Privacy Policy

1. Who We Are

Vanitech Labs Private Limited ("Vanitech Labs", "we", "us", or "our") is an AI-first product engineering company registered in India and operating from Gandhinagar, Gujarat. We provide software engineering, AI/ML, and related technology services to clients worldwide.

For the purposes of applicable data protection legislation, Vanitech Labs is the data controller for personal data processed through our website (www.vanitechlabs.com) and our marketing and sales activities.

2. Data We Collect

2.1 Information you provide directly

• Contact enquiries: name, email address, phone number, company name, and the content of your message when you submit our contact or demo request forms.
• Newsletter subscriptions: email address and, optionally, your name and role.
• Job applications: CV, cover letter, employment history, and contact details submitted through our careers process.
• Client onboarding: business contact details, billing information, and project-related information shared during client engagements.

2.2 Information collected automatically

• Usage data: pages visited, time spent, referring URLs, browser type and version, operating system, and IP address — collected via server logs and analytics tools.
• Cookie data: session identifiers, preference settings, and analytics identifiers as described in our Cookie Policy below.

2.3 Information from third parties

We may receive information about you from professional networks (e.g. LinkedIn), business intelligence providers, or referrals from existing clients. We only use such data where we have a legitimate interest in contacting you about relevant services.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

• To respond to your enquiries and provide the services you have requested.
• To send you newsletters, service updates, and marketing communications where you have opted in or where we have a legitimate interest.
• To improve and personalise our website, products, and services.
• To process job applications and communicate with candidates.
• To meet our legal and contractual obligations.
• To prevent fraud, maintain security, and comply with applicable law.
• To conduct analytics and prepare aggregated, anonymised reports on website usage.

4. Legal Basis for Processing (GDPR / UK GDPR)

For individuals in the European Economic Area, United Kingdom, or other jurisdictions with equivalent data protection laws, we rely on the following legal bases:

• Consent — where you have explicitly opted in, e.g. newsletter subscriptions.
• Contract — where processing is necessary to fulfil a contract with you or take pre-contractual steps at your request.
• Legitimate interests — for marketing to business contacts, improving our services, and fraud prevention, where our interests are not overridden by your rights.
• Legal obligation — where processing is required to comply with applicable law.

5. Data Sharing

We do not sell your personal data. We may share your data with:

• Service providers: cloud hosting providers (AWS, Azure, GCP), CRM platforms, email delivery services, and analytics providers who process data on our behalf under data processing agreements.
• Professional advisors: lawyers, accountants, and insurers where necessary.
• Regulatory authorities: where required by applicable law, court order, or governmental authority.
• Business transfers: in the event of a merger, acquisition, or sale of substantially all assets, your data may be transferred to the successor entity.

All third-party processors are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law:

• Contact and enquiry data: 3 years from last interaction.
• Client contract data: 7 years from contract end (for accounting and legal compliance).
• Job application data: 12 months if unsuccessful, or as agreed with candidates retained for future roles.
• Marketing data: until you unsubscribe or withdraw consent.
• Website analytics data: 26 months on an aggregated, anonymised basis.

7. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, and destruction. These include:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Role-based access controls limiting data access to authorised personnel.
• Regular security assessments and penetration testing of our systems.
• Staff training on data protection and information security.

No method of transmission over the internet is 100% secure. While we use industry-standard protections, we cannot guarantee absolute security.

8. Cookies

Our website uses cookies and similar tracking technologies. We use:

• Strictly necessary cookies: required for the website to function. These cannot be disabled.
• Analytics cookies: help us understand how visitors interact with the website (e.g. Google Analytics, Plausible). We anonymise IP addresses where possible.
• Preference cookies: remember your settings and preferences across visits.

You can control cookies through your browser settings or our cookie consent banner. Disabling analytics cookies will not affect your use of the website.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data ("right to be forgotten").
• Portability: request your data in a machine-readable format.
• Restriction: request that we restrict processing of your data in certain circumstances.
• Objection: object to processing based on legitimate interests, including direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@vanitechlabs.com. We will respond within 30 days.

10. International Data Transfers

Our servers are hosted primarily in India. Where we transfer data to countries outside your jurisdiction, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) for transfers from the EEA/UK, or equivalent mechanisms for other regions.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please contact:

Vanitech Labs Privacy Team
Email: privacy@vanitechlabs.com
Phone: +91 9316310639
Address: Vanitech Labs Private Limited, Gandhinagar, Gujarat, India

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.