How we collect, use, and protect your personal data
"AdsOverAI", "we", "our", or "us" means Wingspan Technologies Private Limited.
This policy covers personal data we process about (i) website visitors, (ii) advertisers and publishers/AI‑tool partners ("Partners"), and (iii) end‑users who view or interact with ads delivered into AI chats/agents by AdsOverAI via Partner apps/sites ("End‑Users"). We may act as a Data Fiduciary for our own products/website and certain ad‑measurement functions, and as a Data Processor when processing on a Partner's documented instructions.
Name, company, designation, email, phone, billing details (including GSTIN), service usage, support interactions.
Device/browser characteristics, IP address, timestamps, referrer, pages/actions, diagnostic logs, coarse location (derived from IP), cookies or similar technologies where consented.
Non‑identifying contextual signals from the host AI/chat interface (e.g., conversation topic category provided by the Partner or our on‑device/edge taxonomy), ad impression and click events, frequency capping tokens, fraud signals. We do not store raw conversation transcripts by default; if a Partner sends snippets for brand‑safety/contextual classification, we process them ephemerally and discard or de‑identify promptly.
We do not seek to collect "sensitive personal data or information" as defined under the IT SPDI Rules (e.g., passwords, financial info, health, biometrics) unless you voluntarily provide it for a clear purpose (e.g., billing contact).
Provide, operate, secure and improve ad delivery into AI chats/agents; measure performance; detect/prevent fraud and abuse; debug and support; enforce policies and contracts; comply with law; communicate with you about service, security, or transactional matters.
Our default ad targeting is contextual (based on conversation topic/category or page context), not behavioral profiles across sites. Where personalization beyond contextual is offered, we will seek consent and provide controls consistent with the DPDP Act's consent/notice requirements.
Under the Digital Personal Data Protection Act, 2023 (DPDP), we rely on consent (Section 6) or certain legitimate uses as applicable; we provide notices describing the personal data/purposes, how to exercise rights, and how to complain to the Data Protection Board of India (Section 5). We will make notices available in English and other Eighth Schedule languages as practicable.
Subject to law, you can:
To exercise rights, email privacy@adsoverai.com (subject: "DPDP Request"), or use any controls provided by Partners (when we process on their behalf).
We do not knowingly deliver personalized ads to children (<18 years). Partners must not send us data indicating a child user for personalized ads; any ad delivery into child‑directed contexts must be context‑only and compliant with DPDP child protections.
We do not sell personal data.
We may process data on infrastructure outside India (e.g., cloud regions) subject to contractual safeguards. The DPDP adopts a negative‑list approach: transfers are permitted except to countries the Government may restrict by notification; we will comply with any such notifications.
We implement layered technical/organizational measures. We maintain security logs and, where applicable, report cyber incidents to CERT‑In within 6 hours and retain logs for 180 days within India, per CERT‑In Directions.
We retain data only as needed for the purposes above, contractual/accounting obligations, dispute resolution, and legal compliance; then we delete or de‑identify.
We may update this Policy. Material changes will be posted with a new effective date.
This privacy policy is ready for India's DPDP Act and IT Act requirements. Last Updated: January 2025.