Privacy Policy
Effective: July 12, 2026
1. Who is responsible
INBURG INDIA PRIVATE LIMITED operates DonDelay. For account data, waitlist data, and website data, we are the data controller (GDPR) / data fiduciary (India DPDP Act 2023). For prospect conversation data that agencies connect via HeyReach, the agency and its client are the controllers and we act as a processor on their documented instructions.
2. What we collect
- Account data — name, work email, hashed password, role, organisation name.
- Waitlist data — email address and signup source, used to notify you about availability.
- Conversation data (as processor) — LinkedIn conversation content, participant names/profile data, and campaign metadata retrieved from HeyReach workspaces our customers connect.
- Device & technical data — push-notification tokens, IP addresses, and server logs needed to run and secure the Service.
3. What we do NOT do
We do not sell personal data. We do not run advertising trackers on dondelay.app. We do not use your or your clients’ conversation data to train AI models or for any purpose other than providing the Service.
4. Legal bases & purposes
We process account and billing data to perform our contract with you; waitlist emails on your consent (withdrawable any time via the unsubscribe link or by emailing us); technical logs on our legitimate interest in securing the Service; and conversation data as processor under our customers’ instructions.
5. Where data lives & who touches it
Data is hosted on DigitalOcean infrastructure (Bangalore region) behind Cloudflare. Push notifications are delivered via Expo, Google (FCM), and Apple (APNs) — notification contents transit those services. HeyReach API keys are stored encrypted at rest; all traffic is encrypted in transit (TLS). We share data only with these processors, and where required by law.
6. International transfers
Our processors may process data outside your country (including the US and India). Where GDPR applies, transfers rely on adequacy decisions or standard contractual clauses maintained by those processors.
7. Retention
Account data is kept for the life of the account and deleted within 30 days of account deletion. Waitlist emails are deleted after launch communications conclude or on unsubscribe. Conversation data is retained while the connected workspace remains active and deleted within 30 days of disconnection or customer instruction. Backups age out on a rolling basis within a further 35 days.
8. Your rights
Depending on your jurisdiction (GDPR, UK GDPR, India DPDP), you may request access, correction, deletion, portability, restriction, or object to processing, and you may withdraw consent at any time. Prospects whose conversations are processed on behalf of an agency should direct requests to that agency (the controller); we support our customers in fulfilling them. To exercise rights with us, email [email protected]. You may also lodge a complaint with your supervisory authority.
9. Grievance & Data Protection Officer
Grievance Officer / data-protection contact (India DPDP & GDPR queries): Ranvijay — Founder, INBURG INDIA PRIVATE LIMITED, [email protected]. We acknowledge requests within 48 business hours and resolve within statutory timelines.
10. Cookies & changes
dondelay.app sets no advertising cookies. The app portal stores a session token in your browser’s local storage strictly to keep you signed in. We will post updates to this policy here and notify material changes by email. Effective: July 12, 2026.