Free UX Audit

Talk to us

Legal

Privacy Policy

This privacy notice for GoProtoz (“GoProtoz,” “we,” “us,” or “our”) describes how and why we may collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:

  • Visit our website at https://www.goprotoz.com, or any website of ours that links to this privacy notice;

  • Engage our UI/UX design, UX research, product design, or related professional services;

  • Enrol in, enquire about, or participate in a GoProtoz Academy / PowerUp Academy programme, workshop, or webinar; or

  • Engage with us in other related ways, including any sales, marketing, or events.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at hello@goprotoz.com.

Summary of Key Points

This summary provides key points from our privacy notice. You can find more detail on any topic by using the table of contents below to locate the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with GoProtoz and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? We do not intentionally collect or process special-category / sensitive personal information (such as health, biometric, or financial-account data) in the ordinary course of providing our Services. Where any such data is unavoidably shared with us, we process it only with your consent or as otherwise permitted by applicable law.

Do we collect information from third parties? We generally collect information directly from you. We may receive limited business-contact information from publicly available sources, referrals, or analytics providers in connection with our marketing and business-development activities.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, such as service providers who act on our behalf under contract, and in connection with business transfers.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.

What are your rights? Depending on where you are located — including India, the European Economic Area, the United Kingdom, Canada, and California — applicable privacy law may give you certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at hello@goprotoz.com or via goprotoz.com/contact. We will consider and act upon any request in accordance with applicable data protection laws.

Table of Contents

1. What information do we collect?
2. How do we process your information?
3. What legal bases do we rely on?
4. When and with whom do we share your information?
5. How long do we keep your information?
6. How do we keep your information safe?
7. Do we collect information from minors?
8. Your privacy rights — India (DPDP Act)
9. Your privacy rights — EEA, UK & Canada
10. Controls for Do-Not-Track features
11. Do California residents have specific rights?
12. International data transfers
13. Do we make updates to this notice?
14. How can you contact us about this notice?
15. How can you review, update, or delete your data?

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express interest in obtaining information about us or our Services, when you participate in activities on the Services, enrol in an Academy programme, or otherwise contact us.

Personal Information Provided by You. The personal information we collect may include: names; email addresses; phone numbers; company or job title; billing and contact details where you engage our paid Services or Academy programmes; and the contents of any messages or project material you send us.

Sensitive Information. We do not intentionally process sensitive or special-category information. Under India’s Digital Personal Data Protection Act, 2023, all personal data is treated with the same baseline protections, and we apply appropriate safeguards accordingly.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

When you visit our Services, we (and our analytics and hosting providers) may automatically collect certain technical information — such as IP address, device and browser characteristics, and usage/interaction data — through cookies and similar technologies, for security, analytics, and to maintain the functioning of the Services.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including to:

  • deliver and facilitate delivery of Services and Academy programmes to you;

  • respond to your enquiries and provide customer support;

  • send administrative information, and marketing or promotional communications where permitted;

  • enable user-to-user or user-to-instructor communications where you use such offerings;

  • protect our Services, including fraud prevention and security; and

  • save or protect an individual’s vital interest, such as to prevent harm.

3. What Legal Bases Do We Rely On to Process Your Information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., a legal basis) to do so under applicable law.

If you are located in India, this section applies to you.

The Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Digital Personal Data Protection Rules, 2025 govern the processing of digital personal data of individuals (“Data Principals”) in India. As a Data Fiduciary under the DPDP Act, we process your personal data primarily on the basis of your consent, which we obtain through a clear notice at or before the point of collection, or for certain legitimate uses permitted by the Act. You have the right to withdraw your consent at any time, and we provide an accessible means to do so.

Note on DPDP status: The DPDP Act and DPDP Rules, 2025 are being implemented in phases, with the substantive obligations for Data Fiduciaries expected to become fully enforceable by 2027. We are aligning our practices to the DPDP framework ahead of full enforcement, and this notice will be updated as further provisions come into force.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following:

  • Consent. Where you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.

  • Performance of a Contract. Where necessary to fulfil our contractual obligations to you, including providing our Services.

  • Legitimate Interests. Where necessary for our legitimate business interests, provided these are not overridden by your rights.

  • Legal Obligations. Where necessary for compliance with our legal obligations.

  • Vital Interests. Where necessary to protect the vital interests of any person.

If you are located in Canada, this section applies to you.

We may process your information where you have given express consent, or where consent can be inferred (implied consent). You can withdraw your consent at any time. In certain limited circumstances permitted by law, we may process your information without your consent — for example, for fraud detection and prevention, where collection is clearly in an individual’s interest and consent cannot be obtained in a timely way, or where required to comply with a subpoena, warrant, or court order.

4. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

We may share or transfer your personal information in the following situations:

  • Service Providers / Data Processors. We may share your information with third-party vendors and service providers (such as hosting, analytics, email, payment, and IT providers) who perform services on our behalf under written contract and who are only permitted to process your data on our instructions.

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

  • Legal Requirements. We may disclose your information where required to do so by law or in response to valid requests by public authorities.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising or targeted advertising.

5. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible, securely store it and isolate it from further processing until deletion is possible. Where applicable under the DPDP Act, we will erase personal data when the specified purpose for which it was collected is no longer being served and retention is not otherwise required by law.

6. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security. You should only access the Services within a secure environment. In the event of a personal data breach, we will notify affected individuals and the relevant supervisory authority (including, where applicable, the Data Protection Board of India) as required by applicable law.

7. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age, and we require verifiable parental consent where the law requires it.

We do not knowingly solicit data from or market to children under 18 years of age. Under India’s DPDP Act, processing the personal data of a child (defined as an individual under 18) requires verifiable consent of a parent or lawful guardian, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. By using the Services, you represent that you are at least 18, or that you are the parent or guardian of such a minor and consent to such minor’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected without appropriate consent, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from a child, please contact us at hello@goprotoz.com.

8. Your Privacy Rights — India (DPDP Act, 2023)

In Short: If you are a Data Principal in India, you have specific rights over your personal data under the DPDP Act, 2023.

Subject to the DPDP Act and DPDP Rules, 2025, you have the right to:

Access a summary of the personal data we process about you and the processing activities undertaken;

  • Correction, completion, and updating of your personal data, and erasure of personal data that is no longer necessary for the purpose for which it was processed;

  • Grievance redressal through our designated contact point, which we will address within the timelines prescribed by the DPDP Rules (no later than 90 days);

  • Nominate another individual to exercise your rights in the event of your death or incapacity; and

  • Withdraw consent at any time, as easily as it was given.

To exercise any of these rights, contact us at hello@goprotoz.com. If you are not satisfied with our response, you may escalate your grievance to the Data Protection Board of India in accordance with the DPDP Act.

9. Your Privacy Rights — EEA, UK & Canada

In Short: In some regions, such as the EEA, the UK, and Canada, you have rights that allow you greater access to and control over your personal information.

In these regions you may have the right to: request access to and obtain a copy of your personal information; request rectification or erasure; restrict or object to the processing of your personal information; and, where applicable, data portability. You can make such a request by contacting us using the details in section 14.

If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw it at any time by contacting us. This will not affect the lawfulness of processing before its withdrawal.

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

11. Do California Residents Have Specific Privacy Rights?

In Short: Yes. If you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83 (“Shine The Light”) permits California residents to request, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes. Under the California Consumer Privacy Act (CCPA/CPRA), California residents also have the right to know what personal information we collect, to request deletion or correction, to opt out of any “sale” or “sharing” of personal information, and to non-discrimination for exercising these rights.

GoProtoz does not sell personal information and has not disclosed or sold personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. The categories of personal information we may collect are described in section 1. To make a request or for more information, contact us using the details in section 14. We will verify your identity before responding, using information you have previously provided to us.

12. International Data Transfers

In Short: We operate internationally, and your information may be processed in countries other than your own.

GoProtoz maintains operations and offices in India, Germany, and the United States, and engages service providers who may process data in other jurisdictions. Where we transfer personal information across borders, we take steps to ensure it is protected in accordance with applicable data protection laws, including through appropriate contractual safeguards. Cross-border transfer of personal data from India is subject to any restrictions notified by the Government of India under the DPDP Act.

13. Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date at the top of this notice and will be effective as soon as it is accessible. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

14. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at hello@goprotoz.com, call us at +91 990 090 7810, or contact us by post using the details below:

India (Registered Office)

GoProtoz, Post Office 88, near Borewell Road, Dodsworth Layout, Whitefield, Bengaluru, Karnataka 560066, India

Tel: +91 990 090 7810  ·  Email: hello@goprotoz.com

Germany

c/o WeWork, Axel-Springer-Platz 3, 20355 Hamburg, Germany  ·  Tel: +49 176 26993440

United States

2420 Elm Valley Drive, Little Elm, TX 75068, USA  ·  Tel: +1 408 400 3774


15. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country or region, you may have the right to request access to the personal information we collect from you, details about how we have processed it, to correct inaccuracies, or to delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. To request to review, update, or delete your personal information, please contact us at hello@goprotoz.com or visit goprotoz.com/contact. We will respond to your request in accordance with applicable data protection laws.