Privacy Policy
Last updated: January 25, 2026
Introduction
This Privacy Policy ("Policy") serves as a parent template describing how 64bitlabs ("we," "us," "our," or "Company"), located at Remote, India, collects, uses, discloses, and safeguards personal information through our website at https://64bitlabs.com (the "Website") and its associated internal products and services (collectively, the "Services"). This Policy applies to all users of the Services, including visitors, registered users, customers, and any individuals who interact with us.
This template is designed to be adaptable for our various internal products. Where applicable, product-specific details (e.g., data collected, purposes of use, or third-party integrations) are outlined in tables below with placeholders. You can customize these tables by replacing placeholders with specific information for each product to ensure compliance and accuracy.
We are committed to protecting your privacy and complying with applicable data protection laws, including but not limited to:
- The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
- The General Data Protection Regulation (GDPR) (EU) 2016/679
- The California Online Privacy Protection Act (CalOPPA)
- The Children's Online Privacy Protection Act (COPPA)
- India's Digital Personal Data Protection Act, 2023 (DPDP Act)
- Other relevant federal, state, and international privacy laws
By accessing or using the Services, you consent to the practices described in this Policy. If you do not agree, please do not use the Services.
This Policy is exhaustive and covers all aspects of our data handling practices. We may update this Policy from time to time; changes will be posted here with an updated effective date. Your continued use of the Services after changes constitutes acceptance.
Information We Collect
We collect various types of personal information to provide, improve, and secure our Services. The categories of information we collect depend on how you interact with us and may vary by product. Below is a general overview, followed by a product-specific table with placeholders for customization.
General Categories of Personal Information
- Contact Information: Email address, first name and last name, phone number.
- Address Information: Address, state, province, ZIP/postal code, city.
- Social Media Profile Information: If you connect via social media (e.g., Connect with Facebook, Sign In with Twitter), we may collect profile details such as username, profile picture, and other public information.
- Payment Information: When you pay for products or services, we collect billing details (e.g., credit card number, expiration date, CVV) through secure third-party processors. We do not store full payment card details on our servers.
- Other Information: Any additional data you submit, such as feedback, survey responses, or content uploaded to the Services.
Information Collected Automatically
We use tracking and analytics tools to collect data about your interactions:
- Device and Usage Data: IP address, browser type, operating system, device identifiers, pages viewed, time spent, referring/exit pages, and clickstream data.
- Cookies and Similar Technologies: We use cookies, web beacons, pixels, and local storage for session management, personalization, and analytics. This includes first-party and third-party cookies.
- Location Data: Approximate location based on IP address or, if enabled, precise geolocation.
- Analytics Tools: We use Google Analytics and similar tools to track user behavior, measure site performance, and generate reports. Google Analytics may collect anonymized data; see Google's privacy policy for details.
- Remarketing Services: We use remarketing tools (e.g., Google Ads, Facebook Pixel) to display targeted ads based on your past visits to our Website.
- Advertising Data: Information about ads viewed or interacted with on our Services.
Information from Third Parties
We may receive data from:
- Social Media Platforms: Profile information if you authenticate via third-party services.
- Payment Processors: Confirmation of transactions.
- Advertising Partners: Data for ad targeting and measurement.
- Service Providers: Such as Invisible reCAPTCHA (for spam prevention), Google Places (for location services), Mouseflow (for user session recording and heatmaps), and FreshDesk (for customer support).
Product-Specific Data Collection
The following table outlines data collected per internal product.
| Product Name | Data Collected | Sources | Purpose | Third-Party Integrations |
|---|---|---|---|---|
| DYAD | Email, Usage Data | User Input, Automatic | Service Delivery, Analytics | Google Analytics |
| SecureTMP | Email, Usage Data | User Input, Automatic | Service Delivery, Analytics | Google Analytics |
| FrappeSDK | Email, Usage Data | User Input, Automatic | Service Delivery, Analytics | Google Analytics |
Information from Children Under 13
We collect personal information from children under 13 only with verifiable parental consent, in compliance with COPPA and DPDP Act (for users in India). If you are a parent or guardian and believe your child has provided information without consent, contact us immediately to request deletion.
Sensitive Personal Information
Under CCPA/CPRA and DPDP Act, we may collect sensitive information (e.g., payment details, precise geolocation) only as necessary for the Services. We do not sell or share sensitive information for cross-context behavioral advertising without your consent. Under DPDP, sensitive data processing requires explicit consent and is limited to specified purposes.
How We Collect Information
- Directly from You: Via forms, registrations, purchases, emails, or support tickets.
- Automatically: Through cookies, logs, and tracking technologies.
- From Third Parties: As described above.
- Emails and Newsletters: If you opt-in, we collect data for sending promotional or informational emails.
We send emails to users who have opted in or as part of transactional communications (e.g., order confirmations). You can unsubscribe at any time via the link in emails or by contacting us.
Under DPDP Act, we provide notice in clear language (including regional Indian languages upon request) before collecting data, explaining purposes and obtaining consent where required.
How We Use Your Information
We use collected information for the following purposes, which may vary by product:
- Providing Services: To operate the Website, process registrations, fulfill orders, and deliver internal products.
- Payments and Transactions: To process payments for products/services via secure third-party gateways.
- Communication: To send emails, respond to inquiries, and provide customer support.
- Personalization: To tailor content, recommendations, and user experience.
- Analytics and Improvement: To analyze usage, troubleshoot issues, and enhance the Services using tools like Google Analytics.
- Marketing and Advertising: To display ads on our Website, send promotional emails, and use remarketing to advertise on third-party sites. We show ads and use remarketing services for business promotion.
- Security and Fraud Prevention: To detect and prevent abuse, spam, or unauthorized access (e.g., via Invisible reCAPTCHA).
- Compliance and Legal: To comply with laws, respond to legal requests, and enforce our terms.
- Research and Aggregated Data: To create anonymized datasets for internal research or sharing with partners.
Under GDPR and DPDP Act, our legal bases for processing include consent, contract performance, legitimate interests (e.g., marketing), and legal obligations. Processing is limited to specified purposes, with data minimization applied.
Product-Specific Uses
| Product Name | Primary Uses | Legal Basis |
|---|---|---|
| DYAD | Analytics, Personalization | Consent |
| SecureTMP | Analytics, Personalization | Consent |
| FrappeSDK | Analytics, Personalization | Consent |
Sharing and Disclosure of Information
We do not sell your personal information. However, we may share it with:
- Service Providers: Third parties for hosting, analytics (e.g., Google Analytics), payment processing, email delivery, customer support (e.g., FreshDesk), user behavior tracking (e.g., Mouseflow), location services (e.g., Google Places), and security (e.g., Invisible reCAPTCHA).
- Advertising Partners: For ad serving, remarketing, and measurement (e.g., Google Ads, Facebook).
- Business Partners: If you connect via social media or other integrations.
- Legal Authorities: If required by law, subpoena, or to protect rights, safety, or property.
- Business Transfers: In connection with mergers, acquisitions, or asset sales.
- Affiliates: Within our corporate family for internal purposes.
We ensure third parties handle data securely and only for specified purposes. Under DPDP Act, we appoint data processors with contractual obligations for security and compliance.
Product-Specific Sharing
| Product Name | Shared With | Purpose of Sharing |
|---|---|---|
| DYAD | Analytics Providers | Performance Tracking |
| SecureTMP | Analytics Providers | Performance Tracking |
| FrappeSDK | Analytics Providers | Performance Tracking |
Cookies, Tracking, and Do Not Track
We use cookies for essential functions, preferences, analytics, and advertising. You can manage cookies via browser settings, but disabling them may limit functionality.
Under CalOPPA and DPDP Act, we honor Do Not Track (DNT) signals from browsers. If your browser sends a DNT signal, we will not track your browsing for targeted advertising without consent.
Advertising and Remarketing
We display ads on our Website and use remarketing to show our ads on other sites based on your visits. Third-party vendors (e.g., Google) place cookies for this purpose. You can opt out via Google's Ads Settings or the Network Advertising Initiative opt-out page.
Children's Privacy (COPPA and DPDP Compliance)
Our Services are not directed to children under 13 (or under 18 in India under DPDP without consent) without verifiable parental/guardian consent. We comply with COPPA and DPDP by:
- Obtaining verifiable consent before collecting personal information from children.
- Providing notice of our practices and the ability to review, delete, or refuse further collection.
- Limiting collection to what's necessary for participation in activities.
If we discover unauthorized collection from a child, we will delete it promptly.
California Privacy Rights (CCPA/CPRA and CalOPPA)
If you are a California resident, you have rights under CCPA/CPRA:
- Right to Know: Request details on personal information collected, sources, purposes, and sharing in the past 12 months.
- Right to Delete: Request deletion of your personal information, subject to exceptions.
- Right to Opt-Out of Sale/Sharing: We do not sell personal information, but you can opt out of sharing for targeted advertising.
- Right to Correct: Request correction of inaccurate information.
- Right to Limit Use of Sensitive Information: Limit use of sensitive personal information.
- Right to Non-Discrimination: No discrimination for exercising rights.
Under CalOPPA, we disclose how we respond to DNT signals (as above) and do not track users across third-party sites without consent.
To exercise rights, contact us as below. We will verify requests using provided information and respond within 45 days (extendable to 90). Authorized agents may submit on your behalf with proof.
We have disclosed the following in the past 12 months:
| Category of Personal Information | Collected? | Sources | Business Purpose | Shared With | Sold? |
|---|---|---|---|---|---|
| Identifiers (e.g., name, email, IP) | Yes | You, automatically, third parties | Services, analytics, marketing | Service providers, ad partners | No |
| Personal info (e.g., address, phone) | Yes | You | Services, payments | Payment processors | No |
| Protected classifications | No | N/A | N/A | N/A | N/A |
| Commercial info (e.g., purchases) | Yes | You, automatically | Services, analytics | Service providers | No |
| Biometric info | No | N/A | N/A | N/A | N/A |
| Internet activity (e.g., browsing) | Yes | Automatically | Analytics, advertising | Analytics/ad providers | No |
| Geolocation data | Yes | Automatically | Personalization, security | Service providers | No |
| Sensory data | No | N/A | N/A | N/A | N/A |
| Professional/employment info | No | N/A | N/A | N/A | N/A |
| Education info | No | N/A | N/A | N/A | N/A |
| Inferences | Yes | Derived from above | Personalization, marketing | Internal use | No |
| Sensitive personal info (e.g., payment details) | Yes | You | Payments | Payment processors | No |
EU/UK Privacy Rights (GDPR Compliance)
If you are in the EU/EEA or UK, you have GDPR rights:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion ("right to be forgotten").
- Restriction: Restrict processing.
- Portability: Receive data in a portable format.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw Consent: Where processing relies on consent.
- Complaint: Lodge with a supervisory authority (e.g., your local data protection authority).
Our lawful bases: Consent (e.g., marketing), contract (e.g., services), legitimate interests (e.g., analytics), legal obligations.
We do not transfer data outside the EU/EEA without adequate safeguards (e.g., Standard Contractual Clauses). Retention periods vary by purpose; e.g., account data until deletion request, logs for 12 months.
Contact our Data Protection Officer (DPO) at the details below for requests.
India Privacy Rights (DPDP Act Compliance)
If you are a data principal in India (or we process your digital personal data in India), you have rights under the DPDP Act, 2023:
- Right to Information: Receive a summary of your personal data, processing activities, and identities of data fiduciaries/processors with whom data is shared.
- Right to Correction: Request correction or completion of inaccurate or incomplete data.
- Right to Erasure: Request deletion of data when no longer needed for the purpose or consent is withdrawn.
- Right to Nomination: Nominate another individual to exercise rights in case of death or incapacity.
- Right to Withdraw Consent: Withdraw consent at any time, with effects prospective.
- Right to Grievance Redressal: File complaints with us or the Data Protection Board of India.
- Right to Consent Manager: Use a registered consent manager for managing consents.
We act as a Data Fiduciary under DPDP and ensure:
- Processing only for lawful purposes with consent or legitimate uses (e.g., contract fulfillment).
- Notices in clear, concise language (available in English and scheduled Indian languages upon request).
- Data accuracy, security, and breach notification to the Data Protection Board and affected individuals.
- No processing of children's data (under 18) without verifiable parental/guardian consent.
- Retention only as necessary, not exceeding 7 years unless required by law.
To exercise rights, contact us as below. We will respond within 30 days. You may appeal to the Data Protection Board if unsatisfied.
International Data Transfers
If you are outside the US, your data may be transferred to and processed in the US or other countries. We ensure appropriate safeguards, such as contractual clauses, for such transfers. Under DPDP Act, transfers outside India require adequacy decisions, consent, or other mechanisms ensuring equivalent protection.
Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your information, including encryption, access controls, and regular audits, in compliance with DPDP's reasonable security requirements. However, no system is 100% secure; we cannot guarantee absolute security.
In case of a data breach, we will notify affected users and authorities as required by law (e.g., within 72 hours under GDPR and DPDP).
Data Retention
We retain personal information only as long as necessary for the purposes outlined, or as required by law (e.g., up to 7 years under DPDP unless longer retention is justified). For example:
- Account data: Until you request deletion.
- Transaction records: 7 years for tax/compliance.
- Analytics data: Anonymized after 24 months.
After retention periods, data is deleted or anonymized.
Product-Specific Retention
| Product Name | Retention Period | Reason |
|---|---|---|
| DYAD | 2 years | Analytics |
| SecureTMP | 2 years | Analytics |
| FrappeSDK | 2 years | Analytics |
Third-Party Links
Our Services may link to third-party sites. We are not responsible for their privacy practices; review their policies.
Changes to This Policy
We may update this Policy; changes are effective upon posting. For material changes, we may notify you via email or Website notice.
Contact Us
For questions, requests, or concerns about this Policy or your data (including DPDP grievances):
- By Email: contact@64bitlabs.com
- By Visiting a Page on Our Website: https://64bitlabs.com/contact
- By Sending Post Mail: 64bitlabs, Remote, India
We respond to all inquiries within 30 days (or sooner as required by law). For DPDP-specific requests, specify "DPDP Rights Exercise."
This Policy was last updated on January 25, 2026.