Privacy Policy for Blue Brain Technologies Pvt Ltd

Last Updated: June 27, 2025

Introduction

Blue Brain Technologies Pvt Ltd (“Blue Brain,” “we,” “us,” or “our”) is a technology company headquartered in India, committed to protecting the privacy and personal information of our clients, website visitors, and users. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit our website (bluebraintech.com), engage with our services, or interact with us through other channels such as email or phone. Our services include web development, mobile app development, e-commerce solutions, UI/UX design, software development, and digital marketing, catering to industries such as healthcare, education, e-commerce, finance, and more. This policy complies with Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act), and aligns with global regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) where applicable.

1. Scope of This Policy

This Privacy Policy applies to all personal data collected through:

Our website (bluebraintech.com).
Email communications (e.g., info@bluebraintech.com).
Phone interactions (+91-999-960-0773 for sales inquiries, +91-999-960-0883 for technical support).
Client engagements for services such as website development, mobile app creation, e-commerce platforms, UI/UX design, software solutions, and digital marketing (e.g., SEO, social media marketing).
Any other interactions with Blue Brain Technologies Pvt Ltd, including job applications via our careers page.

This policy does not apply to third-party websites or services linked from our website, which have their own privacy policies.

2. Information We Collect

We collect personal information to provide our services and improve user experience. The types of data we collect include:

Personal Contact Data: Name, email address, phone number, and mailing address provided when you contact us, submit forms, or request quotes for services.
Client Project Data: Business details, project specifications, technical requirements, and payment information collected during engagements for web development, mobile apps, e-commerce solutions, or other services.
Usage Data: Information about your interaction with our website, such as IP address, browser type, device information, operating system, pages visited, time spent on pages, and referring URLs, collected via cookies or analytics tools.
Communication Data: Records of correspondence, including emails, voicemails, or messages sent through our website or other channels.
Marketing Data: Contact details and preferences if you opt in to receive newsletters, promotional emails, or updates about our services.
Career Application Data: Resumes, contact details, and professional qualifications submitted through our careers page for job applications.
Industry-Specific Data: For clients in industries like healthcare, education, or finance, we may collect data relevant to the project (e.g., user demographics for e-commerce platforms or compliance requirements for financial apps).

We collect this data directly from you (e.g., through forms, emails, or calls) or automatically through your interaction with our website or services.

3. How We Use Your Information

We use your personal information for the following purposes, in compliance with the DPDP Act and other applicable laws:

Service Delivery: To design, develop, and deliver our services, such as building websites, mobile apps, e-commerce platforms, or providing digital marketing campaigns tailored to your industry (e.g., SEO for e-commerce businesses or UI/UX for healthcare apps).
Customer Support: To respond to inquiries, provide technical support (e.g., troubleshooting for software solutions), and ensure client satisfaction.
Website and Service Improvement: To analyze usage data and feedback to enhance our website’s functionality, user experience, and service offerings.
Contract Fulfillment: To execute agreements with clients, including processing payments, managing project timelines, and delivering customized solutions.
Marketing and Communications: To send promotional materials, newsletters, or updates about our services, provided you have given consent. You can opt out at any time via the unsubscribe link or by contacting us.
Legal and Compliance: To comply with legal obligations, such as tax reporting, audits, or responding to regulatory requests under the DPDP Act or other laws.
Recruitment: To process job applications and communicate with candidates applying through our careers page.
Security: To detect and prevent fraud, unauthorized access, or other malicious activities on our website or services.

4. Legal Basis for Processing (Under DPDP Act and GDPR)

In accordance with the Digital Personal Data Protection Act, 2023, we process personal data based on the following legal grounds:

Consent: Where you have explicitly consented to data processing (e.g., for marketing emails or newsletter subscriptions).
Contractual Necessity: Where processing is necessary to fulfill a contract with you (e.g., delivering a custom web development project).
Legal Obligation: To comply with Indian laws, such as tax or financial regulations.
Legitimate Interests: For purposes like improving our services, ensuring website security, or analyzing usage trends, provided these interests do not override your rights.

For users in the European Union (under GDPR), we rely on similar grounds: consent, contractual necessity, legal obligations, or legitimate interests.

5. Data Security

We take the security of your personal information seriously and implement the following measures to protect it:

Encryption: Sensitive data, such as payment information or client project details, is encrypted during transmission (using HTTPS/TLS) and storage.
Access Controls: Only authorized personnel have access to personal data, and they are bound by confidentiality agreements.
Secure Servers: Our servers are hosted in secure environments with firewalls and intrusion detection systems.
Regular Audits: We conduct periodic security assessments to identify and address vulnerabilities.
Data Minimization: We collect only the data necessary for the intended purpose.

Despite these measures, no system is entirely secure. In the unlikely event of a data breach, we will notify affected individuals and the Data Protection Authority of India (once established under the DPDP Act) as required by law.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. However, we may share your data in the following circumstances:

Service Providers: We work with trusted third parties (e.g., cloud hosting providers, payment processors, analytics tools, or digital marketing platforms) to deliver our services. These providers are contractually obligated to protect your data and comply with applicable laws.
Industry-Specific Partners: For certain projects (e.g., e-commerce integrations or healthcare app compliance), we may share relevant data with partners to meet project requirements, with your consent or as part of our contract.
Legal Requirements: We may disclose your data to comply with Indian laws (e.g., under the DPDP Act, Income Tax Act, or court orders) or to protect our rights, property, or safety.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, with safeguards to ensure continued protection.
Anonymized Data: We may share aggregated, non-identifiable data (e.g., website traffic statistics) for analytics or marketing purposes.

All third parties receiving your data are required to comply with the DPDP Act and other relevant regulations.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies (e.g., web beacons, pixels) to enhance user experience and analyze site performance. Cookies may collect:

Essential Data: For website functionality (e.g., session management).
Analytics Data: To track page visits, bounce rates, and user behavior (e.g., via Google Analytics).
Marketing Data: To deliver targeted ads or measure campaign effectiveness (if you consent).

You can manage cookies through your browser settings or our cookie consent tool (if available). Disabling cookies may affect website functionality. For more details, refer to our Cookie Policy (if available on our website).

8. Your Rights Under the DPDP Act and Other Laws

As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access: Request details of the personal data we hold about you.
Right to Correction: Request corrections to inaccurate or incomplete data.
Right to Erasure: Request deletion of your data, subject to legal retention obligations.
Right to Restrict Processing: Request that we limit how we use your data in certain cases.
Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
Right to Withdraw Consent: Withdraw consent for data processing (e.g., marketing) at any time.
Right to Nominate: Designate a nominee to exercise your rights in case of incapacity or death (as per DPDP Act).
Right to Grievance Redressal: Raise concerns about our data practices with our Data Protection Officer.

For users in the EU (under GDPR) or California (under CCPA), additional rights include opting out of data sales (not applicable, as we do not sell data) and non-discrimination for exercising your rights.

To exercise these rights, contact us using the details in the “Contact Us” section. We will respond within the timelines specified under the DPDP Act (typically 30 days) or other applicable laws.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

Contact Data: Retained until you request deletion or it is no longer needed for customer support.
Client Data: Retained for the duration of our contractual relationship and for 7 years thereafter to comply with Indian tax and accounting laws (e.g., Income Tax Act, 1961).
Usage Data: Retained for up to 2 years for analytics, unless anonymized.
Career Application Data: Retained for 1 year after application submission, unless you request deletion or consent to longer retention for future opportunities.

Data no longer needed is securely deleted or anonymized.

10. International Data Transfers

As an India-based company, we primarily process data within India. However, for services like cloud hosting or third-party integrations (e.g., payment gateways or analytics tools), we may transfer data to servers located outside India. We ensure such transfers comply with the DPDP Act and other regulations, using safeguards like:

Standard Contractual Clauses: For transfers to the EU or other regions with strict data protection laws.
Data Localization: Where required by Indian law, we store sensitive data within India.
Vendor Compliance: Ensuring third-party providers adhere to equivalent data protection standards.

11. Children’s Privacy

Our services are not directed to children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we discover that we have collected such data, we will delete it promptly. If you believe we have collected data from a child, please contact us immediately.

12. Third-Party Links

Our website may include links to third-party websites, such as social media platforms or partner sites. We are not responsible for their privacy practices. We recommend reviewing their privacy policies before sharing personal information.

13. Compliance with Indian and Global Laws

We are committed to complying with the following laws:

Digital Personal Data Protection Act, 2023 (DPDP Act): Governs the processing of personal data in India, ensuring transparency, consent, and user rights.
Information Technology Act, 2000: Regulates data security and electronic transactions in India, including the protection of sensitive personal data under Section 43A.
GDPR: For EU residents engaging with our services, ensuring lawful processing and robust user rights.
CCPA: For California residents, providing transparency and control over personal data.
Other Laws: Such as Canada’s PIPEDA, South Africa’s POPIA, or other applicable regulations, depending on the user’s location.

We will cooperate with the Data Protection Authority of India (once established) and other regulatory bodies to ensure compliance.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. Significant changes will be communicated by:

Posting the updated policy on our website with a revised “Last Updated” date.
Notifying you via email or a website notice, where required by law (e.g., under the DPDP Act or GDPR).

We encourage you to review this policy periodically to stay informed.

15. Contact Us

For questions, concerns, or to exercise your data protection rights, please contact our Data Protection Officer:

Blue Brain Technologies Pvt Ltd
E-24, Ground Floor, Noida Sector 3, Uttar Pradesh – 201301, India
Email: info@bluebraintech.com
Phone:

Sales Enquiries: +91-999-960-0773
Technical Support: +91-999-960-0883

You may also file a complaint with the Data Protection Authority of India (once established) or other relevant supervisory authorities in your jurisdiction.

16. Grievance Redressal

Under the DPDP Act, you have the right to raise grievances regarding our data practices. Please contact our Data Protection Officer using the details above. We will address your concerns promptly and transparently, typically within 30 days.

Table: Summary of Data Practices

Category	Details
Types of Data Collected	Personal contact data, client project data, usage data, communication data, marketing data, career application data
Purpose of Collection	Service delivery, customer support, website improvement, contract fulfillment, marketing, recruitment, security, legal compliance
Legal Basis (DPDP Act)	Consent, contractual necessity, legal obligation, legitimate interests
Security Measures	Encryption, access controls, secure servers, regular audits, data minimization
Data Sharing	With service providers, industry partners, for legal requirements, or in business transfers
User Rights	Access, correction, erasure, restriction, portability, withdraw consent, nominate, grievance redressal
Retention Period	As long as necessary or as required by law (e.g., 7 years for tax purposes)
International Transfers	Compliant with DPDP Act, GDPR, and Standard Contractual Clauses