Privacy Policy

Suggesto (operated by Adhish.in) helps brands create short product-finder quizzes and capture leads. This Privacy Policy explains what personal data we collect, how we use it, who we share it with and what rights you have over it.

This policy covers two categories of people: merchants (the people who sign up and build finders) and respondents (the visitors who answer those finders on a merchant's site). Where the law assigns different roles to merchants and Suggesto, we call them out explicitly.

Account data (merchants). Name, email address, hashed password, organisation name, country, and any team-member invitations you create. If you sign in with Google, we receive the email and name associated with your Google account.

Finder content (merchants). The questions, options, products, copy, images and theme settings you upload, plus the tags and weights that drive scoring.

Quiz responses (respondents). The answers a visitor selects, the recommendations they receive, the time spent on each question, and basic device metadata (anonymised IP truncated to the network, browser type, language).

Leads (respondents). Email address, name, and any custom fields the merchant has added to their lead-capture form. Consent flags are stored alongside.

Usage and diagnostics. Standard server logs, error reports and aggregate product analytics (page views, completion counts).

To operate the Service: authenticate merchants, render finders, compute recommendations, deliver leads to merchant dashboards, send transactional emails.

To support and bill merchants: respond to support requests, issue invoices, prevent fraud and abuse, recover overdue payments.

To improve the product: identify which features get used, debug crashes, measure performance.

To meet legal obligations: respond to lawful requests, enforce our Terms of Service.

We do not sell personal data, we do not run third-party advertising cookies, and we do not use respondent data to train general-purpose AI models.

For account data and product usage, Suggesto is the data controller.

For quiz responses and captured leads, the merchant is the data controller and Suggesto is the data processor. The merchant decides what fields are collected, what notice is shown to respondents, and how the leads are used downstream.

If you are a respondent and want your data corrected or removed, please contact the merchant whose finder you completed. We can assist on their behalf if you cannot reach them.

Where the GDPR or UK GDPR apply, we rely on the legal bases of contract (to deliver the Service to merchants), legitimate interests (to secure and improve the Service) and consent (for marketing communications and for any optional cookies described in Section 8).

For users in India, we comply with the Digital Personal Data Protection Act, 2023. Consent is obtained at sign-up and at each lead-capture form, and respondents may withdraw consent by contacting the merchant or us.

Sub-processors. We use a small list of vendors to operate the Service: a managed Postgres provider for data storage, AWS for asset hosting and email delivery, Google Cloud (Vertex AI) for quiz drafting where the merchant has opted in, and an analytics vendor for product metrics. A current list is available on request.

The merchant. Lead data captured by a finder is shared with the merchant who owns the finder.

Compliance and protection. We may disclose data to comply with a lawful request, to defend our rights, or to investigate abuse, with notice to the affected party where permitted by law.

We do not sell personal data to advertisers, brokers or any other third party.

Account data: retained for the life of your account and for thirty days after cancellation, then deleted (other than billing records we are required to keep).

Finder content: retained for the life of your account; available for export at any time.

Quiz responses and leads: retained according to the merchant's own retention setting (default twenty-four months from collection). Merchants may delete individual leads or export and purge in bulk from the dashboard.

Server logs: retained for ninety days for security and debugging, then truncated to anonymous aggregates.

We use a small number of strictly necessary cookies to keep merchants signed in and to remember interface preferences. We do not use third-party advertising or cross-site tracking cookies.

On respondent surfaces (the hosted finder and the iframe embed), we use a per-finder anonymous identifier to deduplicate views and to allow a visitor to resume an unfinished quiz. The identifier is stored in the browser's local storage and is not linked to any other Suggesto property.

Suggesto runs on managed cloud infrastructure with TLS in transit, encryption at rest, principle-of-least-privilege access and regular dependency scans. Passwords are stored as bcrypt hashes and are never visible to staff.

We do not promise that any system is perfectly secure, and we ask merchants to use strong passwords, to enable Google sign-in where possible, and to revoke former team members' access promptly.

Our primary infrastructure is in the United States, India and the European Union. Where we transfer personal data out of the EEA / UK, we rely on the European Commission's Standard Contractual Clauses or an adequacy decision, as appropriate.

Subject to local law, you have the right to access, correct, port, delete or restrict our processing of your personal data, and to object to processing based on legitimate interests. Merchants can exercise most of these rights directly from the admin panel; for anything else, write to privacy@suggesto.me.

You also have the right to lodge a complaint with your local data-protection authority. We would, however, very much appreciate the chance to address your concern first.

Suggesto is not intended for children under sixteen. We do not knowingly collect personal data from anyone under that age. If you believe a child has shared personal data with us, please contact us and we will delete it.

We may update this Privacy Policy from time to time. If a change is material, we will notify merchants by email or with a notice in the admin panel at least fourteen days before it takes effect. The “Last updated” date below always reflects the current version.

Privacy questions or data-deletion requests can be sent to privacy@suggesto.me. For general enquiries see the Contact page.