do not agree with the terms of this Policy, please do not access the Site.

2. Information We Collect

We collect two types of information: (i) personal information that you provide to us, and (ii) information automatically collected when you interact with our Site.

2.1 Personal Information You Provide

Definition: Personal information refers to any information that identifies you directly or indirectly.

When you engage with us, we may collect:

  • Full name
  • Email address
  • Contact number
  • Company name and position
  • Billing or payment information (where relevant)
  • Any other information you choose to provide (e.g., through support emails or forms)

Purpose: This information allows us to provide requested services, respond to inquiries, improve our offerings, and communicate marketing or transactional information.

Legal Basis:

  • Section 43A of the Information Technology Act, 2000: We are responsible for protecting sensitive personal data.
  • GDPR Article 6(1)(a): Collection and processing based on your consent.

2.2 Information Automatically Collected

When you interact with our Site, we automatically collect technical information, including:

  • Your IP address
  • Browser type and version
  • Device identifiers
  • Language settings
  • Time zone settings
  • Pages visited, time spent on pages, and other website interaction data
  • Cookies and similar tracking technologies

Purpose: To analyze trends, administer the Site, track user movements, and gather demographic information.

Legal Basis:

  • GDPR Article 6(1)(f): Processing necessary for our legitimate interests.
  • IT Rules, 2011: Requires notice to users regarding data collection.

3. How We Use Your Information

We use the information collected for a variety of purposes, including:

  • To provide, maintain, and improve our services and Site
  • To personalize your experience
  • To respond to your requests, inquiries, or support tickets
  • To communicate administrative information (such as changes to our terms or policies)
  • To send promotional communications (where permitted by law)
  • To process transactions and send related information
  • To detect, investigate, and prevent fraudulent transactions and unauthorized access
  • To comply with legal obligations

Legal Basis:

  • GDPR Article 6(1)(b): Processing necessary for contract performance.
  • CCPA Section 1798.100(b): Consumers have the right to know how information is used.

4. Sharing and Disclosure of Information

We do not sell your personal information. We may, however, share or disclose your information in the following situations:

4.1 Service Providers

We engage trusted third-party vendors who perform services on our behalf, such as hosting, analytics, payment processing, and customer support.

Requirement: Vendors are contractually obligated to protect your information.

4.2 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of the business assets.

We will notify you via email or a prominent notice if such a transfer affects your personal data.

4.3 Legal Requirements

We may disclose your information when required to do so by law, including:

  • Responding to court orders
  • Law enforcement requests
  • Legal claims
  • Protection against fraud or security issues

Legal Basis:

  • Section 72A of the Information Technology Act, 2000: Prohibits disclosure without consent unless legally obligated.

5. Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and as required by law. Once the purpose for processing your data has been met or when it is no longer needed, we will securely delete or anonymize your personal information. Below are the specific retention periods based on the different purposes for which we process your information:

Legal Basis:

  • GDPR Article 5(1)(e): Personal data must not be kept longer than necessary for the purposes for which it was collected and processed.
  • CCPA Section 1798.105: Consumers have the right to request deletion of personal information when it is no longer necessary for business purposes.

5.1 Legal Requirements

We may retain your information for a minimum of 5 years to comply with legal obligations, such as tax reporting or other financial compliance requirements. This is in line with standard practices for record-keeping under applicable laws in many jurisdictions.

5.2 Contractual Obligations

If you have entered into a contract with us (e.g., a service agreement or purchase contract), we will retain your information for the duration of the contract and for an additional period of up to 3 years after the contract concludes. This retention period ensures that we can resolve any post-contract disputes, enforce contractual rights, and comply with any legal obligations arising from the contract.

5.3 Dispute Resolution and Enforcement

In the event of a dispute or legal action, we may retain your personal data for up to 3 years following the conclusion of the dispute or legal action. This time frame allows us to resolve any remaining issues related to the dispute or enforcement of our agreements.

5.4 Marketing and Communications

If you have opted in to receive marketing communications from us, we will retain your personal data for as long as you have not withdrawn consent. Once consent is withdrawn, we will stop sending marketing communications and delete your data from our marketing database within 30 days.

5.5 Job Applications

If you have submitted an application for a job with us, we will retain your resume and application details for up to 1 year in case any future job opportunities arise. If you are hired, your data will be retained as part of your employment records.

5.6 Data Deletion or Anonymization

Once your data is no longer needed or the retention period has expired, we will either securely delete it or anonymize it. This means:

  • Deletion: Your data will be permanently removed from our systems, including backups, or securely destroyed.
  • Anonymization: If we need to retain data for statistical or analytical purposes, we will anonymize the data to ensure it no longer identifies you.

6. Your Rights and Choices

Depending on your location and applicable law, you have the following rights regarding your personal information. Below is a detailed explanation of each right and how you can exercise it.

6.1 Right to Access

You have the right to request access to the personal information we hold about you. This means you can ask for a copy of the data we have on file, including how we are using it.

Time Frame for Response: We will respond to your request within 30 days of receiving it, in accordance with GDPR Article 15. If we require additional time to fulfill your request, we will notify you within the initial 30-day period.

Legal Basis:

  • GDPR Article 15: Right of access to personal data.

6.2 Right to Rectification

You have the right to request corrections to any inaccurate or incomplete personal information that we hold about you.

Time Frame for Response: We will make the necessary corrections within 10 business days after receiving your request. If the changes are more complex, we will inform you about the delay and update you on our progress.

Legal Basis:

  • GDPR Article 16: Right to rectification of inaccurate personal data.

6.3 Right to Withdraw Consent

If we process your personal information based on your consent (e.g., for marketing communications), you have the right to withdraw your consent at any time.

Effect of Withdrawing Consent: Once you withdraw your consent, we will stop processing your personal data for the purposes you originally consented to. However, withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.

Time Frame for Response: We will stop using your personal data for the purposes of consent withdrawal within 30 days after receiving your request.

Legal Basis:

  • GDPR Article 7(3): The right to withdraw consent at any time.

6.4 Right to Deletion (Right to be Forgotten)

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected or processed. This right applies in specific circumstances as defined by GDPR Article 17 and CCPA Section 1798.105.

Conditions for Deletion:

  • When you withdraw your consent, and we have no other legal basis for processing.
  • When the data is no longer necessary for the purposes for which it was collected.
  • When you object to processing, and there are no overriding legitimate grounds for processing.

Time Frame for Response: We will respond to your request for deletion within 30 days, as required by GDPR Article 17 and CCPA Section 1798.105. If we require more time, we will notify you of the delay.

Legal Basis:

  • GDPR Article 17: Right to erasure.
  • CCPA Section 1798.105: Right to deletion.

6.5 Right to Object

You have the right to object to our processing of your personal data, particularly if it is for direct marketing purposes or for processing based on our legitimate interests.

Time Frame for Response: If you object to direct marketing, we will cease processing your data for that purpose within 5 business days. For other objections, we will respond within 30 days of receiving your request.

Legal Basis:

  • GDPR Article 21: Right to object to processing.

6.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer your data directly to another data controller, if technically feasible.

Time Frame for Response: We will respond to your data portability request within 30 days, as required by GDPR Article 20. If the request is complex, we will inform you of any delay.

Legal Basis:

  • GDPR Article 20: Right to data portability.

6.7 Exercising Your Rights

To exercise any of the rights mentioned above, you can contact us at:

  • Email: admin@webtoai.tech
  • Phone: +91 9978259999
  • Address: A/535, Celebration City Center, Gala Gymkhana Road, South Bopal, Ahmedabad, 380058, India

We will make every effort to respond to your requests within the prescribed time frames in accordance with applicable law. If we cannot fulfill your request, we will inform you of the reason for the delay or inability to comply.

7. Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Authenticate sessions
  • Maintain user preferences
  • Analyze site traffic
  • Serve targeted advertisements

You can control or disable cookies through your browser settings; however, doing so may affect the Site’s functionality.

view detailed cookies policy

Legal Basis:

  • Section 66E of the IT Act, 2000 protects against breaches of privacy.
  • GDPR Recital 30 recognizes cookies as personal data where they can identify an individual.

8. Data Security

We are committed to ensuring the security and confidentiality of your personal data. We implement a variety of technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, or destruction. Below are the key security measures we use:

Legal Basis:

  • Section 43A of the IT Act, 2000: This section mandates that entities processing sensitive personal data must implement reasonable security practices to protect that data from loss, unauthorized access, or misuse.

  • Explanation: This provision requires us to follow reasonable security practices and procedures to safeguard your personal data from data breaches or cyberattacks. The IT Act ensures that data controllers (like WebToAI) are responsible for protecting your data and enforcing robust security standards.

8.1 Encryption

To protect your personal data during transmission, we use SSL/TLS encryption. This ensures that any data you send to us via our website or web applications is securely encrypted, making it unreadable to unauthorized parties.

Details on SSL/TLS Encryption:

  • SSL/TLS encryption ensures that data sent between you and our servers is securely transmitted.
  • It is widely used for protecting sensitive information such as credit card details, passwords, and personal data.

Time Frame for Protection: Data is encrypted in real-time as it is sent between your device and our servers. This encryption remains in place throughout the duration of your session.

8.2 Firewalls and Intrusion Detection Systems

We employ firewalls and intrusion detection systems (IDS) to monitor and protect our network from unauthorized access and potential threats. Firewalls help block malicious traffic, while IDS detect and alert us to suspicious activity, ensuring we can respond promptly to potential security risks.

Details on Firewalls and IDS:

  • Firewalls act as barriers between trusted internal systems and untrusted external networks (e.g., the internet), preventing unauthorized access.
  • Intrusion Detection Systems (IDS) monitor network traffic for signs of suspicious activity, such as attempts to exploit vulnerabilities in our system.

Time Frame for Monitoring: These security measures are active 24/7 to ensure continuous protection.

8.3 Restricted Access Controls

We implement strict access control policies to ensure that only authorized personnel can access your personal data. This includes:

  • Role-based access: Access to data is granted only to employees or contractors who require it to perform their job functions.
  • Authentication mechanisms: Employees and contractors are required to authenticate their identity using secure login methods, such as multi-factor authentication (MFA), before accessing sensitive data.

Time Frame for Access Control: Access to personal data is continuously controlled and monitored, ensuring that only authorized individuals have access at all times.

8.4 Regular Security Audits

We conduct regular security audits to assess the effectiveness of our data protection measures. These audits help us identify potential vulnerabilities and areas for improvement in our security infrastructure. We also perform periodic reviews of access logs and security practices to ensure compliance with our policies.

Time Frame for Audits: Security audits are performed on a regular basis (e.g., quarterly or annually) and as needed following significant changes to our systems or data handling practices.

8.5 Limitations and Caution

While we implement robust security measures, it is important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal data, and we encourage you to exercise caution when sharing sensitive information online.

9. Children's Privacy

Our services are not intended for individuals under the age of 13.
 We do not knowingly collect personal information from minors without verified parental consent.

If you become aware that a child has provided us with personal data, please contact us, and we will take steps to remove such information promptly.

10. Updates to This Privacy Policy

We may revise this Privacy Policy periodically to reflect changes in legal, technical, or business developments.

When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes made.

Notification Methods:

  • Posting a revised version on this page
  • Email notifications (if you have registered with us)

Please review this Policy regularly to stay informed.

11. Legal Action and Jurisdiction

If you believe that we have violated your rights under this Privacy Policy, or if you have any disputes related to the handling of your personal data, you may seek legal action as necessary. We are committed to resolving disputes amicably, but if required, legal action may be taken in accordance with the applicable laws of India.

11.1 Dispute Resolution

We encourage you to contact us first if you have any concerns or disputes regarding your personal information. You can reach out to our Data Protection Officer (DPO) at:

  • Email: admin@webtoai.tech
  • Phone: +91-9978259999
  • Address: A/535, Celebration City Center, Gala Gymkhana Road, South Bopal, Ahmedabad, 380058, India

We will make every effort to address and resolve any issues promptly within 30 days of receiving your inquiry.

11.2 Governing Law and Jurisdiction

This Privacy Policy and any related legal matters will be governed by and construed in accordance with the laws of India. You agree to submit to the exclusive jurisdiction of the courts located in Ahmedabad, Gujarat, India, for any legal proceedings related to this Privacy Policy.

Legal Basis:

  • Indian Contract Act, 1872: This act allows parties to agree upon the jurisdiction and governing law for disputes in relation to contractual agreements.
  • Civil Procedure Code, 1908: This code provides the procedures for the filing of civil suits and disputes in India.

11.3 Compliance with Other Laws

While we respect and follow applicable privacy and data protection laws such as the General Data Protection Regulation (GDPR) and other global regulations, it is important to note that we are not legally bound by laws outside of India unless specifically stated in our agreements with customers or service providers.

We make reasonable efforts to comply with data protection laws where applicable, but our legal obligations are primarily governed by Indian laws, and we are not subject to the enforcement of foreign laws unless specified by applicable contractual obligations or international agreements.