Plain English summary: SPONAD collects only the data needed to deliver and improve our services. We do not sell your personal data. We use industry-standard security. You can request access, correction, or deletion of your data at any time by emailing privacy@sponad.com.
Who We Are
SPONAD ("we", "us", "our") is an AI-powered marketing services company. Our registered entity is Sponad Technologies Private Limited, operating at ai.sponad.com and its associated subdomains, products, and services.
For the purposes of applicable data protection law, SPONAD is the data controller in respect of the personal data we process about you.
Registered Entity
Sponad Technologies Private Limited
Website
ai.sponad.com and sponad.com
Privacy Contact
privacy@sponad.com
Governing Law
Indian IT Act 2000 & GDPR (where applicable)
Data We Collect
We collect personal data in the following ways:
Data you provide directly
- Contact & enquiry forms: name, email address, phone number, company name, and any message content you submit via our website forms, audit booking flow, or contact page.
- Account registration: if you create an account for any SPONAD product (e.g. AI Lead Pro CRM), we collect email address, name, and account credentials.
- Service delivery: information you or your team provide to enable us to deliver marketing services — ad account access, analytics credentials, website data, and business context.
- Marketing preferences: consent signals and communication preferences captured when you subscribe to updates or download resources.
Data collected automatically
- Usage data: pages visited, time on site, referrer URL, browser type, operating system, and IP address — collected via cookies and analytics tools.
- Device data: device type, screen resolution, and connection type to help us optimise the site experience.
- Interaction data: clicks, scroll depth, form interactions, and session recordings where consent has been given, used to improve usability.
Data from third parties
- Marketing platform data (Google Ads, Meta Ads, LinkedIn) shared with us when you engage SPONAD as a service provider.
- Analytics data from Google Analytics 4, Hotjar, or similar tools you have installed on your properties.
- Publicly available business information used for prospecting and outreach.
How We Use Your Data
We use the data we collect strictly for the purposes described below. We do not use your personal data for any purpose that is incompatible with these purposes without first obtaining your consent.
- Service delivery: to provide, operate, and improve the AI marketing services you have engaged us for.
- Communication: to respond to your enquiries, send service updates, and deliver audit reports or strategy documents.
- Sales & onboarding: to follow up on audit requests, arrange strategy calls, and onboard new clients.
- Marketing communications: to send relevant content, case studies, or product updates — only where you have consented or we have a legitimate interest.
- Product improvement: to analyse how visitors use our website and products in order to improve performance, usability, and content.
- Legal compliance: to meet our obligations under applicable law, including responding to lawful requests from public authorities.
- Security & fraud prevention: to detect, investigate, and prevent fraudulent or malicious activity on our platforms.
We never sell your data. SPONAD does not sell, rent, or trade personal data to third parties for their own marketing purposes.
Legal Basis for Processing
Where the General Data Protection Regulation (GDPR) applies — including for users in the European Economic Area and United Kingdom — we rely on the following legal bases:
- Contract: processing necessary to perform a contract with you, or to take steps at your request before entering into one.
- Legitimate interests: where processing is necessary for our legitimate business interests (e.g. improving services, sending relevant content to existing contacts), provided those interests are not overridden by your rights.
- Consent: where you have given clear, specific consent — for example, subscribing to marketing emails or enabling optional analytics cookies.
- Legal obligation: where we are required by law to process certain data.
For users in India, we process data in accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA).
Cookies & Tracking Technologies
We use cookies and similar technologies on our website. Cookies are small text files placed on your device that help us provide a functional, personalised experience.
Types of cookies we use
- Essential cookies: required for the website to function. These cannot be disabled without affecting core functionality (e.g. form submissions, navigation).
- Analytics cookies: help us understand how visitors use the site — pages visited, time on site, drop-off points. We use Google Analytics 4 for this purpose. Data is anonymised and aggregated.
- Marketing & retargeting cookies: used to show you relevant SPONAD content on other platforms (e.g. Google, Meta). Only set with your consent.
- Functional cookies: remember your preferences (e.g. language, region) to improve your experience on return visits.
Managing cookies
You can control and delete cookies through your browser settings at any time. Disabling analytics or marketing cookies will not prevent you from using the website, but may affect personalisation and our ability to improve the site based on usage data.
Where required by law, we obtain your consent before placing non-essential cookies. You can withdraw consent at any time via your browser or by contacting us at privacy@sponad.com.
Data Sharing & Third Parties
We do not sell your personal data. We share data only where necessary to deliver our services or comply with the law, and only with parties that meet our data protection standards.
Service providers we work with
- Cloud infrastructure: Amazon Web Services (AWS) and Google Cloud Platform — for hosting, storage, and compute.
- Analytics: Google Analytics 4 and Hotjar — for website usage analytics.
- CRM & communication: HubSpot and similar tools — for managing client relationships and email delivery.
- Advertising platforms: Google Ads and Meta Ads — to enable campaign management and performance reporting on your behalf.
- Payment processing: Razorpay and Stripe — for secure billing. We do not store payment card data ourselves.
Legal disclosures
We may disclose personal data if required to do so by law, court order, or a lawful request from a regulatory or government authority. We will notify you of any such request where we are legally permitted to do so.
Business transfers
If SPONAD undergoes a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you and ensure the same level of data protection applies.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to meet legal obligations, or to resolve disputes.
- Enquiry and contact data: retained for up to 3 years from the date of last contact, or until you request deletion.
- Client and service data: retained for the duration of the engagement plus 5 years, to meet accounting and legal requirements.
- Analytics data: retained in anonymised, aggregated form for up to 26 months in Google Analytics 4.
- Marketing consent records: retained indefinitely as proof of consent, or until you withdraw consent and request deletion.
- Financial records: retained for 7 years in line with Indian tax and accounting law.
When data is no longer needed, we securely delete or anonymise it. You may request earlier deletion at any time — see Section 8 for your rights.
Your Rights
Depending on your location and applicable law, you have the following rights in relation to your personal data:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data, subject to legal retention obligations.
- Right to restrict processing: ask us to limit how we use your data in certain circumstances.
- Right to data portability: receive a copy of your data in a structured, machine-readable format where technically feasible.
- Right to object: object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent: withdraw any previously given consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, email us at privacy@sponad.com with your name, email address, and a description of your request. We will respond within 30 days.
If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction.
Encryption
All data in transit is encrypted via TLS 1.2+. Sensitive data at rest is encrypted using AES-256.
Access Controls
Role-based access controls limit data access to team members who need it to perform their role.
Security Reviews
We conduct regular security reviews and use reputable cloud infrastructure with SOC 2 certification.
Breach Response
In the event of a data breach, we will notify affected users and relevant authorities within 72 hours where required by law.
Despite these measures, no transmission over the internet or electronic storage method is 100% secure. We encourage you to use strong, unique passwords and to contact us immediately if you suspect any unauthorised access.
International Data Transfers
SPONAD operates primarily in India. Some of our third-party service providers (including AWS, Google, and HubSpot) process data in the United States and other jurisdictions outside India.
Where we transfer personal data of EEA or UK residents outside of those regions, we ensure appropriate safeguards are in place — including Standard Contractual Clauses approved by the European Commission, or reliance on adequacy decisions where applicable.
By using our services, you acknowledge and consent to the transfer of your data to these third-party processors in accordance with this policy and their own privacy policies.
Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from anyone under 18.
If you believe a child has provided us with personal data, please contact us immediately at privacy@sponad.com and we will take steps to delete that data promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an email notification to active clients and registered users where the change is material.
- Display a prominent notice on our website for 30 days following a significant update.
We encourage you to review this page periodically. Your continued use of our services after any change constitutes acceptance of the updated policy.
Previous versions of this policy are available on request by emailing privacy@sponad.com.
Contact Us
If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out to us:
- Email: privacy@sponad.com
- General contact: sponad.com/contact
- Response time: We aim to respond to all privacy-related requests within 30 days.
Have a question about
your data?
Our team is happy to answer any questions about how we collect, use, or protect your personal data. Reach out directly and we will respond within one business day.