Legal Document

PRIVACY
POLICY

Your privacy is the foundation of our trust. This policy explains exactly how Utkranti Labs collects, uses, and protects your personal information.

Effective: January 1, 2025
Last Updated: February 18, 2026
Version 2.0
01

Overview

Utkranti Labs Private Limited ("Utkranti Labs", "we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy applies to all information we collect through our website (utkrantilabs.com), our products (GymPilot, ExamPro, FinTrackr), and any related services.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our services.

Our Core Commitment: We never sell your personal data to third parties. We collect only what we need, protect it rigorously, and give you full control over it.
02

Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

Full NameAccount creation, contact formsIdentity verification
Email AddressRegistration, newsletters, contactCommunication & authentication
Phone NumberOptional, contact formsSupport & verification
Company/OrganizationBusiness inquiriesService customization
Payment InformationProduct subscriptionsProcessed via Razorpay/Stripe — we never store card data
Project DetailsContact & inquiry formsProposal preparation

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent, click patterns, features used
  • IP Address: For security, fraud prevention, and approximate location
  • Cookies & Tracking: Session cookies, analytics cookies (see Section 7)
  • Log Data: Server logs including access times, error reports

2.3 Information from Third Parties

  • Google OAuth: Name, email, profile picture when you sign in with Google
  • Analytics Providers: Aggregated usage statistics from Vercel Analytics
  • Social Media: Publicly available information if you interact with our social profiles
03

How We Use Your Data

We use the information we collect for the following purposes, always based on a lawful legal basis:

Service Delivery

Contract

To provide, operate, and maintain our products and services

Account Management

Contract

To create and manage your user account and authentication

Customer Support

Legitimate Interest

To respond to inquiries, troubleshoot issues, and provide assistance

Product Improvement

Legitimate Interest

To analyze usage patterns and improve our features and UX

Communications

Consent

To send service updates, security alerts, and promotional content (with consent)

Legal Compliance

Legal Obligation

To comply with applicable laws, regulations, and legal processes

Security & Fraud Prevention

Legitimate Interest

To detect, prevent, and address security incidents and abuse

Business Analytics

Legitimate Interest

To understand how our services are used and make data-driven decisions

04

Data Sharing & Disclosure

We do not sell, trade, or rent your personal data. Period. We only share data in the specific circumstances described below.

4.1 Service Providers (Data Processors)

We share data with trusted third-party vendors who help us operate our services, under strict data processing agreements:

VercelHosting & deploymentInfrastructure
SupabaseDatabase & authenticationData storage
Google (Firebase/OAuth)Authentication, analyticsAuth & analytics
Razorpay / StripePayment processingPayments
Resend / SendGridTransactional emailsCommunication
OpenAIAI features in productsAI processing

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or a prominent notice on our website before your data becomes subject to a different privacy policy.

05

Data Security

We implement industry-standard security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

🔐

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3

🗄️

Encryption at Rest

Sensitive data stored in our databases is encrypted using AES-256 encryption

🔑

Access Controls

Strict role-based access controls ensure only authorized personnel can access your data

🛡️

Security Audits

Regular security assessments and penetration testing to identify vulnerabilities

📋

Incident Response

Documented incident response plan with 72-hour breach notification commitment

🔒

Password Hashing

Passwords are hashed using bcrypt with salt — we never store plain-text passwords

Important: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
06

Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users regardless of jurisdiction:

Right to Access

Email privacy@utkrantilabs.com

Request a copy of all personal data we hold about you

Right to Rectification

Update in account settings or email us

Request correction of inaccurate or incomplete personal data

Right to Erasure

Email privacy@utkrantilabs.com

Request deletion of your personal data ('right to be forgotten')

Right to Restrict Processing

Email privacy@utkrantilabs.com

Request that we limit how we use your data in certain circumstances

Right to Data Portability

Email privacy@utkrantilabs.com

Receive your data in a structured, machine-readable format

Right to Object

Unsubscribe link in emails or email us

Object to processing based on legitimate interests or for direct marketing

Right to Withdraw Consent

Account settings or email us

Withdraw consent at any time where processing is based on consent

We will respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex. In this case, we will notify you and keep you updated.

07

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform.

Cookie TypePurposeControl
Essential CookiesSession management, authentication, securityCannot be disabled — required for service
Analytics CookiesPage views, user journeys, performance metricsOpt-out available via browser settings
Preference CookiesTheme, language, UI preferencesStored locally, cleared when you clear browser data
Marketing CookiesRetargeting, conversion trackingOpt-in only — disabled by default

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our services. We use Vercel Analytics which is privacy-friendly and does not use cookies for analytics.

08

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Data TypeRetention Period
Account DataDuration of account + 90 days after deletion request
Transaction Records7 years (legal/tax compliance requirement)
Support Tickets3 years from ticket closure
Marketing PreferencesUntil you unsubscribe or withdraw consent
Server Logs90 days rolling window
Analytics Data26 months (aggregated, anonymized)
Backup Data30 days after primary deletion

When data is no longer needed, we securely delete or anonymize it so it can no longer be associated with you.

09

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Team

Gadhinglaj, Kolhapur, Maharashtra, India

Response Times

General Inquiries48 hours
Data Access Requests30 days
Data Deletion Requests30 days
Security Incidents72 hours

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For users in India, this would be the Ministry of Electronics and Information Technology (MeitY).

© 2026 Utkranti Labs. All rights reserved.