Privacy Policy

Last Updated: March 4, 2026

Introduction

Welcome to Winning Strategy. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered services, including our AI Data Analysis Tool, AI Spreadsheet Generator, and AI Presentation Generator.

Data Fiduciary: Winning Strategy Consulting Private Limited
Registered Office: Mumbai, India
Applicable Laws: GDPR (EU), DPDP Act 2023 (India), CCPA/CPRA (California)

Information We Collect

Personal Information

When you create an account or use our services, we may collect:

Name and email address
Phone number (optional)
Company name and role (for business accounts)
Billing information and payment details (processed securely through Razorpay)
Profile picture (optional)

Usage Information

We automatically collect information about how you use our services:

AI model usage and interaction data
Features you use and frequency of use
Credits consumed and remaining balance
Files uploaded and processed (temporarily stored)
Search queries and AI prompts
Generated outputs and results

Technical Information

IP address and device information
Browser type and version
Operating system
Cookies and similar tracking technologies
Diagnostic logs and application telemetry

How We Use Your Information

We use your information to:

Provide, maintain, and improve our AI services
Process your transactions and manage your subscription
Send you service updates, security alerts, and support messages
Respond to your inquiries and provide customer support
Analyze usage patterns to enhance user experience
Train and improve our AI models (only with your consent and anonymized data)
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations
Send promotional communications (with your opt-in consent)

Data Processing & AI Training

Your Data and AI Models

By default, your prompts and uploaded files are NOT used to train third-party AI models. We work with AI providers who respect data privacy and do not use your data for model training without explicit consent.

Temporary Storage

Files you upload are temporarily stored on secure servers for processing and are automatically deleted within 24 hours. You can manually delete files immediately after processing.

Opt-In for Service Improvement

You may opt-in to allow us to use anonymized versions of your interactions to improve our service. All personally identifiable information is removed before any analysis.

Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

Service Providers

Razorpay: Payment processing (subject to their privacy policy)
AI Providers: OpenAI, Anthropic, Google, etc. (for processing your requests)
Cloud Hosting: Secure data storage and infrastructure
Analytics: Usage analytics and service improvement
Email Service: For transactional and promotional emails

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

Data Security

We implement industry-standard security measures to protect your information:

TLS 1.3 encryption for data in transit
AES-256 encryption at rest for stored data
Bcrypt password hashing with salt
HTTPOnly and Secure cookies to prevent XSS attacks
CSRF protection on all forms
Regular security audits and vulnerability assessments
Access controls and multi-factor authentication
Secure payment processing through Razorpay (PCI DSS compliant)
Regular backups and disaster recovery procedures
XSS sanitization on all user inputs
Content Security Policy (CSP) headers

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information, we are committed to transparency and prompt notification in accordance with applicable laws.

Our Breach Response Process

Detection: Continuous monitoring and incident detection systems
Assessment: Immediate evaluation of breach scope and impact
Containment: Swift action to contain and mitigate the breach
Notification: Timely notification to affected parties and authorities
Remediation: Implementation of measures to prevent future incidents

Notification Timelines

GDPR (EU/EEA/UK)

Within 72 hours to supervisory authority; without undue delay to affected individuals

DPDP Act (India)

As soon as possible to Data Protection Board of India and affected individuals

CCPA/CPRA (California)

Without unreasonable delay; specific requirements for certain breach types

What We Will Tell You

In the event of a breach, we will inform you about:

The nature of the breach and categories of data affected
The likely consequences of the breach
Measures taken to address the breach
Recommendations for protecting yourself
Contact information for further inquiries

Report a Security Concern: If you discover a security vulnerability or have concerns about data security, please contact us immediately at contact@winningstrategy.ai with subject line "Security Issue".

Your Privacy Rights (All Users)

Regardless of your location, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (right to be forgotten)
Export: Download your data in a portable format (JSON)
Opt-out: Unsubscribe from marketing communications
Object: Object to processing of your data for certain purposes
Restrict: Request restriction of processing in certain circumstances

Download Your Data

You can download a complete copy of your personal data at any time from your account settings.

Go to Account Settings

For other privacy requests, contact us at contact@winningstrategy.ai or use our Privacy Request Form.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

Account information: Until you delete your account, plus 30 days
Uploaded files: Automatically deleted within 24 hours
Usage data: Retained for up to 2 years for analytics
Payment records: Retained for 7 years for tax and legal compliance
Support tickets: Retained for 3 years

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can manage your cookie preferences at any time using the button below.

Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

Authentication: Session tokens to keep you logged in
Security: CSRF tokens to prevent cross-site attacks
Preferences: Your cookie consent choices

Analytics Cookies (Optional)

Help us understand how visitors interact with our website:

Google Analytics (_ga, _gid, _ga_*): Track page views, user behavior, and site performance
Duration: Up to 2 years
Provider: Google LLC

Marketing Cookies (Optional)

Used to track visitors across websites and measure advertising effectiveness:

Google Ads (_gcl_*, _gac_*): Track conversions and ad campaign performance
Duration: Up to 90 days
Provider: Google LLC

You can also control cookies through your browser settings. Note that disabling certain cookies may affect functionality. For more information about Google's data practices, visit Google Privacy Policy.

International Data Transfers

Your information may be transferred to and processed in countries other than India, including the United States and European Union, where our service providers are located.

Data Storage Locations

Primary Storage: United States (Supabase infrastructure)
AI Processing: United States (OpenAI, Anthropic, Google)
Payment Processing: India (Razorpay)
Email Services: United States (Resend)

Transfer Safeguards

We ensure appropriate safeguards for international data transfers:

GDPR Compliance: Standard Contractual Clauses (SCCs) approved by the European Commission
Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Data Processing Agreements: Contracts with all third-party processors
Adequacy Decisions: Transfers to countries with adequate data protection where applicable

Sub-Processors

We work with the following sub-processors who may access your data:

Supabase Inc. - Authentication and database (USA)

OpenAI, Anthropic, Google - AI model processing (USA)

Razorpay - Payment processing (India)

Resend - Email delivery (USA)

Google LLC - Analytics and advertising (USA)

We will notify you of any changes to our sub-processors via email or website notice.

India Data Protection (DPDP Act 2023)

This section applies to individuals in India under the Digital Personal Data Protection Act, 2023.

Data Fiduciary Information

Legal Entity: Winning Strategy Consulting Private Limited

Registered Office: Mumbai, Maharashtra, India

Role: Data Fiduciary under DPDP Act 2023

CIN: U62020MH2024PTC417158

Grievance Redressal Officer

Name: Grievance Officer, Winning Strategy

Email: contact@winningstrategy.ai

Subject Line: "DPDP Grievance" or "India Data Protection"

Response Time: Within 72 hours of receipt

Resolution Time: Within 30 days of complaint

The Grievance Officer is responsible for addressing complaints and queries related to data processing under the DPDP Act.

Your Rights Under DPDP Act

Right to Access (Section 11)

Obtain information about your personal data and how it is processed

Right to Correction (Section 12)

Correct, complete, or update inaccurate or misleading personal data

Right to Erasure (Section 13)

Request deletion of your personal data (subject to legal retention requirements)

Right to Grievance Redressal (Section 14)

Lodge complaints with our Grievance Officer or the Data Protection Board of India

Right to Nominate (Section 15)

Nominate another individual to exercise your rights in the event of death or incapacity

Cross-Border Data Transfers from India

Your personal data may be transferred outside India to:

United States (for cloud hosting, AI processing, and analytics)
European Union (for certain service providers)

We ensure that such transfers comply with DPDP Act requirements and that adequate safeguards are in place through contractual agreements and encryption.

How to Exercise Your DPDP Rights

Email: contact@winningstrategy.ai

Subject Line: "DPDP Rights Request" or "India Privacy Request"

Privacy Request Form: Submit Request

Initial Response: Within 72 hours

Resolution: Within 30 days

Data Protection Board of India: If your complaint is not resolved satisfactorily, you have the right to approach the Data Protection Board of India. Visit MeitY website for more information.

California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the information in this Privacy Policy.

Categories of Personal Information We Collect

Identifiers

Name, email address, phone number, IP address, unique identifiers

Commercial Information

Subscription plans, payment history, credits purchased and used

Internet or Network Activity

Browsing history on our site, search queries, interaction with our services, AI prompts and outputs

Geolocation Data

Approximate location based on IP address

Professional Information

Company name, job role, business information (optional)

Inferences

Preferences, characteristics, behavior patterns derived from your usage

Sale and Sharing of Personal Information

Important Disclosure:

We do not sell your personal information for monetary consideration. However, we do share personal information with third parties (Google Analytics, Google Ads) for analytics and advertising purposes, which may be considered a "sale" or "share" under California law.

Categories shared: Identifiers (cookies, device IDs), Internet activity (page views, clicks), and Inferences (user preferences).

Your California Privacy Rights

California residents have the following rights under CCPA/CPRA:

Right to Know

Request disclosure of personal information we collect, use, disclose, and sell/share

Right to Delete

Request deletion of your personal information (subject to certain exceptions)

Right to Opt-Out of Sale/Sharing

Opt-out of the sale or sharing of your personal information for targeted advertising

Right to Correct

Request correction of inaccurate personal information

Right to Limit Use of Sensitive Personal Information

Limit our use of sensitive personal information (if applicable)

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights

How to Exercise Your Rights

To exercise any of your California privacy rights, you can:

Submit Privacy Request Form

Or contact us directly:

Email: contact@winningstrategy.ai

Subject Line: "California Privacy Rights Request"

Include: Your name, email, and specific request (know, delete, opt-out, correct)

We will respond to your request within 45 days. If we need more time, we will notify you and may take up to 90 days total. You may submit requests up to twice per 12-month period free of charge.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly with us.

Opt-Out of Sale/Sharing

To opt-out of the sharing of your personal information for targeted advertising:

Click "Cookie Settings" in the footer and disable Analytics and Marketing cookies
Email us at contact@winningstrategy.ai with subject "Opt-Out Request"
We honor Global Privacy Control (GPC) signals from your browser

Retention Period

We retain personal information for the periods described in the "Data Retention" section above, or as required by law. California residents may request deletion at any time, subject to legal exceptions.

Notice: We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

Automated Decision Making and AI

Our platform uses artificial intelligence (AI) and automated decision-making systems to provide our services. Here's what you need to know:

How We Use AI

Content Generation: AI models generate presentations, spreadsheets, and data analysis reports based on your prompts
Data Analysis: AI analyzes your uploaded data and provides insights
Recommendations: AI suggests improvements and optimizations
Personalization: AI adapts responses based on your usage patterns and preferences

Your Rights Regarding AI

Under GDPR Article 22 and DPDP Act provisions, you have rights regarding automated decisions:

Human Review: You can request human review of AI-generated content or decisions
Explanation: You can request an explanation of how the AI reached a particular output
Contest: You can challenge or contest AI-generated results
Opt-Out: For certain non-essential AI features, you can opt-out of automated processing

Important: Our AI systems do not make decisions that produce legal effects or similarly significantly affect you without human oversight. All AI-generated content is provided as suggestions and recommendations, and you maintain full control over how you use the outputs.

AI Model Providers

We use the following AI providers to power our services:

OpenAI (GPT models)
Anthropic (Claude models)
Google (Gemini models)
Other models as specified in our service

These providers process your prompts and data solely to generate responses and do not use your data for training their models (per our agreements with them).

Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, or services that are not owned or controlled by WinningStrategy.ai. This Privacy Policy applies only to our services.

Disclaimer: We are not responsible for the privacy practices, content, or security of any third-party websites or services. When you click on a third-party link or use a third-party service, you are subject to their terms and privacy policies, not ours.

Third-Party Services We Integrate With

Payment Processing: Razorpay (subject to Razorpay Privacy Policy)
Analytics: Google Analytics (subject to Google Privacy Policy)
Advertising: Google Ads (subject to Google Privacy Policy)
AI Models: OpenAI, Anthropic, Google (subject to their respective privacy policies)
Authentication: Google OAuth (subject to Google Privacy Policy)

We encourage you to review the privacy policies of any third-party services you access through our platform. We are not liable for any data you provide directly to third parties.

Accessibility

We are committed to ensuring that our website and services are accessible to all users, including those with disabilities. We strive to comply with Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards. If you experience any difficulty accessing our services or have suggestions for improvement, please contact us at contact@winningstrategy.ai with subject line "Accessibility Support".

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at contact@winningstrategy.ai with subject line "Child Privacy Concern".

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

All Privacy & Data Protection Inquiries

contact@winningstrategy.ai

Use subject lines: "GDPR Request" | "DPDP Grievance" | "California Rights" | "Security Issue" | "Accessibility Support"

GDPR (EU/EEA)

Response: 1 month

DPDP (India)

Response: 72 hours

CCPA (California)

Response: 45 days

Security Issues

Response: Immediate

Mailing Address

Winning Strategy Consulting Private Limited
Mumbai, Maharashtra, India

WinningStrategy.ai

Privacy Policy

Last Updated: March 4, 2026

Introduction

Data Fiduciary: Winning Strategy Consulting Private Limited
Registered Office: Mumbai, India
Applicable Laws: GDPR (EU), DPDP Act 2023 (India), CCPA/CPRA (California)

Information We Collect

Personal Information

When you create an account or use our services, we may collect:

Name and email address
Phone number (optional)
Company name and role (for business accounts)
Billing information and payment details (processed securely through Razorpay)
Profile picture (optional)

Usage Information

We automatically collect information about how you use our services:

AI model usage and interaction data
Features you use and frequency of use
Credits consumed and remaining balance
Files uploaded and processed (temporarily stored)
Search queries and AI prompts
Generated outputs and results

Technical Information

IP address and device information
Browser type and version
Operating system
Cookies and similar tracking technologies
Diagnostic logs and application telemetry

How We Use Your Information

We use your information to:

Provide, maintain, and improve our AI services
Process your transactions and manage your subscription
Send you service updates, security alerts, and support messages
Respond to your inquiries and provide customer support
Analyze usage patterns to enhance user experience
Train and improve our AI models (only with your consent and anonymized data)
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations
Send promotional communications (with your opt-in consent)

Data Processing & AI Training

Your Data and AI Models

Temporary Storage

Files you upload are temporarily stored on secure servers for processing and are automatically deleted within 24 hours. You can manually delete files immediately after processing.

Opt-In for Service Improvement

You may opt-in to allow us to use anonymized versions of your interactions to improve our service. All personally identifiable information is removed before any analysis.

Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

Service Providers

Razorpay: Payment processing (subject to their privacy policy)
AI Providers: OpenAI, Anthropic, Google, etc. (for processing your requests)
Cloud Hosting: Secure data storage and infrastructure
Analytics: Usage analytics and service improvement
Email Service: For transactional and promotional emails

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

Business Transfers

Data Security

We implement industry-standard security measures to protect your information:

TLS 1.3 encryption for data in transit
AES-256 encryption at rest for stored data
Bcrypt password hashing with salt
HTTPOnly and Secure cookies to prevent XSS attacks
CSRF protection on all forms
Regular security audits and vulnerability assessments
Access controls and multi-factor authentication
Secure payment processing through Razorpay (PCI DSS compliant)
Regular backups and disaster recovery procedures
XSS sanitization on all user inputs
Content Security Policy (CSP) headers

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information, we are committed to transparency and prompt notification in accordance with applicable laws.

Our Breach Response Process

Detection: Continuous monitoring and incident detection systems
Assessment: Immediate evaluation of breach scope and impact
Containment: Swift action to contain and mitigate the breach
Notification: Timely notification to affected parties and authorities
Remediation: Implementation of measures to prevent future incidents

Notification Timelines

GDPR (EU/EEA/UK)

Within 72 hours to supervisory authority; without undue delay to affected individuals

DPDP Act (India)

As soon as possible to Data Protection Board of India and affected individuals

CCPA/CPRA (California)

Without unreasonable delay; specific requirements for certain breach types

What We Will Tell You

In the event of a breach, we will inform you about:

The nature of the breach and categories of data affected
The likely consequences of the breach
Measures taken to address the breach
Recommendations for protecting yourself
Contact information for further inquiries

Your Privacy Rights (All Users)

Regardless of your location, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (right to be forgotten)
Export: Download your data in a portable format (JSON)
Opt-out: Unsubscribe from marketing communications
Object: Object to processing of your data for certain purposes
Restrict: Request restriction of processing in certain circumstances

Download Your Data

You can download a complete copy of your personal data at any time from your account settings.

Go to Account Settings

For other privacy requests, contact us at contact@winningstrategy.ai or use our Privacy Request Form.

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

Account information: Until you delete your account, plus 30 days
Uploaded files: Automatically deleted within 24 hours
Usage data: Retained for up to 2 years for analytics
Payment records: Retained for 7 years for tax and legal compliance
Support tickets: Retained for 3 years

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can manage your cookie preferences at any time using the button below.

Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

Authentication: Session tokens to keep you logged in
Security: CSRF tokens to prevent cross-site attacks
Preferences: Your cookie consent choices

Analytics Cookies (Optional)

Help us understand how visitors interact with our website:

Google Analytics (_ga, _gid, _ga_*): Track page views, user behavior, and site performance
Duration: Up to 2 years
Provider: Google LLC

Marketing Cookies (Optional)

Used to track visitors across websites and measure advertising effectiveness:

Google Ads (_gcl_*, _gac_*): Track conversions and ad campaign performance
Duration: Up to 90 days
Provider: Google LLC

International Data Transfers

Your information may be transferred to and processed in countries other than India, including the United States and European Union, where our service providers are located.

Data Storage Locations

Primary Storage: United States (Supabase infrastructure)
AI Processing: United States (OpenAI, Anthropic, Google)
Payment Processing: India (Razorpay)
Email Services: United States (Resend)

Transfer Safeguards

We ensure appropriate safeguards for international data transfers:

GDPR Compliance: Standard Contractual Clauses (SCCs) approved by the European Commission
Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Data Processing Agreements: Contracts with all third-party processors
Adequacy Decisions: Transfers to countries with adequate data protection where applicable

Sub-Processors

We work with the following sub-processors who may access your data:

Supabase Inc. - Authentication and database (USA)

OpenAI, Anthropic, Google - AI model processing (USA)

Razorpay - Payment processing (India)

Resend - Email delivery (USA)

Google LLC - Analytics and advertising (USA)

We will notify you of any changes to our sub-processors via email or website notice.

India Data Protection (DPDP Act 2023)

This section applies to individuals in India under the Digital Personal Data Protection Act, 2023.

Data Fiduciary Information

Legal Entity: Winning Strategy Consulting Private Limited

Registered Office: Mumbai, Maharashtra, India

Role: Data Fiduciary under DPDP Act 2023

CIN: U62020MH2024PTC417158

Grievance Redressal Officer

Name: Grievance Officer, Winning Strategy

Email: contact@winningstrategy.ai

Subject Line: "DPDP Grievance" or "India Data Protection"

Response Time: Within 72 hours of receipt

Resolution Time: Within 30 days of complaint

The Grievance Officer is responsible for addressing complaints and queries related to data processing under the DPDP Act.

Your Rights Under DPDP Act

Right to Access (Section 11)

Obtain information about your personal data and how it is processed

Right to Correction (Section 12)

Correct, complete, or update inaccurate or misleading personal data

Right to Erasure (Section 13)

Request deletion of your personal data (subject to legal retention requirements)

Right to Grievance Redressal (Section 14)

Lodge complaints with our Grievance Officer or the Data Protection Board of India

Right to Nominate (Section 15)

Nominate another individual to exercise your rights in the event of death or incapacity

Cross-Border Data Transfers from India

Your personal data may be transferred outside India to:

United States (for cloud hosting, AI processing, and analytics)
European Union (for certain service providers)

We ensure that such transfers comply with DPDP Act requirements and that adequate safeguards are in place through contractual agreements and encryption.

How to Exercise Your DPDP Rights

Email: contact@winningstrategy.ai

Subject Line: "DPDP Rights Request" or "India Privacy Request"

Privacy Request Form: Submit Request

Initial Response: Within 72 hours

Resolution: Within 30 days

Data Protection Board of India: If your complaint is not resolved satisfactorily, you have the right to approach the Data Protection Board of India. Visit MeitY website for more information.

California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the information in this Privacy Policy.

Categories of Personal Information We Collect

Identifiers

Name, email address, phone number, IP address, unique identifiers

Commercial Information

Subscription plans, payment history, credits purchased and used

Internet or Network Activity

Browsing history on our site, search queries, interaction with our services, AI prompts and outputs

Geolocation Data

Approximate location based on IP address

Professional Information

Company name, job role, business information (optional)

Inferences

Preferences, characteristics, behavior patterns derived from your usage

Sale and Sharing of Personal Information

Important Disclosure:

Categories shared: Identifiers (cookies, device IDs), Internet activity (page views, clicks), and Inferences (user preferences).

Your California Privacy Rights

California residents have the following rights under CCPA/CPRA:

Right to Know

Request disclosure of personal information we collect, use, disclose, and sell/share

Right to Delete

Request deletion of your personal information (subject to certain exceptions)

Right to Opt-Out of Sale/Sharing

Opt-out of the sale or sharing of your personal information for targeted advertising

Right to Correct

Request correction of inaccurate personal information

Right to Limit Use of Sensitive Personal Information

Limit our use of sensitive personal information (if applicable)

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights

How to Exercise Your Rights

To exercise any of your California privacy rights, you can:

Submit Privacy Request Form

Or contact us directly:

Email: contact@winningstrategy.ai

Subject Line: "California Privacy Rights Request"

Include: Your name, email, and specific request (know, delete, opt-out, correct)

We will respond to your request within 45 days. If we need more time, we will notify you and may take up to 90 days total. You may submit requests up to twice per 12-month period free of charge.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly with us.

Opt-Out of Sale/Sharing

To opt-out of the sharing of your personal information for targeted advertising:

Click "Cookie Settings" in the footer and disable Analytics and Marketing cookies
Email us at contact@winningstrategy.ai with subject "Opt-Out Request"
We honor Global Privacy Control (GPC) signals from your browser

Retention Period

Notice: We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

Automated Decision Making and AI

Our platform uses artificial intelligence (AI) and automated decision-making systems to provide our services. Here's what you need to know:

How We Use AI

Content Generation: AI models generate presentations, spreadsheets, and data analysis reports based on your prompts
Data Analysis: AI analyzes your uploaded data and provides insights
Recommendations: AI suggests improvements and optimizations
Personalization: AI adapts responses based on your usage patterns and preferences

Your Rights Regarding AI

Under GDPR Article 22 and DPDP Act provisions, you have rights regarding automated decisions:

Human Review: You can request human review of AI-generated content or decisions
Explanation: You can request an explanation of how the AI reached a particular output
Contest: You can challenge or contest AI-generated results
Opt-Out: For certain non-essential AI features, you can opt-out of automated processing

AI Model Providers

We use the following AI providers to power our services:

OpenAI (GPT models)
Anthropic (Claude models)
Google (Gemini models)
Other models as specified in our service

These providers process your prompts and data solely to generate responses and do not use your data for training their models (per our agreements with them).

Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, or services that are not owned or controlled by WinningStrategy.ai. This Privacy Policy applies only to our services.

Third-Party Services We Integrate With

Payment Processing: Razorpay (subject to Razorpay Privacy Policy)
Analytics: Google Analytics (subject to Google Privacy Policy)
Advertising: Google Ads (subject to Google Privacy Policy)
AI Models: OpenAI, Anthropic, Google (subject to their respective privacy policies)
Authentication: Google OAuth (subject to Google Privacy Policy)

We encourage you to review the privacy policies of any third-party services you access through our platform. We are not liable for any data you provide directly to third parties.

Accessibility

Children's Privacy

Changes to This Privacy Policy

Contact Us

If you have questions about this Privacy Policy or our data practices:

All Privacy & Data Protection Inquiries

contact@winningstrategy.ai

Use subject lines: "GDPR Request" | "DPDP Grievance" | "California Rights" | "Security Issue" | "Accessibility Support"

GDPR (EU/EEA)

Response: 1 month

DPDP (India)

Response: 72 hours

CCPA (California)

Response: 45 days

Security Issues

Response: Immediate

Mailing Address

Winning Strategy Consulting Private Limited
Mumbai, Maharashtra, India

Privacy Policy

Introduction

Information We Collect

Personal Information

Usage Information

Technical Information

How We Use Your Information

Legal Basis for Processing (GDPR)

1. Contract (Article 6(1)(b))

2. Consent (Article 6(1)(a))

3. Legitimate Interest (Article 6(1)(f))

4. Legal Obligation (Article 6(1)(c))

Data Processing & AI Training

Your Data and AI Models

Temporary Storage

Opt-In for Service Improvement

Information Sharing and Disclosure

Service Providers

Legal Requirements

Business Transfers

Data Security

Data Breach Notification

Our Breach Response Process

Notification Timelines

What We Will Tell You

Your Privacy Rights (All Users)

Download Your Data

Data Retention

Cookies and Tracking Technologies

Essential Cookies (Always Active)

Analytics Cookies (Optional)

Marketing Cookies (Optional)

International Data Transfers

Data Storage Locations

Transfer Safeguards

Sub-Processors

Your Rights Under GDPR (EU/EEA/UK/Switzerland)

How to Exercise Your GDPR Rights

India Data Protection (DPDP Act 2023)

Data Fiduciary Information

Grievance Redressal Officer

Your Rights Under DPDP Act

Cross-Border Data Transfers from India

How to Exercise Your DPDP Rights

California Privacy Rights (CCPA/CPRA)

Categories of Personal Information We Collect

Sale and Sharing of Personal Information

Your California Privacy Rights

How to Exercise Your Rights

Authorized Agents

Opt-Out of Sale/Sharing

Retention Period

Automated Decision Making and AI

How We Use AI

Your Rights Regarding AI

AI Model Providers

Third-Party Links and Services

Third-Party Services We Integrate With

Accessibility

Children's Privacy

Changes to This Privacy Policy

Contact Us

All Privacy & Data Protection Inquiries

Mailing Address

Privacy Policy

Introduction

Information We Collect

Personal Information

Usage Information

Technical Information

How We Use Your Information

Legal Basis for Processing (GDPR)

1. Contract (Article 6(1)(b))

2. Consent (Article 6(1)(a))

3. Legitimate Interest (Article 6(1)(f))

4. Legal Obligation (Article 6(1)(c))

Data Processing & AI Training

Your Data and AI Models

Temporary Storage

Opt-In for Service Improvement