Privacy Policy | Privacy Pillar

Privacy Notice

Effective Date: 01 July 2025

Privacy Pillar (“we,” “our,” “us”) is committed to safeguarding your privacy. This Privacy Notice describes the categories of personal information collected, the purposes for such collection, and the manner in which it is processed, used, and disclosed, in accordance with applicable data protection laws. in compliance with applicable laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant data privacy regulations.

We also aim to comply with other data protection laws applicable in the jurisdictions in which we operate, including but not limited to the UK GDPR, Virginia CDPA, Colorado Privacy Act, and India’s Digital Personal Data Protection Act (DPDP), where applicable.

1. Interpretation Clause

In this Privacy Notice:

“Personal Information” means any information that identifies, relates to, or describes you as an individual, such as your name, email address or phone number.

“Processing” refers to any operation performed on personal information, such as collecting, storing, using, or sharing it.

“We,” “Our,” or “Us” refers to Privacy Pillar, the organization responsible for managing your personal information.

“You” or “Your” refers to the individual who interacts with our services and whose personal information we collect and process.

“Service Providers” are third-party companies that help us operate and provide our services, such as payment processors, hosting providers, or marketing firms.

“Controller” means the entity that determines the purpose and means of processing personal information.

“Processor” refers to the entity processing personal information on behalf of the Controller.

“Supervisory Authority” means an independent public authority responsible for monitoring compliance with data protection laws.

“Usage Data” refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

These definitions are provided to ensure that the terms used in this Privacy Notice are clear and understandable.

2. Personal data We Collect

We may collect the following categories of personal information:

2.1. Information You Provide to Us:

Contact Information: Name, email address, phone number, and mailing address.

Account Information: Username, password, and account preferences.

Payment Information: Credit card details or other financial information for processing transactions. Payment details are securely encrypted and stored in compliance with industry standards.

2.2. Information We Collect Automatically:

Device Information: IP address, browser type, operating system, and device identifiers.

Usage Data: Pages viewed, time spent on our website and actions taken.

Cookies and Tracking Technologies: Data collected through essential, functional and marketing cookies. Learn more in our Cookie Policy.

2.3. Information from Third Parties:

Data from business partners, social media platforms or publicly available sources.

3.How We Use Your Information

Subject to applicable laws and regulations, the personal information collected by us may be used for one or more of the following purposes:

Provision of Services: To deliver, operate, maintain, and enhance the functionality and performance of our products and services, including any associated features or support.

Account Administration: To administer user accounts, facilitate account-related functions, and provide technical or customer support, including responses to queries, requests, or complaints.

Marketing and Communications: To send you promotional materials, service updates, newsletters, and other communications relating to our products or services, where you have provided the requisite consent or where otherwise permitted under applicable law.

Legal and Regulatory Compliance: To comply with applicable legal obligations, including those arising under statutory or regulatory provisions, and to enforce our legal rights and contractual obligations, including our Terms of Use or other governing agreements.

Security and Risk Management: To detect, prevent, and address actual or suspected fraud, unauthorized access, data breaches, or other unlawful activities that may pose a risk to our users or systems.

Personalization and User Experience: To analyze user preferences and behavior for the purpose of personalizing content, recommendations, and communications, and to improve user experience and engagement with our services.

4.Disclosure of Personal Information

We may disclose or otherwise make available your personal information to third parties under the following circumstances, subject to applicable data protection laws:

Service Providers: We may share your personal information with third-party service providers, contractors, and agents who perform services on our behalf, including but not limited to data hosting, payment processing, analytics, and customer support. Such parties are bound by contractual obligations, including confidentiality and data protection provisions, to ensure the security and lawful processing of personal information.

Business Partners and Affiliates: We may disclose your personal information to our business partners or affiliates with whom we jointly offer products or services, or with whom we engage in co-branded activities. Such disclosures are based on our legitimate interests or your prior consent, as applicable.

Legal Compliance and Law Enforcement: We may disclose your personal information where such disclosure is required by applicable law, regulation, legal process, or governmental request, including to law enforcement agencies, regulatory authorities, courts, or other public bodies.

Corporate Transactions: In connection with any actual or potential merger, acquisition, reorganization, sale of assets, or insolvency proceeding involving our business, we may transfer your personal information to the relevant acquiring or successor entity, subject to appropriate confidentiality and data protection safeguards.

We undertake reasonable efforts to ensure that all third parties with whom personal information is shared comply with applicable data protection laws and implement adequate safeguards to uphold the privacy and security of such information.

5.Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website to enhance your browsing experience, analyze site traffic, personalize content, and deliver relevant advertisements. These technologies help us understand how you interact with our website and improve its functionality.

5.1 Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

Cookies or Browser Cookies. A cookie is a small file stored on your device. You can instruct your browser to refuse all cookies or to notify you when a cookie is being sent. However, if you do not accept cookies, you may be unable to use certain features of our service. Unless you have adjusted your browser settings to refuse cookies, our service may use them.

Web Beacons. Some parts of our Service and emails may include small electronic files called web beacons (also known as clear gifs, pixel tags, or single-pixel gifs). These files allow the Company to track metrics such as the number of users visiting specific pages or opening emails. They also help us gather related website statistics, like measuring the popularity of certain sections and ensuring the integrity of our systems and servers.

Cookies can be classified as:

Persistent Cookies: Remain on your device for a specified period or until you delete them.

Session Cookies: Session Cookies are deleted as soon as you close your browser.

We use both Session and Persistent Cookies for the purposes set out below:

5.1.1. Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These cookies are necessary to provide the services you use on the website and to enable some features. They help verify users and protect user accounts from fraud. Without these cookies, we cannot provide the services you requested, and we only use them for that purpose.

5.1.2. Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

5.1.3. Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies help us remember the choices you make when using the website, such as your login details or language preference. Their purpose is to provide you with more personalized experience and to prevent you from having to re-enter your preferences each time you visit the website.

5.1.4. Tracking and Performance Cookies

Type: Persistent Cookies

Administered by: Third Parties

Purpose: These cookies are used to track information about traffic to the website and how users use the website. The information gathered through these cookies may identify you as an individual visitor, either directly or indirectly. This linkage occurs because the collected data is typically associated with a pseudonymous identifier tied to the device you use to access the website. Additionally, we may use these cookies to test new pages, features, or functionalities of the website to observe how our users respond to them.

5.1.5. Social Media Cookies

These cookies allow you to share content on social media platforms and may track your interaction with such content.

5.1.6. Uncategorized Cookies

These are cookies that have not yet been classified into a specific category. We are working to update their descriptions.

5.2. Third Party Cookies

Third-party cookies are small files that websites, other than the one you are visiting, place on your device. These cookies track your actions across different sites. For example, if you look for running shoes online, you might later see ads for those shoes or other sports gear on other websites and social media platforms like Instagram. This happens because third-party cookies remember your browsing history. They use that information to show you ads that match your interests, helping advertisers reach you with relevant offers.

5.3. User consent

We obtain user consent for cookies through a pop-up banner that appears when you first visit our website. This banner provides information about the types of cookies we use and gives you the option to manage your cookie preferences.

5.4. Managing cookies

You can manage or disable cookies at any time through your browser settings or by using our cookie banner provided on our website.

5.5. Retention period

Cookies are classified into two types: “persistent” cookies and “session” cookies. Persistent cookies stay on your device for a specific duration or until you decide to delete them. In contrast, session cookies are temporary and are removed when you close your browser.

5.6. Data sharing

We may share cookie data with third parties such as Google Analytics and The IAB for analytics and advertising purposes. These third parties may use the information for their own purposes in accordance with their privacy policies.

6. Your Privacy Rights

Subject to applicable data protection laws and depending on your jurisdiction, you may have the following rights in relation to your personal information:

Right of Access: You have the right to request confirmation as to whether we process your personal information and, if so, to access such information, along with details regarding the nature, purpose, and categories of data processed.
Right to Rectification: You have the right to request the correction or updating of any inaccurate or incomplete personal information concerning you.
Right to Erasure (Right to be Forgotten): In certain circumstances, you may request the deletion of your personal information, such as where the information is no longer necessary for the purposes for which it was collected or where you withdraw consent.
Right to Restrict Processing: You may request the restriction of processing of your personal information under specific conditions, such as when the accuracy of the data is contested or the processing is unlawful.
Right to Know: You have the right to obtain information about the categories and specific pieces of personal information we collect, the sources of such information, the purposes for which it is collected, and the third parties with whom it is shared.
Right to Data Portability: You may request to receive your personal information in a structured, commonly used, and machine-readable format, and to have such information transmitted to another controller where technically feasible.
Right to Object: You have the right to object to the processing of your personal information for certain purposes, including direct marketing and profiling based on legitimate interests.
Right to Withdraw Consent: Where the processing of your personal information is based on your consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Non-Discrimination: You are entitled to exercise your privacy rights without being subject to discriminatory treatment or denial of goods or services as a result.
Right to Opt-Out of Sale or Sharing: Where applicable, you have the right to opt out of the sale or sharing of your personal information, including for purposes of targeted advertising or profiling.

To exercise any of the above rights, or to obtain further information regarding your rights, please submit a request through our “DSAR FORM” or contact us at privacy@privacypillar.com. When you contact us, please provide your full name, email address and the specific type of request you are making. We will respond to your request within 30 days.

7. Data Retention

We retain personal information for no longer than is necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Notice, unless a longer retention period is required or permitted by applicable law. Specifically, personal information may be retained for the following purposes:

To Fulfill Contractual and Operational Obligations: Including the provision of services, account management, and customer support.
To Comply with Legal and Regulatory Requirements: Such as obligations under tax laws, corporate laws, financial regulations, and data protection legislation.
To Resolve Disputes and Enforce Legal Rights: Including the defense or establishment of legal claims, investigation of violations, and enforcement of our terms and conditions or other contractual agreements.

Retention periods may vary depending on the nature of the data and the context in which it is processed. For instance, transactional or financial data may be retained for a legally mandated period to ensure compliance with applicable tax or accounting regulations.

Upon expiry of the applicable retention period, or upon fulfillment of the purposes for which the personal information was collected (whichever is later), we will securely delete, anonymize, or otherwise render the personal information inaccessible, unless further retention is required by law.

8. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing of personal information. These measures are designed to protect personal information against unauthorized access, alteration, disclosure, or destruction and include, but are not limited to:

Encryption Technologies: Use of encryption protocols to secure personal information in transit and at rest.
Access Controls: Restriction of access to personal information on a need-to-know basis through role-based permissions and authentication mechanisms.
Firewalls and Intrusion Detection Systems: Deployment of firewalls, intrusion detection, and prevention technologies to monitor and protect our networks and systems.
Security Audits and Monitoring: Regular review, testing, and updating of our information security practices and protocols to identify and mitigate emerging security threats.

We also encourage users to take reasonable steps to protect their personal information, including the use of strong, unique passwords and maintaining the confidentiality of their account credentials.

While we take commercially reasonable efforts to safeguard personal information, no method of transmission over the Internet or method of electronic storage is entirely secure. Accordingly, we cannot guarantee absolute security.

9. International Data Transfers

If you access or use our services from a jurisdiction outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in the United States or in other jurisdictions where our affiliates, service providers, or business partners are located. These jurisdictions may not offer the same level of data protection as your home country.

To ensure that such cross-border data transfers are conducted in compliance with applicable data protection laws, we implement appropriate safeguards, including but not limited to:

Standard Contractual Clauses (SCCs): We rely on the European Commission-approved Standard Contractual Clauses or other lawful transfer mechanisms as applicable for the transfer of personal information from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with similar requirements.
Contractual Protections: Where required, we enter into data processing agreements or similar contractual arrangements with third-party recipients to ensure that personal information is afforded an adequate level of protection consistent with applicable privacy laws.

By using our services and providing us with your personal information, you acknowledge and consent to the transfer, processing, and storage of your personal information in jurisdictions outside your country of residence, including the United States, subject to the safeguards described herein.

10. Children’s Privacy

Our services are not directed to, and we do not knowingly collect or solicit personal information from, individuals under the age of 13 (or such other minimum age as may be prescribed by applicable data protection laws in the relevant jurisdiction). If you are under the applicable age threshold, you are not permitted to use our services or submit any personal information to us.

If we become aware that we have inadvertently collected personal information from a child in violation of applicable law, we shall take immediate steps to delete such information from our records and systems.

If you are a parent or legal guardian and believe that your child has provided personal information to us without your consent, you are encouraged to contact us using the contact details provided in this Privacy Notice so that we may take appropriate action in accordance with applicable legal requirements.

11. GDPR Compliance

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), your personal data is processed in accordance with the General Data Protection Regulation (GDPR). We are committed to ensuring that your data is handled with the utmost care and in full compliance with the GDPR.

11.1. Legal Basis for Processing

In accordance with Article 6 of the GDPR, we process personal data only where a valid legal basis exists. The lawful bases upon which we rely include the following:

Consent (Article 6(1)(a)): Where you have provided your explicit consent to the processing of your personal data for one or more specified purposes, such as receiving marketing communications. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.
Contractual Necessity (Article 6(1)(b)): Where the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering a contract (e.g., to provide the services you have requested).
Compliance with a Legal Obligation (Article 6(1)(c)): Where processing is required for compliance with a legal obligation to which we are subject, including obligations related to tax, accounting, regulatory investigations, or court orders.
Legitimate Interests (Article 6(1)(f)): Where processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Examples include ensuring the security and integrity of our services, preventing fraud, or improving our offerings.

We ensure that any reliance on a legitimate interest is supported by a documented balancing test in accordance with GDPR requirements.

If you are a data subject located in the EU, EEA, or UK, you may exercise your data protection rights as set out in the “Your Rights as a Data Subject” section of this Privacy Notice.

11.2. Data Transfers

Where personal data is transferred outside the European Economic Area (“EEA”) to a country that does not offer an adequate level of data protection as determined by the European Commission, such transfers shall be conducted in full compliance with the General Data Protection Regulation (GDPR).

To ensure an adequate level of protection for your personal data, we implement appropriate safeguards, including but not limited to the following:

Standard Contractual Clauses (SCCs): We may enter into data transfer agreements incorporating the European Commission’s Standard Contractual Clauses (or the UK-approved International Data Transfer Addendum, as applicable) with data recipients located in jurisdictions that do not benefit from an adequacy decision. These clauses impose contractual obligations on the recipient to maintain a level of data protection consistent with EU/UK standards.
Adequacy Decisions: Where applicable, we may rely on adequacy decisions issued by the European Commission or the UK Secretary of State, confirming that the receiving country ensures an adequate level of data protection as defined under the GDPR or UK GDPR.

Additional technical, organizational, and contractual measures may also be implemented to enhance the security and confidentiality of personal data transferred internationally.

For further information regarding the legal mechanisms relied upon for international data transfers or to request a copy of the relevant safeguards, please contact us at privacy@privacypillarcom.

11.3. Data Subject Rights

Under the GDPR, you have the following rights concerning your personal data:

Right to Access: You can ask us to confirm whether we are processing your personal data and request a copy of the data we hold about you.

Right to Rectification: If any personal data we hold about you is incorrect or incomplete, you have the right to ask us to correct or update it.

Right to Erasure (Right to be Forgotten): You can ask us to delete your personal data in certain situations—such as when it’s no longer needed, or if you withdraw your consent (where applicable). Please note, there may be legal reasons why we cannot delete certain information.

Right to Restrict Processing: You can request that we temporarily stop using your personal data if, for example, you believe it is inaccurate or you have objected to our use of it.

Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format. You can also ask us to transfer this data to another service provider, where it is technically possible.

Right to Object: You can object to us processing your personal data in certain situations, such as when we are processing it based on our legitimate interests or for direct marketing.

Right to Withdraw Consent: If we are processing your data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing we carried out before you withdrew it.

Rights Related to Automated Decisions: You have the right not to be subject to decisions made only by automated processing (including profiling) that have legal or significant effects on you, unless this is required by law, necessary for a contract, or based on your explicit consent.

We do not make decisions based solely on automated processing that would have legal or similarly significant effects unless required by law or based on explicit consent.

To exercise any of these rights, please contact us at privacy@privacypillar.com. We will respond to your request within one month, as required by the GDPR. In some cases, if your request is complex or involves multiple requests, we may take up to two additional months to respond—but we will inform you of any delay.

12. CCPA/CPRA Compliance

This section applies to California residents and explains your rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We are committed to ensuring that you are fully informed about how your personal data is collected, used, and shared in accordance with California privacy laws.

12.1. Consumer Rights Under CCPA/CPRA

As a California resident, you have the following rights under the CCPA/CPRA:

Right to Know: You have the right to request information about the personal data we have collected about you in the past 12 months. This includes the categories of personal information, the purposes for which it was used, and the third parties with whom it was shared.

Right to Delete: You have the right to request the deletion of your personal data, subject to certain exceptions (e.g., if the data is necessary for legal compliance or to complete transactions).

Right to Opt-Out of Sales: You have the right to opt-out of the sale of your personal data. Since we do not sell personal data, this right does not apply unless we change this practice in the future.

Right to Opt-Out of Sharing: You can request opt-out of the sharing of your personal data for business purposes. We share data only as described in this policy.

Right to Non-Discrimination: You have the right to not be discriminated against for exercising any of your CCPA/CPRA rights. This means we will not deny you services or provide a lower quality of service because you exercise your rights under this law.

How to Exercise Your Rights

To exercise your rights under the CCPA/CPRA, you may submit a request by contacting us at:

Email: privacy@privacypillar.com

Online Form: You may also submit a request through our online – Request Submission Form.

We will verify your identity before processing your request. In most cases, we will respond to your request within 45 days, in accordance with the CCPA.

12.2. Categories of Personal Information Sold or Disclosed for a Business Purpose

Under the CCPA/CPRA, we are required to disclose whether we “sell” personal information. We do not sell personal information to third parties. If we decide to sell or share your personal data in the future, we will update this policy and provide you with the opportunity to opt out.

We may disclose personal data to third parties for a business purpose (e.g., providing services, analytics, etc.), but this does not constitute a sale under the CCPA/CPRA.

12.3. Sensitive Personal Information

Under the CPRA, sensitive personal information includes data such as Social Security numbers, driver’s license numbers, and financial account details. We take extra care in handling sensitive personal data, and we do not use or share this type of data for purposes other than those explicitly stated in this policy or required by law.

If you are concerned about the processing of sensitive personal information, please contact us at privacy@ privacypillar.com.

12.4. California and Delaware “Do Not Track” Disclosures

Privacy regulations in certain U.S. states, including California and Delaware, require website operators to disclose how they respond to web browser “Do Not Track” (DNT) signals related to online behavioral tracking. Privacy Pillar adheres to the data protection standards described in this Privacy Notice and does not monitor or respond to “Do Not Track” (DNT) signals or similar browser-based mechanisms.

13. DPDP Act Compliance

This section applies to individuals located in India and explains your rights under the Digital Personal Data Protection Act, 2023 (DPDP Act). We are committed to ensuring that your personal data is collected, processed, stored, and shared in a transparent and secure manner, in full compliance with applicable Indian data protection laws.

13.1 Legal Basis for Processing Your Personal Data

We process your personal data only when we have a lawful reason to do so, as required under the Digital Personal Data Protection Act, 2023. This means your data will be collected and used only when:

You have given your clear, specific, and informed consent for us to process your data;

The processing is necessary to enter into or perform a contract with you;

The processing is required to comply with a legal obligation under applicable laws;

The processing is necessary to address a medical emergency or to protect your life, health, or safety, or that of another person;

The processing is needed for the performance of any function of the State, as authorized by law;

The processing is for legitimate use as permitted under the DPDP Act and does not override your rights and expectations of privacy.

We will not process your personal data for any other reason without a valid legal basis.

13.2 Consent Management

We collect and process your personal data only after obtaining your clear, specific, informed, and unambiguous consent, as required under the DPDP Act, 2023. You have full control over your consent and may choose to grant or withhold it for specific purposes of data processing.

You also have the right to withdraw your consent at any time. If you choose to do so, we will stop processing your personal data from the date of withdrawal, unless we are required to retain or process it under any applicable law.

13.3 Your Rights as a Data Principal

As a Data Principal under the Digital Personal Data Protection Act, 2023, you are entitled to exercise the following rights regarding your personal data:

Right to Access: You can request information about the personal data we hold about you.

Right to Correction: You may request correction, completion, or updating of any inaccurate or outdated personal data.

Right to Erasure: You may request deletion of your personal data, subject to legal or regulatory obligations that may require its retention.

Right to Nominate: You may nominate another individual to exercise your rights in case of your death or incapacity.

Right to Withdraw Consent: You can withdraw your consent for data processing at any time. We will stop processing your data unless required to do so by law.

To exercise any of these rights, please contact our Grievance Officer using the details provided below. We will respond in accordance with the timelines prescribed under the Act.

13.4 Grievance Redressal

If you have any concerns, complaints, or grievances related to the processing of your personal data or this Privacy Notice, you may reach out to privacy@privacypillar.com. We are committed to addressing your concerns in a timely and transparent manner.

We will acknowledge your complaint within 24 hours of receipt and aim to resolve it within 7 working days, in accordance with the provisions of the DPDP Act, 2023.

14.Changes to This Privacy Notice

We may update this Privacy Notice periodically. Any significant changes will be communicated to you in advance via email or through a notice on our website. The updated Privacy Notice will include a new effective date.

15. Contact Us

For questions or concerns about this Privacy Notice or our data practices, contact us at:

Email: privacy@privacypillar.com

Address: 103 Carnegie Center Dr STE 300, Princeton, NJ. 08540

By using our services, you agree to the terms of this Privacy Notice.

Consent Management Platform

Consent Management Platform

Explore our entire suite of webtools designed to keep your data safe, and your business in compliance

Cookie Consent

Consent Preference

DSAR Management

Data Mapping

Data Discovery

Data Governance

US Data Privacy Laws

GDPR (EU)

CPRA / CCPA

VCDPA (Virginia)

PIPEDA (Canada)

IAB TCF v2.2

PIA and DPIA

CPA (Colorado)

CTDPA (Connecticut)

LGPD (Brazil)

DPDPA (India)

PDPL (Saudi Arabia)

DPDP Readiness

Ecommerce

Automotive

Healthcare

Fintech

Chambers of Commerce

Blogs

E-books, Guides & Cheat Sheets

Cookie Scanner & Site Audit

Privacy Policy Generator

14 Day Free Trial

About Us

Partnership Programs

Contact Us

Careers

Help Center

FAQs

Our Latest Blog