Privacy Policy
Effective date: 19 June 2025
Company: Seedling Labs Private Limited
Registered address: 764/E, HSR Layout, 19th Main, 22nd Cross, Sector 2, Bengaluru, Karnataka, India – 560102
CIN: U62013KA2025PTC204372
GSTIN: [Insert GSTIN, if you wish to display it]
Website: www.seedlinglabs.com
Contact: info@seedlinglabs.com
Seedling Labs Private Limited (“Seedling Labs”, “we”, “us”, “our”) provides services in India and globally. We are committed to protecting the privacy of visitors to our website, prospects, customers, vendors, applicants, and other individuals who interact with us (“you” or “users”). This Privacy Policy explains what data we collect, how we use it, the choices you have, and your rights.
Regulatory scope: We primarily comply with India’s DPDP Act, 2023. Where applicable (for example, you are in the EEA/UK or California), we also honor requests consistent with GDPR/UK GDPR and CCPA/CPRA principles.
1) What data we collect
A. Data you provide directly
Contact & business details: name, email, phone, company name, job title, country, city.
Service inquiries & project data: requirements, messages, documents or briefs you choose to upload/share.
Marketing preferences: newsletter/updates opt-ins, event registrations, form responses.
Support communications: emails, tickets, feedback, or call notes.
Recruitment data: CV/resume, portfolio links, employment history, references, compensation expectations.
B. Data collected automatically (when you use our site)
Technical/usage data: IP address, device identifiers, browser type/version, OS, pages viewed, referring/exit pages, timestamps, session duration, clickstream.
Cookies and similar technologies: pixels, tags, local storage (see Cookies & Tracking below).
C. Data from third parties
Lead enrichment/CRM tools (e.g., business email/firmographics), analytics providers, ad platforms, social networks (if you interact with our pages or ads), recruitment platforms (if you apply via a job board).
We do not intentionally collect sensitive personal data (health, biometrics, etc.) via our website. Please do not submit such data unless we specifically request it for a lawful purpose.
2) Why we process your data (purposes) & legal bases
PurposeExamplesLegal basis (DPDP/GDPR-style)Provide & improve servicesRespond to inquiries, scope projects, deliver services, manage accounts, quality assuranceConsent (where required), performance of a contract, legitimate interestsOperate our website & securityDebugging, fraud prevention, incident response, access logsLegitimate interests; legal obligationAnalytics & product improvementMeasure site performance, content relevance, UX improvementsConsent (for non-essential cookies where required); legitimate interestsMarketing & communicationsNewsletters, case studies, event invites, remarketing (subject to consent where required)Consent (opt-in email/SMS as required); legitimate interestsVendor & partner managementPayments, invoicing, compliancePerformance of a contract; legal obligationRecruitmentEvaluate candidates, schedule interviews, maintain talent poolConsent; legitimate interestsLegal & complianceRespond to lawful requests, enforce terms, protect rightsLegal obligation; legitimate interests
You may withdraw consent at any time (it won’t affect prior lawful processing).
3) Cookies & tracking technologies
We use:
Strictly necessary cookies (site security, load balancing, consent storage).
Functional cookies (remember choices, form state).
Analytics cookies (page performance, aggregated usage).
Marketing/advertising cookies (retargeting, campaign attribution) — used only with consent where required.
Your controls:
Use our Cookie Banner/Preferences Manager to accept/reject non-essential cookies.
Control cookies via your browser settings; blocking some cookies may impact site functionality.
We do not respond to “Do Not Track” signals due to lack of standardization, but you can use the controls above.
4) How we share information
We do not sell personal data. We may share limited data with:
Service providers / processors under contract (hosting, cloud storage/CDN, analytics, CRM, marketing automation, email delivery, customer support, security).
Professional advisors (legal, audit, finance) under confidentiality.
Business transfers (merger, acquisition, restructuring): your data may be transferred as part of assets.
Authorities if required by law, to protect rights, safety, or prevent fraud.
We require processors to implement appropriate security and to process data only on our instructions.
5) International transfers
We are based in India. Some processors may be located outside India (e.g., the EEA/UK/US/Singapore). Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses, data transfer agreements, and risk assessments). By interacting with our site, you understand your data may be transferred internationally subject to these safeguards.
6) Data retention
We keep personal data only as long as necessary for the purposes described above or as required by law. Typical retention periods:
Prospects & inquiries: 24–36 months from last interaction.
Customers & contracts: duration of engagement + up to 7–10 years for tax/accounting.
Marketing (opt-in contacts): until you unsubscribe or after inactivity (24 months), whichever is earlier.
Recruitment: up to 24 months (talent pool) unless you request earlier deletion.
Logs & security data: 12–24 months (shorter where feasible).
We will securely delete or anonymize data when no longer needed.
7) Your rights & how to exercise them
Subject to applicable law, you may have the right to:
Access your personal data, and port a copy (where feasible).
Correct inaccurate or incomplete data.
Delete your data (“erasure”) in certain cases.
Restrict or object to processing (including direct marketing).
Withdraw consent at any time (for consent-based processing).
Appeal our decision if we decline or partially comply with a request (DPDP).
How to submit a request:
Email privacy@seedlinglabs.com or info@seedlinglabs.com with the subject “Data Rights Request,” and specify your request, country, and a contact email. We may verify identity before acting. We will respond within timelines required by law (DPDP: typically within 30 days).
8) Children’s privacy
Our services and site are not directed to children under 18. We do not knowingly collect children’s personal data. If you believe a child has provided data, contact us to delete it.
9) Security
We use reasonable and appropriate technical and organizational measures, including:
Encryption in transit (HTTPS/TLS).
Access controls, authentication, least-privilege practices.
Firewalls/WAF and DDoS/abuse monitoring.
Regular updates/patching and vendor due diligence.
Employee confidentiality obligations and limited data access.
No method is 100% secure; we cannot guarantee absolute security.
10) Data breaches
In case of a personal data breach that poses a risk of harm, we will notify affected users and/or authorities as required by applicable law (e.g., DPDP/GDPR timelines). We will also take steps to mitigate harm.
11) Third-party links & social media
Our site may link to third-party sites or services (including social media). Their privacy practices are governed by their own policies; please review those when you visit them.
12) Recruitment specific terms
When you apply for roles:
We process your application data to assess fit, communicate with you, and maintain a limited talent pool (with your consent).
You may ask us to delete your application data at any time, subject to legal obligations.
13) Grievance redressal (India – DPDP compliant)
If you have a concern or complaint about our data practices, please contact our Grievance Officer:
Grievance Officer
Seedling Labs Private Limited
764/E, HSR Layout, 19th Main, 22nd Cross, Sector 2, Bengaluru, Karnataka, India – 560102
Email: grievance@seedlinglabs.com (or info@seedlinglabs.com)
We will acknowledge and endeavor to resolve your grievance within 30 days (or earlier as per any notified rules). If you are unsatisfied, you may escalate as permitted by the DPDP Act/Rules when notified.
If we appoint a Data Protection Officer (DPO) later, we will update this section with the DPO’s contact details.
14) Country/region-specific notices (summary)
EEA/UK: We act as a controller for website interactions and direct customer relationships. Where we rely on legitimate interests, we balance our interests against your rights. You may lodge a complaint with your local data protection authority.
California (CCPA/CPRA): We do not sell or share personal information as those terms are defined. You can request access/deletion and to limit use of sensitive information (we do not use sensitive information for inferring characteristics).
Other jurisdictions: We will honor requests to the extent required by local law and practical feasibility.
15) Changes to this Policy
We may update this Policy periodically. The “Effective date” at the top shows when it was last revised. Material changes will be posted on this page and, where required, notified to you.
16) How to contact us
Seedling Labs Private Limited
764/E, HSR Layout, 19th Main, 22nd Cross, Sector 2, Bengaluru, Karnataka, India – 560102
All inquiries: info@seedlinglabs.com
Effective date: 19 June 2025
Company: Seedling Labs Private Limited
Registered address: 764/E, HSR Layout, 19th Main, 22nd Cross, Sector 2, Bengaluru, Karnataka, India – 560102
CIN: U62013KA2025PTC204372
GSTIN: [Insert GSTIN, if you wish to display it]
Website: www.seedlinglabs.com
Contact: info@seedlinglabs.com
Seedling Labs Private Limited (“Seedling Labs”, “we”, “us”, “our”) provides services in India and globally. We are committed to protecting the privacy of visitors to our website, prospects, customers, vendors, applicants, and other individuals who interact with us (“you” or “users”). This Privacy Policy explains what data we collect, how we use it, the choices you have, and your rights.
Regulatory scope: We primarily comply with India’s DPDP Act, 2023. Where applicable (for example, you are in the EEA/UK or California), we also honor requests consistent with GDPR/UK GDPR and CCPA/CPRA principles.
1) What data we collect
A. Data you provide directly
Contact & business details: name, email, phone, company name, job title, country, city.
Service inquiries & project data: requirements, messages, documents or briefs you choose to upload/share.
Marketing preferences: newsletter/updates opt-ins, event registrations, form responses.
Support communications: emails, tickets, feedback, or call notes.
Recruitment data: CV/resume, portfolio links, employment history, references, compensation expectations.
B. Data collected automatically (when you use our site)
Technical/usage data: IP address, device identifiers, browser type/version, OS, pages viewed, referring/exit pages, timestamps, session duration, clickstream.
Cookies and similar technologies: pixels, tags, local storage (see Cookies & Tracking below).
C. Data from third parties
Lead enrichment/CRM tools (e.g., business email/firmographics), analytics providers, ad platforms, social networks (if you interact with our pages or ads), recruitment platforms (if you apply via a job board).
We do not intentionally collect sensitive personal data (health, biometrics, etc.) via our website. Please do not submit such data unless we specifically request it for a lawful purpose.
2) Why we process your data (purposes) & legal bases
PurposeExamplesLegal basis (DPDP/GDPR-style)Provide & improve servicesRespond to inquiries, scope projects, deliver services, manage accounts, quality assuranceConsent (where required), performance of a contract, legitimate interestsOperate our website & securityDebugging, fraud prevention, incident response, access logsLegitimate interests; legal obligationAnalytics & product improvementMeasure site performance, content relevance, UX improvementsConsent (for non-essential cookies where required); legitimate interestsMarketing & communicationsNewsletters, case studies, event invites, remarketing (subject to consent where required)Consent (opt-in email/SMS as required); legitimate interestsVendor & partner managementPayments, invoicing, compliancePerformance of a contract; legal obligationRecruitmentEvaluate candidates, schedule interviews, maintain talent poolConsent; legitimate interestsLegal & complianceRespond to lawful requests, enforce terms, protect rightsLegal obligation; legitimate interests
You may withdraw consent at any time (it won’t affect prior lawful processing).
3) Cookies & tracking technologies
We use:
Strictly necessary cookies (site security, load balancing, consent storage).
Functional cookies (remember choices, form state).
Analytics cookies (page performance, aggregated usage).
Marketing/advertising cookies (retargeting, campaign attribution) — used only with consent where required.
Your controls:
Use our Cookie Banner/Preferences Manager to accept/reject non-essential cookies.
Control cookies via your browser settings; blocking some cookies may impact site functionality.
We do not respond to “Do Not Track” signals due to lack of standardization, but you can use the controls above.
4) How we share information
We do not sell personal data. We may share limited data with:
Service providers / processors under contract (hosting, cloud storage/CDN, analytics, CRM, marketing automation, email delivery, customer support, security).
Professional advisors (legal, audit, finance) under confidentiality.
Business transfers (merger, acquisition, restructuring): your data may be transferred as part of assets.
Authorities if required by law, to protect rights, safety, or prevent fraud.
We require processors to implement appropriate security and to process data only on our instructions.
5) International transfers
We are based in India. Some processors may be located outside India (e.g., the EEA/UK/US/Singapore). Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses, data transfer agreements, and risk assessments). By interacting with our site, you understand your data may be transferred internationally subject to these safeguards.
6) Data retention
We keep personal data only as long as necessary for the purposes described above or as required by law. Typical retention periods:
Prospects & inquiries: 24–36 months from last interaction.
Customers & contracts: duration of engagement + up to 7–10 years for tax/accounting.
Marketing (opt-in contacts): until you unsubscribe or after inactivity (24 months), whichever is earlier.
Recruitment: up to 24 months (talent pool) unless you request earlier deletion.
Logs & security data: 12–24 months (shorter where feasible).
We will securely delete or anonymize data when no longer needed.
7) Your rights & how to exercise them
Subject to applicable law, you may have the right to:
Access your personal data, and port a copy (where feasible).
Correct inaccurate or incomplete data.
Delete your data (“erasure”) in certain cases.
Restrict or object to processing (including direct marketing).
Withdraw consent at any time (for consent-based processing).
Appeal our decision if we decline or partially comply with a request (DPDP).
How to submit a request:
Email privacy@seedlinglabs.com or info@seedlinglabs.com with the subject “Data Rights Request,” and specify your request, country, and a contact email. We may verify identity before acting. We will respond within timelines required by law (DPDP: typically within 30 days).
8) Children’s privacy
Our services and site are not directed to children under 18. We do not knowingly collect children’s personal data. If you believe a child has provided data, contact us to delete it.
9) Security
We use reasonable and appropriate technical and organizational measures, including:
Encryption in transit (HTTPS/TLS).
Access controls, authentication, least-privilege practices.
Firewalls/WAF and DDoS/abuse monitoring.
Regular updates/patching and vendor due diligence.
Employee confidentiality obligations and limited data access.
No method is 100% secure; we cannot guarantee absolute security.
10) Data breaches
In case of a personal data breach that poses a risk of harm, we will notify affected users and/or authorities as required by applicable law (e.g., DPDP/GDPR timelines). We will also take steps to mitigate harm.
11) Third-party links & social media
Our site may link to third-party sites or services (including social media). Their privacy practices are governed by their own policies; please review those when you visit them.
12) Recruitment specific terms
When you apply for roles:
We process your application data to assess fit, communicate with you, and maintain a limited talent pool (with your consent).
You may ask us to delete your application data at any time, subject to legal obligations.
13) Grievance redressal (India – DPDP compliant)
If you have a concern or complaint about our data practices, please contact our Grievance Officer:
Grievance Officer
Seedling Labs Private Limited
764/E, HSR Layout, 19th Main, 22nd Cross, Sector 2, Bengaluru, Karnataka, India – 560102
Email: grievance@seedlinglabs.com (or info@seedlinglabs.com)
We will acknowledge and endeavor to resolve your grievance within 30 days (or earlier as per any notified rules). If you are unsatisfied, you may escalate as permitted by the DPDP Act/Rules when notified.
If we appoint a Data Protection Officer (DPO) later, we will update this section with the DPO’s contact details.
14) Country/region-specific notices (summary)
EEA/UK: We act as a controller for website interactions and direct customer relationships. Where we rely on legitimate interests, we balance our interests against your rights. You may lodge a complaint with your local data protection authority.
California (CCPA/CPRA): We do not sell or share personal information as those terms are defined. You can request access/deletion and to limit use of sensitive information (we do not use sensitive information for inferring characteristics).
Other jurisdictions: We will honor requests to the extent required by local law and practical feasibility.
15) Changes to this Policy
We may update this Policy periodically. The “Effective date” at the top shows when it was last revised. Material changes will be posted on this page and, where required, notified to you.
16) How to contact us
Seedling Labs Private Limited
764/E, HSR Layout, 19th Main, 22nd Cross, Sector 2, Bengaluru, Karnataka, India – 560102
All inquiries: info@seedlinglabs.com