Privacy & Security

Privacy Policy

This Privacy Policy describes how Avartana Labs collects, uses, stores, and protects your personal information when you visit our website at www.avartanalabs.com or use our services.

Last Updated: · Effective Date: May 31, 2026

1. Company Information

Company Name: Avartana Labs

Website: www.avartanalabs.com

Email: hello@avartanalabs.com

Country of Operation: India

2. Information We Collect

2.1 Personal Information You Provide

We collect information you provide directly to us, including:

  • Full name, email address, phone number, and contact details
  • Company name, designation, and business requirements
  • Project specifications, briefs, and related communications
  • Billing address and invoicing information
  • Any other information you voluntarily share with us

2.2 Payment & Financial Information

When you make a payment through our platform, payment processing is handled by PhonePe Payment Gateway and other third-party payment processors. We do not directly collect, store, or have access to your sensitive payment credentials including:

  • Credit or debit card numbers
  • CVV/CVC codes
  • Net banking credentials
  • UPI PINs or passwords

We only receive a transaction confirmation reference, order ID, payment status, and the amount paid from the payment gateway. Your financial data is governed by PhonePe's Privacy Policy.

2.3 Automatically Collected Information

When you visit our website, we automatically collect certain technical information:

  • IP address and approximate geographic location
  • Browser type, version, and language
  • Device type, operating system, and screen resolution
  • Pages visited, time spent, and navigation path
  • Referring URL and exit pages
  • Cookie and session data

3. How We Use Your Information

3.1 Service Delivery

  • To provide, maintain, and improve our services
  • To process your orders and transactions
  • To deliver project work, reports, and deliverables
  • To communicate project updates and timelines
  • To provide technical and customer support

3.2 Payment Processing

  • To initiate and confirm payment transactions via PhonePe Payment Gateway
  • To generate invoices and billing records
  • To process refunds as per our Refund Policy
  • To share minimum required data with our payment processor and banking partners for transaction settlement
  • To comply with financial record-keeping obligations under Indian law

3.3 Communication

  • To respond to your inquiries and support requests
  • To send transactional notifications (order confirmations, payment receipts)
  • To share service updates, policy changes, and important notices
  • To send marketing communications (only with your explicit consent)

3.4 Legal & Compliance

  • To comply with applicable Indian laws and regulations
  • To meet obligations under the Information Technology Act, 2000 and IT (Amendment) Act, 2008
  • To comply with RBI guidelines applicable to online payment acceptance
  • To prevent fraud, abuse, and unauthorised transactions
  • To respond to lawful requests from government or regulatory authorities
  • To enforce our Terms of Service and protect our legal rights

4. Payment Gateway — PhonePe

We use PhonePe Payment Gateway (operated by PhonePe Private Limited) to process payments. By making a payment on our platform, you agree to share your payment details directly with PhonePe. The following applies:

  • PhonePe collects and processes your payment credentials under their own privacy policy and security standards.
  • We receive only non-sensitive transaction metadata (transaction ID, amount, status).
  • We do not store your card numbers, UPI IDs, net banking credentials, or any other sensitive payment authentication data on our servers.
  • All payment transactions are processed over encrypted HTTPS connections.
  • PhonePe is PCI-DSS compliant and regulated by the Reserve Bank of India (RBI).

For payment-related concerns, you may also contact PhonePe at their support portal.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

5.1 With Payment Processors

We share transaction-relevant personal data (name, email, phone, billing address, order details) with PhonePe and other authorised payment processors solely to complete payment processing, fraud verification, and settlement.

5.2 With Service Providers

We may share data with trusted third-party vendors who help us operate our business (e.g., cloud hosting, email delivery, analytics), under strict confidentiality and data protection agreements.

5.3 For Legal Compliance

We may disclose your information if required to do so by law or in response to valid legal processes such as court orders, government requests, or regulatory inquiries.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email or prominent website notice before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements:

  • Transaction and payment records: 7 years (as required under Indian tax and financial regulations)
  • Project and communication records: 3 years after project completion
  • Account and contact information: Duration of relationship + 2 years
  • Website usage logs: 12 months

After the applicable retention period, your data is securely deleted or anonymised.

7. Data Security

7.1 Technical Safeguards

  • SSL/TLS encryption (HTTPS) for all data in transit
  • Encrypted storage for sensitive data at rest
  • Regular security audits, vulnerability assessments, and penetration testing
  • Role-based access controls limiting data access to authorised personnel only
  • Secure payment processing via PCI-DSS compliant gateway (PhonePe)
  • Automated intrusion detection and monitoring systems

7.2 Organisational Safeguards

  • Mandatory data protection and security training for all employees
  • Signed confidentiality and non-disclosure agreements with staff
  • Documented incident response and breach notification procedures
  • Regular review and updates of this Privacy Policy

Important: While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Rights

As a user of our services, you have the following rights with respect to your personal data:

8.1 Right to Access

Request a copy of the personal data we hold about you.

8.2 Right to Correction

Request correction of inaccurate or incomplete personal data.

8.3 Right to Deletion

Request deletion of your personal data, subject to our legal retention obligations.

8.4 Right to Restrict Processing

Request that we limit how we use your personal data in certain circumstances.

8.5 Right to Data Portability

Request that we provide your data in a structured, machine-readable format.

8.6 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw consent at any time.

To exercise your rights: Contact us at hello@avartanalabs.com with the subject line 'Privacy Rights Request'. We will respond within 30 days. For refund, cancellation, or billing disputes, please see our Refund Policy first.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website. Cookies are small files stored on your device that help us:

  • Remember your preferences and settings
  • Understand how visitors use our website (analytics)
  • Maintain session state and security
  • Deliver relevant content

9.1 Types of Cookies We Use

  • Essential cookies: Required for basic website functionality
  • Analytics cookies: Help us understand website traffic and usage patterns
  • Preference cookies: Remember your settings and preferences

9.2 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@avartanalabs.com and we will take prompt action to delete such data.

11. Third-Party Links

Our website may contain links to third-party websites, including PhonePe's payment portal and other service providers. We are not responsible for the privacy practices or content of these external websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. International Data Transfers

Our primary operations are based in India. If you access our services from outside India, please be aware that your information may be transferred to and processed in India. By using our services, you consent to such transfer and processing in accordance with this Privacy Policy and applicable Indian law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the 'Last Updated' date at the top of this policy
  • Post a notice on our website at www.avartanalabs.com
  • Send an email notification to registered users where required

Your continued use of our services after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Grievance Officer

In accordance with the Information Technology Act, 2000, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address concerns related to data privacy and content:

Designation: Grievance Officer

Company: Avartana Labs

Email: hello@avartanalabs.com

Subject Line: Grievance: Privacy Concern

Response Time: Within 30 days of receipt of complaint

You may raise a grievance regarding any alleged violation of applicable laws or regulations, or this Privacy Policy. All grievances will be acknowledged within 48 hours and resolved within 30 days.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

Company: Avartana Labs

Email: hello@avartanalabs.com

Website: www.avartanalabs.com

Subject Line: Privacy Policy Inquiry

Response Time: Within 24–48 business hours

For payment-specific issues, please contact PhonePe Support in addition to reaching out to us. For refund and cancellation questions, please review the Refund Policy first.