We collect your name, email, phone, and business info when you opt in or book a call, so we can actually help you. We do not sell your data. We do not share it with advertisers as a product. We use a small, named set of processors (Google, Microsoft, Meta, LinkedIn, TidyCal) for analytics, ads, and operations. You can delete your data any time by emailing legal@getnos.io. That is the whole story. The legally complete version is below.
◆ SECTION 01Who we are
This Privacy Policy applies to all services offered by GetNos, a revenue systems agency operating under the trading name GetNos, with operations based in Chennai, Tamil Nadu, India. Our website is hosted at getnos.io.
Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), GetNos is the "Data Fiduciary" for personal data collected through our services. Under the EU and UK GDPR (where applicable for European clients), we are the "Data Controller." For California residents, we are the "Business" under the California Consumer Privacy Act (CCPA) as amended by the CPRA.
For any privacy matters, our designated contact is:
◆ SECTION 02What we collect
We collect four categories of personal data. Here is exactly what each one includes:
| Category | What we collect | When |
|---|---|---|
| Contact info | First name, business email, phone number, company name, job title | When you opt in, book a call, or email us |
| Business info | Industry, company size, revenue range, current marketing spend (only if you share it on a discovery call or in a form) | Form submissions and discovery calls |
| Technical data | IP address, browser type, device info, pages visited, time on site, referral source, session recordings (via Microsoft Clarity) | Automatically, when you visit the website |
| Communication records | Emails, WhatsApp messages, call recordings (only with explicit consent at the start of the call) | When you interact with us directly |
What we do not collect
- Government ID numbers (Aadhaar, PAN, passport, etc.)
- Financial data (credit card or bank account numbers). Payments, if applicable, are processed directly by certified third-party processors and never touch our servers.
- Location data beyond general city-level IP geolocation
- Health, biometric, or other sensitive personal data
- Data from users under 18 (see Section 13)
◆ SECTION 03Why we collect it
Under the DPDP Act and GDPR, we can only process personal data for specific, lawful purposes. Ours are:
01 · Delivering the service you asked for
If you book a call, we use your info to schedule, run, and follow up on that call. If you opt in for a lead magnet, we use your email to send it. Legal basis: contractual necessity (GDPR Art. 6(1)(b)).
02 · Communicating with you
Answering your questions. Sending newsletters (only if you subscribed). Sending scheduled emails related to your engagement. You can unsubscribe from marketing emails any time via the link at the bottom of every email. Legal basis: consent (GDPR Art. 6(1)(a)) for marketing, contract for transactional.
03 · Improving our service
Analyzing aggregate website data (via Google Analytics 4 and Microsoft Clarity) to understand which pages convert, which do not, and where traffic comes from. We never use this to build individual sales profiles or sell insights. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) in operating an effective B2B website, balanced against your reasonable expectations.
04 · Running advertising
We use Meta Pixel, Google Ads conversion tracking, and LinkedIn Insight Tag to measure our own marketing effectiveness and retarget visitors with relevant ads. You can opt out of this at any time (see Section 06 for one-click opt-out links). Legal basis: consent (granted via the cookie banner) for EU/UK visitors; legitimate interest for B2B visitors elsewhere.
05 · Complying with legal obligations
Tax records, contract documentation, and any data we are required to retain by Indian law (typically 7 years for financial records). Legal basis: legal obligation (GDPR Art. 6(1)(c)).
◆ SECTION 06Opt-out controls
Beyond our cookie banner, you can opt out of specific tracking platforms directly. These links go to the provider, not us:
You can also set your browser to send "Do Not Track" or "Global Privacy Control" signals. We honor GPC signals for California residents (see Section 08).
◆ SECTION 07Your rights
Under the DPDP Act 2023, GDPR, and CCPA, you have the following rights over your personal data. We respond to all valid requests within 30 days.
Right to access
Ask us what personal data we hold about you. We will send you a complete summary.
Right to correction
If your data is wrong or outdated, tell us. We will fix it.
Right to erasure (right to be forgotten)
Request that we delete your personal data. We will confirm deletion within 30 days, except where we are legally required to retain it (for example, tax records).
Right to withdraw consent
If we are processing your data based on your consent (for example, marketing emails), you can withdraw it at any time. Withdrawal does not affect the legality of processing before withdrawal.
Right to data portability
You can request a copy of your data in a structured, commonly used, machine-readable format (typically JSON or CSV).
Right to object
You can object to processing based on legitimate interest, including direct marketing and profiling. We will stop unless we have compelling legitimate grounds that override your interests.
Right to nominate
Under the DPDP Act, you can nominate another person to exercise your rights in case of death or incapacity. Email us to set this up.
Right to grievance redressal
If you believe we have mishandled your data, email legal@getnos.io with subject "Grievance." We will respond within 30 days. If unresolved, you can escalate to India's Data Protection Board (DPB) once constituted, or your local data protection authority (for EU/UK residents).
Email legal@getnos.io with subject "Privacy Request" and describe what you want. We may ask for proof of identity before fulfilling requests, to protect your data from unauthorized access. We do not charge a fee for the first request in any 12-month period.
◆ SECTION 08California (CCPA) notice
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you additional rights regarding your personal information.
Do Not Sell or Share My Personal Information
GetNos does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising in a way that would qualify as a "sale" or "share" under the CCPA. You do not need to opt out because we do not engage in this practice.
That said, if you want to exercise your right to opt-out preference signaling under CCPA, we honor Global Privacy Control (GPC) signals sent by your browser.
Categories of personal information collected (last 12 months)
- Identifiers (name, email, phone, IP address)
- Customer records (business contact info, company)
- Commercial information (services purchased, engagement history)
- Internet activity (browsing on getnos.io, ad interactions)
- Inferences (rough audience cluster for marketing measurement)
Your CCPA rights
- Right to know what personal information we collect, use, and disclose
- Right to delete personal information we collected from you
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing (we do not do either, but the right is preserved)
- Right to limit use of sensitive personal information (we do not collect this category)
- Right to non-discrimination for exercising any of the above
To exercise any of these rights, email legal@getnos.io with subject "CCPA Request." Authorized agents may submit requests on your behalf with verifiable proof.
◆ SECTION 09SMS & phone communications
When you submit your phone number on any of our forms, you consent to receive transactional SMS and WhatsApp messages from GetNos related to your inquiry, including:
- Your audit or strategy call booking link
- Reminders before scheduled calls
- Direct follow-up from a GetNos team member
Standard SMS and data rates apply. Message frequency is low (typically 1 to 4 messages per booking). You can opt out at any time by replying STOP to any SMS, or by emailing legal@getnos.io.
We do not enroll you in marketing SMS campaigns. We do not share your phone number with third-party marketers or affiliates.
◆ SECTION 10Security
We take reasonable, industry-standard steps to protect your data:
- TLS 1.3 encryption on all data transfers (HTTPS)
- HTTP Strict Transport Security (HSTS) and a strict Content Security Policy on all public pages
- Encrypted storage for sensitive data at rest
- Two-factor authentication on all team accounts accessing personal data
- Access controls: only team members working on your engagement have access to your data
- Rate-limiting and origin validation on all form-capture endpoints
- Regular security reviews and vendor audits
- Breach notification within 72 hours to affected individuals and the relevant authority (Data Protection Board for India, supervisory authority for EU/UK)
No system is 100% secure, and we cannot guarantee absolute security. But we treat data protection with the same seriousness we treat our client engagements.
◆ SECTION 11How long we keep it
We retain personal data only as long as necessary for the purpose it was collected.
| Data type | Retention period |
|---|---|
| Prospect / lead data (no engagement) | 24 months after last contact, then deleted or anonymized |
| Client engagement data | Duration of engagement + 7 years (Indian tax law) |
| Marketing email subscribers | Until you unsubscribe + 30 days for processing cleanup |
| Website analytics (anonymized) | 14 months in Google Analytics 4 |
| Microsoft Clarity session replays | 365 days, then automatically deleted |
| Call recordings (where consent given) | 90 days, then deleted |
| Server logs | 30 days for security purposes |
◆ SECTION 12International data transfers
GetNos is based in India, but several of our processors (Google Workspace, Microsoft, Meta, LinkedIn, Slack, TidyCal) store data on servers outside India, typically in the United States or European Union.
Under the DPDP Act 2023, we transfer data only to countries not specifically restricted by the Indian government, and where the receiving entity offers equivalent data protection standards. We prefer SOC 2 Type II certified providers where available.
For EU and UK residents whose data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, supplemented by additional technical and organizational safeguards where required by the Schrems II decision.
◆ SECTION 13Children's privacy
Our services are strictly for business owners and marketing decision-makers, not for children. We do not knowingly collect data from anyone under 18 years of age.
If you believe we have inadvertently collected data from a minor, email legal@getnos.io and we will delete it immediately.
◆ SECTION 14Changes to this policy
We may update this Privacy Policy occasionally when laws change, when our tools change, or when our practices evolve. Updates will be posted on this page with a new "Last updated" date and incremented version number.
If changes are material (for example, a new category of data sharing), we will notify email subscribers and active clients directly with at least 30 days' notice before the changes take effect.
By continuing to use getnos.io after changes are published, you agree to the updated policy. If you disagree, you are free to close your account and request data deletion.
◆ SECTION 15Contact us
Any questions, concerns, or requests related to this policy? Reach out directly:
If we cannot resolve your concern, you have the right to complain to India's Data Protection Board once constituted under the DPDP Act 2023. EU and UK residents can also complain to their local data protection authority. California residents can contact the California Privacy Protection Agency.