Legal

Privacy Policy

Last updated: May 7, 2026

This Privacy Policy explains how Etherlabz IT Solutions Private Limited ("Etherlabz", "we", "our", "us") — a company registered in India — collects, uses, and protects information when you visit etherlabz.com, read our blog at etherlabz.co, contact us, or engage us for services.

We comply with India's Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the EU General Data Protection Regulation ("GDPR"), and the UK GDPR where applicable. Our SaaS product LocalLeads (under the PostOrbit brand) operates under a separate privacy policy at leads.postorbit.io/privacy.

Data controller

Etherlabz IT Solutions Private Limited is the data controller for personal data collected through this website and during client engagements. For privacy questions or to exercise your rights, contact us at [email protected].

What we collect

  • Contact information you provide — your name, email address, company name, project budget range, and any details you submit through our contact form or send us by email.
  • Usage data — IP address, browser type, device type, referring URL, pages visited, and time spent on pages. Collected via Google Analytics 4 (only if you accept analytics cookies).
  • Communication records — any correspondence between us, including email threads, call notes, and project documentation.
  • Client engagement data — for clients who engage us for services, we may process additional data necessary to perform the work, governed by a separate written agreement.

We do not collect special categories of personal data (health, biometric, political opinions, etc.) and we do not knowingly collect data from children under 16.

Why we use your data (legal basis under GDPR)

  • To respond to inquiries and deliver services — performance of a contract or pre-contract steps you requested (Art. 6(1)(b) GDPR).
  • To improve the website and understand traffic — your consent (analytics cookies; Art. 6(1)(a) GDPR).
  • To meet legal, accounting, and regulatory obligations — compliance with legal obligations (Art. 6(1)(c) GDPR).
  • To secure our website and prevent abuse — our legitimate interests in operating a safe service (Art. 6(1)(f) GDPR).

Third-party services we use

  • Google Analytics 4 (Google Ireland Ltd. / Google LLC) — website usage analytics, only when you accept analytics cookies. Data is processed using IP-anonymisation and Consent Mode v2.
  • WordPress / etherlabz.co — our blog backend. Reading the blog does not require an account. Comments, if enabled, are governed by this policy.
  • Email providers — for transactional and project communication.
  • Razorpay and PayPal — payment processors, used only when you engage us for paid services. They handle their own customer data under their respective privacy policies.
  • Hosting and infrastructure providers — under contractual confidentiality obligations.

We do not sell your personal data, and we do not share it with advertising networks. International transfers (e.g., to Google in the US) are protected by Standard Contractual Clauses or equivalent safeguards.

Cookies

We use a small number of cookies. They are described in detail in our Cookie Policy. You can accept or decline non-essential cookies through the consent banner the first time you visit, and change your choice at any time by clearing the cookie_consent entry from your browser's local storage.

How long we keep data

  • Contact form submissions — retained for up to 24 months from your last interaction, then deleted unless an engagement is in progress.
  • Client project records — retained for the duration of the engagement plus 7 years to satisfy Indian tax and accounting law (or longer where a longer retention period is legally required).
  • Analytics data — Google Analytics is configured with a 14-month retention window.
  • Email correspondence — retained as part of the project record, subject to the same 7-year window.

Your rights

Subject to applicable law, you may at any time:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion ("right to be forgotten"), where lawful.
  • Restrict or object to processing based on legitimate interests.
  • Receive your data in a portable, machine-readable format.
  • Withdraw any consent you previously gave (analytics, marketing) — withdrawal does not affect processing carried out before withdrawal.
  • Lodge a complaint with a supervisory authority. EU residents may complain to their local Data Protection Authority; Indian residents may approach the Data Protection Board of India under the DPDP Act.

To exercise any of these rights, email [email protected]. We respond within 30 days.

Security

We protect personal data with HTTPS-only transport, access controls, encrypted backups, and least-privilege principles for staff access. No transmission over the internet is 100% secure, but we apply reasonable industry-standard measures and review them periodically.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent version. Material changes will be highlighted on the homepage or by email to clients with active engagements.

Contact

Etherlabz IT Solutions Private Limited
Registered in India · Operating with EU and global clients
Privacy contact: [email protected]
General contact: [email protected]