Privacy Policy

Continuiq Consulting is a freelance data and business analytics agency based in Indore, Madhya Pradesh, India. We provide dashboard development, data audits, and analytics consulting to e-commerce and D2C brands.

For the purposes of the DPDP Act 2023, we are the Data Fiduciary — the entity that determines the purpose and means of processing your personal data. For GDPR purposes, we are the Data Controller.

Contact: contactcontinuiq@gmail.com

We collect only what is necessary to respond to your audit request:

We also collect standard server logs (IP address, browser type, pages visited) via Vercel and Plausible Analytics. This data is anonymised and never linked to your identity.

We use your personal data only for the following purposes:

• Responding to your free data audit request within 12 hours
• Delivering the audit report and any agreed consulting deliverables
• Sending the automated acknowledgement email on form submission
• Following up on proposals if you asked us to
• Improving our services based on aggregated, anonymised feedback

We do not sell, rent, or trade your personal data to any third party for marketing purposes — ever.

Under the DPDP Act 2023, we process your data on the basis of your free, informed, specific, and unconditional consent, which you give by submitting the audit request form. You may withdraw consent at any time (see Section 7).

For visitors from the EU/EEA, our GDPR legal basis is:

• Consent (Art. 6(1)(a)) — for audit form submissions and email communication
• Legitimate interests (Art. 6(1)(f)) — for anonymised analytics to improve site performance
• Contract performance (Art. 6(1)(b)) — where we have an active consulting engagement with you

We share your data only with the following processors, solely to deliver the service you requested:

• Resend (transactional email) — your name and email address, to send the auto-reply and our response. Resend is GDPR-compliant and SOC 2 Type II certified.
• Google Sheets / Workspace — form submissions are stored in a private Google Sheet accessible only to the Continuiq founder. Governed by Google's DPA.
• Vercel — our hosting provider, which processes server logs. Vercel is GDPR-compliant.
• Plausible Analytics — privacy-first, cookieless analytics. No personal data is collected. Plausible is GDPR/DPDP-compliant by design.

No data is transferred to countries outside India or the EU without appropriate safeguards (Standard Contractual Clauses where applicable).

We retain your data for the minimum period necessary:

• Audit request submissions — 12 months from submission, unless you become a paying client (in which case, for the duration of the engagement + 2 years for invoicing/tax purposes)
• Email correspondence — 24 months from last contact
• Server/analytics logs — 90 days (Vercel default); Plausible data is aggregated and retained indefinitely in anonymised form

After the retention period, your data is permanently deleted from our systems and from our processors' systems upon request.

Under the DPDP Act 2023, you have the following rights:

• Right to access — request a summary of the personal data we hold about you
• Right to correction — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your data where there is no legal basis to retain it
• Right to grievance redressal — raise a complaint with our Grievance Officer (see Section 12)
• Right to withdraw consent — withdraw your consent at any time; this does not affect the lawfulness of processing prior to withdrawal
• Right to nominate — under DPDP, you may nominate another individual to exercise your rights in case of incapacity or death

EU/EEA residents also hold GDPR rights including portability (Art. 20), restriction of processing (Art. 18), and the right to lodge a complaint with your supervisory authority.

To exercise any right, email contactcontinuiq@gmail.com with subject line "Privacy Request". We will respond within 30 days (the DPDP Act mandated timeframe).

We use Plausible Analytics, which is cookieless and does not collect any personal data. No tracking cookies are set on your device. No cookie consent banner is required or shown.

Vercel may set functional cookies for performance optimisation. These are strictly necessary and do not require consent under Indian or EU law.

We take reasonable technical and organisational measures to protect your data:

• All data in transit is encrypted via HTTPS (TLS 1.2+), enforced by Vercel
• Form data is transmitted directly to Resend and Google Sheets over encrypted connections
• Access to the Google Sheet is restricted to the Continuiq founder account with 2FA enabled
• No passwords or payment card details are ever collected through this website

In the event of a data breach that poses a risk to your rights, we will notify you and, where required, the relevant authority within 72 hours of becoming aware of it.

Our services are intended for business professionals aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected such data, please contact us immediately at contactcontinuiq@gmail.com and we will delete it promptly.

We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be highlighted at the top of this page with an updated "Last updated" date. We encourage you to review this page periodically.

Continued use of https://continuiqconsulting.com after changes are posted constitutes acceptance of the updated policy.

For any privacy-related queries, requests, or complaints, contact our Grievance Officer (as required under Section 13 of the DPDP Act 2023):

If you are unsatisfied with our response, you may escalate your complaint to the Data Protection Board of India (once constituted under the DPDP Act), or to your local data protection supervisory authority if you are in the EU/EEA.