Privacy Policy

How SetuIoT collects, uses, shares, and protects personal data — in accordance with India's Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.

1. Who we are & scope

This Privacy Policy explains how SetuIoT (“SetuIoT”, “we”, “us”, or “our”) — operated by SetuIoT Pvt Ltd, having its registered office at I-1401, Swagat Queensland, Sargasan, Gandhinagar, Gujarat, India 382421 — handles personal data of individuals (“you”) who visit setuiot.com, request a demo, or otherwise interact with us.

For the purposes of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), SetuIoT acts as a Data Fiduciary in respect of the personal data it determines the purpose and means of processing for, and you are the Data Principal. This Policy also reflects our obligations under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”).

2. Key definitions

Personal Data — any data about an individual who is identifiable by or in relation to such data.
Data Principal — the individual to whom the personal data relates.
Data Fiduciary — the entity (SetuIoT) that determines the purpose and means of processing personal data.
Processing — any operation performed on personal data, such as collection, storage, use, sharing, or erasure.

3. Data we collect

a. Information you provide to us

When you submit our “Book a demo” / contact form, we collect the details you choose to provide: your name, work email address, company name, intended use case, and any message you write. If you email us directly, we receive your email address and message contents.

b. Information collected automatically

Like most websites, when you visit setuiot.com our hosting provider and the third-party services that deliver page assets (see Section 6) may automatically log limited technical information such as your IP address, browser type, device, and the date/time of access. We use this only for security, reliability, and to operate the site.

c. What we do not collect

We do not currently run advertising or analytics trackers, and we do not set non-essential cookies (see Section 12). We do not knowingly collect sensitive personal data (such as financial, health, or biometric data) through this website, and we ask that you not submit such information via our forms.

4. How & why we use it

We process your personal data for the following specified purposes:

To respond to your demo request or enquiry and communicate with you about it;
To evaluate and discuss a potential design-partner or commercial relationship;
To send you information you have asked for, or that is necessary to provide a service you requested;
To operate, secure, maintain, and improve our website; and
To comply with applicable law and enforce our legal rights.

We will not use your personal data for a new purpose that is incompatible with the above without informing you and, where required, obtaining your consent.

Under the DPDP Act, we process your personal data on the basis of your consent, which you provide when you voluntarily submit your details through our forms or contact us. Where applicable, we may also process data for “certain legitimate uses” permitted under the Act (for example, where you have voluntarily provided data for a specified purpose).

Your consent is free, specific, informed, unconditional, and unambiguous. You may withdraw your consent at any time (see Section 10); withdrawal does not affect the lawfulness of processing carried out before withdrawal, and may mean we can no longer respond to your enquiry.

We do not sell your personal data. We share it only with trusted service providers (Data Processors) who help us operate the website and respond to you, under appropriate contractual safeguards:

Web3Forms — processes our demo/contact form submissions and delivers them to us by email. Form data passes through Web3Forms’ infrastructure for this purpose.
Google (Google Fonts & Google Workspace) — Google Fonts may receive your IP address to serve fonts; Google Workspace is used to receive and respond to your emails.
Our hosting / infrastructure providers — host the website and may process technical logs.

We may also disclose personal data where required by law, court order, or a lawful request by a public authority, or to protect our rights, safety, and property.

7. Cross-border transfer

Some of the service providers above may store or process data on servers located outside India. Where personal data is transferred outside India, we do so in accordance with the DPDP Act and applicable Government of India notifications, and we take reasonable steps to ensure your data continues to be protected.

8. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this Policy, to maintain our business relationship, or as required to comply with legal obligations. When personal data is no longer needed and there is no legal requirement to retain it, we will erase it or anonymise it.

9. Security

We implement reasonable security practices and procedures as required under the SPDI Rules and the DPDP Act, including access controls, encryption in transit (HTTPS), and limiting access to personal data to those who need it. While we take security seriously, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals as required by law.

10. Your rights as a Data Principal

Subject to the DPDP Act, you have the right to:

Access a summary of the personal data we hold about you and how we process it;
Correction, completion, and updating of your personal data;
Erasure of your personal data where it is no longer required;
Withdraw consent at any time;
Grievance redressal through our Grievance Officer (Section 13); and
Nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any of these rights, contact us at privacy@setuiot.com. We may need to verify your identity before acting on your request. If you are not satisfied with our response, you may escalate to the Data Protection Board of India.

11. Children's data

Our website and services are intended for businesses and professionals and are not directed at children. Under the DPDP Act, a “child” is an individual under 18 years of age. We do not knowingly process the personal data of children without verifiable parental/guardian consent, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child has provided us personal data, contact us and we will delete it.

12. Cookies & tracking

We aim to keep this site lightweight. We do not use advertising cookies or third-party analytics/tracking cookies. Some essential technical functionality and third-party asset delivery (such as fonts) may involve standard network requests as described in Section 6. If we introduce analytics or non-essential cookies in future, we will update this Policy and seek your consent where required.

13. Grievance Officer

In accordance with the SPDI Rules and the DPDP Act, you may address any questions, concerns, or grievances about your personal data to our Grievance Officer:

Jaydip Patel

Grievance Officer, SetuIoT

Email: grievance@setuiot.com

Address: I-1401, Swagat Queensland, Sargasan, Gandhinagar, Gujarat, India 382421

We will acknowledge and endeavour to resolve grievances within the timelines prescribed under applicable Indian law (and in any case within 30 days).

14. Changes & contact

We may update this Privacy Policy from time to time to reflect changes in our practices or the law. The “Last updated” date at the top indicates when it was last revised. Material changes will be highlighted on this page.

For any questions about this Policy or our data practices, contact us at privacy@setuiot.com.