Privacy Policy

1. Introduction

Eccellere Consulting Private Limited (“Eccellere”, “we”, “our”, or “us”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information about you when you access our website at eccellere.in or use any of our services.

This Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules thereunder. By using our website or services, you consent to the practices described in this Policy.

2. Data Fiduciary

For the purposes of the DPDP Act, 2023, Eccellere Consulting Private Limited is the Data Fiduciary. Our registered address and contact details are available on our Contact page. You may reach our privacy team at privacy@eccellere.in.

3. Personal Data We Collect

We may collect the following categories of personal data:

• Identity data: Full name, job title, company name.
• Contact data: Email address, phone number, mailing address.
• Account data: Username, password hash, account preferences.
• Transaction data: Details of frameworks, tools, and consulting services purchased or subscribed to.
• Usage data: Pages visited, features used, time spent, device type, browser type, and IP address.
• Communication data: Messages sent via contact forms, support requests, or email correspondence.
• Marketing preferences: Your opt-in or opt-out status for communications.

We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us immediately.

4. How We Use Your Data

We use personal data for the following lawful purposes:

• To create and manage your account and provide access to purchased content.
• To process transactions and send transactional emails (receipts, access confirmations).
• To provide consulting services you have engaged us for.
• To respond to enquiries and provide customer support.
• To send newsletters, insights, and marketing updates — only where you have opted in.
• To improve our website and services through analytics and usage data.
• To comply with legal and regulatory obligations.
• To prevent fraud, abuse, and security threats.

5. Lawful Basis for Processing

We process your personal data on the following lawful bases under the DPDP Act, 2023:

• Consent: For marketing communications and analytics cookies. You may withdraw consent at any time.
• Contractual necessity: To deliver services you have purchased or engaged us to provide.
• Legitimate interests: For fraud prevention, security, and improving our services.
• Legal obligation: Where we are required by law to process or retain data.

6. Data Sharing

We do not sell your personal data. We may share your data with trusted third parties only when necessary:

• Payment processors (Razorpay) — to process payments securely. They are PCI-DSS compliant and governed by their own privacy policies.
• Cloud infrastructure providers (Vercel, AWS) — for hosting and storage.
• Analytics providers (Google Analytics, PostHog) — for usage insights, subject to your consent and our cookie settings.
• Error monitoring (Sentry) — for application error tracking.
• Email service providers — to send transactional and marketing emails.
• Legal authorities — when required by law, court order, or to protect our rights.

All third-party service providers are contractually bound to handle your data securely and only for the purposes we specify.

7. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this Policy, or as required by law:

• Account data: for the duration of your account plus 3 years after closure.
• Transaction data: 7 years for statutory compliance.
• Marketing data: until you withdraw consent or unsubscribe.
• Usage analytics: aggregated data retained for up to 26 months.

8. Your Rights

Under the DPDP Act, 2023, you have the following rights as a Data Principal:

• Right to access: Request a summary of personal data we hold about you.
• Right to correction: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to grievance redressal: Raise a grievance with our Data Protection Officer; we will respond within 30 days.
• Right to nominate: Nominate another individual to exercise rights on your behalf in case of death or incapacity.
• Right to withdraw consent: Withdraw consent for marketing or analytics processing at any time.

To exercise any of these rights, email privacy@eccellere.in. We may ask you to verify your identity before processing the request.

9. Cookies

We use cookies and similar technologies to operate our website and collect usage data. These include:

• Essential cookies: Required for authentication and security. Cannot be disabled.
• Analytics cookies: Track site usage (Google Analytics, PostHog). Loaded only with your consent.
• Functional cookies: Remember your preferences and settings.

You can manage cookie preferences in your browser settings. Disabling essential cookies may affect site functionality.

10. Data Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

• HTTPS encryption for all web traffic.
• Passwords stored using secure hashing algorithms (bcrypt, Argon2).
• Role-based access controls limiting data access to authorised personnel only.
• Regular security reviews and vulnerability assessments.
• Payment data handled exclusively via PCI-DSS compliant Razorpay — we do not store card details.

11. Cross-Border Data Transfers

Our primary infrastructure is located in India (Mumbai region). Where data is processed or stored outside India — for example by certain analytics or cloud providers — we ensure appropriate safeguards are in place as required under the DPDP Act and applicable guidelines issued by the Data Protection Board of India.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on our website. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of our services after changes take effect constitutes acceptance of the revised Policy.

13. Contact Us

For privacy-related questions, requests, or to lodge a grievance, please contact our Data Protection Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act, 2023.