Privacy Policy
Effective Date: 15/04/2025
Last Updated: 15/04/2026
1. Introduction
Mayil Digital (“we,” “our,” or “us”) provides digital marketing services and data-driven tools that integrate with third-party platforms. We are committed to protecting personal data and complying with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and India’s Digital Personal Data Protection Act, 2023 (DPDP Act).
This Privacy Policy explains how we collect, use, process, disclose, and safeguard personal data.
2. Scope
This Policy applies to:
- https://mayildigital.com
- All services, tools, dashboards, APIs, and integrations operated by us
- Data collected directly and data processed on behalf of clients
3. Data Roles
3.1 As Data Controller
We act as a Data Controller for:
- Website visitors
- Leads and customers
- Direct interactions with our services
3.2 As Data Processor / Service Provider
We act as a Data Processor (GDPR) and Service Provider (CCPA) when processing data on behalf of clients via integrations.
We process such data strictly in accordance with client instructions and applicable law.
4. Categories of Personal Data
4.1 Data You Provide
- Identity data (name, email, phone)
- Business information
- Account credentials
- Communications
4.2 Automatically Collected Data
- Device and browser data
- IP address and approximate location
- Usage data (pages, sessions, clicks)
- Cookie identifiers
4.3 Data via Integrations (Client-Controlled)
Through authorized connections, we may process:
- CRM records
- Marketing and campaign data
- Website visitor behavior
- Ad platform data
- Messaging and engagement data
We do not determine the purpose of such data—clients remain the data controllers.
5. Purpose of Processing
We process personal data to:
- Deliver services and operate our platform
- Provide analytics, attribution, and insights
- Enable integrations across third-party platforms
- Improve performance, UX, and system reliability
- Communicate with users and clients
- Detect, prevent, and respond to security threats
- Comply with legal obligations
6. Legal Basis (GDPR)
Where GDPR applies, we rely on:
- Consent (cookies, marketing tracking)
- Contractual necessity (service delivery)
- Legitimate interests (analytics, fraud prevention, improvement)
- Legal obligations
7. Data Processing Agreement (DPA)
Where we act as a processor:
- We enter into a Data Processing Agreement (DPA) with clients
- We process data only on documented instructions
- We ensure confidentiality, security, and sub-processor compliance
- We assist with data subject rights and breach notifications
Clients are responsible for ensuring lawful data collection and consent.
8. Sub-Processors
We may engage sub-processors for:
- Cloud hosting
- Analytics
- Infrastructure and storage
- Communication tools
We ensure all sub-processors are bound by data protection obligations consistent with this Policy.
A current list of sub-processors is available upon request.
9. International Data Transfers
Personal data may be transferred outside your jurisdiction.
Where required, we implement safeguards such as:
- Standard Contractual Clauses (SCCs)
- Contractual and organizational protections
10. Data Retention
We retain personal data only:
- For the duration necessary to fulfill the purposes outlined here
- As required by contracts
- To comply with legal obligations
Client-controlled data is retained in accordance with contractual agreements.
11. Data Security
We implement appropriate technical and organizational measures, including:
- Encryption (in transit and at rest, where applicable)
- Role-based access controls
- Logging and monitoring
- Periodic security reviews
[Inference] Absolute security cannot be guaranteed.
12. Data Breach Notification
In the event of a personal data breach:
- We will notify affected clients without undue delay
- We will comply with applicable legal notification requirements (GDPR, DPDP, CCPA, where applicable)
13. Your Rights
13.1 GDPR (EEA/UK Users)
You have the right to:
- Access, rectify, or erase your data
- Restrict or object to processing
- Data portability
- Withdraw consent
13.2 CCPA/CPRA (California Residents)
You have the right to:
- Know what personal data is collected
- Access, correct, or delete personal data
- Opt-out of “sale” or “sharing”
We do not sell personal data.
13.3 DPDP Act (India)
You have the right to:
- Access information about your data
- Correct and erase data
- Withdraw consent
- Seek grievance redressal
14. Exercising Your Rights
Requests can be made at:
Email: [legal@mayildigital.com]
We may verify identity before processing requests.
15. Cookies and Consent Management
We use cookies and tracking technologies for:
- Essential website functionality
- Analytics and performance tracking
- Advertising and remarketing
Where required (e.g., GDPR):
- Non-essential cookies are deployed only after user consent
- Users can manage preferences via the cookie banner/settings
16. Third-Party Platforms
Our services integrate with third-party platforms.
Client’s control:
- What data is collected
- Which platforms are connected
- How data is used
We are not responsible for third-party privacy practices.
17. Children’s Data
Our services are not intended for individuals under 18. We do not knowingly collect children’s data.
18. Client Compliance Obligations
Clients using our platform must:
- Obtain valid user consent where required
- Provide legally compliant privacy notices
- Configure tracking tools lawfully
- Ensure legal basis for processing
19. Grievance Redressal (India – DPDP Compliance)
Grievance Officer: Lavanya
Email: legal@mayildigital.com
We will address complaints within the timelines prescribed by applicable law.
20. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via the website or email, where appropriate.
21. Contact
Mayil Digital
2/7, Gokale Street, Narayanapuram, Madurai 625014, Tamil Nadu, India.
Email: legal@mayildigital.com
Website: https://mayildigital.com
22. Acknowledgment
By using our services, you acknowledge that you have read and understood this Privacy Policy.