Privacy Policy

This policy explains how Flauntix Digital collects, uses, stores, and protects your personal data. We are committed to transparency and to honouring your rights under all applicable laws.

Effective: 24 May 2026 Last updated: 24 May 2026 privacy@flauntix.com
DPDP Act 2023 GDPR / UK GDPR CAN-SPAM CCPA / CPRA PIPA (South Korea) CASL / PIPEDA LGPD (Brazil) COPPA ePrivacy
Note: This Privacy Policy has been prepared to reflect our compliance obligations across multiple jurisdictions. It does not constitute legal advice. We recommend that you consult qualified legal counsel to ensure full compliance with all laws applicable to your specific circumstances. Jurisdiction-specific provisions are highlighted throughout.
Section 01

Who We Are

Flauntix Digital ("Flauntix", "we", "us", "our") is a performance marketing and AI automation agency headquartered in New Delhi, India. We provide digital marketing, paid media management, brand strategy, and AI workflow services to brands globally.

Data Controller / Data Fiduciary:
Flauntix Digital
New Delhi, India
Email: privacy@flauntix.com
Website: https://flauntix.com

For all privacy-related inquiries, data subject requests, or grievances, please contact us at privacy@flauntix.com. We aim to respond within 30 days (or sooner as required by applicable law).

Section 02

Information We Collect

2.1 Information You Provide Directly

  • Contact & inquiry data: Name, email address, phone number, company name when you fill in our contact or audit request form.
  • Business information: Monthly ad budget range, primary service interest, and any message you choose to include.
  • Communication data: Emails, messages, or other content you send to us directly.
  • Client account data: When you become a client, we may collect billing information, ad account credentials (shared securely), and campaign performance data for the purpose of delivering our services.

2.2 Information Collected Automatically

  • Usage data: Pages visited, time spent, referring URL, browser type, device type, operating system.
  • IP address: Collected for security purposes and approximate geolocation (country/region level).
  • Cookies and similar technologies: Session cookies, analytics cookies. See Section 10 for full details.

2.3 Information From Third Parties

  • Ad platforms: When managing your campaigns, we receive performance data from Google, Meta, LinkedIn, Amazon, and other platforms you authorise us to access.
  • Analytics tools: Aggregated, anonymised traffic and behaviour data from tools such as Google Analytics.
  • CRM tools: Contact and lead data passed through platforms such as Brevo (our email CRM), used only to manage our client communications.

We do not purchase, rent, or acquire personal data from data brokers or third-party list providers.

Section 03

How We Use Your Information

We use personal data only for the specific, legitimate purposes for which it was collected:

  • To respond to inquiries and provide you with the free audit or service information you requested.
  • To deliver our services — managing ad campaigns, building workflows, reporting results.
  • To send marketing communications — updates, insights, and service information, only where you have consented or where we have a legitimate interest (see Section 9 for email-specific rules).
  • To improve our website and services — using aggregated analytics to understand how users interact with our site.
  • To meet legal obligations — including tax records, regulatory compliance, and responding to lawful requests from public authorities.
  • To protect our rights and business — fraud prevention, security monitoring, and enforcement of our terms.

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

Section 04

Legal Basis for Processing

EU / UK — GDPR & UK GDPR

Under the General Data Protection Regulation (GDPR) and UK GDPR, we process personal data on the following legal bases:

  • Consent (Art. 6(1)(a)): For marketing emails and cookies where consent is required. You may withdraw consent at any time.
  • Contract (Art. 6(1)(b)): To fulfil our contractual obligations when you engage us as a client.
  • Legal obligation (Art. 6(1)(c)): To comply with applicable laws (e.g., tax, accounting).
  • Legitimate interests (Art. 6(1)(f)): To improve our services, send B2B marketing to existing contacts, prevent fraud, and maintain security — where these interests are not overridden by your rights.

Where we rely on legitimate interests, you have the right to object to that processing (see Section 8).

India — DPDP Act 2023

Under India's Digital Personal Data Protection Act, 2023, Flauntix Digital operates as a Data Fiduciary. We process personal data on the following grounds:

  • Consent: For marketing communications and non-essential data collection. Consent is obtained through a clear, specific request and may be withdrawn at any time via a Consent Manager or by emailing privacy@flauntix.com.
  • Legitimate uses: Purposes prescribed under the Act, including compliance with legal obligations, safety and security, and employment-related processing.
Section 05

Data Sharing & Disclosure

We do not sell your personal data. We share it only in the following limited circumstances:

5.1 Service Providers (Processors)

We engage trusted third-party vendors who process data only on our instructions, under strict confidentiality and data processing agreements:

  • Brevo (Sendinblue) — email CRM and contact management. Data stored on EU-based servers. Brevo Privacy Policy ↗
  • Vercel — website hosting and serverless functions. Vercel Privacy Policy ↗
  • Google Analytics — anonymised website analytics.
  • Ad platforms (Google, Meta, LinkedIn, Amazon, etc.) — accessed only under your explicit authorisation as our client.

5.2 Legal & Regulatory Disclosures

We may disclose personal data when required by applicable law, court order, or lawful request from a competent governmental authority — including tax authorities, law enforcement agencies, or regulatory bodies — in India or any jurisdiction in which we operate.

5.3 Business Transfers

If Flauntix Digital undergoes a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to such transfer, and you will retain the right to request deletion of your data.

Section 06

International Data Transfers

As a global agency, your data may be transferred to and stored in countries other than your country of residence, including India, the United States, and the European Union. We take the following steps to ensure adequate protection:

EU / UK — GDPR

Transfers of personal data outside the EEA/UK are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate transfer mechanisms (adequacy decisions where applicable). Our primary processor Brevo maintains EU-based data storage.

India — DPDP Act 2023

Cross-border transfers of personal data are conducted in compliance with the provisions of the DPDP Act 2023. Where the Central Government designates certain countries as restricted for transfer, we will comply with any such notification. We ensure our international processors maintain data protection standards equivalent to those required under Indian law.

South Korea — PIPA

If we transfer personal information of South Korean residents outside Korea, we provide notice of: (i) the recipient, (ii) the purpose, (iii) the items of personal information transferred, (iv) the retention and use period, and (v) how to refuse the transfer. Such transfers are conducted under agreements that require the recipient to comply with protection standards equivalent to PIPA.

Section 07

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law:

Data Type Retention Period Reason
Inquiry / audit request data 3 years Legitimate interest (business relationships)
Client account & contract data 7 years after contract end Legal obligation (tax, accounting)
Marketing email subscribers Until unsubscribe or withdrawal of consent Consent-based
Website analytics data 26 months (anonymised) Legitimate interest (site improvement)
Security / server logs 90 days Security & fraud prevention

When data is no longer needed, it is securely deleted or anonymised. You may request earlier deletion — subject to legal retention requirements — using the contact details in Section 15.

Section 08

Your Privacy Rights by Region

Depending on where you are located, you have specific rights regarding your personal data. To exercise any of these rights, contact us at privacy@flauntix.com. We will respond within the timeframe required by your applicable law.

EU, EEA & UK — GDPR / UK GDPR

Residents of the EU, EEA, and UK have the following rights:

  • Right of access (Art. 15): Obtain a copy of your personal data we hold.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your data where there is no compelling reason for continued processing.
  • Right to restriction of processing (Art. 18): Ask us to restrict how we use your data in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing at any time.
  • Rights related to automated decision-making (Art. 22): Not to be subject to decisions based solely on automated processing where they produce significant effects.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority. For EU residents: your national data protection authority. For UK residents: the Information Commissioner's Office (ICO) ↗.
India — DPDP Act 2023

As a Data Principal under the DPDP Act 2023, you have the following rights:

  • Right to access information: Request a summary of the personal data we hold about you and details of processing activities.
  • Right to correction and erasure: Request correction of inaccurate, incomplete, or outdated personal data, or erasure of data no longer required for its original purpose.
  • Right to grievance redressal: Access our grievance redressal mechanism. We will acknowledge and resolve grievances within 30 days.
  • Right to nominate: Nominate another individual to exercise your rights in the event of death or incapacity.
  • Right to withdraw consent: Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Right to complain to the Data Protection Board: If unsatisfied with our response, you may file a complaint with the Data Protection Board of India once it is constituted under the Act.

Our designated Grievance Officer can be reached at: privacy@flauntix.com

USA — California (CCPA / CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: Request disclosure of the categories and specific pieces of personal information collected, used, disclosed, or sold.
  • Right to delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt-out of sale/sharing: We do not sell or share personal information for cross-context behavioural advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
  • Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined under CPRA.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights, email privacy@flauntix.com with the subject line "California Privacy Request". We will respond within 45 days.

South Korea — PIPA

Residents of South Korea have the following rights under the Personal Information Protection Act (PIPA):

  • Right to access: Request confirmation and access to personal information we hold about you.
  • Right to correction: Request correction of any inaccurate personal information.
  • Right to deletion: Request deletion of personal information, where it is no longer necessary for its original purpose.
  • Right to suspension of processing: Request suspension of processing in certain circumstances.

We have designated a Personal Information Protection Manager (개인정보 보호책임자) who can be contacted at privacy@flauntix.com. We will respond within 10 days of receiving a verified request.

You may also file a complaint with the Personal Information Protection Commission (PIPC) or the Korea Internet & Security Agency (KISA).

Canada — PIPEDA / CASL

Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial equivalents:

  • Right to access: Request access to personal information we hold and how it is used or disclosed.
  • Right to correction: Request amendment of inaccurate personal information.
  • Right to withdraw consent: Withdraw consent for the use of your personal information, subject to legal or contractual restrictions.
  • Right to complain: File a complaint with the Office of the Privacy Commissioner of Canada ↗.
Brazil — LGPD

Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD):

  • Confirmation of the existence of processing; access to data; correction; anonymisation, blocking, or deletion of unnecessary data; data portability; information about third parties with whom data is shared; information about the possibility of denying consent and the consequences; revocation of consent.
  • You may file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).
Japan — APPI

Japanese residents have rights under the Act on the Protection of Personal Information (APPI), including the right to request disclosure, correction, addition, deletion, and suspension of use of personal information. Complaints may be directed to the Personal Information Protection Commission (PPC) Japan.

Section 09

Email Communications & CAN-SPAM

USA — CAN-SPAM Act

Our commercial email practices comply with the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act:

  • We never use deceptive subject lines or "From" names.
  • We identify every commercial email as an advertisement where required.
  • Our physical address (New Delhi, India) is included in every commercial email.
  • Every marketing email contains a clear, functional unsubscribe link.
  • Opt-out requests are honoured within 10 business days.
  • We do not use third-party email addresses without consent.
Canada — CASL

Commercial Electronic Messages (CEMs) sent to Canadian recipients comply with Canada's Anti-Spam Legislation (CASL):

  • We send CEMs only with express or implied consent as defined under CASL.
  • Every CEM identifies Flauntix Digital as the sender with our contact information.
  • Every CEM includes a functional unsubscribe mechanism that is processed within 10 business days.
EU / UK — ePrivacy

We send marketing emails to EU/UK residents only with prior explicit consent (opt-in), in compliance with the ePrivacy Directive and applicable national implementations. Every email includes a clear unsubscribe option. Existing clients may receive service-related communications without separate opt-in, where permitted under applicable law.

How to Unsubscribe

You can unsubscribe from marketing emails at any time by:

  • Clicking the Unsubscribe link at the bottom of any marketing email, or
  • Emailing us at privacy@flauntix.com with the subject "Unsubscribe".

Please note that even after unsubscribing from marketing communications, you may still receive transactional or service-related emails directly related to an ongoing engagement.

Section 10

Cookies & Tracking Technologies

Our website uses cookies and similar technologies. A cookie is a small text file stored on your device when you visit our website.

Types of Cookies We Use

  • Strictly necessary cookies: Required for the website to function (session management, security). Cannot be disabled.
  • Analytics cookies: Tools such as Google Analytics collect anonymised data about how visitors interact with the site. This data is aggregated and does not identify individuals.
  • Marketing / tracking cookies: If we run retargeting campaigns, advertising platforms (Google, Meta) may set cookies. These are only activated with your consent where required by law.
EU / UK — ePrivacy & GDPR

Non-essential cookies (analytics, marketing) are only placed with your prior, freely-given, specific, and informed consent. A cookie consent banner is displayed on first visit. You may change your preferences at any time. Withdrawing consent does not affect any prior processing.

India — DPDP Act 2023 & IT Rules

Under India's IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 and the DPDP Act 2023, we provide users with clear information about cookies and obtain consent for non-essential tracking.

Managing Cookies

You can control cookies through your browser settings at any time. Note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to: view cookies stored, delete cookies individually or all at once, and block cookies from specific websites or all sites.

Section 11

Children's Privacy

COPPA (USA) & Global

Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal information from children under the age of 13 (USA — COPPA), 16 (EU/UK — GDPR), or the applicable minimum age in your jurisdiction.

If you believe a child has submitted personal data to us, please contact us immediately at privacy@flauntix.com and we will promptly delete that information.

India — DPDP Act 2023

Under the DPDP Act 2023, we do not process personal data of children (persons under 18 years of age) without verifiable parental consent. We take reasonable measures to verify age and do not engage in tracking, behavioural monitoring, or targeted advertising directed at children.

Section 12

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These include:

  • HTTPS encryption for all data transmitted through our website.
  • Secure, access-controlled storage of data via Brevo and Vercel (both SOC 2-compliant platforms).
  • API keys and credentials stored as environment variables — never in source code.
  • Access to personal data restricted to authorised personnel on a need-to-know basis.
  • Regular review of our security practices and those of our third-party processors.

Data Breach Notification

EU / UK — GDPR

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and affected individuals without undue delay, as required by GDPR Article 33–34.

India — DPDP Act 2023

In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals in the manner and within the timeframe prescribed by the Board, as required under Section 8(6) of the DPDP Act 2023.

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Section 13

Third-Party Links

Our website may contain links to third-party websites, platforms (Google, Meta, LinkedIn, Amazon, etc.), or tools. This Privacy Policy applies only to flauntix.com. We are not responsible for the privacy practices of third-party sites and strongly encourage you to review their respective privacy policies before submitting any personal data.

Section 14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Send an email notification to active subscribers and clients where required by law.
  • Display a notice on our website for a reasonable period following the update.

Your continued use of our website or services after any changes constitutes your acceptance of the updated policy. If you do not agree with the revised policy, please discontinue use and contact us to request deletion of your data.

Previous versions of this Privacy Policy are available upon request by emailing privacy@flauntix.com.

Section 15

Contact & Grievance Redressal

For any privacy-related questions, requests to exercise your rights, or complaints, please contact:

Flauntix Digital — Privacy Office

Email: privacy@flauntix.com

General: hello@flauntix.com

Location: New Delhi, India

Response time: Within 30 days of receipt (sooner as required by applicable law)

Jurisdiction-Specific Contacts & Regulatory Bodies

This Privacy Policy was last reviewed and updated on 24 May 2026. We recommend reviewing this page periodically.