1. Introduction

M37labs ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

This policy applies to all users worldwide and complies with applicable privacy laws including the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection laws.

2. Controller Information

Data Controller: M37labs
Queens Mansion, Ground Floor, Fort
Email: info@m37labs.com
Phone: +12029780245

3. Information We Collect

3.1 Information You Provide Directly

• Account Information: Name, email address, username, password
• Profile Information: Professional details, company information, preferences
• Communication Data: Messages, support requests, feedback, survey responses
• Payment Information: Billing address, payment method details (processed by third-party processors)
• Marketing Preferences: Communication preferences, subscription choices

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, device info, operating system
• Usage Data: Pages visited, time spent, click-through rates, referral URLs
• Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons
• Location Data: General location based on IP (with consent for precise location)

3.3 Information from Third Parties

• Social Media: Profile information when accounts are connected
• Business Partners: Information from authorized partners and service providers
• Public Sources: Publicly available information relevant to our services

4. Legal Basis for Processing (GDPR)

• Consent: When you explicitly agree to processing for specific purposes
• Contract: To perform contractual obligations or pre-contractual steps
• Legitimate Interests: For operations, security, improvements
• Legal Obligation: To comply with laws and regulations
• Vital Interests: To protect life or physical safety

5. How We Use Your Information

5.1 Service Provision

• Provide, maintain, and improve our services
• Process transactions and manage accounts
• Authenticate users and prevent fraud
• Provide customer support

5.2 Communication

• Send service-related notifications
• Respond to requests and communications
• Send marketing communications (with consent)
• Conduct surveys and collect feedback

5.3 Business Operations

• Analyze usage patterns and improve user experience
• Conduct R&D
• Ensure security and prevent misuse
• Comply with legal obligations

5.4 Marketing and Analytics

• Personalize content and recommendations
• Conduct campaigns and measure effectiveness
• Perform analytics and generate insights
• Retarget advertising (with consent)

6. Information Sharing and Disclosure

6.1 Service Providers

We share info with trusted providers for hosting, payments, emails, analytics, customer support, marketing, and ads.

6.2 Business Transfers

Info may be transferred in mergers, acquisitions, or asset sales.

6.3 Legal Requirements

We may disclose data when required by law, to protect rights, enforce terms, investigate fraud, or comply with authorities.

6.4 Consent-Based Sharing

We may share information with your explicit consent for other purposes.

7. International Data Transfers

Your data may be processed outside your country. Safeguards (e.g., SCCs, adequacy decisions, binding rules, certification) are applied for EU data transfers.

8. Data Retention

We keep data as long as needed for purposes or as required by law. Secure deletion/anonymization when no longer needed.

• Account data: Duration of account + 3 years
• Transactions: 7 years
• Marketing: Until withdrawn or 3 years of inactivity
• Analytics: 26 months
• Support communications: 3 years

9. Your Privacy Rights

• Access, correction, deletion, objection, restriction

GDPR Rights

Portability, no automated profiling, lodge complaints

CCPA Rights

Know, delete, opt-out, non-discrimination

To exercise rights: privacy@m37labs.com or Privacy Request Form.

10. Cookies and Tracking Technologies

• Strictly Necessary, Performance, Functional, Targeting

Manage via browser, consent banner, opt-out tools. We do not respond to Do Not Track signals.

11. Security Measures

Measures include encryption, MFA, assessments, secure coding, vendor agreements, incident response, and breach notifications.

12. Children's Privacy

Not for children under 16. If data is collected, it will be deleted and accounts may be terminated. Contact privacy@m37labs.com.

13. California Privacy Rights

Residents may request disclosure of third-party sharing (Shine the Light) and CCPA rights (categories, purposes, sources). We do not sell personal info as defined by CCPA.

14. Updates to This Policy

Updates posted on site with effective date. Users notified for material changes and consent obtained if required. Old versions kept for reference.

15. Contact Information

Email: info@m37labs.com
Mail: M37labs Privacy Office, Queens Mansion, Fort, Mumbai - 400001
Phone: +12029780245
Online Form: [Privacy Request Form URL]
EU DPO: IT@m37labs.com

16. Additional Jurisdiction-Specific Rights

16.1 Canada (PIPEDA)

Canadian residents can access and correct info, and file complaints with the Privacy Commissioner.

16.2 Australia (Privacy Act)

Australian residents can access, correct info, and file complaints with OAIC.

16.3 Brazil (LGPD)

Brazilian residents have GDPR-like rights including access, correction, deletion, and portability.

Last Review Date: August 26, 2025
Next Scheduled Review: November 26, 2025