Privacy Policy

We collect information in several ways depending on how you interact with the Service:

1.1 Account Information

When you create an account, we collect your name, email address, and password (stored in hashed form). If you subscribe to a paid plan, we collect billing information necessary to process your payment, though complete payment card details are handled directly by our payment processor, Razorpay, and are not stored on our servers.

1.2 Site Content

When you use the Service, we collect the content you provide, including:

• Website URLs submitted for redesign (we access and analyse the publicly available content at those URLs)
• Images, mockups, and design files you upload
• Business descriptions and text prompts you provide
• Content created within the website editor, including text, images, and layout configurations

1.3 Usage Data

We automatically collect certain information when you use the Service, including:

• Device information (browser type, operating system, screen resolution)
• IP address and approximate geographic location
• Pages visited, features used, and actions taken within the Service
• Time and date of access, session duration, and referring URLs
• Error logs and performance data

1.4 Analytics Data

We use analytics tools to understand how users interact with the Service in aggregate. This helps us improve the user experience, identify issues, and develop new features. Analytics data is collected in a privacy-respectful manner, and we minimise the collection of personally identifiable information for analytics purposes.

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the Service, including generating AI-powered website designs, hosting your published websites, and processing your requests
• Account Management: To create and manage your account, authenticate your identity, and process payments
• Communication: To send you service-related notifications, updates, security alerts, and support messages. We will not send unsolicited marketing emails without your explicit consent
• Improvement: To analyse usage patterns, diagnose technical issues, and improve the quality, performance, and features of the Service
• AI Training: We may use aggregated and anonymised data to improve our AI models. We will not use your identifiable User Content for AI training purposes without your explicit consent
• Legal Compliance: To comply with applicable legal obligations, enforce our Terms of Service, and protect our rights and the rights of our users

Infrastructure. Your data is stored on secure servers hosted by Amazon Web Services (AWS). We use data centres located in the Asia Pacific (Mumbai) region to ensure low latency and compliance with Indian data localisation practices.

Encryption. All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS). Sensitive data at rest, including passwords and payment information references, is encrypted using industry-standard AES-256 encryption.

Access Controls. Access to user data is restricted to authorised personnel only, on a need-to-know basis. We implement role-based access controls, multi-factor authentication for administrative access, and maintain detailed audit logs.

Security Practices. We conduct regular security assessments and follow industry best practices to protect your data. While we take reasonable measures to safeguard your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Breach Notification. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law, within 72 hours of becoming aware of the breach.

We use a minimal set of cookies and similar technologies strictly necessary for the operation and improvement of the Service:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled as they are necessary for the Service to function
• Analytics Cookies: Used to collect anonymous usage statistics to help us understand how the Service is used and to identify areas for improvement. We use privacy-focused analytics that do not track users across websites

We do not use advertising cookies, third-party tracking pixels, or sell any data to advertisers. We do not engage in cross-site tracking or behavioural profiling for advertising purposes.

We use the following third-party services to operate and deliver the Service. Each of these providers has their own privacy policy governing their handling of data:

• Amazon Web Services (AWS): Cloud infrastructure, hosting, storage, and computing services. Data is processed and stored in AWS data centres in India (Mumbai region). AWS Privacy Policy
• Razorpay: Payment processing for subscription plans. Razorpay is PCI DSS Level 1 compliant and handles all payment card data directly. We only receive transaction confirmations and references. Razorpay Privacy Policy
• Google Fonts: Web fonts used in generated websites. When visitors view a published website that uses Google Fonts, their browser may connect to Google servers to load font files. Google Privacy Policy

We only share the minimum amount of data necessary with these third-party providers for them to perform their services. We do not sell, rent, or trade your personal information to any third party.

We retain your information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with our legal and regulatory obligations
• Resolve disputes and enforce our agreements

Specific retention periods include:

• Account Data: Retained for the duration of your account and for 90 days after account deletion to allow for account recovery
• Site Content: Retained for the duration of your account. Upon account deletion, site content is permanently deleted within 30 days, except as required by law
• Usage Logs: Automatically deleted after 12 months
• Payment Records: Retained for 7 years to comply with Indian tax and accounting regulations
• Backups: Encrypted backups may retain deleted data for up to 30 days before automatic purging

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws, you have the following rights with respect to your personal data:

• Right to Access: You have the right to request a summary of your personal data that we process and the processing activities related to it
• Right to Correction: You have the right to request correction of inaccurate or incomplete personal data. You can update most of your account information directly through the Service
• Right to Erasure: You have the right to request deletion of your personal data, subject to certain exceptions where retention is required by law or for legitimate business purposes
• Right to Grievance Redressal: You have the right to lodge a complaint with our Grievance Officer or with the Data Protection Board of India if you believe your data protection rights have been violated
• Right to Nominate: You have the right to nominate another individual to exercise your data protection rights in the event of your death or incapacity, as provided under the DPDP Act
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal

To exercise any of these rights, please contact us at privacy@enablenow.in. We will respond to your request within 30 days as required by applicable law. We may request additional information to verify your identity before processing your request.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@enablenow.in so that we can take appropriate action.

Your data is primarily stored and processed in India (AWS Mumbai region). In certain circumstances, your data may be transferred to or accessed from locations outside of India for the following purposes:

• Use of AI models and services hosted by third-party providers in other jurisdictions
• Content delivery networks (CDNs) that cache and serve your published website content from globally distributed servers for faster access
• Third-party service providers who may process data in their respective jurisdictions

Where data is transferred outside of India, we ensure that appropriate safeguards are in place, including contractual obligations requiring the recipient to protect your data in accordance with standards equivalent to those required by Indian law. Any such transfers will comply with the provisions of the DPDP Act and any rules or regulations issued thereunder.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Post a notice on the Service or send an email notification
• Where required by law, obtain your consent before applying material changes that affect how your personal data is processed

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you are not satisfied with our response to your privacy concern, you may contact the Data Protection Board of India as established under the Digital Personal Data Protection Act, 2023.