Effective Date: April 18, 2026 | Last Updated: April 18, 2026
1. Introduction
Welcome to mobilefirst.digital ("Website", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
This policy is compliant with applicable Indian laws, including the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), as well as the data policies of third-party platforms we integrate with, including Google, Meta (Facebook and Instagram), and WhatsApp.
By accessing or using our Website, you consent to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with the terms described herein, please discontinue use of our Website immediately.
2. Identity and Contact of Data Fiduciary
As defined under the DPDP Act, 2023, mobilefirst.digital acts as the Data Fiduciary for all personal data processed through this Website. We are responsible for determining the purpose and means of processing your personal data and for ensuring that such processing is carried out lawfully, fairly, and transparently.
For any privacy-related queries, requests, or complaints, you may reach us at privacy@mobilefirst.digital. We have also designated a Grievance Officer as required under Indian law, who can be contacted at grievance@mobilefirst.digital. The address of our Grievance Officer is [Registered Address of mobilefirst.digital]. We will endeavour to resolve all grievances within 30 days of receipt, in accordance with the DPDP Act, 2023.
3. Information We Collect
3.1 Information You Provide Directly
When you interact with our Website, you may provide us with personal information such as your name, email address, and phone number through contact forms or subscription sign-ups. You may also share your business information, including your company name or job designation, as well as any other information you choose to include in your communications with us.
3.2 Information Collected Automatically
When you visit our Website, certain technical information is collected automatically by our servers and analytics tools. This includes your IP address, browser type, device type, operating system, and the URL that referred you to our Website. We also collect data about your browsing behaviour on our site, such as the pages you visit, the time you spend on each page, the links you click, and the navigation path you follow through our content.
3.3 Information from Third-Party Platforms
We integrate with several third-party platforms that may share certain data with us based on your interactions. When you engage with our advertisements or pages on Google, information such as ad interaction data, analytics identifiers including device IDs and cookie IDs, and aggregated demographic signals may be shared with us as permitted under Google's API Services User Data Policy. When you interact with our ads or pages on Meta platforms including Facebook and Instagram, data such as your reactions, comments, clicks, and any lead form submissions may be collected through the Meta Pixel and Conversions API. When you send a message to our verified WhatsApp Business account, your phone number and conversation history become available to us for the purpose of providing customer support and managing communications.
4. How We Use Your Information
We use the personal data we collect to provide, maintain, and continuously improve our website and the services we offer. Where you have reached out to us, we use your information to respond to your inquiries, send transactional messages, and deliver customer support, including through WhatsApp where you have opted in to such communication.
With your consent, we may use your contact information to send you promotional materials, newsletters, and information about our services that may be relevant to you. You may opt out of marketing communications at any time by following the unsubscribe instructions included in our emails or by contacting us directly.
We use analytics data collected through Google Analytics and the Meta Pixel to understand how users interact with our Website, to measure the effectiveness of our content and campaigns, and to optimise the user experience. We serve targeted advertisements on Google and Meta platforms using anonymised and aggregated data wherever possible, to reach audiences who may be interested in our services.
We also process personal data where necessary to comply with applicable Indian laws, court orders, or directions from competent government authorities, and to detect, investigate, and prevent fraudulent transactions and other illegal activities that could harm our users or our business.
5. Legal Basis for Processing Personal Data
Under the Digital Personal Data Protection Act, 2023, all processing of personal data must rest on a valid legal ground. We process your personal data on the basis of your explicit and informed consent where you have actively agreed to a specific use, such as receiving marketing communications or opting in to WhatsApp messages. Where processing is necessary to fulfil a contract with you or to take pre-contractual steps at your request, we rely on contractual necessity as our lawful basis.
In certain circumstances, we may process your data on the basis of our legitimate interests, such as maintaining website security, preventing fraud, or improving our services, provided that those interests are not overridden by your fundamental rights and freedoms. Where Indian law imposes an obligation on us to collect or retain certain data, we process it on the basis of legal compliance. You may withdraw your consent at any time for processing activities based on consent, without affecting the lawfulness of any processing that occurred before the withdrawal.
6. Sharing of Your Information
We do not sell your personal data to any third party. We share your information only in the limited circumstances described below, and only to the extent necessary for the stated purpose.
6.1 Google
We use Google Analytics and Google Ads to measure website performance and to run digital advertising campaigns. Data shared with Google in connection with these services is governed by Google's Privacy Policy, available at https://policies.google.com/privacy, and by Google's Advertising Policies. We have configured our Google services to minimise the sharing of personally identifiable information, and we have enabled IP anonymisation where applicable. For any cross-border transfer of data to Google's servers located outside India, we rely on Standard Contractual Clauses as an appropriate safeguard.
6.2 Meta (Facebook and Instagram)
We use the Meta Pixel, the Meta Conversions API, and Meta Business Tools to run advertising campaigns and measure their performance on Facebook and Instagram. Data shared with Meta is governed by Meta's Data Policy, available at https://www.facebook.com/privacy/policy. We do not share Sensitive Personal Data as defined under the SPDI Rules with Meta for advertising or any other purpose. We have implemented Meta's Consent Mode to ensure that tracking and data sharing are activated only after a user has provided their consent through our cookie banner.
6.3 WhatsApp Business
We use the WhatsApp Business API to communicate with users who have initiated contact with us or who have consented to receive communications from us on the platform. Data exchanged via WhatsApp, including your phone number and conversation content, is governed by WhatsApp's Privacy Policy available at https://www.whatsapp.com/legal/privacy-policy. We do not initiate unsolicited messages and retain WhatsApp conversation data only for as long as necessary to fulfil the communication purpose.
6.4 Service Providers
We engage trusted third-party vendors including hosting providers, CRM platforms, and email delivery services who process data on our behalf as Data Processors. These vendors are bound by contractual obligations to maintain strict confidentiality, to process data only for the purposes we have authorised, and to implement appropriate technical and organisational security measures.
6.5 Legal Disclosure
We may disclose your personal information if required to do so by law, by a court order, or by a direction from a competent government authority under the IT Act, 2000, the DPDP Act, 2023, or any other applicable Indian legislation. In such cases, we will disclose only the minimum information necessary to satisfy the legal requirement.
7. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies to enhance your experience and to support our analytics and advertising activities. Essential cookies are strictly necessary for the website to function and cannot be disabled. Analytics cookies, primarily through Google Analytics, collect anonymised data about how visitors use our site in order to help us improve our content and performance. Advertising cookies deployed through Meta Pixel and Google Ads allow us to serve relevant advertisements to users across other platforms based on their interactions with our Website. Functional cookies remember your preferences and settings to provide a more personalised experience on subsequent visits.
You can manage your cookie preferences at any time through our cookie consent banner or through your browser settings. Please note that disabling advertising cookies may reduce the relevance of ads you see, but will not restrict your ability to use any part of the Website. For a comprehensive understanding of how Google uses cookies, please visit https://policies.google.com/technologies/cookies.
8. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or for as long as required or permitted by applicable Indian law. Contact form submissions and inquiry data are retained for a period of two years from the date of last interaction. Analytics and usage data is retained in accordance with Google Analytics default retention settings, which limit user-level data to a maximum of 14 months. WhatsApp communication logs are retained for one year from the date of the last message in a conversation thread. Records maintained for legal compliance purposes are kept for the applicable period under the relevant Indian statute of limitations.
Once the relevant retention period has expired, personal data is securely deleted or irreversibly anonymised so that it can no longer be associated with any individual.
9. Cross-Border Data Transfers
Our Website integrates with third-party platforms including Google and Meta, whose servers are located outside India, primarily in the United States and Ireland. As a result, your personal data may be transferred to and processed in countries that may have different data protection standards than India. We ensure that all such cross-border transfers are carried out in compliance with the DPDP Act, 2023, and applicable notifications issued by the Government of India, using approved transfer mechanisms such as Standard Contractual Clauses. We will update our transfer practices as the Government of India issues further regulations designating countries to which data transfers are permissible.
10. Your Rights as a Data Principal
The Digital Personal Data Protection Act, 2023, grants you a set of rights in relation to your personal data that we are committed to honouring. You have the right to access information about the personal data we hold about you and to understand how it is being processed. You have the right to request correction of any personal data that is inaccurate, outdated, or incomplete. You have the right to request erasure of your personal data where there is no legitimate or legal basis for us to continue retaining it. Where our processing is based on your consent, you have the right to withdraw that consent at any time, without prejudice to the lawfulness of processing carried out before the withdrawal.
You also have the right to have any grievance related to our data processing practices addressed by our Grievance Officer within 30 days of raising the complaint. You may nominate another individual to exercise these rights on your behalf in the event of your death or incapacity. To exercise any of these rights, please write to us at privacy@mobilefirst.digital. We will respond within the timeframe required under the DPDP Act.
11. Security of Your Personal Data
We implement reasonable security practices and procedures as mandated by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These measures include SSL/TLS encryption to protect data during transmission, strict access controls that limit data access to authorised personnel only, and regular security assessments to identify and remediate potential vulnerabilities. We also follow the principle of data minimisation, ensuring that we collect only the personal data that is strictly necessary for the intended purpose.
In the event of a personal data breach that is likely to result in harm to you, we will notify the Data Protection Board of India as required under the DPDP Act, 2023, and will take all reasonable steps to contain the breach and mitigate its impact. You will be informed of any breach that is likely to affect your rights or interests, in accordance with applicable law.
12. Children's Privacy
Our Website is not directed at children under the age of 18, and we do not knowingly collect personal data from minors. If we become aware that a child has provided us with personal data without verifiable parental consent, we will promptly take steps to delete that information from our records. In compliance with the DPDP Act, 2023, we obtain verifiable parental or guardian consent before processing the personal data of any individual under 18 years of age. Parents or guardians who believe their child has submitted personal data to us without consent are encouraged to contact us at privacy@mobilefirst.digital so that we can take appropriate corrective action.
13. Third-Party Links
Our Website may contain links to websites operated by third parties that are not affiliated with mobilefirst.digital. These links are provided for your convenience only. We have no control over the content, privacy practices, or data handling of those websites, and this Privacy Policy does not apply to them. We encourage you to review the privacy policy of every third-party website you visit before submitting any personal information. Your interactions with those websites are solely between you and the third-party operator.
14. Meta Platform Compliance
In our use of Meta's advertising and analytics tools, we adhere strictly to the requirements of Meta's Platform Terms and Developer Policies. We do not share Sensitive Data categories, including health, financial, or biometric information, with Meta for advertising or any other purpose. Our implementation of the Meta Pixel incorporates Consent Mode, which ensures that the pixel fires and transmits data only after a user has provided their informed consent through our cookie banner. We do not use data obtained from Meta's Business Tools to build user profiles for purposes that fall outside those explicitly permitted under Meta's Business Tools Terms. Users who wish to opt out of interest-based advertising on Meta platforms may do so through their Facebook or Instagram account settings.
15. Google Services Compliance
In our use of Google Analytics and Google Ads, we comply fully with Google's Terms of Service and Advertising Policies. We have enabled IP anonymisation within Google Analytics so that full IP addresses are never stored or transmitted to Google's servers. We do not pass personally identifiable information to Google through our analytics implementation except as explicitly permitted by Google's Terms of Service. We have implemented Google Consent Mode v2 across our Website so that measurement tags and advertising pixels are triggered only in accordance with the user's expressed consent preferences. We do not combine data collected through Google services with personal data from other sources in a manner that could identify individual users without their explicit consent.
16. WhatsApp Business Compliance
Our use of the WhatsApp Business API is governed by WhatsApp's Business Policy and Commerce Policy, and we are committed to full compliance with these requirements. We obtain prior opt-in consent from every user before initiating any marketing or promotional message via WhatsApp. Users who wish to opt out of WhatsApp communications from us may do so at any time by replying STOP to any message or by contacting us at privacy@mobilefirst.digital, and we will process all such requests promptly. We do not share the content of WhatsApp conversations with any third party for advertising, analytics, or any other purpose. All WhatsApp communications are conducted in compliance with applicable Indian telecommunications regulations, including the Telecom Commercial Communications Customer Preference Regulations issued by the Telecom Regulatory Authority of India.
17. Changes to This Privacy Policy
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our practices, changes in applicable law, or changes in the policies of the third-party platforms we use. When we make material changes to this policy, we will update the Last Updated date shown at the top of this document. Where required by law or where the changes significantly affect your rights, we will notify you by email or through a prominent notice on our Website before the changes take effect. Your continued use of the Website after any such update constitutes your acknowledgement of the revised Privacy Policy. We encourage you to review this page periodically to stay informed of how we protect your data.
18. Grievance Redressal Mechanism
In accordance with the IT Act, 2000, the SPDI Rules, 2011, and the DPDP Act, 2023, we have designated a Grievance Officer to receive and address complaints, queries, and concerns regarding this Privacy Policy and the processing of personal data by mobilefirst.digital. Our Grievance Officer can be reached at grievance@mobilefirst.digital or at [Registered Address of mobilefirst.digital]. The Grievance Officer's name and designation are [Name], [Designation]. We are committed to acknowledging all grievances and resolving them within 30 days of receipt.
If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India, once it is constituted and made operational under the DPDP Act, 2023. Information about the Board and how to file a complaint will be made available on the official Government of India website once the Board is functional.
19. Governing Law and Jurisdiction
This Privacy Policy is governed by and shall be construed in accordance with the laws of India. Any disputes, claims, or controversies arising out of or in connection with this Privacy Policy, including any questions regarding its existence, validity, or termination, shall be subject to the exclusive jurisdiction of the courts located in [City, State], India. By continuing to use our Website, you irrevocably submit to the jurisdiction of such courts.
This Privacy Policy was prepared for mobilefirst.digital. It does not constitute legal advice. Please consult a qualified legal professional for jurisdiction-specific guidance.