NiveQo

Privacy Policy

How we collect, use, store and protect the personal data of people who visit this site or use our products.

About our status. NiveQo is currently operated by Hardik G. as a sole proprietorship (formal business registration is in progress). This page will be updated with the registered entity name and registration number once registration is complete.

1. Who this policy is from

This site is operated by Hardik G., operating as 'NiveQo' (referred to in this policy as “we”, “us” or NiveQo). Our principal place of business is at Nagpur, Maharashtra, India.

This Privacy Policy describes how we handle personal data in the course of operating niveqo.com, our marketing site, and the products we make available through it. It is intended to satisfy the disclosure obligations under the Digital Personal Data Protection Act, 2023 (“DPDPA”), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“IT Rules 2011”), and to give a clear account of our practices to anyone who interacts with us.

2. What data we collect, and why

2.1 When you submit our contact form

We ask for, and you choose to provide:

  • Your name
  • Your email address
  • Your company / business name (optional)
  • The content of your message

We use this information only to read and respond to your enquiry, to follow up on it where relevant, and to keep a record of our correspondence with you. We rely on your consent as the lawful basis for processing, which you give by ticking the consent box and submitting the form.

2.2 When you become a NiveQo client

If you sign up as a paying client for one of our products, we additionally collect:

  • Your business details (name, contact person, billing address, GSTIN if applicable)
  • Subscription information (plan, billing day, payment status, payment method and reference where you provide them)
  • Support correspondence (tickets, feature requests, screenshots you share)
  • Usage telemetry from the NiveQo CRM instance deployed for you — limited to which features and pages are used, aggregated by day. We do not collect the contents of your business data through this telemetry.

We rely on the performance of our contract with you as the lawful basis for processing this information, supplemented by our legitimate interest in operating, securing and improving the service.

2.3 Data we collect automatically

When you visit any page of this site, our hosting provider and we automatically collect basic technical information — your IP address, browser type, operating system, the page you visited and the time of the visit. This is used solely for security (e.g. blocking abuse) and for understanding aggregate traffic patterns. We do not use this data to build advertising profiles or to track you across other websites.

2.4 What we do not collect

We do not knowingly collect sensitive personal data or information within the meaning of Rule 3 of the IT Rules 2011 (passwords beyond what is needed to authenticate you, financial information beyond what payment processors handle directly, health, biometric, or sexual-orientation data). We do not knowingly collect data from children under 18.

3. Where your data is stored and processed

We use a small number of trusted infrastructure providers to operate the service. They process personal data on our behalf under their own privacy commitments, and we have selected each based on its security and data-protection posture.

ProcessorWhat they processWhere
Supabase Inc.Database hosting, authentication, file storageap-southeast-2 (Sydney, Australia)
Vercel Inc.Application hosting, edge functions, CDNGlobal edge network (primary functions in Sydney region)
ResendTransactional + outreach email delivery (sender: noreply@niveqo.com)ap-northeast-1 (Tokyo, Japan)
AiSensyWhatsApp Business outreach via Meta-approved templates (only when you opt in as a NiveQo client and have provided a phone number)India
GoDaddyDomain registration + DNS for niveqo.comUnited States

Some of these providers store data outside India. By using our site or services you acknowledge that your data may be transferred to, and processed in, countries other than India, and you consent to such transfer as required by Section 16 of the DPDPA, subject to the Indian government's notifications regarding restricted countries.

4. How long we keep your data

  • Contact-form enquiries — retained for as long as there is an active or recently-active conversation, and for up to 24 months after our last interaction for follow-up and record-keeping. You can ask us to delete sooner; see your rights below.
  • Client / subscription records — retained for the duration of your subscription and for 7 years thereafter as required by Indian tax and accounting record-keeping rules (e.g. Section 44AA of the Income-tax Act and the Companies Act).
  • Technical / automatic data — retained for up to 12 months for security purposes.
  • Backups — overwritten on a rolling 30-day cycle.

5. Who we share your data with

We do not sell your personal data to anyone, ever. We share data only with:

  • The infrastructure processors listed in Section 3, strictly to deliver the service to you;
  • Government, regulatory or law-enforcement bodies, when we are required to do so by Indian law or by a valid court order;
  • Professional advisors (lawyers, accountants), under their own confidentiality obligations, where necessary.

6. Your rights

Under Chapter III of the DPDPA, you have the right to:

  • Access the personal data we hold about you and obtain a summary of how it is being processed.
  • Correct, complete or update any of that data, or erase data that is no longer necessary for the purpose for which it was collected.
  • Withdraw consent at any time, where consent was our basis for processing.
  • Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
  • Lodge a grievance with our Grievance Officer (Section 9 below), and, if you are not satisfied with our response, escalate to the Data Protection Board of India once it is operational.

To exercise any of these rights, email hardikganvir63@gmail.com from the email address associated with your data, briefly stating which right you wish to exercise. We will respond within 30 days.

7. Cookies

Our site uses a small number of cookies that are strictly necessary to operate it (e.g. to keep you logged in to your account when you use a NiveQo product). We do not use advertising or third-party tracking cookies. See our Cookie Notice for the specifics.

8. Security

We follow reasonable security practices and procedures as contemplated under the IT Rules 2011, including encrypted transport (TLS) for all data in transit, encryption at rest on our database provider, principle-of-least-privilege access controls for our team, and ongoing review of our security posture as the service grows. No system can guarantee absolute security; if a breach occurs that is likely to affect you, we will notify you and the relevant authorities as required by the DPDPA and IT Rules 2011.

9. Grievance Officer

In accordance with Section 8(10) of the DPDPA and Rule 5(9) of the IT Rules 2011, the following individual is designated as the Grievance Officer for NiveQo:

10. Changes to this policy

We may update this policy from time to time as our practices, our infrastructure providers, or the applicable law change. When we do, we will update the “Last updated” date at the bottom of this page. If the change is material, we will also notify clients with an active subscription by email.

11. Contact

For anything else relating to this policy, email hardikganvir63@gmail.com.

Effective from 2026-06-01 · Last updated 2026-06-01