Privacy Policy

Last updated: 2026-04-17

Introduction

Qilin Lab (“Qilin Lab,” “we,” “us,” or “our”), the trading name of Qilin Software Lab Private Limited, is a technology services company incorporated in India, delivering software engineering, DevOps, cloud security, and FinOps services to clients around the world. This Privacy Policy explains how we collect, use, disclose, and safeguard information that identifies or can be linked to you when you visit qilinlab.com, engage our services, or otherwise interact with us.

By using our website or services, you confirm that you have read and understood this Policy. If you do not agree with any part of it, please discontinue use of our website and services. This Policy is designed to comply with the European Union General Data Protection Regulation (GDPR), the United Kingdom GDPR, and India’s Digital Personal Data Protection Act, 2023 (DPDP Act).

Information We Collect

Personal Data

When you fill out a contact form, request a proposal, subscribe to updates, or correspond with us, we may collect your name, business email address, phone number, company name, job title, country, and any information you voluntarily include in free-text fields. If you apply for a role with us, we additionally collect information contained in your CV, cover letter, and references.

Usage Data

We automatically collect information about how you interact with our website, including the pages you visit, the time and duration of your visit, referring URLs, the device and browser you use, screen resolution, approximate geographic location derived from your IP address, and diagnostic data such as error logs. This information is aggregated and used to understand and improve the performance of our website.

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to operate our website, remember your preferences, measure traffic, and support marketing activities. You can control non-essential cookies through the consent banner presented on your first visit and via your browser settings. For full details, see our Cookie Policy.

How We Use Your Information

We process personal information to deliver the services you request, respond to enquiries, send proposals and contracts, manage engagements, invoice and process payments, provide customer support, communicate product and service updates, conduct security monitoring, comply with legal obligations, and improve our website and marketing. Where required by law, we rely on your consent; otherwise we rely on legitimate interests, performance of a contract, or compliance with legal obligations as the lawful basis for processing.

Data Sharing and Disclosure

We do not sell personal data. We share information only with trusted third parties who help us operate our business, including cloud hosting providers, email and CRM platforms, analytics vendors, payment processors, and professional advisors. These providers are bound by contractual obligations to process data only on our instructions and to maintain appropriate security safeguards. We may also disclose information when required by law, court order, or a valid regulatory request, or to protect the rights, property, or safety of Qilin Lab, our clients, or the public.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to meet our contractual commitments, and to comply with legal, tax, and accounting obligations. Contact-form submissions are typically retained for 24 months; client engagement records are retained for the duration of the engagement and seven years thereafter. When no longer required, information is securely deleted or anonymised.

Your Rights

Subject to applicable law, you have the right to access the personal data we hold about you, request correction of inaccurate data, request erasure, restrict or object to processing, request data portability, and withdraw consent at any time. Under the GDPR you may also lodge a complaint with a supervisory authority in your jurisdiction. Under India’s Digital Personal Data Protection Act, 2023, data principals additionally have the right to nominate another individual to exercise their rights in the event of death or incapacity, and the right to grievance redressal through our designated contact below.

International Transfers

Because we operate globally, personal data may be transferred to and processed in countries other than the one in which it was collected, including India, the United States, and the European Economic Area. When we transfer data out of the EEA, the UK, or other regulated jurisdictions, we rely on recognised transfer mechanisms such as the European Commission’s Standard Contractual Clauses, adequacy decisions, or your explicit consent.

Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or disclosure. These include encryption in transit and at rest, role-based access control, continuous monitoring, regular penetration testing, and mandatory employee security training. No method of transmission or storage is entirely secure, however, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in line with Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay, providing a description of the nature of the breach, the likely consequences, the measures taken or proposed to address it, and a point of contact for more information. In relation to personal data of data principals in India, we will comply with the notification obligations set out under the Digital Personal Data Protection Act, 2023 and any rules or directions issued by the Data Protection Board of India.

Automated Decision-Making

We do not make decisions about you based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. If this ever changes, we will update this Policy and, where required, obtain your consent or provide a mechanism to object and request human review.

Children’s Privacy

Our website and services are directed at businesses and are not intended for children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected such data without appropriate consent, we will take steps to delete it promptly.

Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology, or applicable law. The “Last updated” date at the top of this page indicates when it was most recently revised. Material changes will be communicated through our website or, where appropriate, by direct notice.

Company Details

Grievance Officer

In accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000, the following officer has been designated to address grievances relating to personal data and the processing of personal data by Qilin Lab:

You may contact the Grievance Officer to exercise any of your rights under applicable data-protection law, raise concerns about the processing of your personal data, or submit a complaint. We aim to acknowledge grievances within seventy-two (72) hours and resolve them within the timelines required by applicable law.

Contact Us

For general questions about this Policy, please contact us at hello@qilinlab.com. We will respond within the timelines required by applicable law.

This document is provided as a good-faith summary and is not legal advice. Consult your legal counsel before relying on it.