Skip to main content
Privacy

Privacy policy.

Effective 2026-05-26 · applies to the Senwitt website at https://learn.senwitt.com

This policy describes how Apik Systems handles personal data when you visit the Senwitt marketing website. It covers EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, India's Digital Personal Data Protection Act 2023 (DPDP), and California's CCPA/CPRA. The Senwitt mobile application has a separate in-app privacy policy presented at install.

Who we are

The data controller (GDPR / UK DPA), data fiduciary (DPDP), and business (CCPA) for this website is Apik Systems, registered in Mumbai, India (Mumbai, India). We can be reached at [email protected].

Senwitt is a brand of Apik Systems. Throughout this policy “we,” “us,” and “our” refer to Apik Systems acting in that capacity.

What we collect

On this marketing website we collect only what is necessary for the site to function until you affirmatively consent to additional categories via the cookie banner.

Always-on (strictly necessary)

  • Request metadata — IP address, user-agent, timestamp. Used to deliver the page, prevent abuse, and keep aggregate uptime logs. IPs are truncated at the edge where supported and are not joined with any identity.
  • Theme preference and consent choice— stored in your browser's localStorage so we don't re-ask. These never leave your device.

With your analytics consent

  • Aggregate usage measurement — page views, navigation patterns, performance metrics (Core Web Vitals), referrer source. Used to understand which pages are useful and where the site is slow.
  • Deferred deep-link routing (Branch.io) — an anonymized click identifier that routes you into the correct in-app screen after install. This is install routing, not remarketing — gated under analytics rather than marketing so the install flow still works for users who only accept analytics. Not used for cross-site advertising and not sold.

With your marketing consent

  • Install-click attribution — which Senwitt page, surface, and campaign produced an install click. Used to measure which content brings users to the app. Not used for cross-site advertising and not sold.

We do not sell personal data; run third-party advertising on the site; embed retargeting pixels; or combine on-site behaviour with any external advertising profile. The app itself has additional categories — those are described in the in-app privacy policy.

Legal bases for processing

Under GDPR / UK DPA

  • Necessary cookies / request handling — legitimate interests (Art. 6(1)(f)) in delivering a working website and security.
  • Analytics and marketing categories — consent (Art. 6(1)(a) and ePrivacy Directive Art. 5(3)). You can withdraw consent at any time via the cookie preferences link in the footer.

Under India DPDP Act 2023

  • Necessary processing — legitimate use consistent with DPDP §7 (provision of the service you requested).
  • Analytics and marketing — your free, specific, informed, unconditional, unambiguous consent given via the cookie banner.

Under CCPA / CPRA

We do not sell personal information as that term is defined in CCPA §1798.140. We treat any sharing for cross-context behavioural advertising as “sharing” under CPRA and honour Global Privacy Control (GPC) signals as a request to opt out of both selling and sharing. If your browser transmits a GPC signal we record an automatic opt-out without requiring a separate cookie-banner click.

Cookies and similar technologies

See the dedicated cookie policy for the full list of cookies and similar technologies, what each does, how long it lasts, and the legal category it falls under.

Third-party processors

We rely on the following service providers to deliver this website. Each acts as a processor / data processor under our instructions:

  • Apik Systems (self-managed VPS) — hosting. Server logs may contain request metadata (IP address, user agent, requested URL) necessary to deliver pages.
  • Branch Metrics, Inc.(USA) — deferred deep-link routing. Only loaded after analytics consent; Branch attribution is install routing, not remarketing. Branch's privacy policy: branch.io/policies/privacy-policy.
  • Google LLC(USA) — Google Analytics 4, if configured by the site operator. Only loaded after analytics consent. Google's privacy policy: policies.google.com/privacy.

Each processor has a written data-processing agreement with us and (where applicable) supports the EU Standard Contractual Clauses 2021/914 + the UK International Data Transfer Addendum for transfers outside the EEA/UK.

International data transfers

Apik Systems is based in India. Some of our processors are based in the United States. Where data is transferred internationally we rely on:

  • EU Standard Contractual Clauses (Decision 2021/914) for transfers from the EEA.
  • The UK International Data Transfer Addendum for transfers from the UK.
  • DPDP-permitted transfers to countries notified by the Government of India.

How long we keep data

  • Server access logs — up to 14 days, then deleted.
  • Aggregate analytics — up to 14 months at the analytics provider; aggregated reports may be kept longer with no individual identifier.
  • Marketing-attribution events — up to 90 days at Branch.io and then deleted.
  • Your consent record — 12 months in your browser; after that we re-prompt.

Your rights

Depending on where you live, you have the following rights. We honour all of them regardless of jurisdiction.

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to fix data that is inaccurate or incomplete.
  • Deletion — ask us to delete your personal data.
  • Portability — receive your data in a structured, commonly used, machine-readable format.
  • Restriction — limit how we process your data while a dispute is resolved.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time, with no penalty. We continue lawful processing carried out before withdrawal.
  • Complain — to a supervisory authority. EU/UK residents may contact their national data protection authority; Indian residents may complain to the Data Protection Board of India; California residents to the California Privacy Protection Agency.

To exercise any of these rights, email [email protected] with the request type, the email address you used on Senwitt (if any), and the jurisdiction whose law applies. We respond within 30 days (GDPR/DPDP) or 45 days (CCPA).

India DPDP — grievance officer

Per DPDP §8(9), Indian users may contact our grievance officer at [email protected] for any concern about how their personal data is handled. We respond within the DPDP-mandated time period.

California — CCPA / CPRA notice

California residents may make a verified request to know what personal information we hold, request deletion, request correction, or opt out of selling/sharing. We do not sell personal information. If your browser sends a Global Privacy Control signal we treat that as a binding opt-out of any sharing for cross-context behavioural advertising. To make a request, email [email protected] with the subject line “CCPA Request”.

Children

This website is intended for adults. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided personal data, contact [email protected] and we will delete it.

Security

We use industry-standard transport security (TLS 1.2+), least- privilege access for staff, a defined incident-response plan, and processor agreements that require equivalent measures. No online system is perfectly secure; we work to keep the realistic risks low.

Changes

When we materially update this policy we will change the Effective date at the top and, where the change is significant, surface a notice on the site. Prior versions are available on request.

Contact

All privacy and data-protection requests — including GDPR data-subject requests, CCPA verified requests, India DPDP grievances, and any other question about how we handle your data — go to [email protected]. Please include the request type in the subject line so we can route it correctly within the statutory response window. Postal: Apik Systems, Mumbai, India.

We use cookies to make the site work, measure aggregate usage, and (if you opt in) attribute organic app installs. You can accept all, reject all, or customize.

See our cookie policy and privacy policy.