Get Started

Privacy policy

Build Applications That Scale Your Business — Not Just Your Feature List.

PRIVACY POLICY

Effective Date: April 12, 2026
Last Updated: April 12, 2026
Entity: Klovant Tech Private Limited
Registered Office: Hyderabad, Telangana, India
Website: https://klovant.com
Data Protection Contact: hello@klovant.com

1. Introduction and Scope

This Privacy Policy describes how Klovant Tech Private Limited (“Klovant,” “we,” “us,” or “our”) collects, uses, processes, stores, shares, transfers, and protects personal data when you access our website at https://klovant.com, use our services, communicate with us, or otherwise interact with our business.

This Policy applies to all individuals whose personal data we process, including but not limited to website visitors, prospective clients, existing clients, job applicants, contractors, and third-party contacts worldwide.

We process personal data in accordance with the following laws and regulations, as applicable based on your jurisdiction:

  • General Data Protection Regulation (EU) 2016/679 (“GDPR”)
  • United Kingdom Data Protection Act 2018 and UK GDPR
  • California Consumer Privacy Act / California Privacy Rights Act (“CCPA/CPRA”)
  • United States state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and others)
  • India Digital Personal Data Protection Act, 2023 (“DPDP Act”)
  • United Arab Emirates Federal Decree-Law No. 45 of 2021 (“UAE PDPL”)
  • Singapore Personal Data Protection Act 2012 (“PDPA”)
  • Brazil Lei Geral de Proteção de Dados (“LGPD”)
  • Australia Privacy Act 1988 and Australian Privacy Principles (“APPs”)
  • Any other applicable data protection legislation in the jurisdictions where we operate

If there is a conflict between the provisions of this Policy and the mandatory requirements of any applicable law, the mandatory requirements of the applicable law shall prevail.

2. Data Controller Information

Klovant Tech Private Limited is the data controller responsible for your personal data.

Data Protection Contact: Email: hello@klovant.com Phone: +91 90324 89675 Address: Hyderabad, Telangana, India

For EU and UK data subjects, you may also contact our representative at the above address. If we appoint a dedicated Data Protection Officer (“DPO”) in the future, their details will be updated in this section.

3. Categories of Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly:

  • Full name, email address, phone number, and company name (via contact forms, quote requests, and email correspondence)
  • Job title, designation, and professional details
  • Project requirements, budgets, and timelines (via quote request forms)
  • Resume, cover letter, educational qualifications, and employment history (via job applications)
  • Payment and billing information (processed through third-party payment processors — we do not store credit card or bank account numbers on our servers)
  • Any other information you voluntarily submit through forms, emails, calls, or chat

3.2 Information Collected Automatically:

  • IP address, browser type, browser version, operating system, and device identifiers
  • Pages visited, time spent on pages, referring URLs, and click patterns
  • Cookies, pixels, and similar tracking technologies (as detailed in Section 9)
  • Approximate geographic location derived from IP address

3.3 Information From Third Parties:

  • Professional information from publicly available sources (LinkedIn, company websites) when conducting business development
  • Analytics data from third-party services (Google Analytics, Meta Pixel)
  • Information from clients who engage our staffing services regarding candidate profiles

3.4 Sensitive Personal Data: We do not intentionally collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, biometric data, or genetic data). If we receive such data incidentally, we will delete it unless we have a specific lawful basis and your explicit consent to process it.

4. Purposes and Lawful Basis for Processing

We process personal data only for specific, explicit, and legitimate purposes. The table below sets out the purposes, the categories of data involved, and the lawful basis under GDPR and equivalent frameworks:

4.1 To respond to inquiries and provide quotes Data: Name, email, phone, company, project details Lawful Basis: Legitimate interest (pre-contractual measures) / Performance of a contract

4.2 To deliver our services (development, marketing, staffing, design, funnels, support) Data: Name, email, phone, company, project specifications, billing information Lawful Basis: Performance of a contract

4.3 To process job applications Data: Name, email, phone, resume, qualifications, employment history Lawful Basis: Legitimate interest (recruitment) / Consent

4.4 To send marketing communications Data: Name, email Lawful Basis: Consent (you may withdraw consent at any time)

4.5 To improve our website and services Data: IP address, browser data, usage patterns, cookies Lawful Basis: Legitimate interest (service improvement)

4.6 To comply with legal obligations Data: As required by applicable law Lawful Basis: Legal obligation

4.7 To prevent fraud and ensure security Data: IP address, login activity, device identifiers Lawful Basis: Legitimate interest (security)

Where we rely on legitimate interest, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms.

5. Data Sharing and Disclosure

We do not sell, rent, lease, or trade your personal data to any third party. We share personal data only in the following circumstances:

5.1 Service Providers and Processors: We engage trusted third-party service providers who process data on our behalf under written data processing agreements that require them to protect your data to at least the same standard as this Policy. These include:

  • Cloud hosting providers (for website and application hosting)
  • Email marketing platforms (for newsletter delivery)
  • Analytics providers (for website performance analysis)
  • Payment processors (for invoice and payment handling)
  • CRM platforms (for client relationship management)
  • Recruitment platforms (for job application processing)

5.2 Legal and Regulatory Requirements: We may disclose personal data if required to do so by law, regulation, legal process, or enforceable governmental request, including requests from law enforcement or regulatory authorities in any jurisdiction.

5.3 Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent: We may share your data with third parties when you have given us explicit consent to do so.

We do not share personal data with any third party for their own independent marketing purposes without your explicit, prior consent.

6. International Data Transfers

Klovant Tech is headquartered in India and serves clients globally. Your personal data may be transferred to and processed in countries outside your country of residence, including India, the United States, and other jurisdictions where our service providers operate.

Where personal data is transferred outside the European Economic Area (“EEA”), the United Kingdom, or other jurisdictions with data transfer restrictions, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (“SCCs”) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Adequacy decisions by relevant data protection authorities
  • Your explicit consent after being informed of the risks

For UAE data subjects, cross-border transfers comply with the requirements of the UAE PDPL, including transfers to jurisdictions with adequate levels of protection or subject to contractual safeguards.

For Indian data subjects, cross-border transfers comply with the DPDP Act and any rules issued by the Central Government regarding permissible jurisdictions.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:

  • Client data: For the duration of the client relationship plus 6 years after termination (to comply with tax, accounting, and contractual obligations)
  • Prospect and inquiry data: 24 months from the date of last interaction, unless the prospect becomes a client
  • Job application data: 12 months from the date of application, unless we obtain your consent to retain it longer
  • Website analytics data: 26 months from the date of collection (Google Analytics default)
  • Marketing consent records: For the duration of consent plus 3 years after withdrawal (as evidence of lawful processing)
  • Financial and tax records: As required by Indian tax law (minimum 8 years)

When data is no longer needed, we securely delete or anonymize it so that it can no longer be associated with you.

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. We will respond to all verified requests within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA/CPRA).

8.1 Right of Access: You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.

8.2 Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.

8.3 Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to legal retention obligations.

8.4 Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.

8.5 Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

8.6 Right to Object: You have the right to object to processing based on legitimate interest or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately without exception.

8.7 Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

8.8 Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.

8.9 Rights Under US State Laws: If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with privacy legislation, you additionally have the right to opt out of the sale or sharing of your personal information and the right to non-discrimination for exercising your privacy rights. We do not sell personal information as defined by the CCPA/CPRA.

8.10 Rights Under UAE PDPL: UAE residents have the right to access, rectify, erase, restrict, port, and object to processing of their personal data under Federal Decree-Law No. 45 of 2021.

8.11 Rights Under Singapore PDPA: Singapore residents have the right to access, correct, and withdraw consent for the processing of their personal data under the PDPA.

8.12 Rights Under India DPDP Act: Indian data principals have the right to access information about processing, correction and erasure, grievance redressal, and nomination.

To exercise any of these rights, contact us at hello@klovant.com. We will verify your identity before processing any request. We will not charge a fee for processing the first request in any 12-month period, except where requests are manifestly unfounded or excessive.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience, analyze usage, and support our marketing efforts.

9.1 Types of Cookies We Use:

  • Strictly Necessary Cookies: Required for the website to function. These cannot be disabled. They include session cookies, security cookies, and load-balancing cookies.
  • Analytics Cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). These collect anonymized data about page views, traffic sources, and user behavior.
  • Marketing Cookies: Used to track visitors across websites to display relevant advertisements (e.g., Meta Pixel, Google Ads remarketing). These are only activated with your explicit consent.
  • Functional Cookies: Used to remember your preferences (e.g., language, region). These enhance usability but are not essential.

9.2 Consent Management: When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You may change your preferences at any time. Strictly necessary cookies do not require consent.

9.3 Global Privacy Control (GPC): We recognize and honor the Global Privacy Control signal. If your browser sends a GPC signal, we will treat it as a valid opt-out of non-essential cookies and tracking.

9.4 Do Not Track (DNT): We recognize Do Not Track browser signals and will not track your browsing activity across other websites when a DNT signal is detected.

10. Children’s Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verifiable parental consent, we will delete that data immediately. If you believe we have inadvertently collected data from a child, contact us at hello@klovant.com.

For Indian data subjects, we comply with the DPDP Act’s requirements for verifiable parental consent for processing children’s data.

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls based on the principle of least privilege
  • Regular security assessments and vulnerability scanning
  • Secure coding practices and code review processes
  • Employee security awareness training
  • Incident response and breach notification procedures
  • Regular backup and disaster recovery testing

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR and UAE PDPL)
  • Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms
  • Document the breach, its effects, and the remedial actions taken
  • Comply with the breach notification requirements of India’s DPDP Act, Singapore’s PDPA, and any other applicable laws

13. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party website you visit. The inclusion of any link does not imply endorsement or affiliation.

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will:

  • Post the updated policy on this page with a revised “Last Updated” date
  • Notify you via email if we have your email address and the changes materially affect how we process your data
  • Obtain your consent where required by applicable law before implementing changes that require consent

We encourage you to review this Policy periodically. Your continued use of our website or services after the posting of changes constitutes acceptance of those changes, except where additional consent is legally required.

15. Complaints and Supervisory Authorities

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with your local data protection authority:

  • EU: Your local Data Protection Authority (list available at https://edpb.europa.eu)
  • UK: Information Commissioner’s Office (ICO) — https://ico.org.uk
  • India: Data Protection Board of India (once fully constituted under the DPDP Act)
  • UAE: UAE Data Office
  • Singapore: Personal Data Protection Commission (PDPC) — https://www.pdpc.gov.sg
  • USA: State Attorney General or relevant state privacy authority
  • Australia: Office of the Australian Information Commissioner (OAIC)

We encourage you to contact us first at hello@klovant.com so we can attempt to resolve your concern directly.

16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices:

Email: hello@klovant.com
Phone: +91 90324 89675
Address: Klovant Tech Private Limited, Hyderabad, Telangana, India
Website: https://klovant.com

Get connected with us

Linkedin Icon-facebook Instagram Icon-youtube-v Icon-twitter

Integrated growth infrastructure for scaling startups and mid-market enterprises.

Build. Staff. Grow.

Quick Links

Services

Subscribe Newsletter

Sign up our newsletter to get update information, news and free insight.

© 2026. Klovant Tech Pvt. Ltd. All Rights Reserved.