This policy explains what information Exporado collects, why, how we use it, and the choices you have. It covers our website visitors, our clients, and the social-media accounts we operate on a client's behalf with their authorisation.
1. Who we are
Exporado is a digital marketing agency for Indian SMBs, operating as a trade name under XIMPEX (GSTIN 06AKWPB5469L2ZG), based in Faridabad, India. In this policy, "we", "us", and "Exporado" refer to that entity. We are the data controller for the information described here.
If you are a client, we may also act as a data processor when we handle information on your behalf — for example, when we operate a social-media account you own. In those cases your own agreement with us, and your own privacy policy, also apply.
2. What information we collect
From website visitors
Information you choose to send us — for example, the message and contact details you provide over WhatsApp, email, or a form.
Basic technical data your browser sends automatically (such as IP address, device and browser type), used only to keep the site secure and working.
From clients
Business and contact details needed to deliver the work (name, role, email, phone, company, billing details).
Materials you share with us for a project (brand assets, copy, images, account access you authorise).
From connected social-media accounts
When you authorise us to manage a social account, we receive an access token from that platform (for example, LinkedIn, Meta, or X). A token lets us publish and manage posts on your behalf. It is not your password, and we never see or store your password.
We may read basic account information the platform exposes (such as your account name and ID) solely to publish to the correct account.
3. How we use information
To reply to enquiries and provide the services you ask for.
To plan, draft, schedule, and publish content for clients who have engaged us.
To operate, secure, and improve our website and tools.
To meet legal, tax, and accounting obligations.
We do not sell your personal information, and we do not use connected-account access for anything beyond the agreed scope of managing that account.
4. Social-media accounts we manage
Where a client authorises us to operate their social accounts, we use the relevant platform's official API and the access token the client grants. Our use is governed by each platform's developer terms and policies, including:
We publish, schedule, and manage content only for the account(s) the client has explicitly connected.
We use the minimum access (scopes) needed to do that work.
A client can revoke our access at any time — from their platform's settings, or by asking us — and revoking it immediately ends our ability to act on the account.
We store access tokens securely and use them only to perform the agreed work; we do not transfer them to third parties.
5. Sharing and third parties
We share information only as needed to run the service:
Platforms and infrastructure providers we use to host, deliver, and publish work (for example, the social platforms themselves, and hosting/email providers).
Professional advisers and authorities where required by law.
We require these parties to handle information consistently with this policy and applicable law.
6. How long we keep information
We keep information for as long as needed to provide the service and to meet legal and accounting requirements, then delete or anonymise it. Connected-account access tokens are kept only while an engagement is active and are deleted when access is revoked or the engagement ends.
7. Your rights
Subject to applicable law (including India's Digital Personal Data Protection Act), you may ask us to access, correct, or delete the personal information we hold about you, and to withdraw consent. To make a request, contact us using the details below. We will respond within a reasonable period.
8. Security
We take reasonable technical and organisational measures to protect information against loss, misuse, and unauthorised access. Access tokens and client credentials are restricted to the people and systems that need them. No method of transmission or storage is completely secure, but we work to keep risk low and to act quickly if an issue arises.
9. Changes to this policy
We may update this policy as our services or the law evolve. When we do, we will revise the "last updated" date at the top of this page. Material changes will be communicated to active clients directly.
10. Contact us
Questions about this policy, or a request about your information? Reach us at:
4. Social-media accounts we manage
Where a client authorises us to operate their social accounts, we use the relevant platform's official API and the access token the client grants. Our use is governed by each platform's developer terms and policies, including: