Privacy Policy

Boost By Tech is a GST-registered technology firm based in India, providing website development, cloud & DevOps, database administration, SaaS development, digital growth services, and proprietary SaaS products (CRM + Analytics and HomeServe Book).

This Privacy Policy is published in compliance with:

• The Information Technology Act, 2000 ("IT Act"), including Section 43A
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
• The Digital Personal Data Protection Act, 2023 ("DPDP Act") and the DPDP Rules, 2025

By accessing our website (boostbytech.in) or using any of our services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services immediately.

We collect the following categories of information:

a) Information You Provide Directly

• Contact forms: First name, last name, email address, project description
• CRM interest form: Name, WhatsApp/phone number, business name, industry, ad account details, lead volume, business challenges, preferred demo time
• HomeServe interest form: Name, WhatsApp/phone number, business name, service category, cities/branches, staff count, booking volumes
• Client onboarding: Business details, GST number, billing address, authorised contact details

b) Information Collected Automatically

• IP address and approximate geographic location
• Browser type, version, and operating system
• Device identifiers and screen resolution
• Pages visited, time spent, and clickstream data
• Referring URLs and exit pages
• Cookie identifiers and session data

c) Information from Third Parties

• Business information from publicly available sources for prospecting
• Referral information when you are referred to us by another party

We collect and process your personal data solely for the following specified, lawful purposes:

1. To respond to enquiries and provide quotations for our services
2. To schedule and conduct product demonstrations (CRM, HomeServe Book)
3. To deliver contracted services, including website development, cloud, and database projects
4. To provide access to and support for our SaaS products
5. To issue GST-compliant invoices and process payments
6. To send transactional communications (project updates, invoices, support responses)
7. To send promotional communications, where you have provided consent
8. To improve our website, services, and product offerings through analytics
9. To comply with applicable legal and regulatory obligations
10. To prevent fraud, abuse, and unauthorised access

We will not use your personal data for any purpose beyond those stated above without obtaining your fresh, explicit consent.

Under Rule 3 of the SPDI Rules, 2011, "Sensitive Personal Data or Information" includes passwords, financial information, health data, biometric data, and sexual orientation. We do not routinely collect SPDI from website visitors.

In the limited circumstances where SPDI is required (e.g., financial details for invoicing, payroll processing for contracted personnel), we will:

• Obtain prior written consent before collection
• Collect only the minimum data required for the stated purpose
• Provide the option to not disclose SPDI, with an explanation of consequences
• Apply heightened security measures to SPDI

Under the DPDP Act, 2023, we process your personal data on the following legal bases:

• Consent (Section 6, DPDP Act): For marketing communications, demo scheduling, and non-essential data processing. You may withdraw consent at any time (see Section 10 — Your Rights).
• Contractual necessity: For delivering services you have engaged us to provide and for invoicing and payment processing.
• Legal obligation: Where processing is required to comply with Indian law, tax regulations, or court orders.
• Legitimate use: For fraud prevention, security, and the protection of our systems and personnel.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your data in the following limited circumstances:

Service Providers & Data Processors

• Cloud infrastructure: AWS, Google Cloud, or similar providers hosting our systems
• Email services: For transactional and promotional communications
• Payment processors: Razorpay or similar for processing invoices
• Analytics: Website analytics providers operating on our behalf

All data processors are bound by contractual obligations to process data only on our instructions and to maintain appropriate security.

Legal & Regulatory Disclosure

We may disclose personal data to government authorities, law enforcement, or courts where required by applicable Indian law, court order, or legal process.

Business Transfers

In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the successor entity, subject to the same privacy protections.

We use the following types of cookies and tracking technologies on our website:

• Strictly necessary cookies: Required for the website to function (session management, security). Cannot be disabled.
• Performance cookies: Collect anonymised data about how visitors use our website to help us improve performance.
• Functional cookies: Remember your preferences and settings to improve your experience.
• Analytics cookies: Track usage patterns to help us understand visitor behaviour (e.g., Google Analytics with IP anonymisation enabled).

You may disable non-essential cookies through your browser settings or our cookie preference centre. Disabling cookies may limit certain functionality of the website.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, subject to the following schedules:

Upon expiry of the applicable retention period, personal data will be permanently deleted or anonymised so that it can no longer be attributed to any individual.

We implement appropriate technical and organisational security measures in compliance with Section 43A of the IT Act, 2000 and the SPDI Rules to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

These measures include, but are not limited to:

• TLS/SSL encryption for all data in transit
• Encryption at rest for sensitive data stores
• Role-based access controls (RBAC) limiting data access to authorised personnel only
• Regular security audits and vulnerability assessments
• Multi-factor authentication on all administrative systems
• Secure, isolated cloud infrastructure with firewall and DDoS protection
• Regular backups with tested disaster recovery procedures

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security; however, we are committed to promptly investigating and addressing any reported security incidents.

Our primary operations are based in India. However, some of our service providers (cloud infrastructure, email, analytics) may process data in jurisdictions outside India, including the United States and European Union.

Any cross-border transfer of personal data is subject to adequate safeguards as required under Section 16 of the DPDP Act, 2023. We ensure that recipient countries or entities provide a level of data protection comparable to Indian law. We will not transfer data to countries blacklisted by the Central Government of India under the DPDP Act.

Our services are intended for businesses and individuals aged 18 years and above. We do not knowingly collect personal data from persons below 18 years of age.

In accordance with Section 9 of the DPDP Act, 2023, where we become aware that personal data of a minor has been collected without verifiable parental or guardian consent, we will immediately delete such data and notify the parent or guardian.

If you believe a minor has submitted personal data to us without appropriate consent, please contact our Grievance Officer immediately at boostbyt@gmail.com.

Under the Digital Personal Data Protection Act, 2023 (Sections 11–14), you have the following rights as a Data Principal:

To exercise any of the above rights, please submit a written request to boostbyt@gmail.com. We will acknowledge your request within 72 hours and endeavour to resolve it within 30 days.

In the event of a personal data breach, we will act in accordance with Section 8 of the DPDP Act, 2023:

• Notify the Data Protection Board of India within 72 hours of becoming aware of the breach
• Notify affected Data Principals without undue delay, containing: (a) the nature and extent of the breach; (b) types of personal data affected; (c) likely consequences; and (d) remedial measures taken or proposed
• Maintain a breach register with details of all incidents, regardless of severity

If you suspect your data has been compromised, please contact us immediately at boostbyt@gmail.com.

In accordance with Rule 5(9) of the SPDI Rules, 2011 and the provisions of the IT Act, 2000, we have designated a Grievance Officer to address complaints or concerns regarding this Privacy Policy or our data practices:

This Privacy Policy is governed by and shall be construed in accordance with the laws of the Republic of India, including the IT Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023.

Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in India.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Display a prominent notice on our website for at least 30 days
• Send an email notification to registered users or active clients

Continued use of our website or services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the revised Policy, please discontinue use and contact us to request deletion of your data.

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out to us: