Privacy policy

Effective Date:  December 30, 2022 Last Updated: May 30, 2025

At EPITOME LUXE LABS PVT LTD ("Company," "we," "us," or "our"), we are deeply committed to protecting the privacy and security of the personal and business information of our users and customers. This Privacy Policy outlines our practices regarding the collection, use, disclosure, transfer, and safeguarding of your information when you visit our website at www.epitomeluxury.com and utilize our SaaS services, applications, and any related offerings (collectively, the "Services").

By accessing or using our Services, you signify your understanding of, and agree to, the terms and practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

We collect various types of information to provide and improve our Services, operate our business, and fulfill our legal and contractual obligations. This information can be broadly categorized as:

a) Information You Directly Provide to Us

We collect personal and business information that you voluntarily provide when you interact with our Services. This includes, but is not limited to, instances when you:

  • Register for an account: This typically includes your full name, business name, professional title, email address, phone number, and account login credentials (username and hashed password).

  • Request a demo or trial of our Services: We may collect your name, business email, company name, phone number, and details about your business needs.

  • Subscribe to newsletters, marketing communications, or other updates: We collect your email address and preferences.

  • Submit a contact form, support ticket, or engage with our customer support: This may include your name, email address, phone number, company name, and the content of your communication.

  • Make purchases or enter into agreements for our Services: This involves billing information such as your billing address, payment card details (processed securely by third-party payment processors, we do not store full payment card numbers), and tax identification numbers where applicable.

  • Participate in surveys, webinars, promotions, or events: We may collect contact information and your responses to survey questions.

  • Upload or input data into our Services: As part of using our SaaS platform, you may upload or generate various types of data relevant to your business operations. While this data is primarily owned and controlled by you, we process it as a service provider on your behalf. This data is subject to our terms of service and any data processing agreements.

b) Information We Automatically Collect

When you visit, access, or interact with our Services, we may automatically collect certain information about your device, Browse actions, and patterns. This information helps us understand how our Services are used, improve functionality, and enhance user experience. This includes:

  • Log Data: Information that your browser or device sends automatically whenever you visit our website. This may include your Internet Protocol (IP) address, browser type and version, device type and operating system, geographic location (city, country, and potentially more precise location if you enable location services), pages visited, time spent on those pages, date and time of your visit, referral source, and clickstream data.

  • Usage Data: Information about your interactions with our Services, such as features used, actions taken, time spent on specific functionalities, search queries, and session activity (e.g., clicks, navigation paths, form submissions, and downloads).

  • Cookie Data and Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your Browse activities. These technologies help us to:

    • Remember your preferences and settings.

    • Authenticate your session and keep you logged in.

    • Analyze usage patterns and trends.

    • Measure the effectiveness of our marketing campaigns.

    • Customize content and advertising based on your interests.

    • Provide functionality for our Services. You can manage your cookie preferences through your browser settings or, where applicable, through our cookie consent banner. Please refer to Section 4 for more details.

c) Information from Third Parties

In certain circumstances, we may receive information about you from third-party sources. This could include:

  • Referral Partners: If you access our Services through a partner referral program.

  • Publicly Available Sources: Information from public databases or social media platforms to verify or update information we hold.

  • Marketing and Analytics Partners: Data from third-party services that help us analyze our user base and marketing effectiveness.

2. How We Use Your Information

We use the information we collect for various business and commercial purposes, based on appropriate legal bases as required by applicable laws. These purposes include:

  • To Provide and Maintain the Services: To operate, deliver, and maintain the functionality of our website and SaaS platform; to process your transactions and manage your account.

  • To Improve and Personalize Services: To understand usage trends, analyze data, and conduct research to enhance the features, performance, and user experience of our Services. This may include personalizing content and recommendations.

  • To Communicate with You: To respond to your inquiries, provide customer support, send important updates, security alerts, and administrative messages related to your account or our Services.

  • For Marketing and Promotional Purposes: To send you newsletters, promotional materials, and information about new features, products, or services that may be of interest to you, based on your consent where required. You can opt-out of marketing communications at any time.

  • To Process Transactions and Billing: To process payments for subscriptions and services, send invoices, and manage billing accounts.

  • For Security and Fraud Prevention: To detect, prevent, and respond to potential fraud, abuse, security risks, or technical issues that could harm our Company, our users, or the public.

  • To Comply with Legal Obligations: To meet our legal, regulatory, and compliance requirements, such as responding to lawful requests from public authorities, court orders, and other legal processes.

  • For Research and Development: To develop new products, features, and functionalities.

  • To Enforce Our Terms and Policies: To enforce our Terms of Service, acceptable use policies, and other agreements.

3. Legal Bases for Processing Your Information

For individuals in the European Economic Area (EEA), the UK, and other regions with similar data protection laws (e.g., GDPR), we rely on the following legal bases for processing your personal data:

  • Performance of a Contract: When processing is necessary to fulfill our obligations under a contract with you (e.g., providing the Services you subscribed to).

  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (e.g., improving our Services, marketing, fraud prevention, and analytics). We conduct legitimate interest assessments to ensure your rights are protected.

  • Consent: When you have given explicit consent for us to process your personal data for a specific purpose (e.g., sending marketing communications). You have the right to withdraw your consent at any time.

  • Legal Obligation: When processing is necessary to comply with a legal or regulatory obligation (e.g., tax laws, responding to lawful requests from authorities).

4. Sharing Your Information

We do not sell, rent, or trade your personal data to third parties for their independent marketing purposes. We may share your information in the following circumstances and with the following categories of recipients:

  • Service Providers and Sub-processors: We engage trusted third-party companies and individuals to perform services on our behalf and assist us in operating, providing, and improving our Services. These service providers may include:

    • Cloud Hosting Providers: For data storage and infrastructure (e.g., Amazon Web Services, Google Cloud Platform).

    • Payment Processors: To securely handle payment transactions (e.g., Stripe, PayPal).

    • Analytics Platforms: To understand user behavior and website performance (e.g., Google Analytics, Mixpanel).

    • CRM and Marketing Automation Platforms: For managing customer relationships and sending communications (e.g., HubSpot, Mailchimp).

    • Customer Support Platforms: For managing support tickets and communications.

    • Professional Advisors: Such as lawyers, auditors, and consultants. All such vendors are carefully vetted and bound by strict data processing agreements and confidentiality clauses, ensuring they provide appropriate security measures and process data only according to our instructions and applicable data protection laws.

  • Business Transfers: In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such transfer and choices you may have regarding your information.

  • For Legal Reasons: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

    • Comply with a legal obligation or respond to valid requests by public authorities (e.g., a court order, subpoena, or government request).

    • Protect and defend the rights or property of EPITOME LUXE LABS PVT LTD.

    • Prevent or investigate possible wrongdoing in connection with the Services.

    • Protect the personal safety of users of the Services or the public.

    • Protect against legal liability.

  • With Your Consent: We may share your information with third parties when we have your explicit consent to do so.

  • Aggregated or Anonymized Data: We may share aggregated or anonymized data that cannot reasonably be used to identify you, for various purposes, including research, analytics, and improving our Services.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to track activity on our Services and hold certain information.

  • Cookies: Small data files placed on your device or computer. They allow us to recognize your browser or device and remember certain information.

  • Web Beacons (also known as clear gifs or pixel tags): Small graphic images that may be included on our Services or emails to help us measure user engagement and email effectiveness.

How We Use Cookies:

  • Strictly Necessary Cookies: Essential for the operation of our Services (e.g., enabling secure login, processing payments).

  • Performance and Analytics Cookies: Help us understand how visitors interact with our Services by collecting information about usage patterns, website traffic, and errors. This helps us improve our Services.

  • Functionality Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

  • Advertising and Targeting Cookies: Used to deliver relevant advertisements to you and measure the effectiveness of our advertising campaigns. These may be placed by us or by third-party advertising partners.

Managing Cookies:

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, if you choose to disable cookies, some features of our Services may not function properly.

For more information about cookies and how to manage them, you can refer to your browser's help documentation or visit websites like www.allaboutcookies.org.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The criteria used to determine our retention periods include:

  • The duration of your active relationship with us: As long as you are a customer or have an active account with us.

  • The nature and sensitivity of the personal data: The type of data and its potential impact.

  • The purposes for which we process your personal data: To achieve the stated purposes in this policy.

  • Legal, accounting, or reporting requirements: Any laws or regulations that require us to retain data for a certain period.

  • Potential for disputes: Retention periods in case of potential litigation or investigations.

Upon the expiration of the retention period, your personal data will be securely deleted, anonymized, or aggregated so that it can no longer be associated with you. If you request deletion of your data, we will do so in accordance with applicable laws, subject to any overriding legal or legitimate business requirements.

7. Your Data Protection Rights

Depending on your jurisdiction and applicable data protection laws (such as GDPR, CCPA, etc.), you may have certain rights regarding your personal data. These rights may include:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

  • Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected, or you withdraw consent).

  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data, or the processing is unlawful).

  • Right to Object to Processing: You have the right to object to the processing of your personal data in certain situations, particularly where processing is based on legitimate interests or for direct marketing.

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.

  • Right to Withdraw Consent: If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority or data protection authority in your country of residence if you believe your rights have been violated.

Exercising Your Rights:

To exercise any of these rights, please contact us at [privacy@epitomeluxury.com]. We will respond to your request in accordance with applicable laws and within the specified timeframes (e.g., one month under GDPR). We may need to verify your identity before fulfilling your request to ensure the security of your data.

8. Data Security

We take the security of your information seriously and implement robust technical and organizational measures designed to protect your personal data from unauthorized access, loss, misuse, alteration, disclosure, or destruction. Our security measures include:

  • Encryption: We use industry-standard encryption protocols (e.g., SSL/TLS) to protect data transmitted over our network.

  • Access Controls: Strict access controls and authentication mechanisms are in place to limit access to personal data to authorized personnel on a need-to-know basis.

  • Regular Security Assessments: We conduct regular security assessments, penetration testing, and vulnerability scanning to identify and address potential weaknesses.

  • Employee Training: Our employees receive regular training on data protection and security best practices.

  • Data Minimization: We strive to collect only the personal data that is necessary for the specified purposes.

  • Incident Response Plan: We have a comprehensive incident response plan to address any potential data breaches promptly and effectively.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

9. International Data Transfers

As a global SaaS provider, EPITOME LUXE LABS PVT LTD may store, process, and transfer your information to countries outside of your jurisdiction of residence, including to countries that may not have the same level of data protection laws as your own.

When transferring your personal data internationally, we ensure that appropriate safeguards are in place to protect your information and comply with applicable data protection laws. These safeguards may include:

  • Standard Contractual Clauses (SCCs): Implementing the European Commission's Standard Contractual Clauses for transfers of personal data from the EEA and UK to third countries.

  • Adequacy Decisions: Relying on adequacy decisions made by the European Commission or other relevant authorities.

  • Binding Corporate Rules (BCRs): If applicable and approved by relevant data protection authorities. By using our Services, you understand and agree to the potential transfer of your information to countries outside your jurisdiction.

10. Children's Privacy

Our Services are not intended for, and we do not knowingly collect personal data from, individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we might have any information from or about a child under 18, please contact us immediately at info@epitomeluxury.com

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new technologies. We will notify you of any material changes by posting the updated Privacy Policy on this page with a revised "Effective Date" at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after the posting of a revised Privacy Policy constitutes your acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our Privacy Officer at:

EPITOME LUXE LABS PVT LTD Email: General Inquiries Email: info@epitomeluxury.com Website: www.epitomeluxury.com