Privacy Policy

1. Who We Are

ThinkMindLabs Private Limited ("ThinkMindLabs", "we", "us", or "our") is a technology company incorporated under the Companies Act 2013, with its registered office at Cyber City, Gurugram, Haryana 122002, India.

We are the Data Fiduciary (under DPDPA) and Data Controller (under GDPR) for personal data processed through our website, APIs, platform products, and related services (collectively, the "Services").

For GDPR purposes, our EU representative can be contacted at: privacy@thinkmindlabs.com

2. Data We Collect

2.1 Information You Provide Directly

• Account data: Name, email address, password hash, company name, job title
• Billing data: Payment method details (processed by PCI-DSS compliant processors; we do not store raw card numbers)
• Communications: Messages sent via contact forms, support tickets, and email correspondence
• Identity verification: Government-issued ID where required for enterprise KYC

2.2 Data Collected Automatically

• Usage data: API call logs, model inference requests, feature usage, session duration
• Device and network data: IP address, browser type, operating system, device identifiers
• Performance data: Response times, error rates, crash reports
• Cookies and tracking: Session cookies, analytics identifiers (see our Cookie Policy)

2.3 Data from Third Parties

• Single Sign-On providers (Google, GitHub, Microsoft) — name and email only
• Payment processors — transaction status and fraud signals
• Business verification services for enterprise onboarding

3. How We Use Your Data

* We never use customer API payloads to train our models without explicit opt-in consent. Enterprise customers on dedicated infrastructure are excluded by default.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

• Service providers: Cloud infrastructure (AWS, GCP), payment processors (Stripe, Razorpay), analytics tools, and customer support platforms — all bound by data processing agreements
• Business transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations
• Legal requirements: When required by Indian law, court orders, or competent regulatory authorities; we notify you where legally permitted
• With your consent: For any purpose you explicitly authorise

5. International Data Transfers

ThinkMindLabs operates infrastructure globally. When we transfer personal data outside India or the European Economic Area, we rely on:

• EU Standard Contractual Clauses (SCCs) for transfers to third countries
• Adequacy decisions where applicable
• Cross-Border Transfer mechanisms under the DPDPA once notified by the Indian government
• Binding Corporate Rules for intra-group transfers

Enterprise customers may request a Data Processing Addendum (DPA) specifying transfer safeguards at legal@thinkmindlabs.com.

6. Data Retention

• Account data: Duration of account plus 3 years after closure
• API logs: 90 days rolling window; aggregated metrics retained for 2 years
• Billing records: 7 years (statutory requirement under Indian tax law)
• Support communications: 3 years from ticket closure
• Marketing data: Until you withdraw consent or unsubscribe

7. Your Rights

Under GDPR (EU / UK residents)

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time without affecting prior lawful processing
• Right to lodge a complaint with your national supervisory authority

Under DPDPA (India residents)

• Right to access information about processing activities
• Right to correction and erasure of personal data
• Right to grievance redressal within 30 days
• Right to nominate a representative in the event of death or incapacity
• Right to withdraw consent for non-essential processing

To exercise any right, contact our Data Protection Officer at dpo@thinkmindlabs.com. We respond within 30 days (extendable to 60 days for complex requests).

8. Security

We implement technical and organisational security measures including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, annual penetration testing, and SOC 2 Type II audit compliance. See our Security page for full details.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately at privacy@thinkmindlabs.com.

10. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email (for registered users) and a prominent website notice at least 30 days before the effective date. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

11. Contact and Grievance Officer

• Data Protection Officer / Grievance Officer: dpo@thinkmindlabs.com
• General privacy queries: privacy@thinkmindlabs.com
• Legal queries: legal@thinkmindlabs.com
• Postal address: ThinkMindLabs Private Limited, Cyber City, Gurugram, Haryana 122002, India

EU/UK residents may also lodge a complaint with the relevant supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU).