Endorphyn Web, operated by Shivansh Chawla, Gurugram, Haryana, India ("we", "us", "our"), is committed to protecting your personal data. This Privacy Policy explains what data we collect, why, how we use it, and your rights over it.
This policy complies with the EU General Data Protection Regulation (GDPR 2016/679), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and India's Digital Personal Data Protection Act 2023 (DPDP Act).
See our Cookie Policy for full details. All non-essential cookies (analytics, marketing) load only after you accept via our consent banner.
| Purpose | Legal basis (GDPR) |
|---|---|
| Respond to enquiries and deliver services | Contract performance / Legitimate interests |
| Send the requested free mockup | Contract performance |
| Website analytics (GA4, Clarity) | Consent |
| Marketing / retargeting (Meta Pixel) | Consent |
| Invoicing and tax records | Legal obligation |
| Fraud prevention and site security | Legitimate interests |
We do not sell your personal data. We share it only with the following sub-processors, each bound by data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Web3Forms | Form submission processing | US |
| Google (GA4 / GTM) | Analytics — anonymised | US (SCCs in place) |
| Meta Platforms | Marketing pixel / retargeting | US (SCCs in place) |
| Microsoft Clarity | Session analytics — anonymised | US (SCCs in place) |
| Zoho Corporation | Email hosting and CRM | IN / US |
| Cloudflare | Website hosting, CDN, DDoS protection | US (SOC 2 certified) |
| Wise / Payoneer | Payment processing (reference only) | UK / US |
Your data may be transferred to countries outside your own, including the United States and India. Transfers from the EEA / UK are protected by EU Standard Contractual Clauses (SCCs) or UK adequacy decisions where applicable.
After retention periods, data is permanently deleted or irreversibly anonymised.
GDPR / UK GDPR (EU / UK residents): Right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to automated processing.
CCPA (California residents): Right to know, right to delete, right to opt out of sale (we do not sell data), right to non-discrimination.
DPDP Act (India): Right to access personal data, correction, erasure, and grievance redressal. Right to nominate a representative. Requests responded to within 15 business days.
To exercise any right: email shivansh@endorphynweb.com with subject line "Privacy Request". We respond within 30 days (15 business days for DPDP requests).
Name: Shivansh Chawla
Email: shivansh@endorphynweb.com
Response time: Within 15 business days of receipt.
We implement HTTPS/TLS encryption on all pages, restricted access to personal data, regular security reviews, and use only SOC 2-certified or equivalent hosting infrastructure. No method of internet transmission is 100% secure, but we take all commercially reasonable measures to protect your data.
Our website is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe we have done so, contact us immediately and we will delete the data promptly.
We may update this policy. Material changes will be flagged by updating the "last updated" date at the top of this page. For significant changes affecting how we use personal data, we will notify active clients by email.
Questions about this policy: shivansh@endorphynweb.com. We aim to respond within 2 business days.