Privacy Policy

Effective date: 12 November 2025
Who we are: Digibility Solutions Private Limited (“Digibility”, “we”, “us”, “our”)
Registered address: #503, Tower C3, Nyati Esteban 1, Undri, Pune, MH 411060
Contact (privacy): support@digibility.ai
Grievance Officer (India DPDP): Amit Gupta, info@digibility.ai, #503, Tower C3, Nyati Esteban 1, Undri, Pune, MH 411060

Scope

This policy covers our websites (e.g., digibility.ai), app, trials, wishlist and early-access forms, APIs, support, and WhatsApp/email communications. It applies to visitors, customers, beta users, and invitees. It does not cover third-party websites you connect to our product.

Data we collect

A. You provide

  • Profile & contact: name, work email, WhatsApp/phone, role, company, country.
  • Business info: business name, website, industry, number of profiles/brands.
  • Account & content: brand kits, posts, captions, images/video, comments, approvals.
  • Billing: billing name, address, VAT/GST, limited payment identifiers.
  • Support: tickets, call/chat recordings, feedback, survey responses.
  • Legal consents: marketing opt-ins (email/WhatsApp), cookie preferences, data-processing agreements.

B. Collected automatically

  • Device & usage: IP address, time zone, device/OS, browser, language, session IDs, pages/events, feature use, referrers.
  • Logs & diagnostics: error traces, performance metrics, request headers.
  • Cookies and similar tech: essential, analytics, and preference cookies (see Cookies below).

C. From third parties (when you connect or we integrate)

  • Social & business platforms (OAuth): limited tokens/IDs, page/account names, media and metrics that you authorize (Instagram, Facebook, LinkedIn, Google Business Profile, etc.).
  • Payments: status and identifiers from payment processors (we do not store full card numbers).
  • Analytics/CRMs/helpdesk: event data, attribution, support history.
  • Public sources: your public website, public social posts, and competitor signals used for analysis.

We do not knowingly collect sensitive personal data unless required for compliance (e.g., tax IDs on invoices for finance users). Do not upload special categories (health, biometric, government IDs) to our product.

Why we use data (purposes) and legal bases

We build software that helps businesses plan, create, schedule, and measure marketing. We respect your privacy and comply with applicable laws. This notice explains what we collect, why, how we use it, who we share it with, how long we keep it, and your choices.

Add Table

PurposeExamplesLegal basis (GDPR/UK-GDPR)
Provide the servicesign-up, login, OAuth connections, posting, approvals, scheduling, analytics, customer successContract necessity
AI-assisted featuresderive brand voice, suggest calendars, draft captions, best-time windows, strategy updatesLegitimate interests; Contract necessity (for core functions); Consent where required
Communicationsonboarding emails/WhatsApp, service alerts, feature updates, support repliesContract necessity; Legitimate interests; Consent (marketing)
Billing & fraud preventioninvoices, tax compliance, rate-limit abuse, spam checksLegal obligation; Legitimate interests
Research & product improvementaggregated analytics, A/B tests, diagnosticsLegitimate interests; Consent where required (cookies/analytics)
Compliance & enforcementaudits, responding to lawful requests, terms enforcementLegal obligation; Legitimate interests

AI specifics. We use AI to analyze your public website and connected social profiles, generate drafts, recommend timing, and propose a monthly strategy. A human reviews critical stages. We do not allow third-party foundation models to train on your identifiable content unless you opt in. Automated suggestions affect content and timing, not pricing or access. You can edit or reject any suggestion.

Marketing. We send marketing only with your consent or as allowed by law. You may unsubscribe at any time from email footers or by replying STOP on WhatsApp.

Cookies and tracking

We use cookies and similar technologies:

  • Essential (required): security, session, load balancing.
  • Preferences: remember settings (language, theme).
  • Analytics: product usage, visit attribution (aggregated).
  • Advertising (limited): retargeting on our domains; disabled unless you consent.

Your choices: Our banner lets you accept/reject non-essential cookies and change preferences at any time via Cookie Settings. You can also block cookies in your browser. Blocking may affect features.

Data sharing

We share data only as needed:

  • Sub-processors (service providers): cloud hosting, databases, email/WhatsApp delivery, analytics, error monitoring, payments, customer support tools. We contract them under confidentiality and data-protection terms. We maintain a live list here: [link: /subprocessors].
  • Integrations you enable: when you connect Instagram/Facebook/LinkedIn/GBP, we use official APIs and the scopes you approve. You may revoke access at any time in each platform or in our app.
  • Business transfers: if we merge, sell, or restructure, data may transfer to the new entity under this policy.
  • Legal: we may disclose data if required by law, subpoena, court order, or to protect rights, safety, and integrity of our services.

We do not sell personal information. Under CPRA, “sharing” for cross-context behavioral advertising is off by default and used only with your consent.

International transfers

We may process data in countries outside your own (e.g., India, EU/EEA, UK, US, APAC). We use appropriate safeguards:

  • Standard Contractual Clauses (SCCs) and UK addenda where applicable.
  • Data Processing Addendum (DPA) available on request for customers.
  • DPDP (India): we follow notified transfer restrictions and use contractual safeguards.

Retention

We keep data only as long as needed:

  • Account profile & workspace data: for your subscription; 24 months after closure unless deletion is requested earlier or required later for tax/legal.
  • Content and media: active subscription; 180 days after closure (unless you request earlier deletion).
  • System logs & analytics: 12 months.
  • Backups: encrypted rolling backups ~35 days.
  • Support records: 24 months.

You can export most data in the app. We delete or anonymize after the periods above unless we must keep it for disputes, audits, or legal compliance.

Your rights

EU/EEA & UK (GDPR/UK-GDPR)

Access; correction; deletion; portability; restriction; objection (including to profiling for direct marketing); withdraw consent. You may complain to your local supervisory authority.

India (DPDP Act, 2023)

Right to access, correction, and erasure; grievance redressal; consent withdrawal via our Grievance Officer or a Consent Manager you authorize. We process children’s data only with verifiable guardian consent; our service is for adults (18+).

California (CCPA/CPRA)

Right to know/access, delete, correct, and to opt-out of “sale”/“sharing”; right to limit the use of sensitive personal information (we do not collect SPI for marketing). No discrimination for exercising your rights.

Other U.S. states (VA/CO/CT/UT, etc.)

Similar rights apply; contact us to exercise them.

How to exercise rights: email support@digibility.ai. We will verify your request and respond within statutory timelines (usually 30–45 days). Authorized agents may act on your behalf where permitted.

Security

  • Encryption: TLS in transit; AES-256 at rest.
  • Access controls: role-based access, least privilege, audit logs.
  • Account protections: 2FA and SSO (for eligible plans).
  • Operational controls: code reviews, dependency scanning, backups, disaster recovery.
  • Third-party risk: vendor due diligence and DPAs with sub-processors.

No system is perfectly secure. If we become aware of a breach, we will notify affected users and regulators as required by law, without undue delay.

WhatsApp and email communications

If you provide your WhatsApp number and consent, we may send onboarding messages, critical service updates, and assistance. You can opt-out anytime by replying STOP or changing preferences in your account. For email, use the unsubscribe link or contact us.

Children

Our services are intended for adults 18+. We do not knowingly collect data from children. If you believe a child provided us data, contact support@digibility.ai to request deletion.

Automated decision-making and profiling

Our AI features generate recommendations (e.g., timing windows, topic suggestions) and draft content. A human can review or override these at any stage. We do not make decisions that produce legal or similarly significant effects about you using solely automated processing.

Third-party links

Our product links to third-party sites and platforms. Their privacy practices are their own. Review their policies before connecting or using them.

Changes to this policy

We may update this policy to reflect changes in law or our product. If we make material changes, we will notify you via email or in-app notice and update the “Effective date” above. Continued use after the effective date means you accept the updated policy.

Region-specific disclosures

  • Controller/Processor roles: For most features we act as a processor/service provider for customer content. For our websites, trials, billing, and product analytics, we act as a controller/business.
  • Metrics (CPRA): We will publish annual metrics on access/deletion/correction.
  • Representatives: If required, we will appoint EU/UK representatives and update this section.

Cookies

  • Essential: session, authentication, security, load-balancing.
  • Preferences: language, UI settings.
  • Analytics: product usage (aggregated), crash/error analytics.
  • Advertising (if enabled with consent): retargeting and campaign attribution.

Manage cookies: Use our banner. You may also clear cookies in your browser.

Data processing addendum

We offer a DPA (with SCCs/UK Addendum and India DPDP terms) on request. Contact support@digibility.ai

Sub-processors

We maintain and update a public list of sub-processors with purposes and locations at [link: /subprocessors]. You may subscribe to changes.

Contact

Questions or requests about this policy or your data:
Email: support@digibility.ai
Postal: [Company address, Attn: Privacy/DPO/Grievance Officer]
India DPDP grievances: Amit Gupta, info@digibility.ai (we will acknowledge within prescribed timelines and close complaints promptly).

Short summary (not a substitute for the full policy)

We collect only what we need to run Digibility, improve results, and support you. You control your consents. We secure your data with encryption and access controls, and we don’t sell it. You can access, export, correct, or delete your data, and opt-out of marketing at any time.