Effective date: April 24, 2026
Last updated: April 24, 2026
Version: 3.0
This privacy policy explains how Macronimous Web Solutions (“Macronimous,” “we,” “us”) collects, uses, shares, and protects personal data through our website www.macronimous.com and the business relationships that follow from it.
We are a business-to-business web development and digital marketing agency based in Coimbatore, India, serving clients primarily in the United States, the United Kingdom, and Australia. This policy applies to personal data of website visitors and business inquirers. Client project data (source code, user databases, assets) is governed separately by the Non-Disclosure Agreement and Master Services Agreement signed at the start of each engagement, not by this policy.
Summary
- We collect only the personal data needed to respond to business inquiries, operate the website, and comply with law.
- We do not sell personal data and do not share it for advertising.
- We use Google Analytics for traffic measurement and a small number of operational processors (hosting, email, payments, invoicing, project management) named in this policy.
- Personal data is processed in India. For visitors in the United Kingdom and European Economic Area, we rely on Standard Contractual Clauses as the transfer mechanism.
- You can request access, correction, or deletion of your data at any time by emailing [email protected].
- This page covers rights under the EU and UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and the India Digital Personal Data Protection Act, 2023.
Who we are (Data Controller)
Macronimous Web Solutions
5C, VCS Nagar 1st Street, GN Mills PO, Coimbatore, Tamil Nadu, India
General enquiries: [email protected]
Privacy and data requests: [email protected]
Grievance Officer (India DPDP Act): Benny Alexander, [email protected]
For the purposes of the EU GDPR and UK GDPR, Macronimous acts as a data controller for personal data collected through this website and business inquiries, and as a data processor when handling personal data inside systems we build or operate on behalf of clients.
What personal data we collect
Information you provide directly
- Contact form submissions: name, business email, company name, country, phone number (optional), and the content of your message.
- Email correspondence: any information you include when you email us directly.
- Proposal and contracting stage: billing contact details, company registration details, and payment information routed to our payment processors.
Information collected automatically
- Technical data: IP address (truncated by Google Analytics before storage), browser type, device type, operating system, referring URL, pages viewed, time on page.
- Cookies: see the Cookies section below.
Information we do not collect
- We do not knowingly collect personal data from children under 16.
- We do not collect special category data (race, religion, health, political opinions, biometric or genetic data).
- We do not collect or store payment card details on our servers. All card payments are handled by our payment processors.
Why we use your data and the legal basis
| Purpose | Data used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Respond to business inquiries | Name, email, company, message content | Legitimate interest; pre-contractual steps at your request |
| Send proposals and contracts | Contact and billing details | Pre-contractual steps; contract performance |
| Invoice and collect payment | Billing contact, payment reference | Contract performance; legal obligation (tax records) |
| Website analytics | Truncated IP, device and page data | Consent (where required by law); otherwise legitimate interest |
| Security and fraud prevention | IP address, access logs | Legitimate interest |
| Comply with legal, tax, and accounting obligations | Billing and contract records | Legal obligation |
We do not use your personal data for automated decision-making or profiling, and we do not use it to send unsolicited marketing.
Who we share your data with
We share personal data only with the service providers we need to run the business. Each provider is named below with its purpose and primary processing location. All providers are bound by their own data protection terms, which form part of their standard service agreements.
| Provider | Purpose | Processing location |
|---|---|---|
| InMotion Hosting | Website hosting and server access logs | United States (Los Angeles data center) |
| Google LLC (Google Analytics 4) | Website traffic analytics | United States (EU-US Data Privacy Framework) |
| Google LLC (Google Workspace) | Business email, calendar, and document storage | United States / European Union |
| PayPal Holdings, Inc. | Payment processing for international clients | United States / European Union |
| Payoneer Inc. | International receivables (ACH primary, card payment option) | United States / European Union |
| FreshBooks (2ndSite Inc.) | Invoicing and accounting records | Canada / United States |
| Basecamp, Teamwork.com, Wrike, Slack | Project management and client communication (platform selected per engagement based on client preference) | United States / European Union |
| Statutory authorities | Tax filings, legal and regulatory compliance | India / client jurisdiction |
We do not sell personal data. We do not share personal data with advertising networks. We do not share your data for behavioral advertising on other sites.
Project management tools
We use four project management platforms because different clients prefer different tools. For each engagement, the platform is chosen to match the client’s workflow — for example, Basecamp where a lighter interface fits the team, and Teamwork.com or Wrike where more structured task tracking is needed. Slack is used for real-time communication. Personal data in project management tools is limited to collaborator names, business email addresses, and task-related correspondence. It is not combined across engagements or reused for any other purpose.
Client project work
When we work on a client project, we may receive access to personal data stored in systems the client owns (for example, customer records in a client’s WooCommerce store). In those engagements we act as a data processor. Access is governed by the NDA and MSA for that engagement, is limited to the developers assigned, is time-bounded to the engagement, and is revoked on project completion. No client project data is copied, retained, or reused after the engagement ends unless explicitly instructed in writing.
International data transfers
Macronimous is located in India. Personal data you submit through this website is processed in India, and may be transferred to the United States and the European Union through our named processors.
- For visitors in the United Kingdom and European Economic Area: India is not currently recognized as providing an adequate level of data protection under UK GDPR or EU GDPR. For transfers of personal data from the UK or EEA to Macronimous in India, we rely on Standard Contractual Clauses (EU Commission 2021/914) and the UK International Data Transfer Addendum where the transfer originates in the UK.
- For visitors in the United States and Australia: no additional transfer mechanism is required under federal law at the time of writing. California residents retain all rights under the CCPA/CPRA regardless of processing location.
You may request a summary of the transfer safeguards by emailing [email protected].
How long we keep your data
| Category | Retention period |
|---|---|
| Contact form inquiries that do not become clients | 24 months from submission, then deleted |
| Active client records (billing, contracts, correspondence) | Duration of engagement, plus 7 years for statutory tax and accounting compliance |
| Email correspondence | 24 months for non-client threads; aligned with client record retention for active engagements |
| Google Analytics data | 14 months (GA4 default, configurable) |
| Web server access logs | Per InMotion Hosting retention policy (typically 60 days for access logs) |
| Backups | 30 days, then overwritten |
When retention periods expire, data is deleted or irreversibly anonymized. You can ask for earlier deletion at any time (see Your Rights below).
Your rights
You have rights over your personal data. The rights that apply depend on where you live.
If you are in the United Kingdom or European Economic Area (UK GDPR / EU GDPR)
- Right of access — a copy of the personal data we hold about you.
- Right to rectification — correction of inaccurate data.
- Right to erasure — deletion of your data where no lawful retention reason applies.
- Right to restrict processing in specific circumstances.
- Right to data portability — receipt of your data in a structured, machine-readable format.
- Right to object to processing based on legitimate interest.
- Right to withdraw consent at any time, where we rely on consent.
- Right to lodge a complaint with a supervisory authority — the UK ICO (ico.org.uk) for UK residents, or your national data protection authority in the EEA.
If you are in California (CCPA / CPRA)
- Right to know what personal information we collect, use, and disclose.
- Right to delete personal information we have collected from you.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing — Macronimous does not sell or share personal information as those terms are defined under the CCPA/CPRA. There is nothing to opt out of.
- Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined under CPRA.
- Right to non-discrimination for exercising these rights.
Categories of personal information collected in the last 12 months (CCPA §1798.110): identifiers (name, email), commercial information (services inquired about), internet activity (analytics), and professional information (job title, company).
If you are in India (Digital Personal Data Protection Act, 2023)
- Right to access a summary of your personal data and the processing activities.
- Right to correction and erasure of your data.
- Right of grievance redressal — contact the Grievance Officer named at the top of this page.
- Right to nominate another individual to exercise rights in the event of death or incapacity.
How to exercise any of these rights
Email [email protected] with your request. We respond within 30 days for GDPR requests and within 45 days for CCPA requests. We may ask you to verify your identity before releasing or deleting data. There is no fee for standard requests.
Cookies
We use a small number of cookies. No advertising cookies are set.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users | 2 years |
| _ga_<container-id> | Google Analytics | Session state for GA4 | 2 years |
| wordpress_test_cookie | WordPress | Tests whether the browser accepts cookies | Session |
| wp-settings-* | WordPress | User preferences (admin only) | 1 year |
| PHPSESSID | Hosting | Session management | Session |
For visitors in the UK and EEA, analytics cookies are set only after consent is given through our cookie banner. You can change your cookie choices at any time using the “Cookie settings” link in the website footer.
Security
We maintain administrative, technical, and physical controls appropriate to the data we handle:
- HTTPS (TLS) across the website.
- Single sign-on, multi-factor authentication, and access-card entry on office premises.
- Role-based access to client systems; access revoked on engagement end or employee departure.
- Endpoint protection and operating system patching on developer workstations.
- Signed employee confidentiality agreements aligned with Indian law and the client NDA.
- Encrypted backups with tested restoration procedures.
No system is fully immune to breach. If a personal data breach occurs that is likely to result in a risk to your rights, we will notify affected individuals and the relevant supervisory authority within the timelines required by law (72 hours under UK and EU GDPR).
Children
Macronimous is a business-to-business service. We do not knowingly collect personal data from anyone under 16. If you believe a child has submitted data to us, please contact [email protected] and we will delete it.
Third-party links
This website links to external sites (client case studies, technology partners, social profiles). We are not responsible for the privacy practices of those sites. Read their privacy policies before submitting personal data to them.
Changes to this policy
We update this policy when our processing changes, when law changes, or when we add or remove processors. Material changes are dated in the header of this page. For clients with an active engagement, significant changes are notified by email. The date at the top of this page shows when the policy was last updated.
Contact
For any question about this policy or your personal data:
Privacy and data requests: [email protected]
General business: [email protected]
Mailing address: Macronimous Web Solutions, 5C, VCS Nagar 1st Street, GN Mills PO, Coimbatore, Tamil Nadu, India