Privacy Policy
Effective: 1 May 2026
This Privacy Policy explains how EvolvePro Tech Solutions Private Limited (“Splashify Pro”, “we”, “us”) handles personal information about partners using the Splashify Pro Email API and the Partner Panel at partner.splashifypro.com.
This policy covers personal information about you (the partner). For information about how we process email recipient data on your behalf, see the Data Processing Agreement.
1. Who we are
Splashify Pro is a brand of EvolvePro Tech Solutions Private Limited, a company incorporated in India (CIN U62012WB2025OPC281483, GSTIN 19AAJCE0527G1ZQ), with registered office at Shimultala, Motiganj, Bongaon, North 24 Parganas, West Bengal — 743235, India.
For partner-account data we are the Data Fiduciary (DPDP Act terminology) / Controller (GDPR terminology).
2. What we collect about you
| Category | Examples | Source |
|---|---|---|
| Account identifiers | Name, email, mobile number, business name, GSTIN, address | You, at signup or in /billing |
| Authentication | Hashed password, OTP codes, JWT session, two-factor settings | You, at signup or login |
| Billing | Invoice details, payment instrument tokens (we never store card numbers), GST treatment | You + Zoho Payments |
| Usage data | API requests, IP address, user-agent, timestamps, error responses | Automatic from API and panel |
| Account telemetry | Wallet balance, send volume, reputation score, configuration sets created | Automatic |
| Support records | Tickets, chat transcripts, screenshots you provide | You, when contacting support |
We do not intentionally collect special-category data about you (health, biometric, religious, etc.). If you provide such data voluntarily (e.g. in a support message), we minimize handling and delete it as soon as the support issue is resolved.
3. Why we use it
We process your information for the following purposes, with the lawful basis under Indian and EU law:
| Purpose | DPDP basis | GDPR basis |
|---|---|---|
| Provide and operate the Service | Performance of contract | Article 6(1)(b) |
| Bill you and collect payment | Performance of contract | Article 6(1)(b) |
| Detect and prevent abuse, fraud, and AUP violations | Legitimate use; legal obligation | Article 6(1)(f); 6(1)(c) |
| Comply with tax, accounting, anti-money-laundering, and IT Act obligations | Legal obligation | Article 6(1)(c) |
| Deliver service notifications and incident alerts | Performance of contract | Article 6(1)(b) |
| Send product updates, newsletters, and marketing | Consent | Article 6(1)(a) |
| Improve the Service through aggregated analytics | Legitimate use | Article 6(1)(f) |
| Defend ourselves in legal proceedings | Legitimate use; legal obligation | Article 6(1)(f); 6(1)(c) |
You can withdraw consent for marketing at any time from the Partner Panel or by clicking unsubscribe.
4. Who we share it with
We share your information only with:
- Sub-processors listed in the DPA §5. They process data on our instructions and under contracts that mirror this policy.
- Tax authorities (GST, Income Tax, etc.) when required by law.
- Law-enforcement and regulators in response to lawful requests (search warrants, court orders, etc.). We require valid legal process; we challenge overbroad requests where appropriate.
- Acquirers in the event of a merger, acquisition, or sale of assets, subject to a confidentiality undertaking.
- Other partners on shared sending infrastructure — only reputation-affecting metadata (suppression list entries are account-private; reputation scores are aggregated such that no single partner is identifiable).
We do not sell your personal information.
5. International transfers
We are headquartered in India and primary storage is in India. Some Sub-processors are located outside India (analytics, error monitoring). For transfers from the EU/EEA, we rely on Standard Contractual Clauses with supplementary measures. For DPDP Act compliance, we comply with any government notifications restricting transfers to specific jurisdictions.
6. Retention
| Category | Retention |
|---|---|
| Account profile | Term of agreement + 3 years (DPDP §11(3)) |
| Billing and tax records | 8 years (Income Tax Act) |
| Authentication logs | 12 months |
| Support records | 5 years |
| Marketing-consent records | Until consent withdrawn + 3 years |
| Aggregated analytics | Indefinite (no longer personally identifiable) |
After retention periods expire, we delete personal data in a documented, audited process. Backup copies cycle out within 90 days.
7. Your rights
Under the DPDP Act, 2023, you have the right to:
- Access the personal data we hold about you and the names of Data Processors we have shared it with.
- Correct inaccurate or incomplete data.
- Erase data we no longer have a lawful basis to keep.
- Withdraw consent for any processing we rely on consent for.
- Nominate another person to exercise your rights in case of death or incapacity.
- Grievance redressal — escalate through our Grievance Officer to the Data Protection Board of India.
Under the EU GDPR, you additionally have the right to:
- Data portability — receive a copy in machine-readable format.
- Object to processing based on legitimate interest.
- Lodge a complaint with your supervisory authority (e.g. CNIL, ICO, Garante).
To exercise rights, email dpo@splashifypro.in. We respond within 30 days (DPDP) or 1 month, extendable by 2 months for complex requests (GDPR), at no cost. We may need to verify your identity.
8. Cookies and tracking
The Partner Panel uses:
- Strictly necessary cookies — session, CSRF token, login state. These are not subject to consent.
- Functional cookies — UI preferences. Set on first interaction.
- Analytics — aggregated usage to improve the panel. We do not use third-party advertising trackers in the Partner Panel.
You can manage cookies via your browser settings. Disabling strictly necessary cookies will prevent the panel from working.
The marketing site (splashifypro.com) uses additional analytics and advertising trackers; see the marketing-site Privacy Policy for details.
9. Security
See DPA §9 for the technical and organizational measures we implement. In summary: encryption in transit and at rest, role-based access control, multi-factor authentication for staff, secure development practices, periodic penetration testing, and incident response.
No system is perfectly secure. If you suspect a security issue, email security@splashifypro.in.
10. Children
The Service is for businesses and not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, email dpo@splashifypro.in and we will delete it.
11. Automated decision-making
The Auto-Action System automatically restricts or pauses accounts that breach reputation or AUP thresholds. These decisions are based on objective metrics (bounce rate, complaint rate, content classifier output) and are reviewable on appeal. The system does not profile partners for any purpose other than preventing service abuse.
12. Marketing
We may use your account email to send:
- Service notifications (incidents, scheduled maintenance, product updates) — you cannot opt out as long as you have an active account.
- Marketing emails about new features, integrations, and offers — opt-in only at signup; unsubscribe anytime.
We will never sell your contact details to third parties for marketing.
13. Grievance redressal
Under Rule 3 of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer:
- Name: Grievance Officer, Splashify Pro
- Email: grievance@splashifypro.in
- Address: Shimultala, Motiganj, Bongaon, North 24 Parganas, West Bengal — 743235, India
The Grievance Officer acknowledges complaints within 24 hours and resolves within 15 days.
If you are dissatisfied with the Grievance Officer’s decision, you may escalate to the Grievance Appellate Committee under Rule 3A.
14. Changes
We may update this Privacy Policy. We will notify you of material changes via email and a banner in the Partner Panel at least 30 days before the change takes effect. Continued use after the effective date is acceptance.
15. Contact
| For | |
|---|---|
| Privacy questions, rights requests | dpo@splashifypro.in |
| Grievance redressal | grievance@splashifypro.in |
| Security incidents | security@splashifypro.in |
| Account or billing | support@splashifypro.in |
Postal address: Shimultala, Motiganj, Bongaon, North 24 Parganas, West Bengal — 743235, India.