Gramini Labs Logo
Gramini Labs

Privacy Policy

Last updated: December 17, 2025

1. Introduction

Gramini Consulting, a partnership firm registered under the Indian Partnership Act, 1932 ("we," "us," or "our"), operates the Gramini Labs website and associated products including Cre8nxt and Deep Home Automation.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, the General Data Protection Regulation (GDPR) of the European Union, and applicable privacy laws in jurisdictions where our services are available.

By using our services, you consent to the data practices described in this policy.

2. Data Controller

Gramini Consulting
A 1803, Purva Eternity,
Near Athani Junction, Kakanad,
Kochi 682030, Kerala, India
Email: corporate@gramini.com
Phone: +91 78889 89993

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

  • Contact Information: Name, email address, phone number, postal address
  • Account Information: Username, password, profile information
  • Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
  • Communication Data: Correspondence, support requests, feedback

3.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Pages visited, features used, time spent, interaction patterns
  • Location Data: Approximate location based on IP address
  • Log Data: IP address, browser type, access times, referring URLs

3.3 Information from Third Parties

  • Social media profile information (if you connect accounts)
  • Analytics data from service providers

4. Purpose and Legal Basis for Processing

PurposeLegal Basis (GDPR)Legal Basis (DPDP)
Provide and maintain servicesContract performanceLawful purpose
Process transactionsContract performanceLawful purpose
Send service communicationsLegitimate interestLawful purpose
Marketing communicationsConsentConsent
Improve servicesLegitimate interestLawful purpose
Comply with legal obligationsLegal obligationCompliance with law

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: Until account deletion plus 30 days
  • Transaction records: 7 years (as required by Indian tax law)
  • Communication records: 3 years from last interaction
  • Analytics data: 26 months

6. Data Sharing and Disclosure

We may share your personal data with:

  • Service Providers: Cloud hosting, payment processors, analytics providers, customer support tools
  • Legal Requirements: When required by law, court order, or government authority
  • Business Transfers: In connection with merger, acquisition, or asset sale
  • With Your Consent: For any other purpose with your explicit consent

We do not sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside India and the European Economic Area (EEA). We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Compliance with DPDP Act cross-border transfer provisions

8. Your Rights

8.1 Under GDPR (EEA Residents)

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Request transfer of data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

8.2 Under DPDP Act (Indian Residents)

  • Right to Access: Obtain summary of personal data and processing activities
  • Right to Correction: Request correction of inaccurate or misleading data
  • Right to Erasure: Request erasure of personal data no longer necessary
  • Right to Grievance Redressal: File complaints with the Data Protection Board
  • Right to Nominate: Nominate another person to exercise rights in case of death or incapacity

To exercise your rights, contact us at corporate@gramini.com. We will respond within 30 days (GDPR) or as prescribed under DPDP Rules.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children under 18 without verifiable parental consent as required under the DPDP Act.

If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information.

10. Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication
  • Regular security assessments
  • Incident response procedures
  • Employee training on data protection

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR and the Data Protection Board of India as prescribed under DPDP Rules. Affected individuals will be notified without undue delay when the breach is likely to result in high risk.

12. Cookies and Tracking

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

13. Third-Party Services

Our services may integrate with third-party platforms. These services have their own privacy policies:

  • Payment processing (Razorpay, Stripe)
  • App distribution (Apple App Store, Google Play Store)
  • Analytics (privacy-focused analytics)
  • Cloud infrastructure (AWS, Google Cloud)

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide more prominent notice or obtain consent where required by law.

15. Grievance Officer

In accordance with the DPDP Act and Information Technology Act, 2000, the Grievance Officer can be contacted at:

Grievance Officer
Gramini Consulting
Email: corporate@gramini.com
Response time: Within 30 days

16. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

Gramini Consulting
A 1803, Purva Eternity,
Near Athani Junction, Kakanad,
Kochi 682030, Kerala, India
Email: corporate@gramini.com
Phone: +91 78889 89993