Privacy Policy

Last updated: 11 July, 2025

This Privacy Policy ("Policy") describes how we collect, process, share and safeguard Personal Data we collect from you, or that you provide to us, in connection with your use of our website https://nitrocommerce.ai("Website") or in connection with the provision of any services through the Website or elsewhere, including to provide web-based tools that enable our users and customers to find details of end-users (together with the Website the "Services") that are: (i) SuperAcquire, (ii) NitroX, (iii) NitroCollab, (iv) Nitro-Rewards, (v) NitroAds, (vi) Nitro SSO, and/or (viI) Nitro Recover. This Policy also applies to the Personal Data of professionals whose business contact details appear in our Services, and tells you about your rights and choices with respect to your Personal Data, and how you can contact us if you have any questions or concerns. In this Policy,"Personal Data" or "Personal Information" means any information relating to an identified or identifiable individual. We take our obligations regarding your privacy seriously and have made every effort to draft this Privacy Policy in a manner that is clear and easy for you to understand. Please read this Policy carefully.

To remove your data, please mail us at [email protected]

Purpose

AUK Commerce Tech Private Limited henceforth referred to as (“AUKCTPL”, “we”, “us”, “our / ours”) operates under the brand name Nitro Commerce and provides marketing SaaS products Nitro X/ Superacquire, Nitro Ads and Nitro Collab. These are used in the websites through software development kits or virtual tokens which are installed on client's desired platforms, wherein client's avail services provided by AUKCTPL to send personalized marketing communications to the client's website visitors. We are committed to protecting the privacy and security of personal data belonging to the Data Principals or Users (“you”, “your”, “yours”) and processing in accordance with the requirements of the Platform. The protection of your privacy is an important concern to which we pay special attention when processing your personal data with respect to our business processes. We process personal data collected during visits to our Platform and affiliates in accordance with the legal provisions of India.

Scope

This privacy notice describes the information about you that we collect through the SDK installed, how that information is used, maintained, shared, protected and how you can update it. It applies to personal data received by us through our client for the purpose of sending personalized marketing communications to data principals in India in digital format (and non-digital format, if digitized subsequently). Please note that we are not obligated to observe compliances in relation to such sets of personal data that are excluded from the scope of applicable law (including personal data that has been made publicly available by the data principal to whom such data belongs or by any person acting under a legal obligation to disclose the personal data). This document supersedes any previous policy/communication on this subject.

PRIVACY POLICY

AUKCTPL is committed to protecting the privacy and security of your personal data processed in accordance with the requirements of the Platforms. The protection of your privacy in the processing of your personal data is an important concern to which we pay special attention in our business processes. We process personal data collected according to the applicable legal provisions. This Privacy Policy further sets out your rights pertaining to the protection of your personal data. This privacy policy describes the information about all personal data received by an explicit opt-in window at the client's website or app, in any format that our software collects, how that information is used, maintained, shared, and protected, and how you can update it. This policy applies to our use of your information post-effective date. We are required to collect your personal data in order to cater to your needs efficiently and to provide better information for the services or information requested by you during your visit to the client's website. You are requested to read and understand the terms and conditions as stipulated below in connection with the use of our website. The usage of the website includes unconditional acceptance of these terms by you. This website should be accessed only if you agree to the terms and conditions of our Privacy Policy and if you voluntarily consent and authorize AUKCTPL to use all the information provided by you in accordance with its Privacy Policy. If you do not agree to the terms of our Privacy Policy or are dissatisfied for any reason in relation to the websites and/or any contents thereof, you can request the deletion of your data from our Platforms in part or in whole.

General Information

  • Name and Address: AUK Commerce Tech Private Limited
  • Primary Business Activity: Developing marketing SaaS products for our client's. SaaS (Software as a Service) refers to a model where software is delivered online rather than installed on individual computers.
  • Data Protection Officer (DPO): Drishti Chauhan is designated as our Data Protection Officer. The DPO is responsible for overseeing compliance with data protection regulations like the DPDP Act.

Types of Data Collected:

Personal data refers to data that lets us know the specifics of who you are and what may be used to identify, contact or manage preferences (e.g. name, email ID, pin code, browsing patterns on client's website). We receive your personal data when you for our client's services or request customer support. Please note that our obligation or responsibility as a data processor to our client is limited to scenarios where you may, of your own accord, or on instructions of another party upload personal data on the client's Platforms or share personal data with another person. In the latter scenarios, the relevant third party will be the data fiduciary and/or responsible for compliance with obligations under applicable law including in relation to obtaining consent (subject to due notice) from concerned data principals, i.e., you. We collect the following types of personal information through our virtual tokens:

  • Name: This could be your first name, last name, or full name, depending on how our client's website or app collects this information.
  • Email ID: This is the email address you provide on our client's website or app.
  • Pincode: This is the postal code associated with your location if you choose to share it on our client's website or app.
  • Website page visit data and behaviour: This includes information about the pages you visit on our client's website or app, how long you stay on each page, and the actions you take (e.g., clicking on buttons, and filling out forms).

How We Use Personal Data We Receive or Collect

We use the Personal Data we collect for the following purposes:

To Operate and Administer our Services.

We use Personal Data to operate and administer our Services in accordance with our terms, conditions, and policies. This includes:

  • To Create Your Account for our Services such as Nitro SSO and to secure and maintain it.
  • To Provide Our Services, including to operate, maintain and support our Services by making available our online database with Personal Data and business contact details to users and customers.
  • To Communicate With You, including to contact you for administrative purposes such as security or support and maintenance advisories, to provide services and information that you request, to respond to comments and questions, to contact you regarding issues concerning your use of our Services, including changes to this Policy, and to otherwise provide customer support.
  • For Customer and Vendor Relationship Management,including to track emails, phone calls, and other actions you have taken as our customer or vendor.

We process your Personal Data based on our, and our customer's, legitimate interests in providing, maintaining and accessing the Services. When relying on legitimate interest as a legal basis, we ensure we comply with any request you make to exercise your rights.

To Improve, Monitor, Personalize, and Protect Our Services.

It is in our legitimate business interests to improve and keep our Services safe for our users. This includes:

  • For Analytics and Product Development, including to measure and analyze usage trends and preferences in order to improve our Services, and to develop new products, services, and features.
  • For Personalization to customize our Services.
  • For Preventing Fraud, Criminal Activity, or Misuse of Our Services, including to ensure the security of our IT systems, architecture and networks (such as for troubleshooting, testing, system maintenance, support, and hosting of data).
  • For Aggregation. We sometimes aggregate or anonymize Personal Data in a form that does not allow our users or professionals to be personally identified and use the resulting information for statistical analysis regarding the use of the Services, such as to better understand our customer base, or for other purposes.

Where required under applicable law, we will rely on your consent for such purposes or provide you with the ability to opt-out.

For Marketing and Advertising Purposes.

Subject to any consent requirements under applicable laws, we may use Personal Data to promote, advertise and market our Services to you in accordance with our legitimate interests. This includes:

  • To Send Marketing Materials, alerts about the latest developments and features or other promotional materials, and to develop new promotional materials that can be useful or relevant to our customers. You will be provided with an opportunity to unsubscribe from such communications.
  • To Display Targeted Advertising. We may show you advertising on other websites you visit when you visit our Website or websites of our Brand Partners and Channel Partners. For more information on how to opt out of our use or sharing of Personal Data, see the Your Choices About How We Use and Disclose Your Information section below.
For Administrative and Legal Purposes.
  • We may use Personal Data for compliance purposes where it is in our legitimate interests, including enforcing our Terms of Service or enforcing or defending other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency, and to comply with our legal obligations and internal policies as permitted by law.

Who We Share Personal Data With

We may disclose Personal Data about you in the following circumstances:

  • Customers and Users of the Website or Services. We make available Personal Data such as name, email, phone, location, and related data to our customers, and to users of our Website and Services, in order to provide them with the Services.
  • Group Entities. We may disclose Personal Data about you to our affiliates and subsidiaries.
  • Service Providers. We work with third parties to provide services such as hosting, maintenance, and support. These third parties may have access to or process your Personal Data as part of providing those services to us. For example:
    • We rely on cloud service providers for data storage, disaster recovery and to perform our obligations to you.
    • We use providers of business communication tools.
  • Legal. Information about our users, including Personal Data, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Nitro Commerce, our users, a third party, or the public.
  • Change of Corporate Ownership. We may disclose Personal Data to an acquirer, successor, assignee, or other related party as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
  • Aggregated Information. We may disclose aggregated or otherwise anonymized information for any purpose, unless we are prohibited from doing so under applicable law.
  • Business Partners. We may share Personal Data such as name, email, phone, location, and related data with our business partners and affiliates, including for the purposes of sales, marketing, recruiting and other related purposes. We may share Personal Data with our business partners and affiliates in order to contact potential customers, market products and services, recruit new employees and for other related purposes.

Your Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with the following control over your information.

  • Account and User Controls.
    • Promotional Materials. If you do not wish to have your email address or other contact information used by Nitro Commerce for marketing purposes to promote our own or our affiliate's, subsidiarie's or partners products or services, you can opt out by contacting us as set out in the "Contact Us" section below. If we have sent you a newsletter or promotional email or message, you may opt-out of receiving them by following the instructions included in each newsletter or communication, including by clicking the unsubscribe link at the footer of the email.
    • Accessing, Deleting and Correcting Your Account Information. You may contact us as set out in the "Contact Us" section below to request access to, correct or delete any Personal Data that we have about you. We cannot delete your Personal Data except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
  • Personal Data Requests. We may offer you choices that affect how we handle the Personal Data that we control. Where required under the laws that apply in your place of residence, you may exercise the following rights in relation to your Personal Data by contacting us as set out in the "Contact Us" section or as specified below:
    • Information. You may request information about how we collect and use Personal Data. We have made this information available to you in this Privacy Policy.
    • Access. Upon request, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
    • Correction. You have the right to correct, update or complete any Personal Data we hold about you that is inaccurate or incomplete. Please note that we may rectify or remove incomplete or inaccurate information, at any time and at our own discretion.
    • Deletion. You may request to have your Personal Data anonymized, erased or deleted, as appropriate. In this case, if there is no overriding legitimate interest or exceptions to continue processing your Personal Data, we will erase your data. To request deletion of your Personal Data, Please mail us at [email protected].
    • Opt Out of Selling Personal Information. If your Personal Data appears within our Services, you may opt out of the "selling" (as the term is defined under applicable privacy laws) of your Personal Data by using our Do Not Sell or Share My Info tool.
    • Opt Out of Targeted Advertising. We share Personal Data with advertising partners that display targeted advertising around the web as described in the “How We Use Personal Data We Receive or Collect” section above. You can opt-out of our use or sharing of personal information for these purposes by contacting us at "Contact Us".

Additional rights, such as to object to and request that we restrictour use of your Personal Data, and where applicable, you may withdraw your consent. You may exercise these rights by emailing us at [email protected]. or by contacting us as set out in the "Contact Us" section below. Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity.

Depending on your jurisdiction, you may be able to empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination. You may designate an authorized agent to make a request on your behalf pursuant to applicable law. We accept documentation of your designation in the form of a valid power of attorney and/or a written authorization signed by you and the authorized agent. You may submit evidence of your designation of an authorized agent in writing to: [email protected] or 418, Magnum Tower 1, Sector 58, Gurugram, Haryana 122011. We may require verification of your authorized agent in addition to the information for verification above for Consumers and households.

In some instances, your choices and rights may be limited by an exception, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.

Please note, if you have a concern about our privacy practices, including the way we handle your Personal Data, you can report it to your local data protection authority. We hope you will be able to address any concerns with us directly in the first instance so we are able to respond to them.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals.

Children's Privacy

Our Services are not directed or intended for individuals under 18, and we do not knowingly collect Personal Data from individuals under the age of 18 nor do we have knowledge that we have processed Personal Data of anyone under the age of 18. If you learn that a child has provided us with Personal Data in violation of this Policy and our Terms of Service, please contact us as set out in the "Contact Us" section below.

Data Security

AUKCTPL uses appropriate technologies and procedures to protect your personal data. We use a variety of security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. These measures include:

  • Transport Layer Security (TLS): We use TLS to encrypt data when it is transferred between your device and our servers. This helps to ensure that your data is not intercepted by unauthorized third parties.
  • Encryption At Rest and In Motion: Data is encrypted both on our servers and when it is being transferred between our servers. This adds an extra layer of security to protect your data.
  • Regular Security Audits: We conduct regular security audits to identify and address any potential vulnerabilities in our systems.
  • Role-Based Access Control: We place appropriate restrictions on access to your personal data and is protected by multi-factor authentication
  • Training: We conduct privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal data.

Data Retention

We store all Personal Data for as long as necessary to fulfill the purposes set out in this Policy, or for as long as we are required to do so for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal or regulatory obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. Retention periods will be determined taking into account the type of information that is collected and the time necessary to fulfill the purpose for which it was collected, bearing in mind the requirements applicable to the situation and the need to delete outdated, unused information at the earliest reasonable time. When deleting Personal Data, we will take measures to render such Personal Data irrecoverable or irreproducible, and the electronic files which contain Personal Data will be permanently deleted

Third Party Services

The Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operator's policies, if any, and governing privacy and security, even if accessed through the Services. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service and we encourage you to learn about third partie's privacy and security policies before providing them with your Personal Data.

State Specific Disclosures

This section applies to the extent applicable based on applicable privacy laws in your jurisdiction

Consumer Rights Requests Metrics

The CCPA requires businesses to track and publish request metrics.

Request TypeReceivedComplied (Full/Partial)DeniedAvg Days to Respond
Requests to Know (CA Residents)0000
Requests to Opt Out / Delete* (CA Residents)0000
Requests to Correct (CA Residents)0000
Requests to Know (Location Unknown)**0000
Requests to Opt Out / Delete (Location Unknown)**0000
Requests to Correct (Location Unknown)**0000

* Nitro Commerce processes both opt-out requests and deletion requests in the same manner by removing the consumer's personal information from our database.

** "Location unknown" covers scenarios where we received a request but were unable to determine the requestor's location.

Telephone Consumer Protection Act (TCPA) Rules, 2025

Under TCPA, we are required to request explicit customer consent to send them pre-recorded voice messages, SMS, fax, and auto-dialed calls.

  • Expanded Opt-Out Methods

    You can now revoke consent through various methods, including emails, voicemails, and informal messages, such as “Leave me alone.” This means businesses must go beyond simply recognizing keywords like “STOP” and interpret a wider range of opt-out requests.

  • Opt-Out Confirmation Text

    After receiving an opt-out request, we can send a single text to the customer to confirm the request. We will try our best to send this message within 5 minutes of receiving the opt-out request. If it takes longer than that, we will provide an explanation for the reasonable delay in sending the text.

  • 10-Day Rule for Opt-Outs

    The timeframe for processing opt-out requests has also been significantly reduced. We will process all opt-outs requests within 10 business days.

India's Digital Personal Data Protection (DPDP) Act, 2023

  • Right to Access Information about personal data

    At any point you can contact us to request a summary of the personal data relating to you that we hold. Once we have received your request we will respond within one month. There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee. You do not have to provide a reason for requesting access, but you will need to provide some proof of your identity co-relating to the personal data sought access.

  • Right to Correction and Erasure of Personal Data

    If the data we hold about you is out of date, incomplete, or incorrect, or misleading, you can inform us and your data will be updated or erased.

  • Right of Grievance Redressal

    Data Principals have the right to have readily available means of grievance redressal provided by our client's and/or us in respect of any act or omission of our client's or us regarding the performance of our obligations in relation to your personal data or the exercise of your rights under the provisions of DPDP Act.

  • Right To Nominate

    Data Principals have the right to nominate any other individual, who shall, in the event of death or incapacity of the Data Principal, exercise the rights of the Data Principal in accordance with the provisions of DPDP Act.

  • Right to Give Consent

    Consent that is free, specific, informed, unconditional and unambiguous with a clear affirmative action, and shall signify an agreement to the processing of her personal data for the specified purpose and be limited to such personal data as is necessary for such specified purpose.

  • How to Exercise Your Rights

    In relation to the above, you can exercise such right by sending us an email with your request to [email protected] along with the necessary proof of identity requirements that we may require prior to processing such a request from you.

  • Responding to Data Principal's Requests

    We will respond to your requests within a reasonable timeframe, typically within one month of the receipt. We may ask you for additional information to verify your identity before processing your request

Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in our privacy practices. It is our policy to post any changes we make to this Policy online. The date the Policy was last revised is identified at the top of the page. Please monitor our Website and this Policy periodically to check for any changes. If we make material changes to how we treat our user's Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Website home page

Contact Us

Nitro Commerce is the entity responsible for the processing of your Personal Data, and the controller for your Personal Data are the Brand Partner users of our Services under applicable laws.

If you have any questions or comments about this Policy or our privacy practices, or to make other requests relating to your Personal Data, please contact us by one of the following methods:

Grievance Officer: Parijat Kapoor -[email protected]

Privacy requests: [email protected] or via mail at:

Nitro Commerce
4th floor (415,416,417 & 418)
Magnum Tower - 1,
Golf Course Extension Road, Sector 58,
Gurgaon - 122011

In addition, you may contact our data protection officer at [email protected]