California Privacy Notice

California rights, in plain English.

California residents have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This notice tells you what we collect, why, and how to exercise those rights.

# effective 30_apr_2026 · ccpa · cpra · cal_civ_code_1798
# short_version

TagDrishti does not sell or share your personal information for cross-context behavioural advertising. We do not use sensitive personal information for inferences. California rights below; to exercise any of them, email [email protected] or use the in-product Data & Privacy controls.

1. Who this notice covers.

This notice applies to California residents whose personal information we process as a business under the CCPA/CPRA. For tag-monitoring data captured from your end users on your customer-facing website, you are the business and TagDrishti acts as your service provider under Cal. Civ. Code § 1798.140(ag); the contractual restrictions of § 1798.140(ag)(1) apply to TagDrishti and flow down to every sub-processor we use.

2. Categories of personal information we collect.

In the past 12 months we have collected the following CCPA categories from California residents:

  • Identifiers — name, email address, IP address, account ID, Clerk user ID. Source: directly from you at signup.
  • Customer records (Cal. Civ. Code § 1798.80(e)) — billing address, organisation name. Source: directly from you.
  • Commercial information — subscription tier, billing history, product usage statistics. Source: our service usage.
  • Internet/network activity — pages viewed in the dashboard, feature interaction, session timestamps. Source: our service usage.
  • Geolocation data (coarse) — country/region inferred from IP for residency routing. Source: incoming requests.
  • Inferences — account engagement scores used to surface activation and churn-risk signals to ourselves. Not used for advertising.

We do not collect: biometric data, geolocation precise to within 1850 feet, contents of your communications outside support tickets, or any “sensitive personal information” category as defined in Cal. Civ. Code § 1798.140(ae).

3. Business or commercial purposes.

The CCPA requires us to identify the specific business purpose for each category collected:

  • Operating, providing, and securing the service you subscribed to.
  • Processing payments and detecting payment fraud (via Paddle).
  • Producing the service’s monitoring and analytics outputs (alerts, digests, audit reports).
  • Customer support and account communications.
  • Compliance with legal obligations (tax, audit, court order).
  • Aggregate usage analysis to improve the platform — never individual-level analysis for advertising.

4. Sale and sharing.

TagDrishti does not sell personal information. “Sale” under the CCPA includes any disclosure of personal information for monetary or other valuable consideration; we do not engage in any such disclosure.

TagDrishti does not share personal information for cross-context behavioural advertising. “Sharing” under the CPRA covers disclosure of PI to a third party for cross-context behavioural advertising; we do not do this either.

Because we neither sell nor share, the “Do Not Sell or Share My Personal Information” link required by Cal. Civ. Code § 1798.135 is not technically required — but we provide a clear opt-out path anyway: email [email protected] with the subject line “Do Not Sell” and we will record the preference and confirm in writing within 15 business days.

5. Personal information disclosed for a business purpose.

We disclose the categories in §2 above to our sub-processors strictly to perform the service. The sub-processor page enumerates each recipient, the data category they receive, and the purpose. Each sub-processor is contractually bound to (a) use the information only for the purposes specified, (b) not sell or share it, (c) maintain at least the same security level, and (d) flow these obligations down to their own sub-processors.

6. Your California rights.

Right to know

You may request a copy of the personal information we have collected about you in the 12 months preceding the request, including categories, sources, purposes, and recipients. Use the in-product Settings → Data & Privacy → Export Data control or email [email protected]. Response within 45 days; one extension of up to 45 additional days available with notice.

Right to delete

You may request deletion of personal information we have collected from you, subject to the exceptions in Cal. Civ. Code § 1798.105(d) (legal compliance, security, internal use compatible with the context of collection, etc.). Use the in-product delete control or email [email protected].

Right to correct

If the personal information we hold about you is inaccurate, you may request correction. Most fields are self-serviceable from Settings → Profile; for fields you cannot edit yourself, email [email protected].

Right to opt out of sale or sharing

We do not sell or share your personal information; the right is preserved by the contractual restrictions on every sub-processor (§5 above) and a documented internal policy. To object on the record, email [email protected] with subject “Do Not Sell”.

Right to limit use of sensitive personal information

We do not collect sensitive personal information as defined in § 1798.140(ae), so the limitation right has nothing to attach to. If this changes we will update this section and provide an explicit limit-use control.

Right to non-discrimination

We will never deny service, charge a different price, or provide a different level of service because you exercised a CCPA right.

Right to opt out of automated decision-making

We do not use solely automated processes for decisions that produce legal or similarly significant effects on you. Plan limits and rate-limit decisions are deterministic configuration, not profiling.

7. Authorised agents.

You may use an authorised agent to submit any of the requests above. We will require: (a) written, signed authorisation from you, (b) verification of the agent’s identity, and (c) verification of your identity as the consumer making the request. We may decline a request from an agent who does not provide adequate proof of authorisation.

8. Request metrics.

Cal. Civ. Code § 1798.130(a)(5)(D) and the CPRA regulations require businesses that buy, sell, or share the PI of 10 million or more California consumers to publish annual request metrics. TagDrishti is below that threshold; we will publish metrics here voluntarily once requests are received.

9. Contact us.

For California privacy questions or to exercise any right above:

  • Email: [email protected]
  • Subject line for fast routing: “CCPA: [right]”
  • Postal: TagDrishti Technologies, India
  • Response window: 45 days, with one possible 45-day extension on notice

For matters not covered here, see the full Privacy Policy.