Privacy Policy

Last updated:

1. Who we are

This policy applies to Getwidget Labs Pvt Ltd (also trading as "GetWidget"), incorporated in India in 2017. Our engineering team is based in Bengaluru, Karnataka; we also maintain a registered US mailing address in Dallas, Texas. When this policy says "we", "us", or "our", it means Getwidget Labs Pvt Ltd.

This policy covers data collected through the getwidget.dev website and through the process of engaging us for services (discovery audits, pilot projects, continuous studio engagements). It does not cover third-party websites we may link to.

2. Information we collect

We collect the following categories of information:

  • Contact form data. When you submit our contact or audit booking form: name, email address, company name (optional), phone number (optional), and the workflow or inquiry description you provide.
  • Audit booking data. For the discovery audit engagement: the workflow description, estimated volume or cost metrics, compliance constraints, and any supporting materials you share (e.g., CSV samples, anonymised ticket exports). We do not request raw production data at this stage.
  • Correspondence. Emails, messages, or other communications you send us directly (e.g., via sales@getwidget.dev).
  • Technical and log data. Standard server logs automatically collected when you visit our site: IP address, browser and device type, referring URL, pages visited, and timestamps. This data is used to maintain site security and diagnose technical issues; it is not linked to your name unless you have also submitted a contact form in the same session.
  • Cookies and similar technologies. See Section 6 below.

We do not knowingly collect sensitive categories of personal data (health, financial account, biometric, or similar) through the website. If a service engagement requires handling sensitive data, we agree a Data Processing Agreement before any such data touches our infrastructure.

3. How we use your information

  • Respond to your inquiry, quote request, or audit booking.
  • Deliver the services you have engaged us to perform.
  • Send transactional communications related to an active engagement (invoices, project updates, handoff documents).
  • Improve the website and our service descriptions based on aggregate usage patterns.
  • Comply with legal obligations (tax records, court orders, regulatory requirements).
  • Detect and prevent fraud, abuse, or security incidents.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. With your explicit consent, we may reference your company as a client or publish a testimonial — and you can withdraw that consent at any time.

4. Legal bases for processing (GDPR)

Where the EU General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:

  • Contract. Processing your contact details and engagement data is necessary to perform the services you have requested or to take steps at your request prior to entering a contract.
  • Legitimate interests. We process server log data and aggregate analytics to maintain site security and improve the site, where these interests are not overridden by your rights.
  • Legal obligation. We retain certain records (e.g., invoices, tax documents) as required by applicable law.
  • Consent. Where we send optional marketing communications or publish testimonials, we obtain your prior consent and you may withdraw it at any time.

5. Third-party processors

We share personal data with a limited set of third-party service providers who process it on our behalf. Current and expected processors:

  • Cloud hosting / CDN. The site is deployed through a cloud hosting provider (configuration details are in our infrastructure; we will name the provider here once the production deployment is finalised).
  • Email / CRM. Inquiry form submissions and engagement correspondence may be routed through an email or CRM tool. We will publish the specific provider when the service infrastructure is finalised.
  • Calendar / booking. Audit booking slots may be managed through a third-party calendar tool. Any such tool is subject to its own privacy policy; we will link it here when active.
  • Payment processing. We do not currently process payments directly through getwidget.dev. If a payment processor (such as Stripe) is added, we will update this section and add it to our sub-processor list.

We require all processors to handle your data only on our documented instructions, maintain appropriate security measures, and comply with applicable data protection law. We will publish a complete sub-processor list when our service infrastructure is finalised.

6. Cookies and analytics

At the time this policy was last updated, getwidget.dev does not load any third-party analytics or advertising scripts. We are evaluating analytics tooling (privacy-first options such as Plausible or Fathom, or Google Analytics with IP anonymisation) and will update this section before any such tool is activated.

The site may set a small number of essential first-party cookies required for site functionality (e.g., session state for the audit booking modal). These cookies are strictly necessary and do not require consent under ePrivacy rules.

If you wish to disable cookies entirely, you can do so through your browser settings. This may affect site functionality.

7. Data retention

We keep data for no longer than necessary for the purpose it was collected:

  • Contact and inquiry data — retained for up to 24 months from the date of last contact, unless an active engagement requires longer retention.
  • Engagement and project data — retained for the duration of the engagement plus 5 years, to satisfy tax and legal record-keeping obligations.
  • Server logs — typically 30–90 days, depending on our hosting provider's default retention.
  • Consent records — retained for as long as the consent is relied upon, plus a reasonable period thereafter as evidence.

When data is no longer needed, we delete or anonymise it. We will promptly honour any verified erasure request (see Section 8), subject to our legal retention obligations.

8. Your rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access. Request a copy of the personal data we hold about you.
  • Rectification. Ask us to correct inaccurate or incomplete data.
  • Erasure. Ask us to delete your data, subject to our legal retention obligations.
  • Portability. Receive your data in a structured, commonly used, machine-readable format.
  • Objection. Object to processing based on legitimate interests, or to direct marketing at any time.
  • Restriction. Ask us to restrict processing while a dispute is resolved.
  • Withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint. You have the right to lodge a complaint with your local supervisory authority. In the EU, this is your national Data Protection Authority. In the UK, this is the ICO (ico.org.uk). In India, the applicable authority will be notified under the Digital Personal Data Protection Act 2023 once the regulatory framework is in force.

To exercise any of these rights, email us at sales@getwidget.dev with the subject line "Privacy Request". We will respond within 30 days. We may ask you to verify your identity before acting on the request.

9. International data transfers

Getwidget Labs Pvt Ltd is based in India. When we provide services to clients in the EU, UK, or US, personal data may be transferred between India, the United States, and Europe. Where required by applicable law — in particular where EU/UK GDPR applies — we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) to legitimise these transfers. If you would like details of the safeguards in place for a specific transfer, contact us at the address in Section 12.

10. Children

Our website and services are directed at businesses and adult professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, services, or applicable law. The "Last updated" date at the top of this page will reflect the most recent revision. We encourage you to review this page periodically. Where a change is material, we will notify clients with active engagements by email before it takes effect.

12. Contact us

For privacy questions, requests, or complaints, contact us at:

Getwidget Labs Pvt Ltd
Attn: Privacy
HD-101(A) WeWork Salarpuria Symbiosis
Bengaluru, Karnataka 560077
India

Email: sales@getwidget.dev