1. Introduction
VESTLABZ ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or engage with us in other ways.
By using our services, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.
🔒 Our Commitment
We are committed to GDPR, CCPA, and other applicable data protection regulations. We process your data lawfully, fairly, and transparently, collecting only what is necessary for the specified purposes.
2. Information We Collect
2.1 Personal Information You Provide
We collect personal information that you voluntarily provide to us when you:
- Register for an account or subscribe to our services
- Fill out a contact form or request a quote
- Subscribe to our newsletter
- Apply for a job or career opportunity
- Participate in surveys or promotions
- Communicate with us via email, phone, or other channels
This information may include:
- Identity Data: Name, job title, company name
- Contact Data: Email address, phone number, mailing address
- Technical Data: IP address, browser type, device information
- Usage Data: How you use our website and services
- Marketing Data: Preferences for receiving marketing communications
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain information about your device and your use of our website, including:
- IP address and geographic location
- Browser type and version
- Operating system
- Referring website addresses
- Pages viewed and time spent on pages
- Click patterns and navigation paths
This information is collected using cookies and similar tracking technologies. For more information, please see our Cookie Policy.
2.3 Information from Third Parties
We may receive personal information about you from third parties, including:
- Business partners and vendors
- Analytics providers
- Advertising networks
- Social media platforms
- Public databases and data aggregators
3. How We Use Your Information
We use the information we collect for various purposes, including:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain our services | Contract performance |
| Process transactions and billing | Contract performance |
| Send administrative communications | Contract performance / Legitimate interest |
| Respond to inquiries and provide support | Contract performance / Legitimate interest |
| Send marketing communications | Consent / Legitimate interest |
| Improve our website and services | Legitimate interest |
| Analyze usage patterns and trends | Legitimate interest |
| Protect against fraud and abuse | Legitimate interest / Legal obligation |
| Comply with legal obligations | Legal obligation |
4. Data Sharing and Disclosure
4.1 Service Providers
We may share your information with third-party service providers who perform services on our behalf, such as:
- Cloud hosting and infrastructure providers (AWS, Google Cloud, Azure)
- Payment processing services
- Email service providers
- Analytics and monitoring tools
- Customer support platforms
These service providers are contractually obligated to protect your information and may only use it as directed by us.
4.2 Business Transfers
If VESTLABZ is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).
4.4 Protection of Rights
We may disclose your information when we believe disclosure is necessary to protect our rights, investigate potential violations of our Terms, or protect the safety of our users or others.
5. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
The retention period depends on the type of data and the purpose for processing:
- Account data: Retained while your account is active and for 3 years after closure
- Transaction data: Retained for 7 years for tax and legal compliance
- Marketing data: Retained until you opt out or for 3 years of inactivity
- Website analytics: Retained for 26 months
- Support communications: Retained for 5 years
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- Multi-factor authentication for system access
- Regular security assessments and penetration testing
- Employee security training and access controls
- Incident response procedures and data breach notification protocols
- SOC 2 Type II compliance for our infrastructure
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights and Choices
7.1 Rights Under GDPR (European Users)
If you are a resident of the European Economic Area (EEA), you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
7.2 Rights Under CCPA (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about the categories and specific pieces of personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of your personal information (we do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
7.3 Exercising Your Rights
To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
When we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we use appropriate safeguards such as:
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules for intra-group transfers
- Certifications under recognized frameworks
9. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
10. Third-Party Links
Our website may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:
- Posting the updated policy on our website
- Updating the "Last updated" date at the top of this policy
- Sending an email notification (for material changes)
We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our services after the posting of changes constitutes your acceptance of such changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Data Protection Officer: privacy@vestlabz.io
- General Inquiries: hello@vestlabz.io
- Address: Infopark SEZ, Kakkanad, Kochi, Kerala 682030, India
- Phone: +91 484 265 4321
You also have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.