Privacy Policy

This Privacy Policy (“Policy”) explains how Ally Blocksecure Media Pvt. Ltd. (“Ally”, "we," "us," or "our") collect, use, retain, protect, process and share Personal Data (defined below) of individuals who access or use our Website or Services (defined below) or otherwise engage with us.

We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy is an electronic record in terms of the Information Technology Act, 2000 and rules thereunder. It is drafted in strict compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and all other relevant laws, rules and regulations of India.

Ally Blocksecure Media Pvt. Ltd., operating as CACZero (the “Platform”, or “Micro Distribution Platform”), provides Software-as-a-Service (“SaaS”) solutions for companies or businesses (referred to as “Clients”) to manage their referral, loyalty & rewards programs.

Clients use these Services to reward, engage and drive advocacy with their end consumers (referred to as “End-Users”). The personalized engagement with end users is done through electronic messaging channels (email, SMS, Whatsapp, social media, push notifications etc.) as well as their own websites, landing pages, and other technologies to improve their business.

This Privacy Policy provides details regarding the Processing of Personal Data related to two main types of individuals who interact with our platform:

• Clients: Individuals or entities who register for and use the Platform.
• End-Users: All individuals who participate in the Client’s referral, loyalty & rewards programs, including Referrers (“Micro Distributors”), Referees, and End-Consumers.

1. Definitions

1.1. Consent: A free, specific, informed, and unambiguous affirmation by the Data Principal indicating willingness to the processing of their Personal Data for a specified purpose (as defined by the DPDP Act, 2023).

1.2. Data Principal: The individual whose Personal Data is being processed. Their consent determines the way their Personal Data is processed.

1.3. Data Fiduciary: Determines the need and ways to collect Personal Data of the Data Principal and captures the required consent from the Data Principal to provide them the required services.

1.4. Data Processor: Processes the Personal Data authorized by the Data Fiduciary in the way the Data Fiduciary determines. (third parties like data hosting providers, SMS providers, payment gateway providers, etc).

1.5. Services: The solutions provided by the Platform which allow Clients to manage their referral, loyalty & rewards programs.

1.6. Personal Data or Personal Information: means any information relating to an identified or identifiable individual.

1.7. Process or Processing: Means an operation or set of operations performed on Personal Data, and includes operations such as collection, storage, use, disclosure, sharing, erasure, or destruction (as defined by the DPDP Act, 2023).

2. Our Role and The Role of Our Clients

For the purposes of applicable laws, the roles are generally defined as follows:

2.1. We act as a Data Fiduciary in the following capacities:

• 2.1.1. For Clients Data: We are the Data Fiduciary for the business information and account details of our Clients (name, email, phone number, payment information, etc.)
• 2.1.2. End-User Data: We act as the Data Fiduciary for the Personal Data of all End-Users when we process it to operate the Platform, manage accounts, track referrals, and issue rewards. We determine the means and purposes of this processing to deliver our Services.

2.2. Clients as Independent Data Fiduciaries

• 2.2.1. When an End-User interacts with a specific Client's program on the Platform, we share all relevant data with them.
• 2.2.2. Once the data is shared with a Client, that Client becomes independently responsible for complying with the DPDP Act regarding their processing of data.
• 2.2.3. We encourage End-Users to review the Privacy Policy of the specific Client whose referral or loyalty program they are participating in.

3. Information We Collect

3.1. From Clients
We collect the following types of information, including but not limited to:

• 3.1.1. Contact and Account Information: When Client sets up an account to use our Services, we may ask to provide contact and other account-related details such as your name, email address, phone number, address, and your account and contact preferences.
• 3.1.2. Platform Configuration Data: Clients name, logo, brand assets, description, domains, redirecting URLs, product metadata, images, payment distribution details, payment gateway integration details (e.g., API keys, merchant IDs), third-party integrations details (e.g., storage, CDN, blockchain, wallet) which are used to set up the Clients platform.
• 3.1.3. Billing and Payment Information: Details required for payment processing for the Platform. When Clients register for paid Services, our third-party payment processors may collect and process payment-related information, such as your name, email, billing address, credit/debit card, or banking information. We do not directly store sensitive payment card details; this processing is handled by our PCI-compliant third-party payment processors.
• 3.1.4. Usage Data: Information about how Clients access and use the Platform, including IP addresses, location, device type, OS, device id, browser type, activity logs and access times.
• 3.1.5. Other Information You Provide: We may collect other information you may provide to us, such as when you use our products and services, participate in our programs, or otherwise interact with us online or offline. Some of these services, programs, events, or engagements may have additional terms.

3.2. From End-Users

We collect the following types of information, including but not limited to:

• 3.2.1. User Account Identifiers: Name, email address, phone number, and unique account ID for both the Referrer, Referee and the End Consumers.
• 3.2.2. Activity Tracking Data (Referral Lifecycle): We track the entire lifecycle of a referral, including:
  • 3.2.2.1. Creation and distribution channel (email, SMS, WhatsApp)
  • 3.2.2.2. Date and time of End-User click on the unique link
  • 3.2.2.3. End-User navigation (pages visited, information entered, reaching checkout page, reaching payment gateway page),
  • 3.2.2.4. Final successful conversion or transaction status.
• 3.2.3. Incentive and Reward Data: Accumulated points balance, redemption history, and eligibility for rewards.
  • 3.2.3.1. Performance Data: Metrics on referral success rates, transaction volumes, and performance analysis.
  • 3.2.3.2. Contact and Enrollment Data (Consumer-Specific): Any other custom questions or data fields configured by the Customer during the enrollment or purchase process.
  • 3.2.3.3. Transactional Data (Consumer-Specific): Purchase history, transaction amounts, store locations, and dates of activity.
• 3.2.4. Additional Information: Any additional information may be required, depending on the Client, product or service.

4. How We Use the Information

We use the information collected from Clients for the following purposes:

4.1. Platform Management: To create, operate, maintain and manage Clients and End-Users accounts, configure white-labeled platforms, and provide all features of the Platform.

4.2. Program Management: To track the entire referral lifecycle (clicks, conversions), calculate incentive eligibility, manage reward balances, and process redemptions.

4.3. Payments Management: To process payments for Client subscriptions and manage billing relationships and transactions made by End-Users.

4.4. Communication: To send transactional updates (e.g., OTPs, notifications, status), updates, security alerts, support, technical and administrative notices regarding Platform or Services.

4.5. Analytics and Performance Improvement: To analyze performance metrics (success rates, transactions), usage patterns, and engagement to improve Platform and provide insights to Clients.

4.6. Fraud Prevention and Security: To detect fraudulent activities (e.g., fake referrals, gaming the system), secure the Platform against unauthorized access, and ensure data integrity.

4.7. Legal and Regulatory Compliance: To comply with applicable legal obligations, including tax regulations, the DPDP Act, and other statutory requirements.

4.8. Data Sharing with Clients: To transfer relevant End-User data to the respective Client (Data Fiduciary) to enable them to recognize referrals, fulfill rewards, and manage their customer relationship.

5. How We Share Information

We do not sell any data to anyone. We share your data only in the following circumstances:

5.1. Sharing with Clients (Data Fiduciaries): To facilitate the referral, loyalty & rewards programs, we share specific End-User Data with the specific Client whose program you are interacting with. We only share data relevant to that specific Client's program. We do not share your data with other Clients on the platform unless you interact with their specific campaigns.
As stated in Section 2, once this data is shared, the Client acts as an independent Data Fiduciary and is responsible for complying with the DPDP Act regarding processing of data. We encourage End-Users to review the Privacy Policy of the specific Client whose referral, loyalty and rewards program they are participating in.

5.2 Service Providers (Data Processors): We may engage trusted third-party service providers to perform functions on our behalf. These providers may have access to personal data only as needed to perform their functions and are contractually obligated to maintain confidentiality and security in line with DPDP Act requirements. These include:
Infrastructure & Hosting: (e.g., AWS, Azure) for secure data storage.
Communication Services: (e.g., SMS, Email, WhatsApp) to send OTPs, messages and notifications.
Payment Processors: To process billing, subscriptions, payments or financial rewards.
Analytics Providers: To help us understand platform usage and improve services.

5.3 For Legal Reasons: We may disclose data if required by law or in the good faith belief that such action is necessary to comply with legal obligations(e.g., court order, government request, tax authority, protect and defend the rights or property of Ally Blocksecure Media Pvt. Ltd., or protect the safety of our users or the public.

6. Security of Information

We implement reasonable technical and organizational measures designed to protect all data against unauthorized access, use, alteration, or destruction. We utilize industry-standard practices, including encryption and strict access controls. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%.

7. Consent and Withdrawal

7.1 Consent: By using the Platform or engaging with referral, loyalty & rewards program, you give your free, specific, informed, unconditional, and unambiguous consent for us to process your personal data for the purposes described in Section 4.

7.2 Withdrawal of Consent: You have the right to withdraw your consent at any time. You can withdraw consent by contacting our Grievance Officer (details below) or using the "Withdraw Consent" feature within the platform.
Consequence: Upon withdrawal, we will cease processing your data within a reasonable time unless retention is required by law. Please note that withdrawing consent will result in the forfeiture of any accrued loyalty points or rewards and the inability to use the Platform.

8. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable laws (e.g., tax laws require us to keep transaction records for a specific period). Once the purpose is met or legal retention periods expire, your data will be permanently deleted or anonymized.

9. Your Rights as a Data Principal

Under the DPDP Act, you have the following rights:

9.1. Right to Access: You can request a summary of the personal data we hold about you and the processing activities undertaken.

9.2. Right to Correction: You can request correction of inaccurate or misleading personal data, or completion of incomplete data.

9.3. Right to Erasure: You can request the erasure of your personal data, subject to data retention laws.

9.4. Right to Grievance Redressal: You have the right to have your grievances addressed by us.

9.5. Right to Nominate: You have the right to nominate an individual who shall exercise your rights in the event of death or incapacity.

If you wish to exercise any of these rights, please contact us at the details provided below.

10. Children's Data

Our platform is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a child without verifiable parental consent, we will delete it immediately.

11. Cross-Border Data Transfer

Your data is primarily stored and processed in India. If we transfer data to any other country, we ensure that such transfer is to a country not restricted by the Government of India and that appropriate safeguards are in place.

12. Grievance Redressal Mechanism

If you have any questions, concerns, or grievances regarding this Privacy Policy or the processing of your personal data, please contact our designated Grievance Officer:

We will acknowledge your grievance within the timeline prescribed by applicable laws. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We encourage you to review this Privacy Policy periodically for any changes.