Privacy Policy

This Privacy Policy explains how Addvertiz ("Vatika", "we", "us") collects, uses, discloses and safeguards personal data when you visit vatika.addvertiz.in, communicate with us, or use the Vatika platform (the "Service"). We are committed to processing personal data lawfully, fairly and transparently.

By using the Service, you acknowledge that you have read and understood this policy. If you do not agree, please do not use the Service.

Vatika is a platform used by institutions and organisations (each, a "Customer"). Our privacy responsibilities depend on whose data is involved:

• As a data controller — for personal data we collect directly about our website visitors, prospects and Customer account contacts (for example, when you book a demo or manage billing).
• As a data processor — for personal data that a Customer uploads or generates within their tenant (for example, records about their students, parents and staff). That data is controlled by the Customer; we process it on their behalf and under their instructions, governed by our agreement with them.

If you are a student, parent or member of a Customer institution, please direct privacy requests to that institution in the first instance; we will support them in responding.

Information you provide

• Contact and account details (name, email, phone, institution, role).
• Demo requests, enquiries and the content of your communications with us.
• Billing and payment information (processed by our payment provider; we do not store full card numbers).

Information collected automatically

• Device and usage data (IP address, browser, pages viewed, referring URLs, timestamps).
• Cookies and similar technologies, as described below.

Customer (tenant) data

When a Customer uses the Service, personal data about their members is processed within their isolated tenant. The categories are determined by the Customer and may include identity, contact, attendance, academic and communication records.

We use personal data to:

• Provide, operate, secure and improve the Service;
• Respond to enquiries, schedule demos and provide support;
• Process payments and manage subscriptions;
• Send service, security and (where permitted) marketing communications;
• Detect, prevent and investigate fraud, abuse and security incidents;
• Comply with legal obligations and enforce our agreements.

Where the GDPR or comparable laws apply, we rely on the following bases: performance of a contract (to deliver the Service), legitimate interests (to secure and improve the Service and to market responsibly), consent (for certain cookies and marketing, withdrawable at any time), and legal obligation (to comply with applicable law).

We use strictly necessary cookies to operate the Service (for example, to keep you signed in and to secure sessions), and, with your consent where required, analytics cookies to understand usage and improve our website. You can control cookies through your browser settings; disabling some cookies may affect functionality.

We do not sell personal data. We share it only as needed:

• Sub-processors — vetted vendors who help us run the Service (cloud hosting, communications, payments, analytics), under contracts requiring appropriate safeguards.
• Customers — for tenant data, with the controlling institution and the recipients they configure.
• Legal & safety — where required by law, to protect rights and safety, or in connection with a corporate transaction, with notice where appropriate.

We retain personal data only as long as necessary for the purposes described, to comply with legal obligations, resolve disputes and enforce agreements. Tenant data is retained according to our agreement with the Customer and deleted or returned on termination, subject to backup-rotation windows.

We apply technical and organisational measures appropriate to the risk, including tenant isolation enforced at the database layer, encryption of secrets at rest and data in transit, modern authentication (passwordless sign-in, multi-factor options and token rotation), access controls and audit logging. No method of transmission or storage is completely secure, but we work continuously to protect your data.

We may process data in countries other than your own. Where we transfer personal data across borders, we use appropriate safeguards (such as standard contractual clauses) consistent with applicable law.

The Service is provided to institutions that may process data about children. We act as a processor for such data under the instructions and lawful authority of the Customer, who is responsible for obtaining any required parental or guardian consent. We do not knowingly use children's data for marketing or to build profiles for advertising.

Subject to applicable law (including the GDPR and India's Digital Personal Data Protection Act, 2023), you may have the right to access, correct, update, erase, restrict or object to processing, and to data portability, as well as to withdraw consent and to lodge a complaint with a supervisory authority. To exercise your rights for data we control, contact us at hello@addvertiz.in. For tenant data, please contact the relevant institution.

We may update this policy from time to time. We will post the revised version here with a new "last updated" date and, where appropriate, notify you of material changes.

For questions about this policy or our data practices — or to reach our Grievance Officer for the purposes of the Digital Personal Data Protection Act, 2023 — contact us at hello@addvertiz.in. We will respond within the timelines required by applicable law.