Privacy Policy
Last updated: June 2026
1. Introduction & scope
This Privacy Policy explains how Mobideus collects, uses, stores, shares and protects personal information when you visit mobideus.com (the “Website”) or engage our services. It applies to visitors and to prospective and active clients worldwide. We honour both the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”) and, for visitors in the European Economic Area and the United Kingdom, the General Data Protection Regulation (“GDPR”). By using the Website or our services, you acknowledge the practices described here.
2. Who we are
Mobideus is a venture of Allied BizTech Solutions Pvt Ltd, India. We provide a productized service that audits, hardens and ships AI-built applications — including security and compliance audits, remediation, and integrations (payments, WhatsApp, authentication).
For information collected through our Website we act as the data controller / Data Fiduciary. When handling a client codebase during an engagement, we act as a data processor / Data Processor on behalf of the client.
- Email: hello@mobideus.com
- WhatsApp: +91 99625 78801
- Website: https://mobideus.com
3. What we collect
3.1 Information you provide via the Website
When you submit our contact / “Readiness Snapshot” form, we collect your name, your work email, what your app was built with, a code source URL or note, and an optional free-text goal.
When you use the free Instant Scan (GitHub repo or uploaded ZIP), we download and read your code only to analyse it — we never execute it, and the source code is deleted immediately after the scan. We do not retain your source. We do store the resulting findings report (the issues, file paths and scores — not your source) at a private, noindex, unguessable URL so you can return to it; you may ask us to delete it at any time. Any email you give to receive the report is handled as lead data (below).
3.2 Information collected automatically
- Analytics data via Google Analytics 4 (GA4) — see Section 5.
- A hashed (one-way) IP address, retained solely for abuse prevention and security. We do not store your raw IP address for analytics.
3.3 Information collected during service delivery
If you become a client, you may grant us read-only, scoped access to your codebase so we can perform our audit and remediation work. We may also process project-related communications and configuration details you share. We do not seek to collect end-user personal data from your systems; any incidental access is governed by our agreement and NDA with you.
4. Why we use your data & legal basis
| Purpose | Data used | Legal basis (GDPR) | Basis (DPDP Act) |
|---|---|---|---|
| Respond to your enquiry and prepare a Snapshot | Form data | Legitimate interest / pre-contract steps | Consent / legitimate use |
| Deliver contracted services | Form data, codebase access | Performance of a contract | Performance of contract / consent |
| Website analytics | GA4 data (after consent) | Consent | Consent |
| Abuse prevention & security | Hashed IP | Legitimate interest | Legitimate use |
| Legal & accounting compliance | Contact, transaction records | Legal obligation | Legal obligation |
We rely on your consent for analytics cookies, which is captured before any analytics tags fire (see Section 5).
5. Cookies & analytics (GA4 + Consent Mode v2)
We use Google Analytics 4 to understand how visitors use our Website. Analytics tags are governed by Google Consent Mode v2: analytics cookies only fire after you grant consent, consistent with the DPDP Act and GDPR. Until you consent, GA4 operates in a restricted, cookieless mode and does not set analytics cookies. You can withdraw or change your consent at any time. Strictly-necessary cookies required for the site to function may be set without consent.
6. How we store & secure your data
- Lead data from the form is stored in an append-only log and emailed to our staff for follow-up.
- We apply reasonable technical and organizational measures, including access controls, encryption in transit, hashing of IP addresses, and least-privilege access to client systems.
- Client codebase access is read-only and scoped, granted only after a mutual NDA is signed.
- No method of transmission or storage is perfectly secure; we cannot guarantee absolute security but work to protect your data using industry-standard practices.
7. Retention periods
- Snapshot / lead data: retained for up to 24 months from last contact, then deleted or anonymized.
- Instant Scan source code: never retained — deleted immediately after the scan completes. Instant Scan findings reports (no source code) are retained for up to 12 months, or deleted on request.
- Hashed IP (abuse prevention): retained for up to 90 days.
- GA4 analytics: retained per the GA4 data-retention setting (14 months).
- Client codebase / engagement data: client code is deleted after the engagement concludes. Records required for legal, tax or accounting purposes are retained for the period required by law.
8. Sharing & sub-processors
We do not sell your personal data. We share data only with service providers (“sub-processors”) that help us operate, under appropriate contractual safeguards — including hosting / infrastructure providers, email / communication providers, and analytics providers (Google Analytics 4). We may also disclose data where required by law or to protect our legal rights.
9. Your rights
Depending on your jurisdiction, you have rights over your personal data. We honour the following where applicable:
- Access — request a copy of the data we hold about you.
- Correction — request that inaccurate or incomplete data be corrected.
- Erasure — request deletion of your data, subject to legal retention obligations.
- Withdraw consent — withdraw consent (e.g. for analytics) at any time, without affecting prior lawful processing.
- Grievance redressal (DPDP Act) — raise a complaint with our Grievance Officer (Section 13).
- GDPR-specific rights — restriction of processing, data portability, objection to processing, and the right to lodge a complaint with your local supervisory authority.
To exercise any right, contact hello@mobideus.com. We will respond within the timeframes required by applicable law and may need to verify your identity first.
10. International transfers
We are based in India and serve clients globally. Your data may be processed in India or in other countries where our sub-processors operate. Where we transfer personal data from the EEA/UK to a country without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses.
11. Children
Our Website and services are intended for businesses and professionals and are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this Policy from time to time. The “Last updated” date reflects the latest revision. Material changes will be reflected on this page, and where required we will seek fresh consent.
13. Contact & Grievance Officer
For any privacy questions, requests or complaints, email hello@mobideus.com or message +91 99625 78801.
Grievance Officer (DPDP Act, 2023): the Mobideus Grievance Officer is reachable at hello@mobideus.com for redressal of any grievance regarding the processing of your personal data. We will acknowledge and address your grievance within the timeframe prescribed under applicable law.