Back to home
Preemptify AI
GDPR · DPDP 2023 · CCPA
Privacy notice

How we handle your data.

Last updated · 30 May 2026

This Privacy Notice explains how Digiluxcon Technology Services (OPC) Private Limited (“we”, “us”, the operator of Preemptify AI) collects, uses, and protects personal data when you visit preemptify.ai, the public sandbox, or any associated sub-page.

1. Who is the data controller?

Digiluxcon Technology Services (OPC) Private Limited, registered in India, is the data controller for the purposes of the EU/UK General Data Protection Regulation (GDPR), the data fiduciary for the purposes of the Indian Digital Personal Data Protection Act, 2023 (“DPDP Act”), and the business for the purposes of the California Consumer Privacy Act (CCPA / CPRA).

2. What data do we collect?

  • Strictly necessary — session token, CSRF token, and your selected jurisdiction. Stored in your browser only; never in third-party trackers.
  • Analytics (opt-in) — anonymous aggregated page-view counts. IP addresses are truncated to /24 within 24 hours and never linked to identity.
  • Demo gate — if you voluntarily submit your email through the “Schedule Institutional Demo” form, we store it solely to respond to your inquiry.
  • Sandbox content — all balance sheets, customers, corporates, policy directives, and audit ledger entries in the public sandbox are procedurally generated synthetic data. No production financial data is collected.

3. Lawful bases for processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)) — analytics and marketing cookies, when explicitly opted-in via our consent banner.
  • Legitimate interest (Art. 6(1)(f)) — operating the sandbox infrastructure, preventing abuse, and securing the ledger.
  • Contract (Art. 6(1)(b)) — responding to your demo enquiries.

4. Your rights

You have the following rights, exercisable free of charge by writing to info@preemptify.com:

  • Right of access (GDPR Art. 15 / DPDP § 11 / CCPA § 1798.110)
  • Right to rectification (GDPR Art. 16 / DPDP § 12)
  • Right to erasure (GDPR Art. 17 / DPDP § 12(3) / CCPA § 1798.105)
  • Right to restriction (GDPR Art. 18)
  • Right to data portability (GDPR Art. 20 / DPDP § 11(1)(c))
  • Right to object (GDPR Art. 21)
  • Right to opt-out of sale or sharing (CCPA § 1798.120) — we do not sell or share personal data.
  • Right to nominate (DPDP § 14) — Indian Data Principals may nominate another individual to exercise these rights in the event of incapacity or death.

We will respond within 30 days (GDPR Art. 12(3) / DPDP § 13(3)). Indian Data Principals may also lodge a grievance with the Data Protection Board of India under § 13(3) of the DPDP Act.

5. International transfers

The public sandbox runs in jurisdictions covered by Standard Contractual Clauses (SCCs) for EU-to-third-country transfers and equivalent safeguards for India and California. On-premise pilots run entirely inside the customer's perimeter — no transfer occurs.

6. Retention

Synthetic sandbox data: rotated daily. Demo-gate emails: retained for 24 months from last contact, then deleted. Server logs: 30 days. Audit ledger entries: as long as the demo cluster exists; redacted to remove any submitted personal data on request.

7. Security

HMAC-SHA256 PII tokenization on every customer-like identifier. SHA-256 hash-chained audit ledger. TLS 1.3 in transit. AES-256 at rest. MFA required on all administrative roles.

8. Grievance Officer (DPDP § 13)

For Indian Data Principals: write to Grievance Officer, Digiluxcon Technology Services (OPC) Pvt. Ltd. at info@preemptify.com. We acknowledge within 7 days and respond substantively within 30 days.

9. Updates

We will post material changes on this page at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

10. Contact

All inquiries — privacy, security disclosures, press, sales, partnerships: info@preemptify.com

Developed by Digiluxcon Technology Services (OPC) Private Limited
PrivacyTermsCookies