Privacy Policy
Last Updated: March 27, 2026
1. Introduction
Push.LeadSarthi.com ("Platform," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:
Visit our website at push.leadsarthi.com;
Use our dashboard, WordPress plugin, or JavaScript SDK;
Interact with our Services as a Website Admin or as a Subscriber of a Client Website.
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.
2. Scope of This Policy
This Privacy Policy applies to:
The main website (push.leadsarthi.com);
The dashboard accessible to Website Admins;
The WordPress plugin and JavaScript SDK provided by the Platform.
This Privacy Policy does NOT apply to:
The privacy practices of Client Websites (websites that integrate our Services);
Any third-party websites, services, or applications that may be linked from our Platform.
Website Admins are independently responsible for their own privacy policies and for ensuring compliance with applicable laws regarding their Subscribers.
3. Data Controller & Data Processor Distinction
For the purposes of applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000:
| Role | Description |
|---|---|
| Data Controller | Push.LeadSarthi.com acts as a Data Controller with respect to information collected directly from Website Admins (account information, usage data, etc.). We determine the purposes and means of processing this data. |
| Data Processor | Push.LeadSarthi.com acts as a Data Processor with respect to Subscriber data (Subscription IDs, interaction data, etc.). We process this data on behalf of Website Admins to deliver push notification services. |
Website Admins act as Data Controllers for their Subscribers' data and are responsible for complying with applicable privacy laws, including obtaining valid consent and providing adequate disclosures.
4. Types of Data Collected
We collect different categories of data depending on how you interact with our Services.
4.1 Account Information (Website Admin)
When you create an account, we collect:
Email address – used for authentication, communication, and account recovery;
Login credentials – stored using industry-standard hashing and encryption;
Account activity – such as login timestamps, IP addresses, and dashboard interactions.
4.2 Website & Usage Data
We collect information about:
Listed websites – URLs and configuration details of Client Websites;
Integration details – whether you use our WordPress plugin or JavaScript SDK;
Dashboard activity logs – actions taken within your account, including notification creation, scheduling, and analytics views.
4.3 Subscriber Data (End Users)
When an end user visits a Client Website and subscribes to push notifications, we collect:
Subscription ID – a unique, browser-generated identifier required to deliver notifications;
Device & browser type – information about the browser and operating system used (where available);
Approximate location – derived from IP address (city or region level, not precise geolocation);
Interaction data – clicks on notifications, engagement metrics, and opt-out events.
Important: We do not collect personally identifiable information such as names, phone numbers, or email addresses of Subscribers unless explicitly provided by the Website Admin through their own processes.
4.4 Technical Data
When you visit our website, use our dashboard, or interact with our Services, we automatically collect:
IP address;
Browser type and version;
Device information;
Cookies and similar tracking technologies (see Section 9).
5. How Data is Collected
We collect data through the following methods:
| Method | Description |
|---|---|
| Directly from Users | Information provided during account registration, dashboard usage, and communication with us. |
| Automatically via SDK/Plugin | Subscription IDs and technical data are collected when our plugin or SDK is integrated into a Client Website. |
| Automatically via Browser | During the push notification subscription process, browsers generate and transmit Subscription IDs. |
| Cookies & Tracking Technologies | Used to enhance user experience, analyze usage, and maintain session state. |
6. Purpose of Data Collection
We collect and process data for the following purposes:
6.1 Service Delivery
Enable and deliver push notifications to Subscribers;
Manage subscriptions and maintain accurate subscriber lists;
Authenticate Website Admins and provide access to the dashboard.
6.2 Analytics & Improvement
Track subscriber counts and notification performance;
Analyze platform usage to improve functionality, reliability, and user experience;
Optimize infrastructure and troubleshoot technical issues.
6.3 Communication
Send account-related emails (e.g., verification, payment receipts, service updates);
Respond to inquiries submitted through our Contact Us page.
6.4 Security & Fraud Prevention
Detect and prevent abuse, unauthorized access, and fraudulent activity;
Ensure compliance with our Terms of Service.
7. Legal Basis for Processing
We process personal data based on the following legal grounds:
| Basis | Application |
|---|---|
| Consent | Subscriber consent obtained via browser permission prompts; Website Admin consent obtained during account creation. |
| Legitimate Interest | Platform improvement, security, fraud prevention, and analytics. |
| Contractual Necessity | Processing necessary to provide Services to Website Admins under our Terms of Service. |
| Legal Obligation | Compliance with applicable laws, including the Information Technology Act, 2000, and DPDPA, 2023. |
8. Subscriber Consent & Responsibility
The Platform facilitates the push notification subscription process but does not initiate or control the request for Subscriber consent.
Subscribers grant permission through their browser’s native notification dialog;
Subscribers may revoke permission at any time via browser settings.
Website Admins are solely responsible for:
Informing visitors to their Client Websites about the use of push notifications;
Obtaining any additional consent required under applicable privacy laws (e.g., DPDPA, GDPR, CCPA);
Ensuring their own privacy policy discloses the use of third-party push notification services.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to:
Maintain user sessions and authentication;
Analyze website traffic and usage patterns;
Remember user preferences.
You may control cookies through your browser settings. Disabling cookies may affect the functionality of certain features, including dashboard login persistence.
10. Automated Decision-Making & Profiling
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on users. Any automated processes we employ are limited to:
Fraud detection and security monitoring (technical, non-discriminatory);
Analytics and reporting (aggregated, non-personally identifiable).
11. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data.
We may share data in the following circumstances:
| Recipient | Purpose |
|---|---|
| Third-Party Service Providers (Sub-Processors) | Hosting, cloud infrastructure, analytics, and push notification delivery services. Only minimum necessary data is shared. A list of sub-processors is provided in Section 12. |
| Legal Authorities | When required by law, regulation, legal process, or government request. |
| Business Transfers | In connection with a merger, acquisition, or sale of assets (with notice to affected users). |
12. Third-Party Services & Sub-Processors
Our Services rely on third-party sub-processors to deliver functionality. These include:
| Category | Examples | Purpose |
|---|---|---|
| Cloud Hosting | AWS, DigitalOcean, or similar | Infrastructure and data storage |
| Push Notification Infrastructure | Firebase Cloud Messaging (FCM) | Delivery of push notifications |
| Analytics | Self-hosted or third-party analytics | Platform usage analysis |
| Email Services | SendGrid, SMTP providers | Account and transactional emails |
We ensure that all sub-processors are bound by appropriate data protection obligations. A current list of sub-processors is available upon request.
Important: Third-party services have their own privacy policies. The Platform does not control and is not responsible for the privacy practices of third parties.
13. Cross-Border Data Transfers
Data we collect may be stored and processed on servers located in India or in other countries where our service providers operate. By using our Services, you acknowledge that your data may be transferred to jurisdictions with different data protection laws.
We take steps to ensure that appropriate safeguards are in place for such transfers, including:
Use of standard contractual clauses (SCCs) where applicable;
Ensuring sub-processors comply with applicable data protection requirements.
14. Data Retention
We retain personal data as follows:
| Data Type | Retention Period |
|---|---|
| Account Information | For as long as the account is active. |
| Subscription IDs | For the duration of the Client Website’s active listing, plus a reasonable grace period after unlisting or Subscriber opt-out. |
| Analytics Data | Retained while the account is active, plus up to 30 days after account deletion. |
| Logs & Backups | May persist temporarily in backups but are not actively processed after deletion requests. |
Upon account deletion (after the 15-day lock period), all associated data is permanently removed from active databases.
15. Data Security
We implement reasonable security measures to protect your data, including:
Encryption – passwords are hashed and stored securely; data in transit is encrypted via TLS;
Secure Servers – access restricted to authorized personnel;
Access Control – internal policies limiting data access to employees and contractors with a legitimate need.
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
16. Data Breach Notification
In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:
Notify affected users without undue delay;
Provide details of the breach, potential impact, and remedial actions taken;
Comply with notification requirements under applicable laws, including the DPDPA, 2023, and the IT Act, 2000.
17. User Rights (Website Admins)
As a Website Admin, you have the following rights under applicable law:
| Right | Description |
|---|---|
| Right to Access | Request a copy of the personal data we hold about you. |
| Right to Rectification | Correct inaccurate or incomplete information. |
| Right to Erasure | Request account deletion (subject to the 15-day lock period). |
| Right to Restrict Processing | Request limitation of processing in certain circumstances. |
| Right to Data Portability | Request a machine-readable copy of your data for transfer to another service. |
| Right to Withdraw Consent | Where processing is based on consent, you may withdraw it at any time. |
To exercise these rights, contact us via our Contact Us page. We will respond within the timeframes required by applicable law.
18. Subscriber Rights
As an end user who has subscribed to notifications from a Client Website, you have the right to:
| Right | Description |
|---|---|
| Revoke Permission | Disable notifications through your browser settings at any time. |
| Control Notifications | Manage preferences at the device or browser level. |
| Contact the Website Admin | For questions about how your data is used by the Client Website. |
If you have concerns regarding your data processed by our Platform, you may contact us. However, we may redirect you to the relevant Website Admin, as they are the Data Controller for your subscription data.
19. Withdrawal of Consent
Website Admins may withdraw consent for data processing by:
Deleting their account (subject to the 15-day lock period);
Contacting us to request cessation of specific processing activities.
Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal may result in the inability to continue using the Services.
20. Children’s Privacy
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete such information promptly.
21. Sensitive Personal Data
We do not knowingly collect or process sensitive personal data, which under Indian law includes:
Passwords;
Financial information (bank account, credit card details);
Physical, physiological, or mental health conditions;
Sexual orientation;
Biometric or genetic data;
Any other category designated as sensitive under applicable law.
If you voluntarily provide such information, you do so at your own risk, and you consent to its processing as described in this Privacy Policy.
22. Do Not Track Signals
Our Platform does not currently respond to browser "Do Not Track" (DNT) signals. We may reassess this practice as industry standards evolve.
23. Account Deletion & Data Removal
To request account deletion, submit a request via our Contact Us page.
A 15-day lock period applies, during which the account is inactive and services are suspended.
You may cancel the deletion request within the lock period.
After 15 days, the account and all associated data are permanently deleted from active databases.
Data exports may be requested prior to initiating deletion.
24. Grievance Officer (Indian Law Compliance)
In compliance with the Information Technology Act, 2000, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to address concerns and complaints regarding data handling and privacy:
Complaints may be submitted through our Contact Us page or directly to the Grievance Officer at the email address above.
25. Complaint Redressal Mechanism
If you have a concern regarding our privacy practices, please follow this process:
Initial Contact – Reach out via our Contact Us page. We will acknowledge receipt within 48 hours.
Review & Investigation – We will investigate and respond with a proposed resolution within 30 days.
Escalation – If you are unsatisfied with our response, you may escalate to:
The Grievance Officer (contact above); or
The appropriate regulatory authority under applicable law (e.g., the Data Protection Board of India under DPDPA).
26. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time without prior notice. Changes become effective immediately upon posting on this page.
Your continued use of the Services after any modification constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.
27. Governing Law & Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of India, including:
The Information Technology Act, 2000;
The Digital Personal Data Protection Act, 2023 (once notified and enforced);
Any other applicable data protection regulations.
Any disputes arising out of or relating to this Privacy Policy or the Services shall be subject to the exclusive jurisdiction of the courts located in Kalyan, Maharashtra, India.
28. Contact Information
For questions, concerns, or requests regarding this Privacy Policy, including:
Account deletion requests;
Data access or correction requests;
Privacy-related inquiries;
Grievance submissions;
please contact us through our official Contact Us page at push.leadsarthi.com/contact-us. This is the sole and official method for such communications.
29. Data Processing Agreement (DPA) Reference
For Website Admins who act as Data Controllers for Subscriber data and require a Data Processing Agreement (DPA) to comply with applicable laws (such as GDPR or DPDPA), a DPA is available upon request. Please contact us via our Contact Us page to request a copy.
By using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.