PRIVACY POLICY
Effective Date: February 10, 2026
Last Updated: February 10, 2026
Version: 2.0 (Global Compliance Edition)
1. Introduction and Scope
Welcome to ashishdungdung.com (hereinafter referred to as the “Website” or “Site”). The Website is owned by Ashish Dungdung and operated by Ash Digital Services (“Company,” “we,” “us,” or “our”).
We recognize that your privacy is a fundamental right. This Privacy Policy is a legally binding document that outlines how we collect, process, retain, and share your personal data. It has been drafted to strictly comply with the following legal frameworks:
- India: The Digital Personal Data Protection Act, 2023 (DPDP Act).
- European Union / UK: The General Data Protection Regulation (GDPR).
- United States (California): The California Privacy Rights Act (CPRA) and CCPA.
2. Identity of the Data Fiduciary
For the purposes of data protection laws, the entity responsible for your data is:
- Data Fiduciary (India) / Data Controller (GDPR): Ash Digital Services
- Owner: Ashish Dungdung
- Registered Office: [Insert Your City, e.g., Rourkela, Odisha, India]
- Contact Email: [Insert Your Support Email]
3. Comprehensive Data Collection
We collect data to provide services, process payments, and improve user experience. The data we collect includes:
3.1. Information You Voluntarily Provide
- Identity Data: First name, last name, username.
- Contact Data: Email address, phone number, billing address, and shipping address.
- Transaction Data: Details about payments to and from you and other details of products/courses you have purchased from us.
- Profile Data: Your username, password (encrypted), purchase history, feedback, and survey responses.
3.2. Information Collected Automatically (Usage Data)
When you interact with our Site, we automatically collect specific technical data:
- Device Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
- Usage Data: Clickstream data (the path you take through our site), page response times, download errors, length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs).
- Geolocation Data: We collect non-precise location data (City/Region) derived from your IP address. We do not collect precise GPS coordinates.
4. Purpose and Legal Basis for Processing
We only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
| Purpose of Processing | Type of Data | Legal Basis (GDPR/DPDP) |
|---|---|---|
| To process and deliver your order (Courses/Services) | Identity, Contact, Financial, Transaction | Performance of Contract |
| To manage our relationship with you (Notifying you of changes, asking for reviews) | Identity, Contact, Profile | Performance of Contract Legitimate Interest |
| To administer and protect our business (Fraud detection, troubleshooting) | Identity, Contact, Technical | Legitimate Interest |
| To deliver relevant website content and advertisements | Identity, Contact, Profile, Usage, Marketing | Consent (via Cookie Banner) |
5. Advertising, Retargeting & Third-Party Tracking
We use sophisticated third-party tools to analyze traffic and serve personalized advertisements (“Retargeting”).
5.1. Google Analytics 4 (GA4) & Google Signals
We use Google Analytics to understand user behavior. If you have enabled “Personalized Ads” in your Google account, Google Analytics may collect cross-device data. You can opt-out by installing the Google Analytics Opt-out Browser Add-on.
5.2. Google AdSense & Google Ads
We use Google AdSense to display ads and Google Ads for remarketing. This means:
- Third-party vendors, including Google, use cookies to serve ads based on your prior visits to our website or other websites.
- Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to our sites and/or other sites on the Internet.
- Opt-Out: Users may opt-out of personalized advertising by visiting Google Ad Settings.
5.3. Meta (Facebook) Pixel
We use the Meta Pixel to track conversions from Facebook/Instagram ads, optimize ads, and build targeted audiences for future ads. This involves collecting data about your browsing behavior on our Site and matching it with your Facebook profile data. You can adjust your preferences in your Facebook Ad Settings.
5.4. Heatmaps & Session Recording
We use technologies such as Hotjar or Microsoft Clarity to better understand our users’ needs (e.g., how much time they spend on which pages, which links they choose to click). Privacy Note: All sensitive input fields (credit cards, passwords) are automatically masked and are never recorded by these tools.
6. Sharing of Personal Data & Infrastructure
We do not sell your personal data. We share your data only with specific “Data Processors” who assist in our operations. We have data processing agreements in place with these providers to ensure the safety of your information.
6.1. Cloud Infrastructure & Hosting
Our website and services are hosted on enterprise-grade cloud infrastructure. We use the following providers to store data and compute services:
- AWS (Amazon Web Services): Primary cloud infrastructure and storage.
- UpCloud & IONOS: Virtual private servers (VPS) for application hosting.
- Uphold: Used for specific server/transactional infrastructure requirements.
6.2. Content Delivery Networks (CDNs)
We use Content Delivery Networks (such as Cloudflare, AWS CloudFront, or BunnyCDN) to deliver our website content faster and to protect our site from security threats (DDoS attacks).
- How it works: When you visit our Site, your request is routed through a global network of servers (Edge Nodes) closest to your location.
- Data Processed: These CDNs process your IP address and technical device data to serve images/scripts efficiently and to block malicious traffic. This processing is based on our Legitimate Interest in ensuring the security and performance of our Site.
6.3. Other Third-Party Processors
- Payment Gateways: Stripe, Razorpay, PayPal (Secure payment processing).
- Email Marketing: Mailchimp / ConvertKit (Newsletter delivery).
- Analytics & Ads: Google (Analytics, AdSense, Ads), Meta (Pixel).
7. International Data Transfers
Due to the global nature of our infrastructure (AWS, UpCloud, CDNs), your data may be processed in multiple jurisdictions.
- Server Locations: Our primary servers are located in the United States, Europe (Germany/UK), and Singapore.
- CDN Edge Nodes: CDN servers are located globally. If you access our site from India, your data may be cached on a CDN edge node within India for speed, but the core data remains on our main servers.
- Legal Safeguards:
- For Indian Users: You acknowledge that your data is transferred outside India. We ensure such transfers comply with the restrictions under the DPDP Act, 2023.
- For European Users: We transfer data to the US/Global locations under mechanisms such as Standard Contractual Clauses (SCCs) to ensure your rights are protected.
8. Data Security and Breach Notification
We have put in place appropriate security measures (SSL encryption, firewall protection) to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.
Breach Notification: In the unlikely event of a data breach that poses a high risk to your rights, we will notify you and the relevant Data Protection Board (DPB) within the legal timeframes mandated by the DPDP Act and GDPR.
9. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Tax & Legal Records: 7-8 Years (as required by Indian Tax Laws).
- Marketing Data: Until you unsubscribe.
10. Strict Policy on Children (Parental Contract)
Commercial services on this Site are intended for adults (18+).
If a user under the age of 18 (“Minor”) accesses this Site or purchases a course, it is legally deemed that:
- The Minor is acting under the strict supervision of a Parent or Legal Guardian.
- The legal contract is formed solely between Ash Digital Services and the Parent/Guardian.
- The Parent/Guardian accepts full liability for the Minor’s actions and consents to the processing of the Minor’s data in accordance with this policy.
If we discover that a Minor is using the service without parental consent, we will delete their data immediately.
11. Your Legal Rights
Depending on your jurisdiction, you have specific rights:
- Right to Access: Ask for a copy of your data.
- Right to Correction: Ask us to fix wrong data.
- Right to Erasure (Right to be Forgotten): Ask us to delete your data (subject to legal retention laws).
- Right to Nominate (India): Nominate someone to handle your data rights in the event of death/incapacity.
- Right to Opt-Out (California): Opt-out of the “sharing” of data for cross-context behavioral advertising.
12. Third-Party Links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
13. Governing Law and Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this policy or your use of the Website shall be subject to the exclusive jurisdiction of the courts located in [Insert City, e.g., Rourkela, Odisha], India.
14. Contact and Grievance Officer
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the contact details of the Grievance Officer are provided below:
Name: Ashish Dungdung
Designation: Grievance Officer
Email: [Insert Your Email Address]
Postal Address: [Insert Your Physical Mailing Address]
We aim to respond to all legitimate requests within 30 days.