Privacy Policy

This Privacy Policy explains how Plenitude Systems Private Limited ("Plenitude", "we", "us", "our") collects, uses, shares and protects information when you visit https://plenitude.in or engage our services. We are the Data Fiduciary for the personal data described below, as defined under the Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. Who we are

Plenitude Systems Private Limited is a private limited company incorporated in India under the Companies Act, 2013. Our Corporate Identity Number (CIN) is U62012TN2026PTC192818. Our registered office is at 2/168, West Street, 1st Floor, Cholavandipuram, Tirukkoyilur, Villupuram – 605751, Tamil Nadu, India.

2. Information we collect

We collect personal data only when you provide it or when it is generated as a necessary part of using our website or services.

Information you provide directly

• Contact details — name, email address, company name, phone (if shared), and the contents of any message you send via our contact form, email or other channels.
• Project information — anything you share about your business, requirements or intended project so we can assess fit and prepare a quote.
• Billing and payment details — only when you become a client; collected via our payment processor and not stored on our servers.

Information collected automatically

• Technical data — IP address, browser type, operating system, referring URL, pages visited, date/time of access, and similar non-identifying log data.
• Cookies and similar technologies — strictly necessary cookies for site functionality, plus aggregated, anonymised analytics where enabled.

3. Why we collect it (purposes)

• To respond to your enquiry, prepare quotes and propose engagements.
• To deliver, manage and support services you've engaged us for.
• To send transactional communications (project updates, invoices, support).
• To operate, secure and improve the website and our services.
• To comply with legal, tax and regulatory obligations under Indian law.
• To establish, exercise or defend legal claims.

We do not sell your personal data, and we do not use it for advertising or for any purpose unrelated to those listed above without your explicit consent.

4. Legal basis for processing

Under the DPDP Act we process personal data only on a lawful basis, namely:

• Consent — when you submit our contact form, email us, or otherwise voluntarily share information.
• Performance of a contract — when you become a client and we need to deliver the services you've engaged us for.
• Legal obligation — to comply with applicable laws (e.g. tax, accounting, regulatory record-keeping).
• Legitimate uses permitted under Section 7 of the DPDP Act — for example, responding to medical emergencies, complying with court orders, or fulfilling other specified legitimate purposes.

5. Sharing of personal data

We share personal data only with parties who help us operate our website and deliver our services, and only to the extent necessary for those purposes. Our principal Data Processors are:

• Web3Forms — processes our website contact form submissions and delivers them to our inbox.
• Hostinger — hosts our website and corporate email infrastructure.
• Cloud and analytics providers — strictly for site operation and aggregated, anonymised usage analytics.
• Payment processors (e.g. Razorpay) — process invoices and payments when you engage our services.
• Tax, legal and accounting advisors — bound by professional confidentiality obligations.

We may also disclose personal data when required by law, court order, lawful government request, or to protect our rights, property or safety, or that of our users or the public.

6. International data transfers

Some of our service providers (including form-handling and cloud providers) are located outside India. When personal data is transferred outside India, we ensure it is processed in accordance with the DPDP Act and any restrictions notified by the Central Government from time to time.

7. Data retention

We retain personal data only for as long as necessary for the purposes listed in this Policy, or as required by Indian law. Specifically:

• Contact-form enquiries that do not become engagements — up to 24 months from last contact, then deleted.
• Client records (contracts, deliverables, invoices) — for the duration of the engagement and 8 years thereafter, in line with Companies Act and tax record-keeping requirements.
• Website server logs — typically up to 90 days unless retained longer for security investigation.

8. Your rights as a Data Principal

Under the DPDP Act you have the right to:

• Obtain a summary of the personal data we process about you and the processing activities undertaken.
• Request correction, completion or updating of inaccurate or incomplete personal data.
• Request erasure of personal data that is no longer necessary for the purpose for which it was collected (subject to legal retention requirements).
• Nominate another individual to exercise your rights in the event of your death or incapacity.
• Have a readily available means of grievance redressal.
• Withdraw consent at any time, where processing is based on consent (this does not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, email legal@plenitude.in. We will respond within 48 hours of receipt and resolve verifiable requests within the timelines prescribed by law.

9. Cookies

We use only strictly necessary cookies required for the site to function, and optional anonymised analytics cookies where enabled. We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser settings; some parts of the site may not function correctly if you do.

10. Children's data

Our services are directed at businesses, founders and professionals. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Security

We implement reasonable security safeguards, including access controls, encryption in transit (HTTPS), and Data Processor agreements with the providers listed in Section 5. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security but we treat any incident seriously and will notify the Data Protection Board of India and affected individuals as required by law in the event of a personal data breach.

12. Changes to this policy

We may update this Policy from time to time to reflect changes in law, our services, or our practices. The "Effective" date at the top of this page shows the most recent revision. Material changes will be notified prominently on this website.

13. Grievance Officer & Data Protection Officer

For any concern, complaint, request or notice regarding your personal data or this Policy, contact:

If you are not satisfied with our response, you may approach the Data Protection Board of India in accordance with the DPDP Act.