Privacy Policy

PRIVACY AT A GLANCE — KEY POINTS

The above are key highlights. Please read the full policy below for complete details.

At GUESTPOST SOFTWARE, safeguarding your personal information represents a fundamental commitment embedded within our operational framework. We recognise that trust forms the foundation of meaningful business relationships, and transparent data handling practices serve as essential components of that trust.

This Privacy Policy explains how GUESTPOST SOFTWARE (accessible at https://guestpostsoftware.com) collects, processes, stores, and protects information obtained through your interaction with our digital platform. Whether you are a registered user, casual visitor, publisher, or customer, this document outlines your privacy rights and our corresponding responsibilities.

By accessing our website, creating an account, or utilising any services we offer, you acknowledge having read and understood this Privacy Policy and consent to data practices described herein. Your continued engagement with our platform following policy updates constitutes acceptance of those modifications.

1. Legal Foundation and Regulatory Compliance

1.1 Governing Framework

Our data protection practices align with multiple regulatory standards, including:

• Information Technology Act, 2000 (IT Act) and the Information Technology (Amendment) Act, 2008

• IT (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011

• Digital Personal Data Protection Act, 2023 (DPDP Act)

• Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020

• General Data Protection Regulation (GDPR) for European Economic Area users

• International data privacy best practices and standards

1.2 Operating Entity

1.3 Data Protection and Grievance / Nodal Officer

1.4 Policy Modifications

GUESTPOST SOFTWARE reserves the right to update this Privacy Policy as legal requirements, business operations, or technological capabilities evolve. Material changes will be communicated through prominent website notices, email notifications to registered users, or dashboard alerts. Continued platform usage following updates signifies acceptance of revised terms.

2. Information Categories We Collect

2.1 Information You Directly Provide

Account Registration Data: When establishing a platform account, you furnish your complete legal name or authorised business designation, valid email address, secure password, physical billing address, telephone number for account verification (optional), and professional details including company name and role (optional.

Payment and Transaction Information: Processing financial transactions requires collection of alternative payment method details, billing addresses, transaction histories including purchase dates and amounts, invoice generation data, and tax documentation requirements.

Card-on-File (CoF) Tokenization — RBI Compliance [NEW v3.3]: GUESTPOST SOFTWARE does not store raw card numbers, expiration dates, CVV/CVC codes, or any cardholder data on its own servers under any circumstance, including with customer consent. This is a mandatory requirement under the Reserve Bank of India's Card-on-File Tokenisation guidelines. Where 'saved card' functionality is offered for faster checkout, GUESTPOST SOFTWARE exclusively uses tokenisation APIs provided by RBI-authorised payment gateways (Razorpay, Stripe, PayPal). The actual card number is replaced by a unique, non-reversible token that is useless if intercepted. Storing raw PANs, CVVs, or expiry dates on merchant servers — even in encrypted form — is a direct violation of RBI regulations and is strictly prohibited in our operations.

All card data is handled by PCI-DSS v4.0.1-compliant payment service providers including PayPal, Stripe, Razorpay, Wise, Payoneer, Xflow, and Skydo. These providers operate under their own privacy policies, and users are encouraged to review their respective terms before completing transactions.

Communications and Support Interactions: When engaging with our support team through email, WhatsApp Business, or integrated live chat tools, we collect message content, correspondence records, support ticket details, and satisfaction ratings. Where users contact GUESTPOST SOFTWARE via WhatsApp Business or integrated live chat tools, message content, contact details, and interaction timestamps may also be processed by the respective third-party communication provider. Users should review WhatsApp's and Meta's privacy policies for their independent data practices.

Content and Service Usage Data: Content and Service Usage Data: Throughout service utilisation, you may provide article briefs, brand information, landing page references, campaign requirements, target geographies, industry or niche preferences, app development requirements, design briefs, and editorial instructions required to deliver the selected service.

2.2 Automatically Collected Technical Information

Our systems automatically log Internet Protocol (IP) addresses and geographic approximations, device types and operating system versions, browser types and language preferences, unique device identifiers, page views and visit durations, feature usage patterns, click-through rates, error logs, and performance data.

Advertisement Impression Data: When you view GUESTPOST SOFTWARE advertisements on third-party platforms, we may collect impression data including browser type, device and operating system information, geographic region, and anonymised identifiers. This data is collected through advertising platform pixels and is used solely for measuring campaign effectiveness and reach. It does not identify you personally.

2.3 Cookie Technologies and Tracking Mechanisms

GUESTPOST SOFTWARE uses essential functional cookies required for core platform operations including authentication tokens, security identifiers, and language preferences. We also use analytics and performance cookies enabling platform improvement, advertising and marketing cookies supporting promotional activities, and third-party integration cookies facilitating payment gateway interfaces and live chat support widgets.

Payment gateway providers including Stripe, PayPal, Razorpay, Wise, and Payoneer place independent cookies during checkout sessions for fraud prevention, session security, and transaction authentication. GUESTPOST SOFTWARE does not control these cookies. Users should review the privacy policies of respective payment providers for details of their cookie practices.

Users can configure cookie preferences through browser privacy settings, our cookie consent management interface, or device-level tracking restrictions. Note that disabling certain cookies may limit platform functionality or prevent account access.

2.4 Microsoft Clarity Behavioural Analytics

GUESTPOST SOFTWARE implements Microsoft Clarity, a behavioural analytics tool capturing anonymised data including mouse movement trajectories, click events, scroll depth, form field engagement, and session replay data for usability research. Clarity employs automatic masking of sensitive form fields including passwords and payment data, anonymisation of personally identifiable information, and aggregated reporting without individual user identification. Users may opt out at: https://privacy.microsoft.com/en-us/privacystatement or by enabling Do Not Track in browser settings.

2.5 Automated Processing and AI Systems

GUESTPOST SOFTWARE uses automated tools including Microsoft Clarity for behavioural analytics and algorithmic systems for service-partner matching and platform recommendations. These systems process usage data to personalise platform experience but do not make legally significant decisions affecting user rights without human oversight. For your rights regarding automated decision-making, see §6.9.

2.6 Publisher-Specific Data Collection

For Publishers registered on the GUESTPOST SOFTWARE network, we additionally collect: domain ownership verification documentation; website traffic and authority metrics; banking or payment details for publisher compensation; editorial guidelines and content standards; publication history and performance data; and tax documentation required for payment processing. Publisher data is used exclusively for network verification, order matching, payment processing, and platform quality assurance. Publisher financial data is retained for 7 years per applicable tax and accounting regulations.

2.7 Information From Third-Party Sources

With your explicit permission, GUESTPOST SOFTWARE may receive data from external services including social media profile information during single sign-on authentication, payment processor transaction details and fraud prevention signals, and email marketing platform engagement metrics. In limited circumstances we may supplement profiles with publicly available business information from corporate registries.

2.8 Sensitive Information Exclusions

GUESTPOST SOFTWARE explicitly does not collect, request, or intentionally process medical conditions or health records, racial or ethnic origin details, political opinions or affiliations, religious or philosophical beliefs, trade union memberships, sexual orientation, biometric data for identification purposes, or criminal history information. Should users voluntarily disclose such information, we strongly advise against sharing sensitive personal details unnecessary for service delivery.

3. Data Collection Methodologies

GUESTPOST SOFTWARE collects data through: direct user submissions during registration, order placement, and support interactions; automated technical collection through server infrastructure and application code; third-party integration APIs from payment gateways, email service providers, and analytics platforms; cookie and pixel technologies embedded in our platform; advertisement impression tracking on third-party advertising platforms; and user permission requests obtained through cookie consent banners, email opt-in confirmations, and authorisation screens during registration.

4. Data Usage Purposes and Legal Bases

4.1 Service Delivery and Platform Operations

We utilise collected information to authenticate user identities, process service orders, coordinate content publication, match customers with appropriate publishers, deliver purchased services, generate invoices and financial documentation, maintain transaction records, and provide technical support.

Legal Basis: Contractual necessity for service performance.

4.2 Communication and Customer Support

Information enables us to send transactional emails, deliver security notifications, respond to support inquiries, provide onboarding guidance, share platform updates, conduct satisfaction surveys, and issue service interruption alerts.

Legal Basis: Contractual necessity and legitimate business interests.

4.3 Payment Processing and Financial Management

Data facilitates payment authorisation and capture, fraud detection and prevention, chargeback defence and dispute resolution, tax calculation and regulatory reporting, and financial reconciliation. GUESTPOST SOFTWARE does not provide financial, investment, or tax advice. Any payment-related information provided on the platform is for operational purposes only.

Third-party payment processors including PayPal, Stripe, Razorpay, Payoneer, Wise, Xflow, and Skydo maintain independent data handling practices governed by their respective privacy policies. Users are encouraged to review the privacy policies and terms of the respective payment providers before completing transactions on GUESTPOST SOFTWARE.

Legal Basis: Contractual necessity and legal compliance obligations.

4.4 Platform Improvement and Development

Analytics inform user interface design decisions, feature prioritisation, navigation structure improvements, mobile responsiveness enhancements, performance optimisations, and bug identification.

Legal Basis: Legitimate business interests in service quality.

4.5 Marketing and Promotional Activities

With appropriate consent, GUESTPOST SOFTWARE uses data for promotional emails, targeted advertisements, personalised product recommendations, retargeting campaigns, and referral programme administration. Users may withdraw marketing consent at any time through unsubscribe links in promotional emails, account settings, or direct requests to business@guestpostsoftware.com.

Legal Basis: Consent and legitimate interests.

4.6 Security, Fraud Prevention, Transaction Monitoring, and AML Compliance

Data helps GUESTPOST SOFTWARE detect fraudulent account creation and payment attempts, identify automated bot traffic, prevent unauthorised access, and monitor for terms of service violations. GUESTPOST SOFTWARE reserves the right to monitor transactions for fraud prevention and compliance purposes. Suspicious or high-risk transactions may be delayed, declined, or reported to relevant financial authorities in accordance with applicable law.

Anti-Money Laundering (AML) and KYC — Platform Obligations [NEW v3.3]: As GUESTPOST SOFTWARE operates as a publishers/developers/media partners are service delivery vendors, not sub-merchants or direct sellers to customers, the platform is subject to Platform-specific AML obligations. This includes performing due diligence on publisher identity and bank account verification before processing payouts, monitoring transaction patterns for suspicious activity, and maintaining settlement controls aligned with the RBI's AML framework and PMLA (Prevention of Money Laundering Act). Publisher KYC data is collected and retained exclusively for compliance with applicable payment aggregator and financial regulation requirements. GUESTPOST SOFTWARE reserves the right to suspend payouts pending verification and to report suspicious transactions to competent authorities without prior notice to the subject account.

Legal Basis: Legitimate interests in security; legal obligations under PMLA, Payment and Settlement Systems Act 2007, and RBI PA-O Master Direction 2025.

4.7 Legal Compliance and Governance

Information usage includes responding to law enforcement requests, complying with tax reporting obligations, maintaining records per financial regulations, addressing intellectual property infringement claims, enforcing terms of service, defending legal claims, and cooperating with regulatory investigations.

Legal Basis: Legal obligations and legitimate interests.

5. Data Sharing and Third-Party Disclosures

5.1 Service Providers and Business Partners

GUESTPOST SOFTWARE shares information with carefully selected third parties enabling platform operations including cloud hosting providers (Amazon Web Services, Google Cloud Platform), content delivery networks, email service providers, marketing automation platforms, Google Analytics, OWOX, Inspectlet, Microsoft Clarity, Facebook Ads, Google Ads, PayPal, Stripe, Razorpay, Payoneer, Wise, Xflow, Skydo, and Braintree.

All analytics and third-party service providers where applicable, subject to contractual data protection terms, are bound by Data Processing Agreements (DPAs) prohibiting use of GUESTPOST SOFTWARE user data for their own commercial purposes, independent research, or sharing with additional third parties beyond what is necessary to provide contracted services.

5.2 Strategic Partnership — GainRock

GUESTPOST SOFTWARE maintains a strategic relationship with GainRock. Shared data is limited to email addresses and account names only. Payment details, financial information, and sensitive data remain confidential. This sharing is conducted on the basis of legitimate business interests. Users may opt out of data sharing with GainRock by submitting a request to business@guestpostsoftware.com. Opt-out requests will be processed within fourteen (14) business days.

5.3 We Never Sell Personal Information

GUESTPOST SOFTWARE does not sell, rent, lease, or trade user data to data brokers, advertisers, or unaffiliated third parties for monetary compensation. Your information remains confidential except as explicitly disclosed in this policy.

Note: Sharing of limited data with advertising partners for targeted advertising may constitute 'sharing' under certain US state privacy laws. See §20 for US Resident rights.

5.4 Legal Disclosures and Governmental Requests

GUESTPOST SOFTWARE may reveal personal information when legally compelled by valid court orders or subpoenas, necessary to investigate suspected illegal activities, required to enforce terms of service, essential to protect rights or safety of GUESTPOST SOFTWARE or users, mandated by regulatory authorities, or needed to defend against legal claims. Whenever legally permissible, GUESTPOST SOFTWARE attempts to notify affected users before disclosing their information.

5.5 Business Transfers and Corporate Transactions

Should GUESTPOST SOFTWARE undergo a merger, acquisition, or sale of business assets, user information may be transferred as part of business assets. Affected users will receive advance notification, acquiring entities must honour existing privacy commitments, and users maintain rights to delete accounts before transfers complete.

5.6 Aggregated and Anonymised Data

GUESTPOST SOFTWARE may publicly share aggregated, anonymised information containing no personally identifiable elements for industry benchmark reports, academic research publications, and business intelligence purposes. Such datasets undergo rigorous anonymisation ensuring individual user identification remains impossible.

6. User Rights and Data Control

6.1 Access Rights

You may request comprehensive disclosure of personal information GUESTPOST SOFTWARE maintains, including categories of data collected, third parties with whom information has been shared, data retention periods, and source of information not directly provided by you. Submit access requests to business@guestpostsoftware.com with identity verification.

6.2 Correction and Update Rights

You can modify inaccurate or outdated personal information through self-service editing within account settings or by submitting correction requests to our support team. GUESTPOST SOFTWARE strives to process update requests within ten (10) business days of verification.

6.3 Deletion Rights (Right to be Forgotten)

You may request deletion of personal information, subject to legitimate retention requirements. Upon receiving verified deletion requests, GUESTPOST SOFTWARE will remove personal data from active systems within thirty (30) days, anonymise records retained for legal or business purposes, notify third-party processors requiring corresponding deletions, and provide confirmation once deletion completes. Information may be preserved when necessary for completing pending transactions, complying with legal obligations, resolving disputes, or detecting fraud.

6.4 Data Portability Rights

Where technically feasible, you may request personal information in structured, machine-readable formats enabling transfer to alternative services, including account profile information, transaction and order histories, content submissions, and preference settings. Contact business@guestpostsoftware.com specifying desired data categories and preferred format.

6.5 Processing Restriction Rights

You can request temporary processing limitations while contesting data accuracy, challenging processing legality, pursuing legal claims requiring data preservation, or objecting to legitimate interest processing pending assessment.

6.6 Marketing Opt-Out Rights

Users can withdraw consent for promotional communications through unsubscribe links in marketing emails, communication preferences within account dashboard settings, or direct requests to business@guestpostsoftware.com. Transactional emails regarding orders, security, and account management remain necessary for service delivery regardless of marketing preferences.

6.7 Cookie Consent Withdrawal

Revoke cookie consent through browser privacy settings blocking future cookie placements, our cookie preference centre adjusting consent categories, device-level tracking prevention features, or third-party opt-out tools and extensions.

6.8 Objection Rights

You may object to data processing based on legitimate interests by explaining your particular situation. GUESTPOST SOFTWARE will cease processing unless demonstrating compelling legitimate grounds overriding your interests or requiring data for legal claims.

6.9 Automated Decision-Making Rights

GUESTPOST SOFTWARE uses automated tools for behavioural analytics and service-partner matching (described in §2.5). These systems do not make legally significant decisions affecting user rights without human oversight. Users may contact business@guestpostsoftware.com to request information about automated processing and to request human review of any platform decisions.

6.10 Lodging Complaints with Supervisory Authorities

India: Ministry of Electronics and Information Technology (MeitY) — https://www.meity.gov.in and the Data Protection Board of India (DPBI) under the DPDP Act 2023.

EU Users: Contact your national Data Protection Authority — https://edpb.europa.eu/about-edpb/board/members_en

UAE Users: UAE Data Office — https://tdra.gov.ae

US Residents: Contact your state Attorney General's office or applicable state privacy authority. See §20 for detailed US rights.

6.11 Consent Withdrawal — DPDP Act 2023

As a Data Principal under the Digital Personal Data Protection Act 2023, you have the right to withdraw consent for processing of your personal data at any time. Withdrawal of consent may be exercised by submitting a written request to business@guestpostsoftware.com. GUESTPOST SOFTWARE will cease processing within thirty (30) days of a verified withdrawal request, subject to lawful retention obligations. Please note that withdrawal of consent for essential processing may result in inability to access platform services.

6.12 Nominee Rights — DPDP Act 2023

In accordance with the Digital Personal Data Protection Act 2023, registered users may nominate an individual to exercise data rights on their behalf in the event of death or incapacity. Nomination requests should be submitted in writing to business@guestpostsoftware.com with appropriate identification documentation. GUESTPOST SOFTWARE will honour verified nominee requests for data access, correction, or deletion within thirty (30) days.

6.13 Authorised Agent Requests

Users may submit data rights requests through an authorised agent acting on their behalf. To exercise rights through an authorised agent, the agent must provide written proof of authorisation signed by the account holder, provide identity verification of both the agent and the account holder, and submit the request to business@guestpostsoftware.com with subject line 'Authorised Agent Request — [Right Being Exercised]'. GUESTPOST SOFTWARE may contact the account holder directly to verify the agent's authorisation before processing the request.

7. Data Retention Policies

7.1 Active Account Data

Personal information associated with active accounts remains stored while accounts remain operational, enabling continuous service access and maintaining transaction histories.

7.2 Closed Account Data

Following account closure, GUESTPOST SOFTWARE implements phased data retention: publicly visible profile information, active session tokens, and pending transactions are deleted within 0–30 days; communication histories and transaction records for potential disputes are retained for 30 days to 1 year; tax documentation per legal requirements and fraud prevention records are retained for 1–7 years. After retention periods expire, identifying information undergoes irreversible anonymisation.

7.3 Category-Specific Retention

7.4 User-Initiated Deletion Requests

Verified deletion requests trigger expedited removal outside standard retention schedules, with exceptions noted in Section 6.3.

8. Security Measures and Protection Standards

8.1 Technical Safeguards

GUESTPOST SOFTWARE implements the following technical security controls:

• Transport Layer Security (TLS) version 1.2 or higher for all data transmissions. TLS 1.1 and below are not permitted in compliance with PCI DSS v4.0.1 Requirement 6. [UPDATED v3.3]

• AES-256 encryption for sensitive data stored in databases

• PCI DSS v4.0.1 compliant payment gateway processing

• GUESTPOST SOFTWARE does not directly store, process, or transmit cardholder data. The platform relies on PCI-DSS v4.0.1 certified third-party payment processors for all card transactions. GUESTPOST SOFTWARE maintains its platform infrastructure consistent with PCI-DSS SAQ-A (Self-Assessment Questionnaire A) requirements applicable to merchants that fully outsource payment processing.

• Access controls: multi-factor authentication, role-based access restrictions, principle of least privilege, and regular access audits

• Infrastructure security: firewalls, intrusion detection systems, DDoS protection, redundant backup systems, and isolated development and production environments

8.2 Organisational Safeguards

GUESTPOST SOFTWARE maintains mandatory privacy and security training for all personnel, confidentiality agreements binding employees and contractors, background verification for positions accessing sensitive data, incident response protocols, and vendor due diligence assessments with contractual data protection obligations for all service providers.

8.3 Data Breach Notification

Should a personal data breach affecting your information occur, GUESTPOST SOFTWARE will notify the Data Protection Board of India as required under the DPDP Act 2023, and will inform affected Data Principals without undue delay. Notification to users will include: categories of data compromised; likely consequences of the breach; measures taken or proposed to address the breach; and contact details for further enquiries. Where technically feasible, breach notifications will be issued within seventy-two (72) hours of GUESTPOST SOFTWARE becoming aware of the breach. While GUESTPOST SOFTWARE implements industry-standard security measures, we cannot guarantee absolute protection against all cyber threats. To the maximum extent permitted by law, GUESTPOST SOFTWARE shall not be liable for unauthorised access resulting from factors beyond its reasonable control.

8.4 Account Security Responsibilities

Users share responsibility for account security by creating strong unique passwords, never sharing credentials, logging out from shared devices, avoiding access over unsecured public Wi-Fi networks, and being cautious of phishing attempts impersonating GUESTPOST SOFTWARE. Report suspected security breaches immediately to business@guestpostsoftware.com.

8.5 Phishing Prevention

Official GUESTPOST SOFTWARE emails will originate from @guestpostsoftware.com domain addresses, never request passwords or payment data via email, and link only to https://guestpostsoftware.com. Forward suspicious emails to business@guestpostsoftware.com for verification.

8.6 Client-Side Script Monitoring — PCI DSS v4.0.1 Requirements 6.4.3 & 11.6.1 [NEW v3.3]

V4.0.1 (effective March 31, 2025)

Under PCI DSS v4.0.1 Requirements 6.4.3 and 11.6.1, GUESTPOST SOFTWARE is required to manage, authorise, and monitor all scripts running on its payment pages to prevent digital skimming attacks (Magecart-style attacks that intercept card data in the customer's browser).

GUESTPOST SOFTWARE implements the following client-side script security controls on all pages where payment interactions occur:

• Maintaining a complete inventory of every script loaded on payment-related pages

• Justifying the presence and authorised purpose of each script

• Integrity monitoring to detect unauthorised script changes

• Content Security Policy (CSP) headers to restrict unauthorised script execution

• Subresource Integrity (SRI) attributes on third-party script references where applicable

• Regular review of payment page script inventory to remove stale or unrecognised scripts

This commitment applies to all checkout, payment confirmation, and payment method management pages on guestpostsoftware.com.

8.7 Card Tokenisation — No Raw Card Storage [NEW v3.3]

As noted in §2.1, GUESTPOST SOFTWARE strictly prohibits the storage of raw card numbers (PANs), CVV/CVC codes, or card expiry dates on its servers, whether in plain text or encrypted form. This prohibition applies regardless of customer consent and is mandated by the RBI's Card-on-File Tokenisation guidelines. Any 'saved card' feature offered on the platform uses exclusively RBI-authorised CoF tokenisation APIs provided by approved payment gateways. Breach of this rule would constitute a direct violation of RBI regulations and could result in merchant ID deactivation and proceedings under applicable law.

9. International Data Transfers

9.1 Cross-Border Data Flow and FEMA / Purpose Code Compliance [UPDATED v3.3]

GUESTPOST SOFTWARE operates globally, requiring personal information transfer across international borders for cloud infrastructure, service providers headquartered in various jurisdictions, partner integrations, and business operations spanning multiple countries. By using our services, you consent to cross-border processing of financial and transactional data as required for service delivery.

FEMA / Purpose Code — International Payments [NEW v3.3]: GUESTPOST SOFTWARE accepts international payments from customers in jurisdictions including the United States, European Union, UAE, and other regions. Cross-border payment collections are processed in compliance with the Foreign Exchange Management Act (FEMA) 1999 and relevant RBI guidelines on export of services. Applicable purpose codes are assigned to transactions at the point of processing to ensure regulatory compliance. GUESTPOST SOFTWARE does not facilitate payments for services that are not classifiable under valid purpose codes as per RBI master directions. Users making international payments may be required to confirm the purpose of payment in accordance with applicable regulations.

9.2 European Economic Area (EEA) Users

Data transfers from the EEA to countries lacking adequacy decisions employ Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules, and adherence to recognised privacy frameworks. By using GUESTPOST SOFTWARE, EEA users acknowledge and consent to international data transfers described herein.

9.3 United States Data Processing

Some service providers and infrastructure components reside in the United States. Data transferred to US entities receives protection through contractual commitments mirroring GDPR requirements, security measures meeting international standards, and periodic audits verifying compliance maintenance. US residents have additional privacy rights detailed in Section 20.

9.4 India Data Localisation — RBI 24-Hour Purge Rule [UPDATED v3.3]

Critical Update V3.3 — RBI 2025 PA-O Master Direction

Where legally required, GUESTPOST SOFTWARE maintains data processing infrastructure within India or in jurisdictions permitted under the DPDP Act 2023 and guidelines issued by MeitY.

24-Hour Purge Rule (RBI Mandatory): Under the RBI's September 2025 Payment Aggregator Master Direction, all end-to-end transaction data — including card numbers, transaction logs, authentication data, and settlement records — must be stored exclusively on servers located within India. If any part of the transaction chain temporarily processes data through servers located outside India (as may occur with certain global cloud infrastructure), those foreign copies must be purged within 24 hours of transaction processing. No exceptions apply for backup copies or disaster recovery replicas stored abroad. GUESTPOST SOFTWARE and its payment gateway partners maintain India-localised data storage configurations to comply with this requirement. Violations of the RBI data localisation mandate are monitored through periodic system audits and can result in immediate service suspension.

9.5 UAE Data Processing

GUESTPOST SOFTWARE maintains a marketing and sales office in Dubai, UAE. Personal data processed in connection with UAE operations is subject to the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL). Data transfers to UAE-based personnel are governed by internal data handling agreements ensuring protection standards consistent with applicable Indian and UAE data protection legislation. UAE-based users may contact the UAE Data Office at https://tdra.gov.ae for regulatory guidance or to lodge complaints.

9.6 Ongoing Compliance Monitoring

GUESTPOST SOFTWARE continuously monitors international data protection developments, adjusting transfer mechanisms as legal landscapes evolve to maintain compliance with emerging regulations.

10. Children's Privacy Protection

10.1 Age Restrictions

GUESTPOST SOFTWARE is not directed toward individuals under eighteen (18) years of age, consistent with our Terms and Conditions minimum age requirement. GUESTPOST SOFTWARE does not knowingly collect, process, or maintain personal information from children below this threshold.

10.2 Parental Discovery

If GUESTPOST SOFTWARE becomes aware that personal information from underage individuals has been collected without proper parental consent, we will promptly delete the information from our systems, terminate any associated accounts, notify parents or guardians where contact information is available, and implement additional verification measures preventing recurrence.

10.3 Parental Rights and Notifications

Parents or legal guardians believing their child has provided personal information should immediately contact business@guestpostsoftware.com with the child's name and age, associated account details, verification of parental relationship, and deletion or access requests.

11. Cookies and Tracking Technology Management

11.1 Cookie Categories

Strictly Necessary Cookies: Essential for basic functionality including login authentication, session persistence, secure payment processing, and language preference storage. Cannot be disabled without breaking core features.

Performance and Analytics Cookies: Improve user experience through aggregating usage statistics, identifying popular features, detecting technical errors, and informing design decisions.

Functional Cookies: Enhance convenience by remembering preferences, personalising content, and pre-filling saved information.

Targeting and Advertising Cookies: Support marketing via displaying relevant advertisements, measuring campaign effectiveness, and preventing excessive ad repetition.

Payment Gateway Cookies: Stripe, PayPal, Razorpay, Wise, and Payoneer place independent cookies during checkout for fraud prevention and transaction authentication. GUESTPOST SOFTWARE does not control these cookies.

11.2 Cookie Management Options

Users can manage cookies through browser-level controls (Google Chrome, Mozilla Firefox, Safari, Microsoft Edge); our platform cookie preferences centre; and third-party opt-out tools including the Network Advertising Initiative (www.networkadvertising.org/choices), Digital Advertising Alliance (www.aboutads.info/choices), and European Interactive Digital Advertising Alliance (www.youronlinechoices.eu).

11.3 Consequences of Cookie Blocking

Disabling cookies may result in inability to maintain logged-in sessions, repeated presentation of cookie consent banners, loss of personalised preferences and settings, degraded functionality in interactive features, and payment processing complications.

11.4 Do Not Track

Some web browsers offer a 'Do Not Track' (DNT) privacy preference. GUESTPOST SOFTWARE's platform does not currently respond to DNT browser signals at platform level. However, users may opt out of specific tracking technologies including Microsoft Clarity and advertising cookies through the mechanisms described in §11.2. GUESTPOST SOFTWARE honours browser-level Do Not Track signals specifically for Microsoft Clarity data collection. For payment gateway cookies placed by Stripe, PayPal, and Razorpay during checkout, users should refer to the respective provider's DNT and opt-out policies.

12. Third-Party Websites and External Links

GUESTPOST SOFTWARE may contain hyperlinks directing users to external websites owned by publishers, partners, or unaffiliated third parties. GUESTPOST SOFTWARE exercises no control over these destinations and assumes no responsibility for their privacy practices, content accuracy, or security measures. Each external website maintains its own privacy policy. By providing external links, GUESTPOST SOFTWARE does not endorse or guarantee linked websites or their operators.

13. Public Forums and User-Generated Content

Information voluntarily disclosed through community forums, comment sections, review platforms, or public messaging boards becomes accessible to other users and potentially searchable by search engines. Exercise caution before posting contact details or sensitive personal information. Users may request deletion of specific public posts by contacting business@guestpostsoftware.com. When you delete content previously submitted through GUESTPOST SOFTWARE, copies of such content may remain viewable in cached or archived pages, or may have been copied or stored by publishers or other platform users. GUESTPOST SOFTWARE cannot guarantee complete removal of content from all third-party caches, search engine indexes, or publisher systems once content has been published or shared.

14. Surveys and Research Participation

GUESTPOST SOFTWARE occasionally conducts voluntary surveys gathering feedback on services, features, and user satisfaction. Survey responses may be aggregated for statistical analysis, used to inform product development roadmaps, or shared with service providers assisting research initiatives. Many surveys offer anonymous participation collecting feedback without linking responses to specific accounts.

15. Marketing Communications and Advertising

15.1 Promotional Email Practices

With your consent, GUESTPOST SOFTWARE sends marketing communications including new feature announcements, special promotions, educational content, event invitations, and partnership opportunities. Messages may be tailored based on account activity, publisher preferences, geographic location, and engagement with previous communications.

15.2 Opt-Out Mechanisms

Unsubscribe from marketing emails through 'Unsubscribe' links in email footers (effective within 10 business days), account communication preferences dashboard, or direct requests to business@guestpostsoftware.com. Transactional emails regarding orders, account security, payment issues, and service changes remain necessary regardless of marketing preferences.

15.3 Advertising

GUESTPOST SOFTWARE promotes through display advertisements on third-party websites, social media campaigns, search engine marketing, retargeting campaigns, and affiliate marketing partnerships. Advertising platforms receive limited information enabling campaign delivery including hashed email addresses for audience matching, cookie identifiers for retargeting, aggregated demographic data, and conversion events. Limit targeted advertising through cookie consent manager settings, platform-specific ad preferences, industry opt-out tools, or browser tracking prevention features.

16. Data Accuracy and User Obligations

Users commit to providing accurate, complete, and current information throughout registration and ongoing platform usage. You agree to promptly update profile information when circumstances change. GUESTPOST SOFTWARE may request documentation verifying identity or account information for high-value transactions, account recovery, dispute resolution, or regulatory compliance. GUESTPOST SOFTWARE collects only the minimum data necessary to provide and improve its services. Providing false data may lead to service delivery failures, payment processing complications, account suspension, or legal liability.

17. Privacy Policy Relationship with Other Documents

This Privacy Policy operates in conjunction with the Terms and Conditions (primary governing document), User Agreement outlining acceptable use standards, and Refund Policy defining financial obligations. Where apparent conflicts arise, Terms and Conditions take precedence on operational matters, Privacy Policy governs data protection and privacy rights specifically, and Refund Policy controls payment dispute resolution.

18. Contact Information and Privacy Inquiries

19. Legal Notices and Additional Provisions

No Waiver of Rights: Failure to enforce any privacy policy provision does not constitute waiver of enforcement rights for that provision or others in future circumstances.

Severability: If any provision is deemed unenforceable by competent legal authority, such determination affects only the specific clause while remaining provisions continue in full effect.

Entire Privacy Agreement: This Privacy Policy, together with referenced documents, constitutes the complete privacy agreement between users and GUESTPOST SOFTWARE, superseding prior privacy-related communications or understandings.

Language Interpretation: This Privacy Policy has been prepared in English. Translations may be provided for convenience, but the English version governs interpretation and enforcement in case of discrepancies.

Survival of Obligations: Privacy commitments survive account termination, including confidentiality obligations for retained data, security measures protecting archived information, compliance with deletion requests, and response to legal obligations.

20. Specific Provisions for US Residents (CCPA/CPRA)

20.1 Applicability

This section applies to US residents, particularly California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and residents of other US states with applicable privacy legislation.

20.2 Categories of Personal Information Collected

Over the preceding 12 months, GUESTPOST SOFTWARE has collected the following categories of personal information from US users: identifiers (name, email, IP address, device identifiers); commercial information (purchase histories, order details); internet or other electronic network activity information (browsing patterns, feature usage); geolocation data (approximate location from IP); professional or employment-related information (company, role); and inferences drawn from the above to personalise platform experience.

20.3 Your California and US State Privacy Rights

Subject to certain exceptions, you have the right to: know what personal information GUESTPOST SOFTWARE has collected about you, including categories, sources, business purposes, and third parties it has been shared with; request deletion of personal information collected from you; correct inaccurate personal information; opt out of the sale or sharing of personal information; opt out of targeted advertising; not be discriminated against for exercising your privacy rights; and submit privacy rights requests through an authorised agent (see §6.13).

20.4 Do Not Sell or Share — CCPA/CPRA Opt-Out [UPDATED v3.3]

GUESTPOST SOFTWARE does not sell personal information for monetary compensation. GUESTPOST SOFTWARE may share limited data with advertising partners for targeted advertising purposes as described in §15.3. This may constitute 'sharing' under CCPA/CPRA.

Explicit Opt-Out Mechanism [NEW v3.3]: To opt out of the sharing of your personal data for targeted advertising purposes (as required under CCPA/CPRA), you may: (a) submit a written opt-out request to business@guestpostsoftware.com with subject line 'Do Not Share — US Resident'; or (b) use the cookie consent management tool on the GUESTPOST SOFTWARE website to disable advertising and targeting cookies. GUESTPOST SOFTWARE will honour verified opt-out requests within fifteen (15) business days. A 'Do Not Sell or Share My Personal Information' link will be prominently displayed in the website footer. If you do not see this link on the live site, please report the issue to business@guestpostsoftware.com.

20.5 Exercising Your US Rights

Submit US state privacy rights requests to business@guestpostsoftware.com with subject line 'US Privacy Rights Request — [State] — [Right Being Exercised]'. GUESTPOST SOFTWARE will verify your identity using information associated with your account before processing requests and will respond within 45 calendar days as required under applicable US state law, extendable by an additional 45 days with notice where necessary.

Acknowledgment and Consent

By creating an account or using GUESTPOST SOFTWARE services, you acknowledge that:

1. You have read and understood this Privacy Policy in its entirety

2. You consent to data collection, processing, and sharing practices described herein

3. You understand your privacy rights and how to exercise them including consent withdrawal (§6.11), nominee designation (§6.12), and authorised agent requests (§6.13) under DPDP Act 2023

4. You accept international data transfers as disclosed including India, UAE, US, and EEA transfers including cross-border financial data processing and FEMA purpose-code compliance

5. You are at least eighteen (18) years of age

6. You agree to provide accurate information and maintain its currency

7. You recognise that continued usage following policy updates constitutes acceptance of modifications

8. US residents acknowledge their CCPA/CPRA rights as described in Section 20

Privacy Policy Version: 3.3  |  Last Updated: 1 May 2026  |  Next Scheduled Review: December 2026  |  Jurisdiction: Delhi, India  |  Regulatory Framework: DPDP Act 2023 · IT Act 2000 · Consumer Protection (E-Commerce) Rules 2020 · GDPR · CCPA/CPRA · UAE PDPL · PCI DSS v4.0.1 · RBI PA-O Master Direction 2025  |  © 2026 GUESTPOST SOFTWARE. All Rights Reserved.