PRIVACY
POLICY
Your privacy is the foundation of our trust. This policy explains exactly how Utkranti Labs collects, uses, and protects your personal information.
Overview
Utkranti Labs Private Limited ("Utkranti Labs", "we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy applies to all information we collect through our website (utkrantilabs.com), our products (GymPilot, ExamPro, FinTrackr), and any related services.
By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our services.
Information We Collect
We collect information in the following ways:
2.1 Information You Provide Directly
| Full Name | Account creation, contact forms | Identity verification |
| Email Address | Registration, newsletters, contact | Communication & authentication |
| Phone Number | Optional, contact forms | Support & verification |
| Company/Organization | Business inquiries | Service customization |
| Payment Information | Product subscriptions | Processed via Razorpay/Stripe — we never store card data |
| Project Details | Contact & inquiry forms | Proposal preparation |
2.2 Information Collected Automatically
- Device Information: Browser type, operating system, device identifiers
- Usage Data: Pages visited, time spent, click patterns, features used
- IP Address: For security, fraud prevention, and approximate location
- Cookies & Tracking: Session cookies, analytics cookies (see Section 7)
- Log Data: Server logs including access times, error reports
2.3 Information from Third Parties
- Google OAuth: Name, email, profile picture when you sign in with Google
- Analytics Providers: Aggregated usage statistics from Vercel Analytics
- Social Media: Publicly available information if you interact with our social profiles
How We Use Your Data
We use the information we collect for the following purposes, always based on a lawful legal basis:
Service Delivery
ContractTo provide, operate, and maintain our products and services
Account Management
ContractTo create and manage your user account and authentication
Customer Support
Legitimate InterestTo respond to inquiries, troubleshoot issues, and provide assistance
Product Improvement
Legitimate InterestTo analyze usage patterns and improve our features and UX
Communications
ConsentTo send service updates, security alerts, and promotional content (with consent)
Legal Compliance
Legal ObligationTo comply with applicable laws, regulations, and legal processes
Security & Fraud Prevention
Legitimate InterestTo detect, prevent, and address security incidents and abuse
Business Analytics
Legitimate InterestTo understand how our services are used and make data-driven decisions
Data Sharing & Disclosure
4.1 Service Providers (Data Processors)
We share data with trusted third-party vendors who help us operate our services, under strict data processing agreements:
| Vercel | Hosting & deployment | Infrastructure |
| Supabase | Database & authentication | Data storage |
| Google (Firebase/OAuth) | Authentication, analytics | Auth & analytics |
| Razorpay / Stripe | Payment processing | Payments |
| Resend / SendGrid | Transactional emails | Communication |
| OpenAI | AI features in products | AI processing |
4.2 Legal Requirements
We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or a prominent notice on our website before your data becomes subject to a different privacy policy.
Data Security
We implement industry-standard security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3
Encryption at Rest
Sensitive data stored in our databases is encrypted using AES-256 encryption
Access Controls
Strict role-based access controls ensure only authorized personnel can access your data
Security Audits
Regular security assessments and penetration testing to identify vulnerabilities
Incident Response
Documented incident response plan with 72-hour breach notification commitment
Password Hashing
Passwords are hashed using bcrypt with salt — we never store plain-text passwords
Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users regardless of jurisdiction:
Right to Access
Email privacy@utkrantilabs.comRequest a copy of all personal data we hold about you
Right to Rectification
Update in account settings or email usRequest correction of inaccurate or incomplete personal data
Right to Erasure
Email privacy@utkrantilabs.comRequest deletion of your personal data ('right to be forgotten')
Right to Restrict Processing
Email privacy@utkrantilabs.comRequest that we limit how we use your data in certain circumstances
Right to Data Portability
Email privacy@utkrantilabs.comReceive your data in a structured, machine-readable format
Right to Object
Unsubscribe link in emails or email usObject to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent
Account settings or email usWithdraw consent at any time where processing is based on consent
We will respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex. In this case, we will notify you and keep you updated.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
|---|---|
| Account Data | Duration of account + 90 days after deletion request |
| Transaction Records | 7 years (legal/tax compliance requirement) |
| Support Tickets | 3 years from ticket closure |
| Marketing Preferences | Until you unsubscribe or withdraw consent |
| Server Logs | 90 days rolling window |
| Analytics Data | 26 months (aggregated, anonymized) |
| Backup Data | 30 days after primary deletion |
When data is no longer needed, we securely delete or anonymize it so it can no longer be associated with you.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Team
Response Times
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For users in India, this would be the Ministry of Electronics and Information Technology (MeitY).
© 2026 Utkranti Labs. All rights reserved.