Nagana Media (Naganarai Media Tech Pvt. Ltd.)
Effective Date: August 16, 2023 · Last Updated: July 09, 2026
Naganarai Media Tech Pvt. Ltd., operating as Nagana Media ("Nagana Media," "we," "us," or "our"), is committed to protecting the privacy of everyone who visits our website, contacts us, or engages our services. This Privacy Policy explains what personal data we collect, why, how we protect it, and the rights available to you depending on where you are located. It is organized to serve visitors and clients under the EU General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act 2023 (DPDP Act), and applicable US state privacy laws, in a single document.
1. Who We Are
Nagana Media is a B2B AI marketing and content agency operated by Naganarai Media Tech Pvt. Ltd., registered in Jaipur, Rajasthan, India, at 6, Raghu Vihar, Maharani Farm, Durgapura, Jaipur, Rajasthan, India (302018). For the purposes of GDPR and the DPDP Act, Nagana Media acts as the Data Controller / Data Fiduciary for personal data collected through naganamedia.com and in the course of client engagements, and as a Data Processor / Data Processor on behalf of clients where we handle end-customer data as part of a service engagement (this is governed separately by our Data Processing Agreement).
2. Personal Data We Collect
Contact and identity data: name, job title, company, email address, phone number — submitted via our contact form, LinkedIn outreach responses, or email.
Engagement data: information shared during scoping calls, briefs, and content review cycles for active or prospective clients.
Technical and usage data: IP address, browser type, device type, pages visited, referring source, and approximate location, collected via analytics and cookies (see our Cookie Policy).
Communications: records of email and messaging correspondence with us.
We do not knowingly collect sensitive categories of data (health, biometric, financial account details, government IDs) through the website, and we do not knowingly collect data from anyone under the age of 18.
3. Why We Process Your Data (Purposes and Legal Bases)
3.1 Purposes
Responding to inquiries and providing quotes or proposals.
Delivering contracted services (content strategy, AEO/GEO audits, campaign execution).
Improving our website and understanding how it is used.
Sending relevant updates to prospects and clients who have opted in.
Meeting legal, accounting, and tax obligations.
3.2 Legal bases (GDPR, Article 6)
Contract: processing necessary to perform or take steps toward a service agreement.
Legitimate interests: responding to inbound inquiries, securing our website, and direct marketing to business contacts where permitted, balanced against your rights.
Consent: cookies that are not strictly necessary, and any marketing communications where consent is the applicable basis under local law.
Legal obligation: tax, accounting, and regulatory recordkeeping.
3.3 DPDP Act basis
Under the DPDP Act, we process personal data on the basis of your consent (for example, submitting our contact form or subscribing to updates) or for a "legitimate use" recognized under the Act, such as responding to a request you have made or for purposes you have voluntarily provided data for. Where consent is the basis, you may withdraw it at any time using the contact details in Section 9, and we will stop the relevant processing going forward, without affecting the lawfulness of processing before withdrawal.
4. How We Share Personal Data
We do not sell personal data. We share data only in the following circumstances:
With service providers who support our operations, including website hosting and deployment providers, Google Sheets / Google Workspace for submission records, Resend for email delivery, Upstash Redis for temporary OTP verification data, PostHog for analytics after consent, GitHub / Decap CMS for website content workflows, and other operational tools we may use from time to time. These providers are expected to protect the data and use it only for the purposes we specify.
With professional advisors (accountants, lawyers) where necessary.
Where required by law, regulation, or valid legal process.
In connection with a business transaction (merger, acquisition, financing), subject to confidentiality protections.
5. International Data Transfers
As an India-based company serving clients in the EU and the US, personal data we collect may be transferred to and processed in India and other countries where our service providers operate. Where we transfer personal data out of the EEA, we rely on the European Commission's Standard Contractual Clauses or another recognized transfer mechanism. The DPDP Act permits cross-border transfer of personal data by default, except to countries specifically restricted by the Indian government (none have been notified as of the effective date of this policy).
6. Data Retention
We keep personal data only as long as necessary for the purposes described in this policy: engagement and contract records for the duration of the relationship and as required by Indian tax and corporate law thereafter (typically up to 8 years), lead/contact-form data for 24 months from last contact unless you ask us to delete it sooner or opt in to continued contact, AI SEO audit submissions for 24 months from submission, and OTP verification data for approximately 5 minutes. Analytics data is retained according to our PostHog workspace settings and deleted or anonymized when no longer needed.
7. Your Rights
7.1 If you are in the European Economic Area or UK (GDPR)
Right to access a copy of your personal data.
Right to rectification of inaccurate data.
Right to erasure ("right to be forgotten"), subject to legal exceptions.
Right to restrict or object to processing, including direct marketing.
Right to data portability.
Right to lodge a complaint with your local supervisory authority.
7.2 If you are in India (DPDP Act)
Right to access information about what personal data we process and the processing activities undertaken.
Right to correction and updating of your personal data.
Right to erasure of personal data that is no longer necessary for the purpose it was collected.
Right to grievance redressal — you may raise a complaint with our Grievance Officer (Section 9), and if unresolved, escalate to the Data Protection Board of India.
Right to nominate another individual to exercise your rights in the event of death or incapacity.
7.3 If you are a US resident (CCPA/CPRA and similar state laws)
Right to know what personal data we collect and how it is used.
Right to delete personal data we hold about you, subject to exceptions.
Right to correct inaccurate personal data.
Right to opt out of the sale or sharing of personal data — Nagana Media does not sell personal data and does not share it for cross-context behavioral advertising.
Right to non-discrimination for exercising any of these rights.
We honor Global Privacy Control (GPC) signals as a valid opt-out request where technically supported by our cookie consent tool.
7.4 Exercising your rights
To exercise any right described above, email contact@naganamedia.com with the subject line “Privacy Request” and describe whether you are requesting access, correction, erasure, withdrawal of consent, nomination, or grievance redressal. We will verify your request and respond within the timeframe required by applicable law (generally 30 days under GDPR and DPDP, 45 days under CCPA, extendable in defined circumstances).
8. Security
We apply reasonable technical and organizational measures appropriate to our size and the nature of the data we process, including access controls, encrypted transmission where applicable, and vendor contracts requiring equivalent protections. No system is completely secure, and we encourage you to contact us promptly if you believe your data has been compromised.
9. Grievance Officer and Contact
For any privacy question, rights request, or grievance, contact:
Grievance Officer: Abhijeet Singh
Email: contact@naganamedia.com
Address: Naganarai Media Tech Pvt. Ltd., 6, Raghu Vihar, Maharani Farm, Durgapura, Jaipur, Rajasthan, India, 302018
We aim to acknowledge grievances within 7 days and resolve them within 30 days, consistent with DPDP Act expectations.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated version with a new "Last Updated" date, and where changes are material, we will provide additional notice as appropriate.
