Segumento India Private Limited (“Segumento”, “we”, “our” or “us”) is committed to protecting your privacy and handling your information responsibly. This Privacy Policy outlines how we collect, use, disclose, store and secure your data when you access our website www.segumento.com or engage with our platform providing services for Audience Segmentation, Location Intelligence, and Data Enrichment (collectively, the “Services”).  

This Policy is designed to comply with applicable data protection frameworks including but not limited to the Information Technology Act, 2000, Digital Personal Data Protection Act, 2023, the General Data Protection Regulation, and industry-leading practices under ISO 27001 and SOC 2.  

1. Scope and Applicability  

This Privacy Policy applies to all users and visitors of our website, as well as clients (organizations or authorized users) who avail or try our Services. However, this Policy does not apply to end-customers of our clients, where Segumento acts as a data processor or data fiduciary on behalf of the client.  

2. Definitions  

1. Personal Data refers to any data relating to an individual that can directly or indirectly identify them. 
    
2. Client Data refers to data uploaded by or on behalf of our clients, typically pseudonymized or anonymized information about their customers.  
   
   
3. Processing includes any operation performed on data, such as collection, use, storage or disclosure.
   
   
4. Data Subject means the individual to whom the personal data relates.  

3. Information We Collect  

1. Client Provided Data: Clients may upload datasets to our platform for segmentation and enrichment. These datasets typically do not contain directly identifiable personal data and may include unique customer identifiers (such as customer IDs or hashed tokens), demographic attributes (such as age range, gender, and city), behavioral data (such as browsing or purchase behavior), and attribution or device information.
    
2. Website and Platform Usage Data: When users interact with our website, we may automatically collect technical and interaction data such as IP addresses, browser type, device type, pages visited, time spent on pages, referral sources, and user navigation patterns. This is done through cookies or analytics tools.
   
   
3. Miscellaneous: We may also collect communication data if you contact us via email, support forms, or demo requests. This includes your name, email address, company name, and other details you voluntarily provide. 

4. Data We Collect from Our Data Partners  

In addition to the information you provide directly through your use of our Services, Segumento also receives certain information from our trusted third-party data suppliers (“Data Partners”). 

Our Data Partners include licensed data aggregators who primarily collect information through software development kits (SDKs) embedded in mobile applications. These Data Partners are contractually required to comply with applicable data protection laws (including the GDPR, the Digital Personal Data Protection Act, 2023, and other relevant regulations), and to obtain valid user permissions or consents where necessary before sharing information with us. 

The categories of information we may receive from our Data Partners include: 

1. Mobile Advertising Identifiers: Such as Apple iOS Identifier for Advertisers (IDFA) or Google Android Advertising ID. 
   
   
2. Precise Location Data: Geographic location of a device at a specific time, typically expressed in latitude/longitude coordinates with a timestamp. 
   
   
3. Location Accuracy Metrics: Information about the horizontal accuracy of the latitude/longitude coordinates, as well as altitude and vertical accuracy measurements.
    
4. Network Information: Phone carrier details and connection type (e.g., cellular or Wi-Fi). 
   
   
5. Device Information: Device type, model, operating system, version, and device language. 
   
   
6. IP Address: The public-facing (external) IP address of the device.
   
   
7. Hashed Contact Information: Hashed or encrypted email addresses (e.g., SHA256 or equivalent secure hashing standards). 

We use this information to provide our audience segmentation, location intelligence, and data enrichment solutions to our clients, in accordance with applicable laws and contractual safeguards. 

Where required, we implement measures to minimize, pseudonymize, or anonymize this information before processing or sharing it, and we do not use Data Partner information to directly identify individuals. 

5. Purpose of Processing  

We process data to deliver and improve our Services, including data segmentation, reporting, and analytics. Data may also be used to manage user accounts, respond to inquiries, perform billing functions, ensure system security, detect misuse, conduct audits, and fulfill legal obligations. 

We do not use client-uploaded datasets for our own marketing or unrelated profiling. Optional communications, such as newsletters or product updates, will only be sent to users who have explicitly opted in to receive them. 

6. Legal Basis for Processing  

We may process data based on one or more of the following lawful bases: 

1. The processing is necessary to perform a contract with the client. 
   
   
2. We have a legitimate interest in processing the data for purposes such as platform improvement or security, provided these interests are not overridden by individual rights. 
   
   
3. The processing is necessary to comply with legal obligations. 
   
   
4. The user has given explicit consent. 

7. Data Security  

We maintain comprehensive security protocols that align with the ISO 27001 and SOC 2 standards. These include: 

1. Encryption of data both in transit and at rest. 
   
   
2. Access controls based on user roles.
   
   
3. Secure cloud infrastructure with geographic access restrictions. 
   
   
4. Real-time monitoring, logging, and alerting. 
   
   
5. Regular vulnerability scans and penetration testing.  
   
   
6. Incident detection and response procedures.  
   
   
7. All input data is in hashed format and all output data is anonymized. It is distributed server to server in hashed format.  

Access to data is strictly limited to authorized personnel only based on the principle of least privilege.  

8. Data Retention  

Client-uploaded data is retained only for the duration of the service agreement or as otherwise instructed by the client. Clients can request deletion, export, or archival of their data at any time by contacting us or through the platform. 

Platform usage logs are generally retained for up to twelve months for system monitoring, performance optimization, and legal compliance. De-identified and aggregated data, which cannot be linked back to any individual or client, may be retained indefinitely for benchmarking or analytics. 

9. Data Disclosure and Sharing   

Data may be shared in the following circumstances: 

1. With cloud infrastructure providers and analytics tools who process data under written agreements ensuring adequate security and confidentiality.  
   
   
2. With legal or regulatory authorities, courts, or government agencies, when required to comply with applicable laws or valid legal requests. 
   
   
3. With professional advisors (such as auditors or legal counsel), where necessary for compliance or enforcement.  
   
   
4. With third parties in connection with a merger, acquisition, financing or sale of business assets, subject to confidentiality protections.  

10. Your Rights  

You may have various rights regarding your personal data, depending on applicable data protection laws. These rights include: 

1. The right to access the data we hold about you. 
   
   
2. The right to request correction of inaccurate or outdated data.  
   
   
3. The right to request deletion of your data, where legally permitted. 
   
   
4. The right to withdraw consent at any time (where processing is based on consent). 
   
   
5. The right to object to or restrict processing in certain circumstances. 
    
6. The right to data portability, allowing you to obtain and reuse your data.  
   
   
7. The right to nominate another individual to exercise your rights on your behalf, in accordance with Section 14 of the DPDP Act. 

To exercise any of these rights, please contact us at privacy@segumento.com. We may ask for proof of identity to verify your request. 

11. Cookies and Tracking Technologies  

Our website uses cookies and similar technologies to enhance functionality, analyze traffic, and improve user experience. Cookies may collect device and browsing information but do not store personal identifiers unless you voluntarily submit them via forms. 

You may adjust your cookie preferences through your browser settings. For more information on how we use cookies, please refer to our Cookie Policy (available on the website or upon request). 

12. Changes to this Policy  

We may update this Privacy Policy from time to time to reflect changes in technology, legal requirements, or our data handling practices. All changes will be published on this page with the revised “Effective Date.” Where required by law or where the change materially affects your rights, we will provide additional notice through email or platform notifications. 

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. 

12. Contact Us  

If you have any questions, concerns, or complaints related to this Privacy Policy or your personal data, you may contact us at: 

Email: privacy@segumento.com 

Address: Segumento India Private Limited 
1004, Techno IT Park, New Link Road, Borivali West, Mumbai, Mumbai Suburban, Maharashtra, 400091