Skip to main content

Privacy Policy

Last Updated: December 02, 2025

Introduction

This Privacy Policy outlines how Consently ("we," "our," or "us") collects, utilizes, protects, and discloses your personal data when you engage with our website (www.consently.in), our platform, or our suite of compliance and consent management services (collectively, the "Services").

By accessing or using Consently, you acknowledge that you have read this policy and agree to the data practices described herein. Our commitment to your privacy is built on transparency, security, and the minimization of data collection to what is strictly necessary.

1. Information We Collect

To provide a seamless consent management and compliance experience, we collect specific categories of data. We categorize this information into data you provide to us directly, data we collect automatically, and data received from third parties.

A. Information You Provide

We collect information that you voluntarily share with us to establish your account and utilize our Services:

  • Account & Registration Data: When you register your organization on Consently, we collect details such as your full name, company name, business email address, phone number, job title, and secure authentication credentials (hashed passwords).
  • Support & Communications: If you contact us for technical support or sales inquiries, we collect your contact details and the content of your messages to resolve your queries effectively.
  • Billing Information: For paid subscriptions, we collect billing addresses and transaction details. Note: We do not store credit card information on our servers; this is handled securely by our payment processing partners.
  • Platform Data: As a consent management tool, you may input data regarding your own users, data mappings, or compliance preferences. While Consently processes this data, you remain the Data Controller, and we act as the Data Processor.

B. Information Collected Automatically

When you navigate our platform, we use technical means to ensure security and improve performance:

  • Device Telemetry: IP address, browser type, operating system, device identifiers (MAC/IMEI), and approximate location based on IP.
  • Usage Logs: Data regarding how you interact with the dashboard, including click paths, time spent on modules, feature usage, and error logs.
  • Cookies & Pixels: We use cookies to authenticate sessions, remember user preferences, and analyze platform performance. You can control these via your browser settings.

C. Information from Third Parties

We may receive business contact data from partners, lead generation tools, or public professional sources (like LinkedIn) to validate business profiles or facilitate integrations you have requested.

2. How We Use Your Information

We use the data we collect for specific, legitimate business purposes:

  • Core Service Delivery: To authenticate your access, manage your consent logs, and execute the compliance features you have subscribed to.
  • Platform Optimization: To analyze usage patterns (analytics) which helps us debug issues and develop new features.
  • Communication: To send you transactional emails (invoices, password resets) and important product updates.
  • Security & Compliance: To detect unauthorized access, prevent fraud, and comply with legal obligations under the DPDP Act, 2023, and GDPR.

3. Disclosure of Personal Information

We do not sell your data. We share data only when necessary to provide our Services or when required by law.

Recipient CategoryPurpose of Sharing
Service ProvidersHosting (Cloud), Data Storage, Analytics, and Customer Support tools. All vendors are vetted for security compliance.
Legal AuthoritiesWe may disclose data if compelled by a subpoena, court order, or to prevent fraud/harm to Consently or its users.
Business TransfersIn the event of a merger, acquisition, or asset sale, user data may be transferred as a business asset under strict confidentiality.
AffiliatesShared with group companies for internal administration and operational support.

4. Legal Basis for Processing

In compliance with the Digital Personal Data Protection Act, 2023 (India) and the GDPR, we process your data based on:

Consent

When you explicitly agree to us processing your data (e.g., marketing newsletters).

Contractual Necessity

To fulfill our Terms of Service obligations to you (e.g., providing the software).

Legitimate Interest

For fraud detection, security, and product improvement.

Legal Obligation

When we are required by statutory authorities to retain or disclose data.

5. Your Rights and Controls

We believe you should have full control over your data. Depending on your jurisdiction, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you.
Right to Correction: Update or rectify inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten): Request deletion of your data, subject to legal retention requirements.
Right to Withdraw Consent: You may withdraw consent for specific processing activities (like marketing) at any time.
Right to Grievance Redressal: You have the right to file a complaint regarding our data practices.

To exercise any of these rights, please contact our Data Protection Officer (details below).

6. Data Security

Consently employs enterprise-grade security measures to protect your information.

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Access Control

Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).

Audits

Regular vulnerability assessments and compliance with ISO 27001 / SOC 2 frameworks.

7. International Data Transfers

As a modern SaaS platform, we may process data on servers located outside your country of residence (e.g., AWS/Azure servers in appropriate regions). We ensure these transfers comply with the DPDP Act and GDPR by utilizing Standard Contractual Clauses (SCCs) and ensuring the destination country has adequate data protection standards.

8. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Once the retention period expires, your data is securely deleted or anonymized.

9. Contact Us

We take your privacy concerns seriously. If you have questions about this policy, wish to exercise your rights, or have a grievance, please contact our dedicated privacy team.

Data Protection Officer (DPO)

Name: Sushant Aggarwal
Email: dpo@consently.in

Grievance Officer

Email: grievance@consently.in

Address

Consently (Localo Technologies)
Delhi, India

If we are unable to resolve your concern, you have the right to approach the Data Protection Board of India (or the relevant supervisory authority in your jurisdiction).