Privacy Policy

01Information We Collect

We collect information you voluntarily provide to us and information automatically collected when you use our services. The types of information we may collect include:

• Personal identification information — name, email address, phone number, company name, and job title when you fill out our contact forms or request a consultation.
• Professional information — details about your project, technical requirements, budget ranges, and business context that you share during discovery calls or project scoping.
• Communication records — emails, chat transcripts, and meeting notes generated during our working relationship.
• Technical data — IP address, browser type and version, operating system, referral source, time-on-site, pages visited, and other analytics data collected automatically via cookies and similar technologies.
• Payment information — billing name, address, and payment method details processed securely through our payment processor (we do not store full card numbers on our servers).
• Client project data — source code, databases, credentials, and business data you share with us under a signed NDA and service agreement.

02How We Use Your Information

We use the information we collect for the following purposes:

• To respond to your enquiries, schedule consultations, and provide the software development and design services you have requested.
• To process payments and send invoices, project updates, and milestone notifications.
• To improve our website, services, and internal processes based on aggregated usage patterns and feedback.
• To send you relevant technical articles, case studies, or service updates — only if you have opted in to marketing communications.
• To comply with legal obligations, resolve disputes, and enforce our agreements.
• To protect the security and integrity of our systems, prevent fraud, and investigate suspicious activities.

We will never sell, rent, or trade your personal information to third parties for their marketing purposes.

03Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data on the following legal bases:

• Contractual necessity — to perform services under our agreement with you.
• Legitimate interests — to improve our services, prevent fraud, and maintain security, provided these interests are not overridden by your data protection rights.
• Consent — for marketing communications and non-essential cookies, which you may withdraw at any time.
• Legal obligation — where processing is required to comply with applicable laws.

04Data Sharing and Disclosure

We do not sell your personal data. We may share your information with the following categories of third parties only as necessary:

• Service providers — cloud hosting providers (AWS, Vercel), payment processors (Stripe), email platforms (Postmark), and project management tools (Linear, Notion) that process data on our behalf under strict data processing agreements.
• Professional advisors — lawyers, accountants, and auditors who are bound by confidentiality obligations.
• Law enforcement and regulators — when required by applicable law, court order, or governmental authority.
• Business transfers — in the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections.

All third-party service providers are contractually required to handle your data in accordance with applicable privacy laws and our security standards.

05Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements:

• Client project data and communication records — retained for 7 years following project completion to comply with financial and legal obligations.
• Contact form enquiries that did not convert to a project — retained for 24 months.
• Marketing preferences and newsletter subscriptions — retained until you unsubscribe or request deletion.
• Analytics and technical logs — retained for 13 months in aggregated, anonymised form.
• Payment records — retained for 7 years as required by Indian GST and accounting regulations.

Upon expiry of the applicable retention period, we securely delete or anonymise your data.

06Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data, subject to legal retention obligations.
• Right to restrict processing — request that we limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — withdraw consent at any time for processing activities based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at privacy@mirayatechlab.com. We will respond within 30 days. We may need to verify your identity before processing your request.

07Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Please refer to our Cookie Policy for full details on the cookies we use, their purpose, and how to manage your preferences.

In summary, we use strictly necessary cookies (required for the site to function), analytical cookies (to understand how visitors use our site), and optional marketing cookies (only with your explicit consent).

08International Data Transfers

Our primary operations are based in India. If you are accessing our services from outside India, please be aware that your information may be transferred to, stored, and processed in India and other countries where our service providers operate.

For transfers of personal data from the EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses approved by the European Commission or UK Information Commissioner's Office.

09Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data without parental consent, please contact us immediately and we will take steps to delete that information.

10Security of Your Information

We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• TLS 1.3 encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Role-based access controls limiting employee access to personal data on a need-to-know basis.
• Regular security audits, penetration testing, and vulnerability assessments.
• Multi-factor authentication on all systems that process personal data.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the 'Last Updated' date at the top of this page and, where appropriate, by email or a prominent notice on our website.

We encourage you to review this policy periodically. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.