Skip to content
Book Your Audit
Book Your Audit

Privacy Policy

How NineGravity collects, uses, and protects the information you share with us.

Last updated · 16 June 2026

01 · Introduction

NineGravity (“we”, “us”, “our”) operates ninegravity.com and provides WordPress audit, development, maintenance, performance, security, and migration services, including white-label work for agencies. This policy explains what personal information we handle, why, and what choices and rights you have.

We work with clients in India, the United States, Europe, and elsewhere, so we have built our practices to align with:

  • the Indian Digital Personal Data Protection Act, 2023 (DPDP Act);
  • the EU / UK General Data Protection Regulation (GDPR); and
  • the California Consumer Privacy Act, as amended by the CPRA (CCPA).

By using our website or our services, you agree to the handling of information as described here.

02 · Who we are

For the purposes of the GDPR, NineGravity is the data controller for the personal data described in this policy. Under the DPDP Act, we act as a Data Fiduciary. When we handle client website data during a project, we generally act as a data processor on the client’s behalf, governed by our service agreement with that client (see section 6).

Contact details:

NineGravity
309, Atlantis One, above Namh Wellness, Sola, Ahmedabad, Gujarat 380060, India
Email: hello@ninegravity.com
Phone: +91 95589 64991

Grievance / Data Protection contact: Questions, requests, or complaints about your personal data can be sent to hello@ninegravity.com.

03 · What we collect

We collect only what we need to run our business and deliver our services.

Information you give us directly

  • Contact and enquiry details submitted through our forms (contact form, audit booking, agency enquiry): name, email, phone (optional), company name, and website URL.
  • Newsletter sign-up: your email address (and name, if provided) when you opt in to our weekly WordPress tips email.
  • Project information you share during an engagement: WordPress admin access, hosting credentials, design assets, and analytics access. This may incidentally include personal data belonging to your users, which we process on your behalf, not for our own purposes.
  • Billing details needed to invoice you or take payment. Card payments are handled by our payment processors (see section 6); we do not store full card numbers.

Information we collect automatically

  • Server / log data: IP address, browser type and version, operating system, referring page, and the pages you view, recorded for security and to keep the site running.
  • Usage and analytics data about your visit (see section 5).

We do not intentionally collect special-category data (such as health, religion, or biometric data) through this website.

04 · Why we collect it

We use your information for the purposes below. Where the GDPR applies, the relevant legal basis (Article 6) is shown.

PurposeLegal basis (GDPR)
Respond to your enquiry and provide the service you’ve engaged us forPerformance of a contract (Art. 6(1)(b))
Invoicing, accounting, and tax record-keepingLegal obligation (Art. 6(1)(c))
Keep the website secure and functioning (log data, spam prevention)Legitimate interests (Art. 6(1)(f))
Send our weekly newsletterConsent (Art. 6(1)(a), opt-in only)
Understand and improve our website using analyticsConsent (Art. 6(1)(a), via the cookie banner)
Recruitment, if you apply for a role with usSteps prior to a contract / legitimate interests

We do not sell your personal data, and we do not rent, trade, or license it to third parties for their own marketing. Under the CCPA, we do not “sell” or “share” personal information as those terms are defined.

05 · Cookies & analytics

A cookie is a small text file stored on your device that a website can read on your next visit. We use a small number of them:

  • Essential cookies: needed for the site to work (for example, a session cookie for form submissions and to remember your cookie choices). These are always on.
  • Analytics cookies: used only if you consent, to understand which pages are useful and how the site performs.

Analytics tools we use: We use Google Tag Manager to load and manage the scripts (“tags”) that run on our site. Google Tag Manager is itself cookieless and collects no personal data on its own; it is a container that loads other tags. Through it we run Google Analytics, which sets cookies and helps us understand how visitors use the site; this may involve a transfer of data to Google. We enable IP-anonymisation, and these analytics only run after you accept analytics cookies in our consent banner.

Your choices: When you first visit, a consent banner lets you accept or reject non-essential cookies. You can change your choice at any time via the cookie settings link, or by deleting/blocking cookies in your browser. Blocking some cookies may affect how the site works. We honour browser-level signals such as Global Privacy Control where required.

06 · Who we share it with

We share information only with service providers (“processors”) who help us run the business, and only as far as they need it. Each is bound by contract to protect your data and use it only on our instructions. Our providers include:

  • Hosting & infrastructure: Pressable for site hosting; Google Workspace for email.
  • Newsletter / email marketing: MailerLite (an EU-based provider). When you subscribe, your email (and name, if given) is stored with MailerLite for the purpose of sending our newsletter; you can unsubscribe from any email.
  • Analytics: Google, via Google Tag Manager and Google Analytics (see section 5).
  • Payments: Stripe and Razorpay process card payments; larger payments may be handled by invoice. These providers handle card data under PCI-DSS standards; we do not store full card numbers.
  • Spam / form protection: Google reCAPTCHA, used on our forms to detect spam and abuse. This involves data processing by Google, subject to Google’s privacy terms.
  • Professional advisers (legal, accounting) and authorities, where we are required to share by law or to protect our rights.

During client projects, we may also share or access data through the platforms a client already uses (their hosting, CRM, etc.) strictly to perform the work. A current, itemised list of sub-processors can be provided to clients on request.

07 · International data transfers

We are based in India and work with clients and providers in the United States, Europe, and elsewhere, so your data may be stored or processed outside your home country. Where we transfer personal data internationally, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses, UK addenda, or a provider’s recognised certification) so that your data keeps an equivalent level of protection.

08 · How we store and protect it

Our website is hosted with Pressable, on servers located in the United States (Los Angeles, California). Email and related files are handled through Google Workspace on Google’s servers. We apply technical and organisational measures appropriate to the risk, including access controls, encryption in transit, and restricting access to team members who need it for their work. Credentials you share during an engagement are kept in a password manager with audit logging.

No method of transmission or storage is ever completely secure, but we work to protect your data and to respond quickly if something goes wrong. Where the law requires it (for example, GDPR’s 72-hour rule), we will notify the relevant authority and affected individuals of a qualifying data breach.

09 · How long we keep it

We keep personal data only as long as we need it for the purposes above, then delete or anonymise it.

  • Contact enquiries: 24 months after your last interaction, then deleted.
  • Client project records: up to 7 years, to meet tax and accounting obligations.
  • Newsletter subscriptions: until you unsubscribe.
  • Server logs: a short period (typically up to 90 days) unless needed to investigate a security incident.
  • Analytics: retained in aggregate / pseudonymised form only.

10 · Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • delete your data (subject to legal and accounting retention);
  • export your data in a portable, machine-readable format;
  • object to or restrict processing;
  • withdraw consent at any time (this doesn’t affect processing already carried out); and
  • nominate another person to exercise your rights on your behalf, where the DPDP Act allows.

To exercise any of these, email hello@ninegravity.com. We may need to verify your identity, and we will respond within 30 days (or sooner where the law requires).

EU/UK residents also have the right to complain to their local data protection authority. California residents have the right not to receive discriminatory treatment for exercising their CCPA rights, and we do not sell or share personal information as defined by the CCPA.

11 · Children’s privacy

Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

Our site and content may link to websites we don’t operate. We aren’t responsible for their privacy practices, and we encourage you to read the privacy policy of any site you visit.

13 · Changes to this policy

If we update this policy, we’ll change the “last updated” date above. For material changes, we’ll also email active clients and newsletter subscribers at least 14 days before they take effect.

14 · Contacting us

NineGravity
309, Atlantis One, above Namh Wellness, Sola, Ahmedabad, Gujarat 380060, India
hello@ninegravity.com · +91 95589 64991

For any question about this policy, or to exercise a right described above, email hello@ninegravity.com. We’ll respond within one business day.