Privacy Policy
How we collect, use, and protect your information.
This Privacy Policy (“Policy”) describes how Optivize, a brand operated by Surajit Majhi HUF (“Optivize”, “we”, “us”, “our”), collects, uses, discloses, retains, and safeguards information when you visit optivize.digital, use any of our products or services (including the AI Website Builder, AI Image Studio, SEO Suite, Workflow Automation, Domain & Hosting Reseller services, and Support Ticketing System), or otherwise interact with us. By accessing the Services you consent to the practices described here. If you do not agree, please discontinue use.
1. Information We Collect
1.1 Information you provide directly
- Account data: name, email address, phone number, billing address, company name, password (stored as a bcrypt hash — we never store plaintext passwords).
- Customer content: websites, copy, images, prompts, blog drafts, and any other content you create through our AI tools.
- Payment metadata: we do not store full card numbers. Razorpay processes payments and we retain only the order ID, transaction ID, RRN, payment method, currency, amount and status for compliance/accounting.
- Communications: support tickets, contact-form submissions, chat messages, and the contents of emails you send us.
1.2 Information collected automatically
- IP address, browser type and version, device identifiers, time zone setting, operating system.
- Pages visited, links clicked, referring URL, search terms, session duration.
- Cookies and similar technologies (essential, preference, analytics — see Section 6).
1.3 Information from third parties
- Payment processors (Razorpay) share transaction confirmation, payer name, masked card last-four.
- OAuth/Social-login providers (Google, Facebook) share basic profile information you authorise.
- Domain & hosting registrars share WHOIS, DNS, hosting status and renewal data when you purchase domain services through us.
2. How We Use Your Information
- To provide, operate, maintain and improve the Services.
- To process orders, generate invoices/receipts (PDF), apply credits, and prevent fraud.
- To deliver AI-generated content (text, images, SEO reports) you have requested.
- To send transactional emails (order confirmation, invoice, payment receipt, ticket replies, password reset).
- To send service announcements (only essential ones; marketing emails are opt-in).
- To monitor usage, detect abuse, secure our systems and comply with legal obligations.
- To perform aggregated analytics for product improvement (these never identify individual users).
3. Legal Bases (GDPR, where applicable)
If you are in the European Economic Area, the United Kingdom or any jurisdiction with a comparable framework, we process personal data on one or more of the following legal bases: contractual necessity (to provide what you purchased), legitimate interests (to keep the platform secure and improve it), consent (marketing emails, optional cookies), and legal obligation (tax/accounting retention).
4. Sharing & Disclosure
We do not sell personal data. We share data only with:
- Service providers strictly bound by confidentiality — Razorpay (payments), Hostinger (SMTP), Cloudflare R2 (file storage), MongoDB Atlas (database), OpenAI / Anthropic / Google Gemini (AI generation — only the prompt you submit), ReportLab (PDF rendering, on-prem).
- Domain & hosting registrars when you purchase reseller services through us.
- Law-enforcement only in response to a valid subpoena, court order, or to defend legal rights.
- Successor entities in the event of a corporate restructuring, merger, acquisition or asset sale — subject to equivalent protections.
5. Data Retention
- Account data: retained while your account is active and for up to 3 years after closure for record-keeping.
- Invoices, receipts and refund records: retained for 8 years as required by Indian income-tax and GST law.
- Support tickets: retained for 3 years after closure.
- Marketing-email preference (unsubscribe) records: retained indefinitely to honour your choice.
- Backups: rotated on a 90-day cycle; deleted records may persist briefly in backups before purge.
6. Cookies
We use three categories of cookies:
- Essential — login session, CSRF token, cart contents. Cannot be disabled without breaking the Service.
- Preference — theme, language, currency, saved filters. Stored only in your browser.
- Analytics — aggregate page-view counts. We do not deploy Google Analytics or any third-party advertising tracker by default; first-party analytics only.
7. Your Rights
Subject to local law, you may exercise the following rights free of charge by writing to sales@optivize.digital:
- Right of access — obtain a copy of the personal data we hold about you.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) — subject to legal retention exceptions.
- Right to data portability — receive your data in a structured, machine-readable format (JSON).
- Right to object to processing for direct marketing — we will honour immediately.
- Right to withdraw consent — for any consent-based processing, at any time.
- Right to lodge a complaint with a supervisory authority (e.g. the Indian Data Protection Board or your local EU DPA).
We respond to verified requests within 30 days.
8. International Transfers
Our primary servers are hosted in India. Some sub-processors (e.g. OpenAI, MongoDB Atlas) operate globally. Where data is transferred outside India or the EEA we rely on Standard Contractual Clauses or equivalent safeguards.
9. Security
We use TLS 1.2+ for all transit, bcrypt for password hashing, HTTP-only secure cookies for sessions, parameterised database queries to prevent injection, scheduled vulnerability scans, and least-privilege access controls on all production systems. No method of transmission is 100% secure; we accept no liability for events outside our reasonable control.
10. Children
The Services are not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided data, please contact us and we will delete it.
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified via email to all active customers at least 7 days before they take effect, and the “Last updated” date above will be revised.
12. Contact
Optivize — DBA of Surajit Majhi HUF
Email: sales@optivize.digital
Phone: +91 81006 71006
Web: optivize.digital
