Skip to main content

Your Data, Our Responsibility

We believe transparency isn't optional — it's foundational. Every byte of data you share with us is handled with the highest security standards, complete accountability, and full compliance with global data protection regulations.

End-to-End Encrypted GDPR — EU DPDP — India

Built On Uncompromising Security

Data Encryption at Every Layer

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your website data, analytics, and personal information never exist in an unencrypted state — not in our databases, not in backups, not in transit between services.

Strict Access Controls

We enforce role-based access with the principle of least privilege. Every team member has only the access they need, with all access logged and audited regularly. Multi-factor authentication is mandatory across our entire organisation.

Infrastructure Security

Our infrastructure runs on hardened, continuously monitored environments with automated vulnerability scanning, intrusion detection, and real-time threat response. Every deployment goes through security review.

Audit Trails

Every action taken on your data is logged with immutable audit trails. We maintain detailed records so you always know who accessed what and when — complete accountability, no exceptions.

Incident Response

Our dedicated security team operates a 24/7 incident response programme. In the unlikely event of a breach, we commit to notifying affected customers within 72 hours with full transparency on impact and remediation.

Six Principles That Guide Every Decision

Data Minimisation

We collect only what is strictly necessary to deliver our service. No behavioural tracking, no shadow profiles, no selling of data to third parties. If we don't need it, we don't collect it.

Purpose Limitation

Your data is used only for the purpose you agreed to. We never repurpose data for advertising, profiling, or any undisclosed use case.

Retention Control

We retain data only as long as it's needed. Once your engagement ends, your data is permanently deleted within 30 days — no lingering copies, no grey areas.

Transparency First

No legalese buried in fine print. Our policies are written in clear, human-readable language. We proactively notify you of any policy changes well in advance.

No Third-Party Sharing

Your data stays with us. We do not share, sell, or trade personal or business data with third parties for marketing, analytics, or any commercial purpose.

Continuous Improvement

Security is never "done." We conduct annual penetration tests, quarterly access reviews, and continuously update our practices to stay ahead of emerging threats.

Compliant Across Jurisdictions

We don't just meet the minimum — we align with the strictest data protection frameworks worldwide. Our compliance programme is not limited to but includes the following global standards.

India

Digital Personal Data Protection Act (DPDP)

As an India-based company, DPDP compliance is at the core of everything we do. We ensure informed consent, purpose limitation, and data localisation requirements. We honour the rights of Data Principals including the right to access, correction, erasure, and grievance redressal.

European Union

General Data Protection Regulation (GDPR)

We fully comply with GDPR — the gold standard in data privacy. This includes lawful basis for processing, data minimisation, purpose limitation, right to erasure, data portability, and mandatory breach notification within 72 hours.

Worldwide

Other Major Global Standards

Beyond DPDP and GDPR, our compliance programme extends to all major data protection frameworks across the globe. We proactively adapt to new legislation as it emerges — ensuring our customers are protected no matter where they or their users are based.

CCPA / CPRA UK DPA 2018 LGPD PIPEDA Privacy Act APPI PIPA PDPA POPIA PDPA

The Fine Print, Made Clear

We don't hide behind jargon. Here's everything you need to know about how we handle your data — in plain language.

What data do we collect?

We collect only the data necessary to provide our discoverability analysis and optimisation services. This includes your name, email address, company name, and website URL when you sign up. When using our platform, we analyse publicly available information about your website's structure, content, and metadata.

We do not collect any data from your website's visitors, we do not install trackers on your site, and we do not access any private or password-protected areas of your web presence. Our analysis is limited to what any public user or search engine would see.

How do we use your data?

Your personal information (name, email) is used exclusively for account management, communication about our services, and customer support. Your website data is analysed solely to generate discoverability reports and actionable recommendations for your business.

We never use your data for advertising purposes, we never build profiles about you for third parties, and we never use your website's competitive data to benefit other customers. Each customer's data is siloed and protected.

How do we store and protect your data?

All data is stored in encrypted databases hosted within SOC 2 Type II certified data centres. We use AES-256 encryption for data at rest and TLS 1.3 for data in transit. Database backups are encrypted and stored in geographically separate locations for disaster recovery.

Access to production systems requires multi-factor authentication, VPN access, and is limited to authorised personnel under the principle of least privilege. All access is logged and reviewed quarterly.

Cookie policy and tracking

We use only essential cookies required for our platform to function — session management and authentication. We do not use any third-party analytics cookies, advertising cookies, or tracking pixels. Your browsing behaviour on our platform is not tracked, profiled, or shared with anyone.

If we ever introduce optional analytics to improve our service, it will be strictly opt-in with clear consent mechanisms, and the data will never leave our systems.

International data transfers

When data is transferred internationally, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission. We conduct Transfer Impact Assessments for all cross-border data flows and ensure that receiving jurisdictions provide an equivalent level of data protection.

You have the right to know where your data is stored and processed. Upon request, we will provide full details of all jurisdictions involved in handling your data.

How to exercise your rights

To exercise any of your data rights — access, rectification, erasure, restriction, portability, or objection — simply contact our Data Protection Officer at privacy@discoverabilityengine.com or use the "Contact Us" form on this page. We will acknowledge your request within 48 hours and fulfil it within 30 calendar days.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Have a Privacy Question?

Our Data Protection Officer is here to help. Reach out with any questions about how we handle your data.