Privacy Policy

This Privacy Policy is a computer-generated electronic record published in terms of Rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (as amended) read with the Information Technology Act, 2000 (as amended), and does not require any physical or digital signatures.

Introduction

This Privacy Policy ("Policy") applies to Your use of the /in/ variant of grow.glitchexecutor.com, operated by Bani Thani, a sole proprietorship owned by Harshita Goyal at GF-1, Gopal Tower, Shri Ram Colony, Gwalior, Madhya Pradesh – 474002, India (collectively, the "Website"). The terms "we", "our" and "us" refer to Bani Thani; the terms "You", "Your" and "User" refer to You as a user of the Website.

"Personal Information" or "Personal Data" means information that personally identifies You or that is tied to such information — for example Your name, email address, phone number, transaction reference and any other data You provide. The Policy describes our practices for collecting, using, processing, storing and sharing Personal Information in compliance with:

• The Digital Personal Data Protection Act, 2023 ("DPDPA") and any rules notified under it,
• The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and
• The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

By visiting this Website, You agree and acknowledge to be bound by this Policy and consent to the collection, use, processing and sharing of Your Personal Information in the manner set out below. If You do not agree with this Policy, do not use the Website.

Our Terms of Service form an integral part of Your use of this Website and should be read in conjunction with this Policy.

1. Data Fiduciary & Grievance Officer

Under the DPDPA, Bani Thani is the Data Fiduciary in relation to Personal Data collected through the India variant of grow.glitchexecutor.com. GSTIN: 23AMMPG9088N1ZB.

• Grievance Officer: Harshita Goyal (proprietor)
• Email: support@glitchexecutor.com
• Postal address: GF-1, Gopal Tower, Shri Ram Colony, Gwalior, Madhya Pradesh – 474002, India

We acknowledge data-related requests within 7 working days and respond within 30 days, in accordance with DPDPA §13 and Rule 3(2) of the IT Rules, 2021.

Payment-instrument-related grievances may also be raised directly with Razorpay's Data Protection Officer (Mr. Shashank Karincheti) at dpo@razorpay.com or through razorpay.com/grievances.

2. Information we collect and how we use it

We collect, receive and store Personal Information You provide when You interact with the Website. You may opt to not provide certain information, but that may restrict You from registering with us or availing some of our features and services.

We use commercially reasonable efforts to ensure that the collection of Personal Information is limited to that which is necessary to fulfil the purposes set out below. If we use or plan to use Your information in a manner different from the purpose for which it was collected, we will seek Your fresh consent prior to such use.

• Lead-capture form — name, email, phone number (with country code), and Your stated profession. Submitted voluntarily when You click "Get the free Vibe Coder Kit".
• Purchase data — the items You purchase, the timestamp, the GST invoice details (if applicable) and the transaction reference returned by Razorpay. We do not store Your card number, CVV, UPI VPA or net-banking credentials; these are handled solely by Razorpay as a payment aggregator licensed by the Reserve Bank of India and are tokenised under the RBI's card-tokenisation framework.
• Communications — the contents of emails You send to us and any community Discord messages You post in our server.
• Server & analytics logs — IP address, user-agent, referrer, approximate (city-level) location, and timestamps. Used for security, abuse prevention and aggregated traffic analysis. Retained up to 30 days.
• Bot-protection signals — Cloudflare Turnstile challenge responses; we receive only a pass/fail signal.

We do not collect Sensitive Personal Data or Information (as defined in Rule 3 of the SPDI Rules — financial information beyond payment-aggregator-handled flows, biometric data, health data, sexual orientation, caste, religious or political opinions) through this Service.

3. Purposes of processing

Personal Information is used only for the following purposes:

• Deliver the free Vibe Coder Kit and related onboarding emails (DPDPA §7(a) — consent).
• Fulfil orders and provide post-sale support for paid agents (DPDPA §7(a) — consent / §7(b) — performance of contract).
• Run profession-segmented nurture emails and product announcements (DPDPA §7(a) — consent; You may withdraw consent at any time, see §6).
• Process payments, raise GST invoices, and reconcile settlements with Razorpay.
• Detect fraud, prevent spam, secure systems and enforce our Terms (DPDPA §7(g) — legitimate purpose).
• Comply with applicable law including tax record-keeping, RBI guidelines, and lawful requests from government, regulatory or law-enforcement agencies (DPDPA §7(c) — compliance with law).

4. Sharing of Personal Information

We do not sell Personal Information, do not engage in cross-context behavioural advertising beyond Meta CAPI server-side events on first-party identifiers, and do not share Personal Information with data brokers.

We share Personal Information only with the following processors, each acting on documented instructions and bound by a data-processing arrangement:

• Razorpay Software Pvt Ltd (Bengaluru, India) — payment processing, KYC, settlement, fraud screening. Razorpay's own privacy practices are at razorpay.com/privacy.
• Resend, Inc. (Delaware, USA) — transactional and lifecycle email delivery.
• Cloudflare, Inc. (San Francisco, USA) — site hosting, edge security, analytics aggregation, Turnstile bot protection.
• Google LLC / Google Cloud — service-account-mediated writes to a Google Sheet used as a backup of the lead list.
• Meta Platforms, Inc. — server-side Conversions API events with hashed identifiers, for measurement of paid-acquisition campaigns.
• Discord, Inc. (San Francisco, USA) — community messaging, only if You accept the invite to join.

We may additionally disclose Personal Information in good faith where such disclosure is reasonably necessary to:

• investigate or take action regarding suspected illegal activities or violation of our Terms,
• comply with legal process such as a subpoena, summons, court order or statutory notice (including under §94 of the Bharatiya Nagarik Suraksha Sanhita or §175 of the BNSS as applicable),
• protect the rights, reputation, safety or property of Bani Thani, our users, affiliates or the public.

Where data is transferred outside India, we rely on the standard contractual clauses or equivalent safeguards offered by the processor, and in all cases the country of transfer is one not currently restricted by the Central Government under DPDPA §16.

5. Retention

• Lead-form submissions — retained while Your consent stands; deleted within 30 days of consent withdrawal.
• Purchase records, GST invoices and tax records — retained for 8 years to satisfy Indian tax record-keeping requirements (Companies Act §128, Income Tax rules) and for 10 years where required to satisfy Razorpay merchant audit obligations.
• Server access logs — 30 days.
• Email engagement metadata in Resend — 90 days.

6. Your rights under DPDPA

As a Data Principal, You have the following rights, exercised by emailing support@glitchexecutor.com:

• Right to access — a summary of the Personal Information we hold about You and the purposes of processing (DPDPA §11).
• Right to correction & erasure — request that inaccurate Personal Information be corrected, or that Your data be erased once no longer required for the purpose collected (DPDPA §12).
• Right to grievance redressal — escalate any concern to our Grievance Officer (named in §1).
• Right to nominate — nominate any other person to exercise Your rights in the event of death or incapacity (DPDPA §14).
• Right to withdraw consent — at any time, by emailing the Grievance Officer or unsubscribing via the link in any marketing email (DPDPA §6(4)). Withdrawal will not affect the lawfulness of processing carried out before withdrawal.

7. Cookies & trackers

We use a small number of first-party cookies to maintain session state and to remember preferences such as announcement-bar dismissal. Where enabled by configuration, the following third-party trackers also load on the site:

• Google Tag Manager (GTM-XXXXXXX) — a tag-orchestration container shared across all Glitch sites. Itself stores no analytics data; it conditionally loads the trackers below per page rule.
• Google Analytics 4 — first-party cookies _ga and _ga_<ID> for pseudonymous pageview / event measurement. Data is processed by Google LLC under its Google Ads Data Processing Terms.
• Meta Pixel + Meta Conversions API — browser-side pixel for retargeting and server-side event API for measurement of paid-acquisition campaigns. Identifiers transmitted to Meta are SHA-256 hashed where configured.
• TikTok Pixel — browser-side pixel for retargeting and conversion measurement on TikTok ad campaigns.
• Cloudflare — Turnstile bot challenge (no persistent identifier in our scope; Cloudflare's own challenge cookie may be set during a challenge).

You can disable cookies through Your browser settings or opt out of advertising trackers via Your Meta / TikTok / Google account preferences. Doing so will not break functional use of the Website but may affect the relevance of any ads You see elsewhere.

8. Security

We implement reasonable technical and organisational safeguards commensurate with the information assets being protected and the nature of our business, including TLS for all network traffic, encrypted at-rest storage for lead and purchase records, Cloudflare bot mitigation, and least-privilege access controls. Despite this, because of the inherent vulnerabilities of the internet, no system is perfectly secure and we cannot warrant complete security of all information transmitted to us. If You suspect a compromise, email us immediately. This section reflects our compliance with Rule 8 of the SPDI Rules and §43A of the IT Act, 2000.

9. Links to other websites

References on this Website to any names, marks, products or services of third parties or hyperlinks to third-party websites are provided solely for Your convenience and do not constitute or imply endorsement by us. Except as set out in §4, we do not share Your Personal Information with those third parties and are not responsible for their privacy practices. We suggest You read the privacy policies on all such third-party websites.

10. Children

The Service is not directed at, nor knowingly used by, persons under 18. We do not knowingly process the Personal Information of children. If You believe we have inadvertently collected such data, contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. The current version will always be available at this URL with the "Last updated" date. Material changes will be communicated by email to active users before they take effect. Your continued use of the Website after the effective date of any change constitutes acceptance of the updated Policy.

12. Governing law & supervisory authority

Your use of this Website will be governed by and construed in accordance with the laws of Madhya Pradesh, India. Any legal action or proceedings arising out of Your use shall be subject to the dispute-resolution mechanism set out in Section 16 of our Terms of Service (arbitration seated at Gwalior, Madhya Pradesh, with the courts at Gwalior, Madhya Pradesh having exclusive jurisdiction over matters not subject to arbitration).

If Your grievance is not resolved by the Grievance Officer named in §1, You may escalate to the Data Protection Board of India established under the DPDPA, once operationalised, or approach the appropriate consumer-protection forum in Madhya Pradesh, India.