Privacy Policy
How we collect, use, and protect your personal information
Effective Date: July 1, 2026
Last Updated: July 2026
RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED ("CloudServe Labs", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cloudservelabs.com and our related websites (collectively, the "Services"), including our AI Innovation & EdTech products DeveloperBootstrap, KNOWRIZ, Docemora, and MathuAI.
This Privacy Policy is compliant with the General Data Protection Regulation (GDPR) for users in the European Union, the Digital Personal Data Protection Act, 2023 (DPDP Act) for users in India, and the California Consumer Privacy Act (CCPA) for users in California.
Quick Navigation
1. Data We Collect
1.1 Information You Provide
We collect information you voluntarily provide when you:
- Contact Forms: Name, email address, phone number, company name, and message content
- Early Access Signup: Name, email address, organization, role, and areas of interest
- Newsletter Subscription: Email address and communication preferences
- Career Applications: Resume, cover letter, contact information, and professional details
1.2 Automatically Collected Information
When you visit our Services, we automatically collect:
- Device Information: IP address, browser type, device type, operating system
- Usage Data: Pages visited, time spent, referring URLs, click patterns
- Analytics Data: Google Analytics collects aggregated usage statistics
- Performance Data: Page load times, error logs, technical diagnostics
1.3 Cookies and Tracking Technologies
We use cookies and similar tracking technologies. See Section 9 for details.
1.4 Student & Educational Data
DeveloperBootstrap, KNOWRIZ, Docemora, and MathuAI are built for learners, educators, and educational institutions. Where these products collect learner or institution data, additional safeguards apply:
- Student and learner data is collected only for the purpose of learning analytics and course or content delivery
- We do not sell student data or share it with third parties for advertising purposes
- Parental consent mechanisms apply for learners under 18 years of age, where applicable (see Section 10)
- Educators and institutions can exercise access, correction, and erasure rights on behalf of learners under GDPR and the DPDP Act (see Section 5)
- Data minimization — we collect only what is necessary for course delivery
2. How We Use Your Data
We use your personal data for the following purposes:
- Service Delivery: To respond to your inquiries, process requests, and provide customer support
- Educational Analytics: To deliver course content, track learning progress, and improve outcomes for learners on DeveloperBootstrap, KNOWRIZ, Docemora, and MathuAI
- Communication: To send you updates, newsletters, marketing materials, and product announcements (with consent)
- Improvement: To analyze usage patterns and improve our Services
- Security: To detect, prevent, and address technical issues and security threats
- Compliance: To comply with legal obligations and enforce our Terms of Service
- Recruitment: To evaluate job applications and communicate with candidates
- Analytics: To understand user behavior and measure website performance
3. Legal Basis for Processing
3.1 GDPR Legal Bases (EU Users)
Under GDPR Article 6, we process your data based on:
- Consent (Article 6(1)(a)): For marketing communications and non-essential cookies
- Contract Performance (Article 6(1)(b)): To fulfill service requests and respond to inquiries
- Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations
- Legitimate Interests (Article 6(1)(f)): For analytics, security, and service improvement
3.2 DPDP Act Legal Bases (India Users)
Under DPDP Act Section 6, we process your data based on:
- Consent: Explicit, informed, and freely given consent for data processing
- Legitimate Uses: For specified lawful purposes that do not override your rights
- Legal Compliance: To comply with Indian laws and regulatory requirements
4. Data Sharing & Third Parties
We do not sell your personal data. We may share your data with the following third parties:
Third-Party Service Providers
- Resend (Email Service):
Purpose: Transactional emails and contact form submissions
Location: United States
Privacy Policy: https://resend.com/legal/privacy-policy - Google Analytics:
Purpose: Website analytics and performance monitoring
Location: United States
Privacy Policy: https://policies.google.com/privacy - Google Cloud Platform (Hosting):
Purpose: Website hosting and infrastructure
Location: Global (primary: us-central1)
Privacy Policy: https://cloud.google.com/terms/cloud-privacy-notice
Legal Disclosures
We may disclose your data if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or the public.
5. Your Rights
5.1 GDPR Rights (EU Users)
Under GDPR, you have the following rights:
- Right of Access (Article 15): Request a copy of your personal data
- Right to Rectification (Article 16): Correct inaccurate or incomplete data
- Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
- Right to Restriction (Article 18): Limit how we use your data
- Right to Data Portability (Article 20): Receive your data in a machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (does not affect lawfulness of prior processing)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
5.2 DPDP Act Rights (India Users)
Under the DPDP Act, you have the following rights:
- Right to Access: Obtain information about your data and how it's processed
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (subject to legal obligations)
- Right to Data Portability: Receive your data in a structured format
- Right to Withdraw Consent: Withdraw consent with the same ease as giving consent
- Right to Grievance Redressal: File a grievance with our Data Protection Officer (see Grievance Mechanism)
- Right to Nominate: You have the right to nominate any individual to exercise your data protection rights in the event of your death or incapacity.
5.3 CCPA Rights (California Users)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Opt-Out: Opt-out of the "sale" of your personal information — we do not sell personal information
- Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights
IMPORTANT NOTICE:
We do NOT sell your personal information. We do not and will not sell your personal information to third parties for monetary or other valuable consideration. We may share certain information with service providers and partners as described in this Privacy Policy, but such sharing does not constitute a "sale" under CCPA.
To exercise your CCPA rights, please contact us at [email protected] or call +91 91106 18988. We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days with notice).
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected] or use our Grievance Mechanism. We will respond to your request within 30 days for GDPR requests and within 30 days for DPDP Act requests.
6. Data Security
We implement industry-standard security measures to protect your personal data:
- Encryption in Transit: TLS 1.3 encryption for all data transmitted over the internet
- Encryption at Rest: Data stored in databases is encrypted using AES-256
- Access Controls: Role-based access controls and least-privilege principle
- Security Headers: Content Security Policy (CSP), HSTS, X-Frame-Options, and other protective headers
- Regular Audits: Periodic security audits and vulnerability assessments
- Rate Limiting: Protection against brute-force attacks and DDoS
- Secure Development: OWASP Top 10 compliance and secure coding practices
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
Data Breach Notification: In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, where feasible. We will also notify the Data Protection Board of India and relevant supervisory authorities as required by DPDPA 2023 and GDPR Article 33.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 24 months from submission |
| Newsletter subscriptions | Until unsubscribe + 30 days |
| Early access signups | 2 years or until product launch |
| Analytics data | 26 months (Google Analytics default) |
| Career applications | 1 year from application date |
| Rate limiting data | 15 minutes (auto-expires) |
After the retention period expires, we securely delete or anonymize your data. We may retain data longer if required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).
8. Cross-Border Data Transfers
CloudServe Labs is based in India. We may transfer your personal data to countries outside your jurisdiction, including:
8.1 Transfers from EU/EEA
For users in the European Union or European Economic Area, your data may be transferred to India and the United States. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): Approved by the European Commission
- Adequacy Decisions: Where applicable, relying on EU Commission adequacy decisions
- Service Provider Agreements: Data processing agreements with all third-party processors
8.2 Transfers from India
For users in India, your data may be transferred for processing by third-party service providers (Resend, Google Analytics, Google Cloud Platform). We ensure compliance with DPDP Act requirements:
- Consent: Your explicit consent for cross-border transfers
- Contracts: Data processing agreements with adequate safeguards
- Government Approvals: Compliance with any government-mandated transfer requirements
Note on Data Localization: CloudServe Labs is committed to data localization and plans to implement India-based data storage for Indian users by Q3 2026. Currently, some data processing occurs outside India as described above.
10. Children's Privacy
Our Services are not intended for children under 18 years of age (or under 16 in the EU/EEA). We do not knowingly collect personal data from children.
Some of our products (DeveloperBootstrap, KNOWRIZ, Docemora, and MathuAI) are used in classroom and institutional settings where learners under 18 may be present. In those cases, we rely on the educator or institution to obtain verifiable parental consent before a learner's personal data is submitted to us, consistent with the Student & Educational Data safeguards in Section 1.4.
If we discover that we have collected personal data from a child without parental consent, we will delete that information immediately. If you believe we have collected data from a child, please contact us at [email protected].
11. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email (if you have provided an email address)
- Display a prominent notice on our website
- Request renewed consent where required by law
Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.
12. Contact & Grievances
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED
Grievance Officer: Santhosh Suryavanshi
Email: [email protected]
Grievance Email: [email protected]
General Inquiries: [email protected]
Registered Office
RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED
#36, WeWork Prestige Central, Infantry Road, Mahatma Gandhi Road, Bengaluru – 560001, Karnataka, India
CIN: U62091KA2025PTC210162
GST: 29AAPCR1639E1Z3
Phone: +91 91106 18988
Grievance Redressal:
For DPDP Act grievances, visit our Grievance Mechanism page.
Response Timeline
- GDPR Requests: We will respond within 30 days (may be extended by 2 months for complex requests)
- DPDP Act Grievances: We will acknowledge within 72 hours and resolve within 30 days
- General Inquiries: We aim to respond within 5 business days
Regulatory Authorities
If you are not satisfied with our response, you have the right to lodge a complaint with:
- EU Users: Your local data protection authority (find yours at https://edpb.europa.eu/about-edpb/board/members_en)
- India Users: Data Protection Board of India (once established under DPDP Act)
Transparency Note: CloudServe Labs is the AI Innovation & EdTech division of RAMSIO CLOUDSERVE INFOTECH PRIVATE LIMITED, incorporated October 2025. DeveloperBootstrap, KNOWRIZ, Docemora, and MathuAI begin inviting waitlisted signups Q3 2026. This Privacy Policy is designed to be compliant with GDPR, the DPDP Act, and CCPA requirements from day one. We will update this policy as products launch to reflect our evolving data practices while maintaining the highest standards of privacy protection for our learners, educators, and institutional partners.