Affilaio Privacy Policy

Effective Date: July 01, 2025
Last Updated: July 01, 2025

This Privacy Policy describes how Rekhilesh Adiyeri (WEBZAK Cyber Technologies), operating as Affilaio (“Affilaio,” “we,” “us,” or “our”), collects, uses, discloses, and safeguards personal information provided by you (“you,” “your,” or “User”) when accessing or interacting with our digital services. This privacy statement explains our policies and practices regarding the gathering, use, and sharing of your information when you use the service. It also informs you of your legal protections and your rights regarding privacy.

We utilize your personal information to provide and improve our service. By using the Service, you consent to the collection and use of your information in accordance with this Privacy Policy. This Privacy Policy is produced in compliance with applicable data protection and privacy legislation, including but not limited to

  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • UK GDPR and Data Protection Act 2018
  • California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act of 2020 (CPRA)
  • California Online Privacy Protection Act (CalOPPA)
  • Indian Information Technology Act, 2000 and SPDI Rules
  • Lei Geral de Proteção de Dados (LGPD) (Brazil)
  • Personal Data Protection Act (PDPA) (Singapore)
  • Protection of Personal Information Act (POPIA) (South Africa)
  • Privacy Act 1988 and Australian Privacy Principles (Australia)
  • Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)

This Privacy Policy applies to all personal information processed by us through our websites, platforms, systems, or otherwise in the course of our business operations.

1 – Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Application refers to Affilaio, the software program provided by the Company.
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to WEBZAK Cyber Technologies, Kadirur, Kerala, India – 670642.
  • Cookies are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: Kerala, India
  • Device means any device that can access the Service such as a computer, a cellphone, or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application or the Website or both.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Usage data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
  • Website refers to Affilaio, accessible from https://affilaio.com/
  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2 – Scope of Policy

This Privacy Policy applies to all users who interact with the digital services, websites, and platforms operated by Affilaio, including:

  • Main website: https://affilaio.com
  • Community platform: https://hub.affilaio.com
  • Landing pages and marketing sites: e.g:- affilaio.in, affilaio.org, rekhileshadiyeri.com
  • Email marketing communications, including those powered by GetResponse and TagMango
  • Tracking, analytics, and advertising through third-party services such as Google Analytics, Google Tag Manager, Facebook Pixel, and ClickMagick
  • Payment and checkout processes, which may be operated through TagMango
  • CRM, automation, and cloud services, including AWS and Google Cloud
  • Affiliate and referral programs, where cookies or tracking URLs are used to identify traffic sources or purchases

This Policy also applies when personal data is collected from third-party integrations, partner networks, or affiliate promotions operated by Affilaio.

3 – Acceptance of Terms

By using our websites or any related services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy and any other applicable terms and conditions or policies provided by us.

If you do not agree with any provisions in this Privacy Policy, you must discontinue the use of our websites and services immediately.

4 – Contact Information

The Data Controller for purposes of applicable data protection legislation is:

Affilaio, Webzak Cyber Technologies
Attn: Data Privacy Officer
Kadirur, Kerala 670642, India
Email: privacy@affilaio.com

5 – Information We Collect

Affilaio collects and processes the following categories of personal information in accordance with applicable laws. This information may be collected directly from you, automatically through our systems, or via third parties.

5.1 Categories of Personal Information Collected

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

CategoryExamplesSourcePurpose of ProcessingLegal Basis (GDPR Art. 6)
IdentifiersFull name, email address, phone number, physical address, username, passwordDirect from userAccount registration, support, marketing communicationsConsent, Contract performance, Legitimate Interest
Contact & Account InfoEmail login credentials, social login tokens, phone numbers, billing addressDirect from userAuthentication, billing, communicationContract performance, Legitimate Interest
Payment InformationCardholder name, card number, expiry date, UPI ID, transaction metadata (via TagMango)Direct from user (via gateway)Payment processing, fraud preventionContract performance, Legal obligation
Commercial InformationProducts purchased, subscriptions, invoices, refund statusTransaction logsOrder fulfillment, invoicing, reportingContract performance
Technical InformationIP address, browser type, OS version, time zone, cookies, unique device identifiersAutomatically collectedAnalytics, fraud prevention, localizationLegitimate Interest, Consent (where required)
Online Activity & UsageClick paths, session data, time on site, referring URLs, cookies, pixel dataGoogle Analytics, Facebook, etc.UX optimization, retargeting, ad personalizationConsent, Legitimate Interest
Geolocation DataApproximate location based on IP addressIP resolution toolsRegional content delivery, fraud preventionLegitimate Interest, Consent
Biographic / Profile DataGender, job title, interests, content preferences, social media handlesOptional forms, profile setupPersonalization, community engagementConsent
Communications ContentSupport requests, challenge submissions, email responses, testimonialsDirect from userSupport, coaching, community developmentContract performance, Consent
Sensitive Personal DataPayment credentials, account passwordsUser entry, third-party processorsPayment and login security, authenticationExplicit Consent, Contract, Legal Obligation

5.2 Data Collection Mechanisms

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

We may collect your personal data through the following mechanisms:

  • Account Registration Forms (hub.affilaio.com, challenges, lead magnets)
  • Checkout and Purchase Processes (via TagMango)
  • Email Subscriptions (via GetResponse and TagMango email workflows)
  • Automated Tracking (cookies, pixels, session analytics, browser/device identifiers)
  • CRM Integrations (e.g., via Google Sheets, Albato, Tagmango or internal CRM platforms)
  • Advertising Tools (Facebook Pixel, Google Tag Manager, ClickMagick links)
  • Affiliates or Referral Partners (who may send us your opt-in details under applicable consent agreements)

5.3 Retention of Personal Information

Affilaio retains personal data only for as long as is necessary to:

  • Fulfill the specific purpose(s) for which it was collected.
  • Comply with legal and regulatory obligations (e.g., accounting, tax laws).
  • Resolve disputes, enforce agreements, and defend against legal claims.

Unless otherwise required by law, we follow the retention periods outlined below:

Data TypeTypical Retention Period
Account & Profile DataWhile account is active + 3 years
Transaction Records7 years (for tax and audit compliance)
Email Communications3 years from last interaction
Cookie Data12–24 months (varies by platform)
Testimonials & ReviewsUntil request for removal or deactivation

Data may be securely archived, anonymized, or pseudonymized beyond this period for statistical analysis or legal defense purposes.

5.4 Tracking Technologies and Cookies

We use cookies to enhance user experience and analyze site performance. If you leave a comment, you may opt to save your name, email, and website in cookies. These cookies last for one year.

Temporary cookies are also set when visiting our login page to determine browser cookie support. These contain no personal data and are discarded upon closing your browser. When logging in, we use cookies to store login details and screen preferences. Login cookies last two days; screen options cookies last a year. Selecting “Remember Me” extends login to two weeks. Logging out removes login cookies.

When editing or publishing content, an additional cookie is stored that contains the article’s post ID and expires after one day.

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential CookiesType: Session CookiesAdministered by: UsPurpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
  • Cookies Policy / Notice Acceptance CookiesType: Persistent CookiesAdministered by: UsPurpose: These Cookies identify if users have accepted the use of cookies on the Website.
  • Functionality CookiesType: Persistent CookiesAdministered by: UsPurpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please check the Cookies section of our Privacy Policy.

6. How We Use Your Information

Affilaio processes personal information for a range of lawful, explicit, and legitimate purposes. The purpose of processing may vary depending on your interaction with our services. Where required by law (e.g., Article 6 GDPR, §1798.100 CCPA, SPDI Rule 5), we ensure appropriate lawful bases are applied.

6.1 Lawful Bases for Processing (GDPR Article 6)

We process personal data only where at least one of the following applies:

Lawful BasisDescription
ConsentYou have given clear, informed consent for specific purposes (e.g., marketing newsletters)
Performance of ContractProcessing is necessary for a contract you are party to (e.g., course purchase, membership)
Legal ObligationRequired to comply with applicable legal obligations (e.g., taxation, financial audits)
Legitimate InterestsNecessary for our legitimate business interests unless overridden by your rights
Vital InterestsRarely used — only where necessary to protect life/safety
Public TaskNot applicable to Affilaio unless acting under official authority

6.2 Primary Purposes of Processing

Processing ActivityDescriptionLawful Basis
Account Creation & ManagementTo allow you to register, log in, manage your profile, and access purchasesPerformance of Contract
Course Enrollment & Content AccessGranting access to gated content (courses, coaching, webinars, etc.)Performance of Contract
Payment ProcessingHandling course and membership payments securely via third-party processorsPerformance of Contract, Legal Obligation
Customer Support & Technical HelpResponding to inquiries, support tickets, and troubleshootingLegitimate Interests
Transactional EmailsSending receipts, confirmations, renewal remindersPerformance of Contract, Legal Obligation
Direct MarketingEmail campaigns, newsletter updates, or personalized offers based on your interestsConsent (GDPR/Canada), Legitimate Interest (others)
Affiliate Offer DeliverySending curated third-party or affiliate offers aligned with user interestsConsent, Legitimate Interests
Advertising & RetargetingUsing pixels, cookies, and audience segments for Google/Meta ads and follow-up campaignsConsent (ePrivacy/GDPR), Legitimate Interest
Analytics & Product ImprovementGoogle Analytics, ClickMagick, and other analytics for improving UX, features, and funnelsLegitimate Interests
Security & Fraud PreventionLogging IP addresses, monitoring unusual activity, CAPTCHA verification, MFALegal Obligation, Legitimate Interests
Legal Compliance & EnforcementComplying with government/regulatory bodies, audits, tax enforcement, or defending claimsLegal Obligation, Legitimate Interests
Profiling and PersonalizationTracking user behavior to deliver customized emails, products, and offersConsent (GDPR Art. 22 where applicable)
Surveys and FeedbackCollecting post-purchase feedback, reviews, testimonialsConsent
Community Features (hub.affilaio.com)Displaying names, bios, or public comments for coaching or networking purposesConsent
Referral TrackingRecording and attributing purchases from affiliate links or partner sourcesLegitimate Interests

6.3 Automated Decision-Making and Profiling

In certain cases, we use automated systems (such as email segmentation, CRM scoring, ad pixel logic, or conditional workflows) to:

  • Send behavior-triggered email sequences (e.g., abandoned cart, event reminders).
  • Score leads based on engagement to prioritize support.
  • Tailor affiliate offers based on niche preference or course history.
  • Allocate ad budgets dynamically based on user activity.

These processes do not have legal or similarly significant effects on individuals. Where automated decision-making under Article 22 GDPR would apply, we seek explicit consent or provide human intervention options.

Users have the right to:

  • Request human involvement in decision-making.
  • Object to automated processing.
  • Access the criteria used in profiling decisions.

We do not use AI-based systems to evaluate creditworthiness, deny service, or make decisions with discriminatory effects.

6.4 Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including monitoring the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, Whatsapp, Telegram, Instagram, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers, and general information about other goods, services, and events that we offer that are similar to those that you have already purchased or inquired about, unless You have opted not to receive such information.
  • To manage Your requests: To attend to and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and evaluating and improving our Service, products, services, marketing, and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners, or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions.
  • With other users: when you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

6.5 Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

6.6 Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to—and maintained on—computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.

Your agreement to that transfer signifies your acceptance of this Privacy Policy and your submission of such information.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of Your data and other personal information.

Visitor comments may be checked through automated spam detection services. Data shared with analytics, ad, email, or payment partners is governed by their privacy policies.

6.7 Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

7 – Third-Party Sharing and International Data Transfers

Affilaio shares personal information with third parties only to the extent necessary to provide our services, comply with legal obligations, or fulfill legitimate business interests. We take steps to ensure that all third-party processing is compliant with applicable privacy laws, including the GDPR, CCPA, and other frameworks described in Section 1.

7.1 Categories of Third Parties with Whom We Share Personal Data

CategoryExamplesPurpose of SharingLegal Basis
Analytics ProvidersGoogle Analytics, ClickMagick, Meta PixelSite traffic measurement, conversion tracking, UX optimizationLegitimate Interests, Consent
Marketing PlatformsGetResponse, TagMango, Google Ads, Meta AdsEmail campaigns, event triggers, audience segmentationConsent, Legitimate Interests
Payment GatewaysTagMango, Razorpay, Stripe, PayPalProcessing transactions, fraud detectionContract, Legal Obligation
CRM & Automation ToolsInternal CRMs, marketing automation via TagMango or other stackLead scoring, onboarding sequences, customer successLegitimate Interests, Contract
Cloud InfrastructureCloudflare, AWS, Google CloudData hosting, file storage, secure backupsContract, Legitimate Interests
Affiliate PlatformsJV partners, Tagmango, ClickMagick-powered affiliate trackingReferral attribution, affiliate commissionsConsent, Legitimate Interests
Service ProvidersVirtual assistants, copywriters, IT subcontractors (bound by NDAs)Supporting service delivery, moderation, or content creationLegitimate Interests, Contract
Auditors / Legal CounselChartered accountants, tax consultants, law firmsFinancial audits, legal compliance, dispute resolutionLegal Obligation, Legitimate Interests
Government or Legal BodiesTax authorities, courts, regulatory agenciesCompliance with lawful requests, subpoenas, or legal dutiesLegal Obligation

All third-party vendors are contractually bound to use your data only for the purpose for which it was provided, and in accordance with this Policy. When required, we enter into Data Processing Agreements (DPAs) that include standard contractual clauses (SCCs) approved under GDPR Article 46(2).

7.2 Cross-Border Data Transfers

Affilaio operates in and serves users from multiple jurisdictions. Personal data may be transferred to or accessed from countries outside your country of residence, including but not limited to:

  • India (Affilaio’s base of operations)
  • United States (email platforms, cloud and ad providers)
  • EU or EEA countries (GetResponse EU servers)
  • Cloudflare worldwide servers. Data may be transferred to countries with data protection laws that may differ from those in your country.

Where personal data is transferred internationally, we rely on one or more of the following legal mechanisms:

Transfer ScenarioMechanism Used
Transfer from EU to non-adequate countryStandard Contractual Clauses (SCCs) under GDPR Article 46(2)(c)
Transfer to providers in the U.S.SCCs + supplementary measures (encryption, access controls); adherence to DPF if applicable
Internal team access (e.g., Indian VA support)Binding corporate procedures; restricted access with role-based controls
Sub-processors under DPAsDue diligence, security evaluations, and GDPR-compliant DPA frameworks

We ensure that such transfers offer a level of protection that is essentially equivalent to that required under applicable privacy laws.

7.3 No Sale of Personal Information (CCPA/CPRA Disclosure)

Affilaio does not sell your personal information as defined under Cal. Civ. Code § 1798.140(ad). We may share certain user data with advertising partners (such as Meta or Google) for audience targeting under “sharing for cross-context behavioral advertising”, in which case:

  • California residents may opt out of this sharing under the “Do Not Share My Personal Information” right.
  • You may use browser-level settings or submit a request to [privacy@affilaio.com] to exercise this right.

7.4 Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation.
  • Protect and defend the rights or property of the Company.
  • Prevent or investigate possible wrongdoing in connection with the Service.
  • Protect the personal safety of Users of the Service or the public.
  • Protect against legal liability.

7.5 Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

7.6 Your Rights

Depending on your jurisdiction, you have rights to access, modify, or delete your personal data. EU users have rights under the GDPR, California residents under the CCPA/CPRA, and Indian users under the IT Act and SPDI Rules.

You may request an export of your personal data or request erasure of it (excluding data we’re required to retain for legal/security reasons).

8 – Cookies and Tracking Technologies

Affilaio uses cookies and similar tracking technologies across our websites and digital platforms to enhance user experience, analyze performance, and facilitate personalized advertising and affiliate tracking. We provide notice and obtain consent where required under applicable law, including the EU ePrivacy Directive, GDPR, CalOPPA, and CPRA.

8.1 What Are Cookies?

Cookies are small text files stored on your browser or device by websites you visit. They help websites remember user preferences, authenticate users, enable analytics, and support ad targeting.

Other related technologies include:

  • Web Beacons/Pixel Tags: Transparent images used to track user behavior or email engagement
  • Local Storage & Session Storage: Browser-based storage for session-related data
  • Third-Party Scripts/Tags: Code snippets (e.g., Facebook Pixel, Google Tag Manager) that facilitate tracking and integration

8.2 Types of Cookies Used

Cookie CategoryDescriptionLegal Basis (Where Required)
Strictly NecessaryRequired for site functionality (e.g., login, security, payment access)Legitimate Interests (no consent needed)
Preferences / FunctionalRemember user choices (e.g., language, region, form data)Consent (EU), Legitimate Interests
Analytics / PerformanceMeasure traffic, engagement, conversions (e.g., Google Analytics)Consent (EU), Legitimate Interests
Marketing / RetargetingPersonalized ads, cross-site tracking (e.g., Facebook Pixel, ClickMagick)Consent (GDPR, LGPD, CPRA)
Affiliate TrackingRecognize referred users and attribute commissionsLegitimate Interests, Consent

8.3 Tools and Technologies We Use

ProviderTool / PlatformPurpose
GoogleGoogle Analytics, Tag ManagerAnalytics, conversion tracking
Meta PlatformsFacebook PixelAd personalization, retargeting
ClickMagickTracking linksConversion tracking, split testing
GetResponse, TagMangoEmail pixelsOpen/click tracking, behavioral automation
Affiliate NetworksUTM/Cookie-based trackingReferral attribution

8.4 Your Choices and Control

  • Consent Banners: Visitors from regions requiring prior consent (e.g., EU/UK, Brazil) are presented with cookie consent banners. You can accept, reject, or customize your cookie preferences.
  • Browser Settings: Most browsers allow you to clear, block, or limit cookies. Doing so may impact functionality.
  • Analytics Opt-Out:
  • Email Tracking: You may disable image loading in your email client to prevent tracking pixels from loading.
  • Affiliate Opt-Out: ClickMagick-based affiliate cookies can be manually deleted via your browser. You may also choose not to click any outbound affiliate links if you prefer not to be tracked.

9 – User Rights by Region

Affilaio respects your privacy rights and provides mechanisms to access, control, correct, and delete your personal information, in accordance with your jurisdiction’s laws. This section outlines your rights under major privacy regulations.

9.1 Rights Under the General Data Protection Regulation (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or a country recognizing the GDPR, you have the following rights under Articles 12–23:

GDPR RightDescription
Right of Access (Art. 15)Request a copy of the personal data we hold about you
Right to Rectification (Art. 16)Correct inaccurate or incomplete data
Right to Erasure (Art. 17)Request deletion of your personal data (“Right to be Forgotten”)
Right to Restrict Processing (Art. 18)Request we limit use of your data in specific situations
Right to Data Portability (Art. 20)Receive your data in a machine-readable format or transfer to another controller
Right to Object (Art. 21)Object to processing based on legitimate interest, direct marketing, or profiling
Rights Related to Automated Decision Making (Art. 22)Request human intervention, contest outcomes, opt out

To exercise these rights, email us at privacy@affilaio.com with the subject “GDPR Data Request.” We will verify your identity and respond within 30 days, extendable under GDPR Article 12(3) if necessary.

9.2 Rights Under the California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, under the CCPA (Cal. Civ. Code §1798.100–1798.199.100) as amended by the CPRA, you have the following rights:

CCPA/CPRA RightDescription
Right to KnowKnow what categories of personal info we collect, use, share, and retain
Right to AccessRequest copies of specific pieces of personal data collected about you
Right to DeleteAsk us to delete personal data we collected, with exceptions for legal compliance
Right to CorrectRequest correction of inaccurate personal data
Right to Opt Out of Sale/SharingOpt out of sale or sharing of personal data with advertisers or analytics providers
Right to Limit Use of Sensitive InfoDirect us to limit use of sensitive information to necessary services only
Right to Non-DiscriminationNot be penalized (e.g., denied services or charged more) for exercising your privacy rights

To make a request under the CCPA, email privacy@affilaio.com or use a future dedicated request form. We may verify your identity via email confirmation or government ID, and respond within 45 days (extendable once for 45 more days with notice).

9.3 Rights Under the Indian IT Act and SPDI Rules

Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, users located in India have the following rights:

SPDI RightDescription
Right to ConsentYou must provide prior written or digital consent for collection/use of sensitive data
Right to ReviewAccess and review your personal data on request
Right to CorrectionRequest rectification of inaccurate or outdated information
Right to Withdraw ConsentWithdraw your consent at any time, with the consequence of losing access to dependent services
Right to Grievance RedressalFile complaints with our Grievance Officer within 30 days for a formal response

Designated Grievance Officer (India):

If you have questions about our privacy practices or wish to file a complaint, please contact our designated Grievance Officer at:

Name: Rekhilesh Adiyeri
Email: privacy@affilaio.com
Jurisdiction: Kerala, India

Use professional legal language, clearly disclose data collection and use, and prompt the user for their specific tools, brand name, and country of operation to personalize further.

9.4 Rights Under Other Jurisdictions

Affilaio recognizes additional user rights under laws such as:

  • PIPEDA (Canada): Right to access, challenge accuracy, and file complaints with the Office of the Privacy Commissioner of Canada
  • LGPD (Brazil): Right to confirm processing, correct data, anonymize/delete, revoke consent, and file complaints with ANPD
  • POPIA (South Africa): Right to access, correct, object to processing, and institute civil action
  • PDPA (Singapore): Right to access, correct, and withdraw consent under Section 16 and 21 of the PDPA
  • Australia Privacy Act 1988: Access, correction, and complaint rights per Australian Privacy Principles (APP 12 & 13)

9.5 Exercising Your Rights

You may request to access, update, correct, port, delete, restrict, or object to processing of your data by contacting:

  • Email: privacy@affilaio.com
  • Mail: Affilaio, Webzak Cyber Technologies, Kadirur, Kerala 670642, India

You may also unsubscribe from marketing emails by clicking “Unsubscribe” in any promotional email or adjust cookie preferences via our website’s consent banner.

10 – Data Security and Retention

Affilaio is committed to protecting personal information from unauthorized access, misuse, alteration, or loss. We maintain appropriate technical, organizational, and administrative safeguards, as required under applicable laws, including GDPR (Articles 5, 24, and 32), CPRA (§1798.100 et seq.), India’s SPDI Rules (Rule 8), and global security frameworks.

10.1 Technical and Organizational Security Measures

We implement and maintain reasonable and appropriate measures to ensure the confidentiality, integrity, and availability of personal data, including:

CategoryExample Measures
Access ControlsRole-based user permissions, least privilege principle, MFA for admin accounts
Data EncryptionTLS/SSL for data in transit, AES-256 for data at rest where applicable (e.g., AWS S3, TagMango)
Pseudonymization & MaskingSeparating identifiers from behavioral or analytics data
Infrastructure SecurityFirewalls, DDoS protection, routine patching of systems, server isolation
Audit LoggingServer access logs, platform change tracking, login attempt monitoring
Third-Party ReviewsVendor assessments, Data Processing Agreements, subprocessor due diligence
Incident ResponseInternal breach notification policy, data recovery workflows, 72-hour GDPR reporting window

We limit data access to employees, contractors, and authorized service providers who require it to perform their duties, and who are subject to confidentiality agreements and data protection training.

10.2 Data Breach Notification Procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify affected users without undue delay and within 72 hours where required by GDPR (Art. 33–34).
  • Inform the relevant supervisory authority (e.g., EU DPA, CERT-In, CPRA Enforcement Authority).
  • Provide details of the breach scope, categories of data affected, remediation steps taken, and recommendations for personal safeguards.

10.3 Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Performance of a contract (e.g., course or subscription lifecycle)
  • Compliance with legal, tax, accounting, or reporting obligations
  • Resolution of disputes and enforcement of our rights
Data CategoryRetention Duration
Account and Profile DataWhile active + up to 3 years after account closure
Transaction and Billing Records7 years (statutory retention for tax compliance)
Email Marketing PreferencesUntil unsubscribed or email bounce
Analytics / Device Identifiers13–26 months depending on platform (e.g., Google)
Affiliate Conversion Data30–90 days depending on cookie setting
Support and Communication Logs3 years from last interaction
Legal Documents / Contracts6–10 years depending on jurisdiction

In certain cases, we may anonymize or pseudonymize your personal data for statistical or research purposes (Art. 89 GDPR) and retain it indefinitely, as it can no longer be linked to an identifiable individual.

10.4 Secure Deletion and Disposal

We follow industry standards for permanent deletion or anonymization:

  • Secure database purging for inactive accounts.
  • Encrypted backups with lifecycle expiration policies.
  • File shredding or destruction of paper records containing sensitive information.
  • Re-keying, rotation, and destruction of cloud encryption keys when decommissioning storage.

11 – Children’s Privacy and Age Restrictions

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. Affilaio does not knowingly collect, use, or disclose personal information from individuals under the age of 18. Our services are designed for adults only and are not intended for or directed toward children, as defined by:

  • COPPA (U.S.): Children under the age of 13
  • GDPR (EU/UK): Children under the age of 16 (subject to Member State adjustment)
  • India IT Act / SPDI Rules: Individuals under 18 without parental consent

If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

11.1 No Use by Children Under 18

By accessing our services, you confirm that you are at least 18 years of age. If you are not legally permitted to enter into binding agreements in your jurisdiction (e.g., under 18 in India or under the age of majority elsewhere), you must not use our websites, platforms, or services.

Affilaio does not:

  • Intentionally collect personal data from minors.
  • Target advertising or affiliate offers to users under 18.
  • Permit registration for any of our programs, challenges, or purchases by anyone below the minimum age.

11.2 Parental Access and Deletion Requests

If we discover that personal information has been collected from a minor in violation of this Policy, we will:

  • Immediately disable access to the account and/or content in question.
  • Delete the child’s personal data from our systems and servers.
  • Notify any affected parent or legal guardian if contact information is available.

If you are a parent or legal guardian and believe that your child under 18 has submitted personal information to Affilaio without your consent, you may request deletion by contacting:

Email: privacy@affilaio.com
Subject Line: Minor Data Deletion Request

Please include:

  • Your full name and contact details
  • The name/email of the child (if known)
  • Proof of parental authority (if required)

We will respond promptly and in accordance with applicable law (e.g., within 10 days under COPPA; without undue delay under GDPR).

11.3 EdTech, AI, and Marketing Protections for Youth (Emerging Laws)

Affilaio monitors and voluntarily aligns with emerging youth data protection frameworks where applicable.

  • California Age-Appropriate Design Code Act (AADC, 2024)
  • UK Age-Appropriate Design Code (Children’s Code)
  • OECD’s AI and Children Guidelines (2021)

We do not use AI profiling, targeting, or personalization for any known users under 18. We proactively filter and block minors from entering opt-in forms, sales funnels, or community memberships.

12 – Do Not Track Signals and Global Privacy Controls

Affilaio supports transparency and user choice regarding online tracking. This section outlines how we respond to Do Not Track (DNT) signals and Global Privacy Controls (GPC) as recognized under applicable privacy laws such as the California Consumer Privacy Act (CCPA/CPRA), GDPR, and emerging state-level and international frameworks.

Some browsers allow users to send a “Do Not Track” signal. Currently, Affilaio does not respond to DNT signals due to the lack of a uniform standard. However, we honor all region-specific legal requirements on tracking and consent.

12.1 Do Not Track (DNT) Signals

Do Not Track is a setting offered by some browsers to signal that you do not wish to be tracked across websites.

However:

  • There is no consistent industry or legal standard for how websites should respond to these signals.
  • As of the effective date of this Privacy Policy, Affilaio does not respond to browser-based DNT signals.

We continue to monitor developments in DNT standards and may update our practices if recognized, enforceable specifications are introduced.

12.2 Global Privacy Control (GPC) Signals

Affilaio recognizes and honors Global Privacy Control (GPC) browser signals for users in applicable jurisdictions, such as California, Colorado, Connecticut, and certain EU/UK territories.

  • When a GPC signal is detected from a user within a regulated jurisdiction, we interpret this as a valid request to opt out of the sale or sharing of personal information for cross-context behavioral advertising, as defined under CPRA §1798.135(e) and related state statutes.

Supported Browsers/Extensions: GPC signals are available through participating browsers and browser extensions, including Brave, DuckDuckGo, Abine, and Mozilla-supported extensions. More at https://globalprivacycontrol.org

When detected:

  • GPC signals will override cookie consent preferences for marketing cookies.
  • Opt-out preferences will apply to downstream vendors where technically feasible.
  • You may still need to separately adjust platform-specific ad preferences (e.g., Meta, Google).

12.3 Additional Signal-Based Opt-Out Mechanisms

Where applicable, we support or integrate the following frameworks:

  • IAB Europe TCF v2.2 and Google Consent Mode for EU/EEA users
  • US Privacy String (USPAPI) for California and U.S. state-specific consent handling
  • CMP integration on websites to capture and honor opt-in/opt-out preferences by user region

If your device, browser, or plugin transmits a privacy-related signal (including GPC or consent banners), we will make a good faith effort to honor that signal in accordance with your jurisdiction’s requirements and technical feasibility.

13 – Policy Updates and Notifications

This Privacy Policy may be updated or revised periodically to reflect changes in legal obligations, business practices, or technological advancements. We encourage you to review this Policy regularly to remain informed about our data practices.

13.1 When We May Update This Policy

We may revise this Privacy Policy:

  • To comply with changes in applicable privacy laws (e.g., GDPR, CCPA, LGPD, PDPA)
  • Upon adoption of new legislation (e.g., the AI Act, CPRA enforcement updates)
  • To reflect changes in our data collection or processing practices
  • When introducing new services, technologies, or third-party integrations
  • Based on feedback from users, regulators, or auditors

13.2 Notification Procedures

When changes are made to this Privacy Policy, we will:

Type of ChangeNotification MethodEffective Date Rule
Non-material / editorial changesUpdated post on our Privacy Policy pageImmediate upon publication
Material changes (affecting rights or uses)Banner notification on website, email alert to subscribed usersAt least 7 days’ advance notice before effective
Retroactive changes to prior data useExplicit opt-in or re-consent (where legally required)Only effective after affirmative user action

We will post the “Last Updated” date at the top of this document. If applicable law does not forbid it, your continued use of our services following such updates constitutes your acceptance of the updated policy.

13.3 Your Right to Review Changes

You may review past versions of this Privacy Policy by contacting our Data Privacy Officer at:

Email: privacy@affilaio.com
Mailing Address: Affilaio, WEBZAK Cyber Technologies, Kadirur, Kerala 670642, India

If you disagree with the changes, you have the right to discontinue the use of our services and request deletion of your personal data under applicable rights (e.g., GDPR Art. 17, CCPA §1798.105).

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14 – Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

15 – Contact Information, Complaints, and Enforcement

Affilaio is committed to addressing all privacy-related inquiries, concerns, or complaints promptly and transparently, in compliance with applicable legal frameworks.

15.1 Contacting Us for Questions or Requests

For general inquiries, data subject access requests (DSARs), opt-outs, data corrections, or privacy-related questions, you may contact us via:

Email: privacy@affilaio.com
Postal Address:
Affilaio, Webzak Cyber Technologies
Attn: Data Privacy Officer
Kadirur, Kerala 670642, India

When submitting requests, please include:

  • Your full name and email address used with Affilaio
  • Description of the nature of your request (e.g., data access, correction, deletion)
  • Any relevant documentation (e.g., proof of identity, screenshots)

We will respond within the timeframes specified by applicable law (e.g., 30 days for GDPR; 45 days for CCPA).

15.2 Grievance Officer (India – IT Act / SPDI Rules)

As required under Rule 5(9) of the SPDI Rules:

Designated Grievance Officer:
Name: Rekhilesh Adiyeri
Email: privacy@affilaio.com
Jurisdiction: Kerala, India

Complaints must be acknowledged within 36 hours and resolved within 30 days, per Rule 5(9) guidelines.

15.3 Complaints to Supervisory Authorities (EU, UK, Other Jurisdictions)

If you are not satisfied with our response or believe your rights under applicable data protection laws have been violated, you may lodge a complaint with your local data protection authority (DPA).

Examples include:

  • EU/EEA: Contact your national supervisory authority (see list)
  • United Kingdom: Information Commissioner’s Office (ICO)
  • Canada: Office of the Privacy Commissioner of Canada
  • Brazil: Autoridade Nacional de Proteção de Dados – ANPD
  • South Africa: Information Regulator of South Africa
  • Singapore: Personal Data Protection Commission (PDPC)
  • California: Contact the California Privacy Protection Agency.

15.4 U.S. FTC Compliance and Enforcement (if applicable)

As required by the Federal Trade Commission Act (FTC Act), Affilaio represents that it adheres to the principles of fairness, transparency, and security in handling personal data. False or misleading representations in this Privacy Policy or failure to adhere to these practices may constitute unfair or deceptive acts under U.S. Law and be subject to enforcement by the U.S. Federal Trade Commission (FTC).

16 – Comments

When visitors leave comments on the site, we collect the data shown in the comments form, the visitor’s IP address, and browser user agent string to help detect spam. An anonymized hash of your email address may be sent to the Gravatar service to check if you use it. The Gravatar privacy policy is here: https://automattic.com/privacy/. After approval, your profile picture may be visible to the public with your comment.

16.1 Data Retention

Comment metadata is retained indefinitely. Registered user profiles store personal information provided during registration. Users may view, edit, or delete their personal info at any time (except the username). Admins can also access and edit this information.

17 – Media

If you upload images to our website, you should avoid uploading images with embedded location data (EXIF GPS), as visitors can download and extract location data from these images.

18 – Embedded Content from Other Websites

Articles may include embedded content (e.g., videos, images, articles). This content behaves as if the visitor visited the other site directly. These sites may collect your data, use cookies, embed third-party tracking, and monitor interactions.

19 – Contact Us

If you have any questions about this Privacy Policy, You can contact us:

This privacy policy aligns with applicable privacy laws globally and is updated regularly. It also respects FTC guidelines and data protection obligations under Indian, EU, and US law.