Privacy Policy
This policy explains what personal data askcanon.com collects, why we collect it, who else handles it, and the rights you have over it. It is written to comply with India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) for Indian visitors and the EU/UK General Data Protection Regulation (“GDPR”) for visitors in those regions. We have tried to keep it plain. Email hello@askcanon.com if anything is unclear.
1. Who we are
This site is operated as askcanon.com (“Canon”, “we”, “us”), an independent AEO (Answer Engine Optimisation) studio based in India. For the purpose of the DPDP Act we are the Data Fiduciary; for the purpose of the GDPR we are the Data Controller.
Our privacy contact is hello@askcanon.com. The same address is the Grievance Officer contact required under section 8(9) of the DPDP Act. We will acknowledge your message within 7 working days and resolve it within 30 days.
2. What data we collect
We collect only what we need. Specifically:
- When you visit the website. Your browser automatically sends us, and the infrastructure hosting this site, technical data such as your IP address, user agent (browser and operating system), referrer URL, the page you requested and the time of the request. This is standard web-server log data.
- When you click “Book an audit”. The button opens a Cal.com page. If you complete the booking, Cal.com collects the name, email address, timezone, and any notes you enter, and passes them to us so we can hold the call. We do not see this data until you submit the form on Cal.com.
- When you email us. The content of the email and your email address. That is handled by our email provider.
We do not collect payment information, government identifiers, health data, location data beyond a coarse city-level inference from your IP, or any “sensitive” or “special category” data. There are no forms on this website other than the Cal.com booking page.
3. Why we collect it, and our legal basis
| Purpose | Data used | Legal basis (GDPR) / Ground (DPDP) |
|---|---|---|
| Serve the website reliably and keep it secure | Server logs (IP, user agent, referrer, timestamps) | Legitimate interests / Legitimate use under DPDP s.7(i) |
| Schedule and run audit calls you book with us | Name, email, timezone, notes from Cal.com | Consent / Contract (when you book) under DPDP s.6 |
| Reply to emails you send us | Your email address and the content you sent | Consent / Legitimate interests |
We do not use your data for automated profiling or advertising decisions. We do not sell it.
4. Analytics and cookies
At the time this policy was written, we do not run Google Analytics, Meta Pixel, or any third-party analytics tracker on this website. We do not set advertising cookies. We do not set first-party analytics cookies.
If we introduce analytics in the future (for example Google Analytics 4 or a privacy-respecting alternative such as Plausible or Fathom), we will update this policy before the change goes live, and where the law requires it we will ask for your consent via a cookie banner. In the meantime the only browser storage this site uses is session state required for basic functionality (e.g. remembering whether the cursor or motion effects are disabled).
5. Third parties that process your data
The services listed below receive some of your data when you use this website. Each runs under its own privacy policy; links are provided.
- Vercel Inc. (United States) — website hosting and CDN. Receives server-log data described above. Vercel Privacy Policy.
- Cal.com, Inc. (United States) — booking pages for audit calls. Receives whatever you enter on the booking form. Cal.com Privacy Policy.
- Endurance International Group / BigRock (India) — domain registration and email hosting for hello@askcanon.com. Receives your emails to and from us. BigRock Privacy Policy.
- Google LLC (United States) — serves the web fonts used on this site from fonts.googleapis.com. Receives your IP and user agent when your browser requests a font. Google Privacy Policy.
- Content delivery networks — small motion libraries (Lenis, GSAP, split-type) are loaded from jsDelivr, Cloudflare and unpkg. These providers see your IP and user agent when your browser fetches a script.
We only use processors who offer contractual protections equivalent to those we promise you here.
6. International data transfers
Several of the processors above are located outside India and outside the EU/UK. Where your data is transferred to a country that does not have an adequacy decision (for example the United States), we rely on the processor’s Standard Contractual Clauses and supplementary security measures. Under the DPDP Act, such transfers are permitted except to countries specifically notified by the Government of India as restricted; we monitor the notified list and will suspend transfers to any country added to it.
7. How long we keep your data
- Server logs: retained by Vercel for up to 30 days, then deleted or aggregated.
- Booking records (Cal.com): retained for up to 24 months after the last interaction, then deleted unless we are required to keep them for tax or legal reasons.
- Email correspondence: retained for up to 36 months after the last message, then deleted.
You can ask us to delete your data sooner at any time (see section 8).
8. Your rights
Under the DPDP Act and the GDPR you have the following rights, regardless of where you live we will honour the broader of the two where they differ:
- Access — ask for a summary of the personal data we hold about you.
- Correction — ask us to fix data that is inaccurate or incomplete.
- Erasure — ask us to delete your data, subject to any overriding legal obligation.
- Withdraw consent — at any time, with the same ease as giving it. This does not affect the lawfulness of processing done before you withdrew.
- Portability (GDPR) — receive your data in a common machine-readable format.
- Objection (GDPR) — object to processing based on legitimate interests.
- Nominate (DPDP) — nominate another individual to exercise your rights on your behalf in the event of death or incapacity.
- Complaint — lodge a complaint with the Data Protection Board of India (once operational) or your local supervisory authority (e.g. the ICO in the UK, your national DPA in the EU).
To exercise any right, email hello@askcanon.com from the address we already have on file, or include enough information for us to verify your identity. We do not charge for reasonable requests.
9. Children
This site and our services are aimed at B2B audiences. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided data to us, email hello@askcanon.com and we will delete it.
10. Data security and breach notification
We take commercially reasonable steps to protect your data, including transport encryption (HTTPS), scoped access to production systems, and vendor selection based on published security practices. No system is perfectly secure; we cannot guarantee absolute security. If we become aware of a personal-data breach that is likely to cause you harm, we will notify the Data Protection Board and affected individuals as required by the DPDP Act and, where applicable, Articles 33 and 34 GDPR.
11. Changes to this policy
If we change this policy we will update the “Last updated” date at the top. For material changes (new processors, new purposes, a new analytics tool), we will highlight the change on the home page for at least 30 days.
12. Contact and grievance
Privacy & Grievance Officer: Canon (askcanon.com)
Email: hello@askcanon.com
Country of operation: India
If you are unhappy with our response, you may refer the matter to the Data Protection Board of India under the DPDP Act, or (if you are in the EU/UK) to your national data-protection authority.