Privacy Policy

Outgrowth — A Product of Aarna Systems Pvt Ltd

Last Updated: March 4, 2026

Effective Date: March 4, 2026

1. Introduction

This Privacy Policy ("Policy") describes how Aarna Systems Pvt Ltd ("Company," "we," "us," or "our"), a company incorporated under the laws of India with its registered office at 403, Speciality Business Center, Balewadi, Pune, Maharashtra, India 411045, collects, uses, stores, processes, transfers, and protects the personal information of individuals ("you," "your," or "User") who access or use the Outgrowth platform, website (https://outgrowthfunnels.com), mobile applications, APIs, and related services (collectively, the "Platform").

The Outgrowth Platform is an AI-powered all-in-one sales, marketing, and customer relationship management (CRM) solution designed for agencies, marketers, and businesses. The Platform provides features including but not limited to CRM and contact management, marketing funnels and landing pages, email and SMS communications, workflow automations, appointment scheduling, analytics and reporting, AI-powered tools, and website building.

This Policy applies to all Usears of the Platform, including account holders, sub-account users, website visitors, and any individuals whose personal information is processed through the Platform. By accessing, registering for, or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Policy, please discontinue use of the Platform immediately.

2. Definitions

For the purposes of this Policy:

"Personal Information" means any information relating to an identified or identifiable individual, including but not limited to name, email address, phone number, IP address, and any other data that can be used to directly or indirectly identify a person.

"Processing" means any operation or set of operations performed on personal information, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

"Data Controller" refers to the entity that determines the purposes and means of processing personal information. In respect of data collected directly from you for operating the Platform, Aarna Systems Pvt Ltd acts as the Data Controller.

"Data Processor" refers to any entity that processes personal information on behalf of a Data Controller. When you use the Platform to manage your own customers' data (e.g., CRM contacts, leads, marketing lists), Aarna Systems Pvt Ltd acts as a Data Processor on your behalf.

"Third-Party Infrastructure Provider" refers to the cloud hosting and technology infrastructure partners that host and operate the underlying servers, databases, and services on which the Platform runs.

"Cookies" means small text files placed on your device when you access the Platform, used for functionality, analytics, and other purposes as described in this Policy.

3. Data Controller Information

Legal Entity: Aarna Systems Pvt Ltd

Brand Name: Outgrowth

Registered Address: 403, Speciality Business Center, Balewadi, Pune, Maharashtra, India 411045

Email: [email protected]

Phone: +91 8888851177

Website: https://outgrowthfunnels.com

4. Categories of Personal Information Collected

4.1 Information You Provide Directly

When you register, subscribe, or interact with the Platform, we may collect the following categories of personal information:

Identity Information: Full name, username, profile photograph, and other identification details

Contact Information: Email address, phone number, postal address, and communication preferences

Account Information: Login credentials (stored in encrypted form), account settings, and subscription preferences

Financial & Billing Information: Billing address, payment method details, transaction history, and invoice records. Full payment card numbers are not stored on our servers — payment processing is handled by PCI-compliant third-party payment processors.

Business Information: Company name, business address, industry type, tax identifiers, and team member information (for business accounts)

Communication Content: Messages, support tickets, email correspondence, call recordings (with consent), and chat transcripts generated through the Platform

User-Generated Content: Funnels, landing pages, marketing campaigns, workflows, automations, website pages, blog posts, and any other content created using the Platform

4.2 Information Collected Automatically

When you access or use the Platform, certain information is automatically collected through cookies, log files, and similar technologies:

Device & Technical Information: IP address, device type, operating system, browser type and version, screen resolution, time zone, and language settings

Usage Information: Pages visited, features used, click-streams, session duration, referring URLs, session history, and interaction patterns

Location Information: Approximate geographic location derived from IP address (precise geolocation is not collected without explicit consent)

Cookie & Tracking Information: Cookie identifiers, pixel tags, web beacons, and similar tracking technologies as detailed in Section 8

4.3 Information from Third Parties

We may receive personal information about you from third-party sources, including:

Social media platforms (when you connect accounts or use social login)

Marketing partners, advertising and marketing companies, marketing affiliates, and social media platforms

Payment processors and financial service providers

Analytics and data providers

Publicly available sources and databases

Partners at events or trade shows

4.4 Information Processed on Your Behalf (Processor Role)

When you use the Platform to manage your own customers' data (e.g., CRM contacts, leads, marketing lists, email campaigns, appointment bookings), Aarna Systems Pvt Ltd acts as a Data Processor processing such data solely on your instructions. You remain the Data Controller for your customers' data and are responsible for:

Obtaining necessary consents from your customers

Providing appropriate privacy notices to your end users

Ensuring your use of the Platform complies with applicable data protection laws

Determining the lawful basis for processing your customers' personal information

Your own privacy policy, rather than this Privacy Policy, will govern how your customers' personal information is processed when they interact with your websites, funnels, or services built on the Platform.

5. How We Use Your Personal Information

We use the personal information collected about you for the following purposes:

Platform Functionality & Development: To provide, offer, personalise, and improve the Platform, including network connectivity, usage measurement, server diagnostics, security features, testing, and developing new products and services

AI-Powered Features: Some Platform features leverage artificial intelligence to enhance performance. We do not use your personal information to train generalised, public AI models. AI subprocessors are contractually limited to providing the specific service you are using

Customer Support: To provide assistance, respond to enquiries, and resolve technical issues

Business Operations: For accounting, auditing, billing, reconciliation, collection activities, and compliance with contractual obligations

Communications: To send service messages, account notifications, security alerts, policy updates, newsletters, and marketing materials (in accordance with your communication preferences)

Security & Protection: To monitor for and prevent fraud, crime, cybersecurity threats, and unauthorised access to the Platform

Advertising & Marketing: To deliver personalised content, verify eligibility for promotional offers, engage in targeted advertising, and study the effectiveness of campaigns

Analytics & Improvement: To compile usage statistics, analyse trends, understand user needs, and improve the Platform experience

Legal & Compliance: To comply with legal and regulatory obligations, enforce our terms of service, and protect our legal rights

Legal Basis for Processing

Depending on your jurisdiction, we rely on one or more of the following legal bases for processing your personal information:

Consent: Where you have given clear consent for us to process your personal information for a specific purpose

Contractual Necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering a contract

Legitimate Interest: Where processing is in our legitimate interests (such as platform improvement, direct marketing, fraud prevention, and information security) and is not overridden by your data protection rights

Legal Obligation: Where processing is necessary to comply with applicable law

6. Consent and Your Choices

6.1 Obtaining Consent

Where consent is required as the legal basis for processing, we obtain your free, specific, informed, and unambiguous consent through clear affirmative action before processing your personal information. Pre-ticked boxes or implied consent mechanisms are not used where explicit consent is required.

6.2 Withdrawal of Consent

You may withdraw your consent at any time by contacting us at [email protected] or through the in-Platform settings. Upon withdrawal:

We will cease processing activities that relied solely on your consent within a reasonable period

Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal

Certain Platform features may become unavailable following withdrawal of consent

6.3 Marketing Communications

You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email

Updating your communication preferences within your account settings

Contacting us at [email protected]

We may still send you non-marketing communications related to your account, Platform functionality, security updates, or service changes.

7. How We Share Your Information

We may share your personal information with the following categories of recipients, solely for the purposes described in this Policy:

7.1 Affiliates and Subsidiaries

We may share information with our corporate affiliates and subsidiaries for purposes consistent with this Privacy Policy.

7.2 Service Providers and Vendors

We share information with authorised vendors and suppliers to provide services we have contracted for, including hosting, data analysis, IT services, auditing, payment processing, email delivery, SMS services, and customer support. Our contracts with service providers include provisions to protect your personal information and limit its use to the services contracted.

7.3 Third-Party Infrastructure Providers

The Platform's product infrastructure is hosted by leading cloud infrastructure providers, including Google Cloud Platform Services and Amazon Web Services (AWS), with primary infrastructure residing in the United States. We rely on these providers' audited security and compliance programmes for the efficacy of their physical, environmental, and infrastructure security controls. Google provides a monthly uptime percentage of at least 99.5%, and AWS guarantees between 99.95% and 100% service reliability with redundancy across power, network, and HVAC services.

7.4 Partners and Integrations

If you connect third-party services to the Platform (including installing applications through integrations), you agree to provide information to those third-party services under their respective terms and privacy policies. For example, if you connect a YouTube account, the Google Privacy Policy will apply to your use of YouTube's API services.

7.5 Legal and Regulatory Authorities

We may disclose your information to the extent required by law, or if we have a good-faith belief that such disclosure is necessary to comply with official investigations, legal proceedings, subpoenas, search warrants, or court orders.

7.6 Corporate Transactions

In connection with a merger, acquisition, reorganisation, or sale of assets, your personal information may be transferred to the acquiring entity, subject to this Policy continuing to apply.

7.7 At Your Direction or With Your Consent

We may disclose your personal information where you consent to the disclosure or otherwise direct us to share the information.

7.8 No Sale of Personal Information

Aarna Systems Pvt Ltd does not sell your personal information to third parties for monetary consideration. We do not share your phone number or opt-in consent with third parties unless we have received your express written consent.

8. Cookies and Tracking Technologies

8.1 Types of Cookies Used

The Platform uses cookies and similar technologies for the following purposes:

Essential / Strictly Necessary: Session management, authentication, security, cookie preference storage, bot management

Functional: Language preferences, user settings, customer support chat

Analytics / Performance: Website interaction tracking, session analysis, reporting

Transaction: Facilitating checkout and payment processes

Marketing / Advertising: Retargeting, ad measurement, conversion tracking, personalisation

8.2 Cookie Consent

The Platform provides a Cookie Consent Banner that allows visitors to accept or decline cookies:

Accept Essential — Accepts only necessary cookies required for basic website functionality

Accept All — Accepts all cookies, including tracking and analytics cookies

If a user rejects all non-essential cookies, only essential cookies will be stored, and all tracking and analytics cookies will be disabled

8.3 Managing Cookies

You may control cookies through:

The Platform's cookie consent banner and preference settings

Your browser settings (refer to your browser's help section for instructions on managing cookies)

Opting out of specific advertising cookies through industry opt-out tools

Please note that disabling certain cookies may affect Platform functionality.

8.4 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. At this time, the Platform does not respond to DNT signals.

9. International Data Transfers

9.1 Hosting and Data Location

The Platform's product infrastructure is hosted primarily in the United States through leading cloud providers including Google Cloud Platform and Amazon Web Services. As a result, your personal information may be transferred to, stored, and processed in the United States and other countries where our infrastructure providers and service partners operate.

9.2 Safeguards for International Transfers

When personal information is transferred internationally, we ensure appropriate safeguards are in place:

Contractual protections: Data Processing Agreements with all service providers and infrastructure partners, requiring them to maintain security standards equivalent to those described in this Policy

Technical measures: Encryption in transit (TLS 1.2 or 1.3) and at rest (AES-256) for all transferred data

EU Data Privacy Framework: For personal information originating in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, data transfers comply with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as certified with the U.S. Department of Commerce

Access controls: Role-based access control (RBAC), multi-factor authentication, and principle of least privilege for all systems handling personal information

9.3 Indian Users

If you are located in India, please be aware that your personal information will be transferred to and processed in the United States where our infrastructure is hosted. By using the Platform, you consent to such transfer. We ensure that adequate safeguards, including encryption and contractual data protection obligations, are in place to protect your information during and after transfer.

10. Data Security

10.1 Technical Safeguards

We implement reasonable and appropriate administrative, technical, and organisational security measures to protect your personal information:

Encryption in Transit: All data is encrypted in transit using TLS version 1.2 or 1.3 with 2,048-bit keys or better. TLS is also a default for customer websites hosted on the Platform.

Encryption at Rest: Platform data is stored using AES-256 encryption. User passwords are hashed following industry best practices and encrypted at rest.

Key Management: Encryption keys are securely managed through a hardened Key Management System (KMS). TLS certificates are renewed annually, and encryption keys are rotated at varying frequencies depending on data sensitivity.

Network Security: Multiple layers of filtering and inspection on all connections, including web application firewalls, logical firewalls, and network-level access control lists aligned with OWASP Top 10 guidelines.

DDoS Protection: Protections against Distributed Denial of Service (DDoS) attacks are incorporated to ensure continuous availability.

Monitoring & Alerting: Continuous automated monitoring, alerting, and response capabilities that detect anomalies, trigger automatic responses, and alert appropriate teams.

Vulnerability Management: Multi-layered vulnerability management using industry-recognised tools, regular vulnerability scans, and annual penetration tests performed by third-party security experts.

10.2 Data Isolation and Tenant Separation

The Platform provides a multi-tenant solution where customer data is logically separated using unique identifiers. Authorisation rules are incorporated into the design architecture and validated on a continuous basis. Application authentication, access changes, availability, and user activity are logged.

10.3 Organisational Safeguards

All employees undergo background checks prior to employment and complete security awareness training upon hire and annually thereafter.

Written Information Security Policies covering data handling requirements, privacy considerations, and disciplinary actions for violations.

Employee access to production infrastructure is strictly controlled through role-based access control (RBAC), with day-to-day access minimised and persistent administrative access restricted.

Direct network connections to production infrastructure over SSH or similar protocols are prohibited; engineers must authenticate through bastion hosts or assigned IAM roles.

Company-issued devices are centrally managed with full disk encryption and Mobile Device Management solutions.

Third-party vendors are subject to vendor management processes ensuring appropriate security and privacy controls.

10.4 Your Security Responsibilities

No technology or data transmission can be guaranteed to be 100% secure. You also play a critical role in protecting your data by:

Maintaining strong, unique passwords for your account

Enabling two-factor authentication (available through the Platform)

Not sharing your account credentials with unauthorised parties

Notifying us immediately if you believe your account has been compromised

11. Data Retention

11.1 Retention Principles

We retain your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including for satisfying legal, regulatory, tax, accounting, or reporting requirements.

11.2 Determining Retention Periods

To determine appropriate retention periods, we consider:

The amount, nature, and sensitivity of the personal information

The potential risk of harm from unauthorised use or disclosure

The purposes for which we process the information and whether we can achieve those purposes through other means

Applicable legal, regulatory, tax, accounting, or other requirements

The existence of any complaint or prospect of litigation

11.3 Retention Schedule

Active Account Data: Duration of active account relationship

Account Data (post-closure): Up to 3 years after account closure, or as required by law

Financial & Billing Records: As required by applicable tax and accounting laws (typically 7–8 years)

Communication & Support Records: 3 years from date of last interaction

Usage & Analytics Data: 24 months from date of collection (anonymised or deleted thereafter)

Security & Access Logs: Retained for investigation and response activities as required

Marketing Consent Records: Duration of consent plus 7 years

11.4 Deletion and Anonymisation

Upon expiry of the retention period, personal information is securely deleted or irreversibly anonymised. Current and former customers can make written requests to have certain data deleted, and we will fulfil those requests as required by applicable privacy rules and regulations. In some circumstances, anonymised information (which can no longer be associated with you) may be used indefinitely for research or statistical purposes.

11.5 Customer Content Recovery

Contacts, opportunities, custom fields, custom values, tags, notes, and tasks can be recovered from the recycle bin for up to 30 days after deletion. Changes to web pages, blog posts, or emails can be restored to previous versions using version history. Export options and public APIs are available for customers who wish to additionally back up their data.

12. Data Backup and Disaster Recovery

12.1 System Reliability

All Platform services are built with redundancy. Server infrastructure is strategically distributed across multiple distinct availability zones and virtual private cloud networks, and all web, application, and database components support point-in-time recovery.

12.2 Backup Practices

Systems are backed up on a regular basis with established schedules and frequencies.

Seven days' worth of backups are maintained for any database to ensure restoration capability.

Backups are monitored for successful execution, with alerts generated for any exceptions.

Data is backed up daily to the local region with monitoring and alerting for replication failures.

All backups are protected through access control restrictions and write-once-read-many (WORM) protections.

12.3 No Physical Media

The Platform does not use physical storage media or hard copy media (paper, tape, etc.) as part of making services available. All hosting, backup, and recovery utilise cloud services.

13. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights with respect to your personal information:

13.1 General Rights

Right to Access: Request confirmation of whether we process your personal information and obtain a copy of such information.

Right to Correction: Request correction of inaccurate or incomplete personal information.

Right to Deletion: Request erasure of your personal information, subject to applicable legal retention requirements.

Right to Withdraw Consent: Withdraw consent for any processing activities based on consent, at any time.

Right to Object: Object to the processing of your personal information in certain circumstances.

Right to Restrict Processing: Request restriction of processing in certain circumstances.

13.2 European Privacy Rights (EEA, UK, Switzerland)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR / UK GDPR / Swiss nFADP, including:

Right to data portability

Right to lodge a complaint with your local data protection supervisory authority

Right to invoke binding arbitration under the Data Privacy Framework under certain conditions

The right not to be subject to automated profiling that produces legal or similarly significant effects — we do not engage in such profiling

13.3 U.S. Privacy Rights

Residents of states with applicable privacy laws (including California, Colorado, Connecticut, Virginia, and others) may have additional rights:

Right to Opt Out of Sale/Share/Targeted Advertising: We do not sell your personal information for money. If applicable state laws consider certain advertising disclosures to be a "sale" or "share," you may opt out by contacting us.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Right to Appeal: If you are unsatisfied with our response to a privacy request, you have the right to appeal.

13.4 Indian Privacy Rights

If you are located in India, you have the right to:

Access a summary of your personal information being processed

Request correction of inaccurate personal information

Request erasure of personal information when the processing purpose has been fulfilled or consent has been withdrawn

Withdraw consent for processing at any time

File a grievance with our Grievance Officer regarding the processing of your personal information

Nominate an individual to exercise your rights in the event of your death or incapacity

13.5 Exercising Your Rights

To exercise any of the above rights, please contact us at:

Email: [email protected]

Phone: +91 8888851177

Postal Address: Grievance Officer, Aarna Systems Pvt Ltd, 403, Speciality Business Center, Balewadi, Pune, Maharashtra, India 411045

We may require additional information to verify your identity before processing any request. Requests will be responded to within the timelines prescribed by applicable law (generally within 30–45 days of receipt).

14. Children's Information

The Outgrowth Platform is not directed at or intended for use by individuals under the age of 16. We do not knowingly collect, use, disclose, sell, or share personal information from children under 16. If we learn that we have collected personal information of a child under 16, we will take steps to delete the information as soon as possible.

If you become aware that personal information of a child under 16 years of age has been provided to us, please contact us immediately at [email protected].

15. Platform-Specific Processing Disclosures

15.1 CRM and Contact Management

When you use Outgrowth's CRM features to manage your contacts and customer relationships, you act as the Data Controller for your contacts' data. We process this data solely on your behalf as a Data Processor. Your own privacy policy governs the processing of your contacts' information.

15.2 Marketing Automation, Funnels, and Communications

Data processed through marketing funnels, email campaigns, SMS communications, and automation workflows is processed on your instructions as the Data Controller. You are responsible for ensuring compliance with applicable anti-spam laws (such as CAN-SPAM, CASL, and similar regulations) and data protection laws for communications sent through the Platform.

15.3 AI-Powered Features

The Platform utilises AI-powered features for lead scoring, marketing optimisation, content recommendations, and other capabilities. Personal information used to power these features is processed in accordance with this Policy. We do not use your personal information or content to train generalised, public AI models. AI subprocessors are contractually limited to providing the specific service in use.

15.4 Website and Funnel Hosting

Websites, funnels, membership areas, and landing pages built on the Platform are hosted on our cloud infrastructure. TLS encryption is enabled by default for all hosted properties. You are responsible for implementing appropriate privacy notices and cookie consent banners on your hosted sites.

15.5 Analytics and Reporting

Usage data and performance analytics are collected to provide real-time insights and Platform improvement. This data is aggregated and anonymised where possible.

16. Grievance Redressal

16.1 Grievance Officer

In compliance with applicable Indian law, we have appointed a Grievance Officer to address your concerns and complaints regarding the processing of your personal information:

Designation: Grievance Officer, Aarna Systems Pvt Ltd

Address: 403, Speciality Business Center, Balewadi, Pune, Maharashtra, India 411045

Email: [email protected]

Phone: +91 8888851177

16.2 Complaint Process

You may submit a grievance by email, phone, or postal mail to the Grievance Officer.

An acknowledgement will be issued upon receipt of your complaint.

Complaints will be investigated and resolved within the timelines prescribed by applicable law.

If you are unsatisfied with the resolution, you may escalate to the appropriate regulatory authority in your jurisdiction.

17. Limitation of Liability

17.1 Scope of Liability

To the maximum extent permitted by applicable law, Aarna Systems Pvt Ltd and its directors, officers, employees, affiliates, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill, arising out of or in connection with your use of the Platform or any breach of this Policy.

17.2 Aggregate Liability Cap

The total aggregate liability of Aarna Systems Pvt Ltd for all claims arising under or in connection with this Privacy Policy shall not exceed the total fees paid by you to us in the twelve (12) months immediately preceding the event giving rise to such liability.

17.3 Exceptions

The limitations in Sections 17.1 and 17.2 do not apply to:

Liability arising from wilful misconduct, fraud, or gross negligence

Liability that cannot be excluded or limited under mandatory provisions of applicable law

17.4 Your Responsibilities as a Platform User

You acknowledge and agree that:

You are responsible for maintaining the confidentiality of your account credentials.

You are responsible for ensuring the accuracy of personal information you provide.

Where you act as a Data Controller for your own customers' data processed through the Platform, you are solely responsible for obtaining necessary consents, providing privacy notices, and complying with all applicable data protection and privacy laws.

You shall not process any data through the Platform in violation of applicable law.

You shall not use the Platform to collect or store sensitive information such as credit or debit card numbers, financial account information, social security numbers, passport numbers, or health information, except as otherwise permitted by our Terms of Service.

18. Indemnification

You agree to indemnify, defend, and hold harmless Aarna Systems Pvt Ltd, its directors, officers, employees, affiliates, and agents from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or relating to:

Your violation of this Privacy Policy, our Terms of Service, or any applicable law.

Your processing of personal information through the Platform in violation of any applicable data protection law.

Any claim by a third party (including your customers, contacts, or end-users) arising from your failure to obtain proper consent, provide adequate privacy notices, or comply with applicable privacy obligations.

Your negligence or wilful misconduct in relation to data protection obligations.

Any unauthorised use of the Platform through your account.

19. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services. This Privacy Policy does not address, and Aarna Systems Pvt Ltd is not responsible for, the privacy and security policies and practices of third parties or other organisations that are not operating on our behalf, including:

Any third party operating any site or service to which the Platform links — the inclusion of a link does not imply endorsement.

Any application developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer (such as Facebook, Apple, Google, Microsoft, LinkedIn, etc.).

We encourage you to review the privacy policies of any third-party services before providing personal information.

20. Changes to This Privacy Policy

20.1 Updates

Aarna Systems Pvt Ltd may change this Privacy Policy at any time, at its discretion. Material changes will be communicated to you through:

Email notification to your registered email address.

Prominent notice on the Platform dashboard.

Updated "Last Updated" date at the top of this Policy.

20.2 Continued Use

Your continued use of the Platform after changes are posted constitutes acceptance of and consent to the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of the Platform and close your account.

20.3 Periodic Review

This Privacy Policy is reviewed at least annually to ensure ongoing accuracy and alignment with current practices and applicable laws.

21. Governing Law and Dispute Resolution

21.1 Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of India.

21.2 Jurisdiction

Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Pune, Maharashtra, India.

21.3 Arbitration

Prior to initiating any legal proceedings, the parties shall attempt to resolve disputes through mutual negotiation. If unresolved within thirty (30) days, disputes may be referred to arbitration in accordance with the Arbitration and Conciliation Act, 1996, with the seat of arbitration in Pune, Maharashtra, India.

22. Severability

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by any court or regulatory authority of competent jurisdiction, such invalidity shall not affect the remaining provisions, which shall continue in full force and effect.

23. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us:

Company: Aarna Systems Pvt Ltd (trading as "Outgrowth")

Address: 403, Speciality Business Center, Balewadi, Pune, Maharashtra, India 411045

Email: [email protected]

Phone: +91 8888851177

Website: https://outgrowthfunnels.com

This Privacy Policy was last reviewed and updated on March 4, 2026.