Privacy Policy — how we handle your data.

1. Introduction

Triple Minds Pvt. Ltd. ("Triple Minds", "we", "us", or "our") is a consulting, development, and marketing company headquartered in Mohali, Punjab, India and serving clients across 9+ countries. We provide custom AI applications, mobile and web development, white-label products, SEO & performance marketing, and business consulting.

This Privacy Policy describes how we collect, use, share, and protect personal information when you (i) visit our website, (ii) submit an inquiry or request a demo, (iii) engage us for services, (iv) interact with our products, content, or marketing, or (v) apply for a job with us. By using our website or services, you agree to the practices described here.

This policy is published in compliance with the Information Technology Act, 2000 of India, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (India), the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

2. Scope & Who We Are

This policy applies to all personal information processed by Triple Minds in connection with:

• The website at tripleminds.co and any subdomains.
• Lead-capture forms, contact forms, calculators, demo requests, and Calendly bookings.
• Client engagements (consulting, development, marketing, AI projects, white-label products).
• Marketing emails, newsletters, and event communications.
• Recruitment and hiring activities.
• Customer support across email, WhatsApp, Telegram, and other channels.

Our offices:

3. Information We Collect

3.1 Information you provide directly

• Contact details: name, work email, phone number, company name, country, role, Telegram handle.
• Project details: messages, briefs, requirements, attachments, screenshots, design mocks, source code repositories, and any other content you share with us via forms, email, Telegram, WhatsApp, Calendly, or chat.
• Account & billing data: if you become a client — billing entity name, GSTIN/Tax ID, billing address, invoice references, and (for some engagements) signed contracts and NDAs. We do not store full credit card numbers; payments are processed by third-party gateways such as Razorpay, Stripe, PayPal, or Wise.
• Recruitment data: CVs, portfolios, cover letters, references, salary expectations, and interview notes when you apply to join Triple Minds.
• Survey, testimonial & feedback responses you choose to share with us.

3.2 Information collected automatically

• Device & usage data: IP address, browser type and version, operating system, device identifiers, screen size, language preference, referring URLs, pages viewed, time on page, and clickstream behaviour.
• Cookies & similar technologies: see Cookies & Tracking below.
• Analytics & performance: aggregated metrics from tools such as Google Analytics 4, Microsoft Clarity, server logs, and CDN/cache services.
• Communication metadata: for messages exchanged with our team (e.g. timestamp, sender, channel) — content of project communications is treated as confidential under our SOW or NDA.

3.3 Information from third parties

• Public business directories, LinkedIn, and similar professional sources used for B2B outreach.
• Referral partners, agencies, and resellers in our partner program.
• Authentication and OAuth providers when you sign in to a Triple Minds product using a third-party account (e.g. Google, Microsoft).
• Advertising platforms reporting on campaign performance.

4. How We Use Your Information

We use the information we collect to:

• Respond to inquiries, schedule calls, prepare proposals, and deliver the services you have engaged us for.
• Operate, maintain, and improve our websites, products, and client deliverables.
• Send transactional communications: project updates, invoices, contract documents, NDAs, and service notices.
• Send marketing communications about Triple Minds services, case studies, calculators, and events — only where permitted by law and where you can opt out at any time.
• Measure performance through analytics so we can improve content, conversion, and product UX.
• Personalize the website experience and remember preferences (e.g. language, region, country flag).
• Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms & Conditions.
• Process job applications and evaluate candidates.
• Comply with applicable legal, tax, accounting, and regulatory obligations.
• Defend or pursue legal claims and protect our rights, property, or safety, and those of our clients and the public.

5. Legal Basis for Processing

Where the GDPR, UK GDPR, or similar laws apply, we rely on one or more of the following legal bases:

• Contract: to take steps before entering into a contract (e.g. providing a quote) and to perform services we have agreed to deliver.
• Legitimate interests: to operate our business, secure our systems, conduct B2B outreach, and improve our services — balanced against your rights.
• Consent: for non-essential cookies, marketing emails, and other activities where consent is required. You may withdraw consent at any time without affecting prior lawful processing.
• Legal obligation: to meet tax, accounting, anti-fraud, and other regulatory requirements.
• Vital interests / public interest: in rare cases such as responding to lawful authorities or emergencies.

6. Sharing & Disclosure

We do not sell your personal information. We share data only when necessary, including with:

• Service providers & sub-processors: hosting, CDN, email, CRM, analytics, customer support, payment gateways, and engineering tools — all bound by contractual confidentiality and data-protection obligations. See Sub-Processors below.
• Project collaborators: if your project requires integration with vendors, APIs, or partners that you have approved.
• Professional advisors: auditors, lawyers, insurers, accountants, and consultants under confidentiality.
• Authorities: where disclosure is required by applicable law, court order, subpoena, or regulatory request, or to protect the rights, property, or safety of Triple Minds, our clients, or the public.
• Business transfers: in connection with a merger, acquisition, restructuring, or sale of all or part of our business — with notice to affected individuals where required.
• With your consent: for any other purpose disclosed at the time of collection.

7. Sub-Processors We Use

The following categories of third-party processors may handle personal data on our behalf. The specific list may evolve as our stack changes; current sub-processors used in client engagements are disclosed in the relevant Data Processing Agreement (DPA) on request.

8. Cookies & Tracking

We use cookies and similar technologies to make the site work, remember your preferences, measure performance, and improve content.

8.1 Types of cookies we use

• Strictly necessary: required for core site functions (e.g. session, security, form submissions, load balancing).
• Functional / preferences: remember settings such as country flag, theme, or accepted cookie banner state.
• Performance & analytics: Google Analytics 4 (_ga, _ga_*), Microsoft Clarity (_clck, _clsk) — to understand how visitors use the site.
• Marketing: Meta Pixel (_fbp), LinkedIn Insight Tag (li_*), Google Ads (_gcl_*) — to measure ad performance and serve relevant content.

8.2 Managing cookies

9. International Data Transfers

Triple Minds is headquartered in India and serves clients across the United States, United Kingdom, European Union, Middle East, Singapore, Australia, Estonia, Norway, Switzerland, Canada, Taiwan, Ukraine and other regions. Personal data may be processed in, or transferred to, countries other than the one in which it was collected.

Where required, we rely on appropriate safeguards — such as the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, the Swiss FDPIC-recognised SCCs, and contractual confidentiality and security obligations with our sub-processors — to ensure your data continues to receive an adequate level of protection. A copy of the safeguards applicable to a specific transfer is available on request.

10. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, tax, dispute-resolution, and reporting obligations.

11. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect personal data, including:

• HTTPS/TLS encryption in transit and encryption at rest for backups.
• Role-based access controls and the principle of least privilege.
• Multi-factor authentication on critical systems (email, hosting, source control).
• Internal NDAs and confidentiality undertakings with all team members and contractors.
• Vendor due diligence for sub-processors handling personal data.
• Secure code review, dependency monitoring, and periodic security testing on production systems.
• Incident response and breach-notification procedures aligned with the IT Act, the DPDP Act 2023, and the GDPR.

No method of transmission or storage over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If we become aware of a security incident that materially affects you, we will notify you and the relevant authorities as required by applicable law (see Data Breach Notification).

12. Your Privacy Rights

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete information.
• Delete your data ("right to erasure"), subject to our legal and contractual obligations.
• Restrict or object to certain processing activities, including direct marketing.
• Receive a copy of your data in a portable, machine-readable format.
• Withdraw consent for processing based on consent, at any time.
• Lodge a complaint with your local data protection authority.
• Nominate another individual to exercise rights on your behalf in the event of death or incapacity (where supported, e.g. India DPDP Act).

To exercise any of these rights, email us at sales@tripleminds.co with the subject line "Privacy Request". We may need to verify your identity before responding and will respond within the timeframes required by applicable law (typically 30 days).

13. India DPDP Act Compliance

For data principals in India, processing of personal data by Triple Minds is governed by the Digital Personal Data Protection Act, 2023 ("DPDP Act"). As a Data Fiduciary, we:

• Process personal data only for lawful purposes for which you have given consent or for legitimate uses recognised under the DPDP Act.
• Provide a clear notice (this Privacy Policy) describing the personal data processed and the purpose of processing.
• Allow you to withdraw consent and request access, correction, completion, updating, or erasure of your personal data.
• Maintain a Grievance Redressal mechanism — see Grievance Officer.
• Apply reasonable security safeguards and report any personal data breach to the Data Protection Board of India and to affected data principals as required.

14. GDPR / UK / EEA Rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the GDPR / UK GDPR / Swiss FADP applies to processing of your personal data by Triple Minds. In addition to the rights listed in section 12, you have the right to lodge a complaint with the supervisory authority in your country of residence. For UK residents, this is the Information Commissioner's Office (ico.org.uk).

For matters concerning EEA / UK individuals, you may contact us at sales@tripleminds.co. We will respond without undue delay and at most within 30 days, extendable by a further 60 days for complex requests.

15. CCPA / California Rights

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to:

• Know what categories of personal information we collect, the sources, and the purposes.
• Request deletion of personal information we hold about you.
• Correct inaccurate personal information.
• Opt out of the "sale" or "sharing" of personal information — note that Triple Minds does not sell personal information as defined by the CCPA.
• Limit the use of sensitive personal information.
• Be free from discrimination for exercising your rights.

To submit a verifiable consumer request, email sales@tripleminds.co with the subject line "California Privacy Request".

16. Children's Privacy

Our website and services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal information from children. Under the India DPDP Act, processing personal data of a child requires verifiable parental consent, and we do not knowingly engage in such processing through this website. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

17. Third-Party Links & Services

Our website and content may include links to third-party websites, calculators, or tools — including our App Cost Calculator and SEO Cost Calculator — and references to third-party platforms (Calendly, WhatsApp, Telegram, social networks). Their privacy practices are governed by their own policies. We are not responsible for the content or privacy practices of third parties.

18. App Cost Calculator Data

Our App Cost Calculator — along with our other calculators (SEO Cost Calculator and Vibe Coding Cost Calculator) — collects answers to multiple-choice project questions to produce a cost estimate. This section explains exactly what happens to that data.

What we collect via the calculator

• Your answers to roughly 28 multiple-choice questions covering project type, platforms, scope, features, timeline, security needs, and similar non-personal project parameters.
• The progress index (which step you reached) and a timestamp of your last interaction.
• No personal information is required to use the calculator. No email, phone, name, or signup is needed to receive your estimate.

Where this data is stored

• While you are using the calculator, all in-progress answers are saved only on your own device, in your browser's localStorage. We do not transmit, see, or store these answers on Triple Minds servers during the wizard.
• The browser storage keys are tm_calc_mobile_app_v1 (App Cost Calculator), tm_calc_seo_v1 (SEO Cost Calculator), and tm_calc_vibe_coding_v1 (Vibe Coding Cost Calculator).
• You can inspect or remove this data at any time via your browser's developer tools, by clicking the "Clear saved progress" button inside the calculator footer, or by clearing site data in your browser settings.

When data reaches Triple Minds

Your calculator answers are transmitted to Triple Minds only if you click "Contact Us Now" / "Talk to CTO" on the result panel and submit the contact form. At that point, your answers are pre-filled into the message body of the form along with the contact details you choose to provide (name, email, phone, optional Telegram handle). The submitted data is then handled per the rest of this Privacy Policy — primarily for lead qualification, project scoping, and proposal preparation.

How we use submitted calculator data

• To prepare a tailored project proposal or estimate for you.
• To follow up with you about your project, subject to your marketing preferences (see Section 20).
• To validate and refine the underlying scoring model — aggregated and anonymized only, never tied to a specific individual without your consent.
• To prevent abuse, spam, and bot submissions (we use Google reCAPTCHA on form submissions; see Google's privacy policy for their handling of reCAPTCHA tokens).

Cookies, analytics & pixels on calculator pages

• The calculator wizard itself does not set any marketing or advertising cookies. The only client-side storage used by the wizard is the localStorage mechanism described above.
• Standard site-wide analytics described in Section 8 (Cookies & Tracking) may apply to calculator pages.
• If you click "Contact Us Now" / "Talk to CTO," the contact form uses Google reCAPTCHA, which sets cookies governed by Google's privacy policy.

Your control over calculator data

• While in the wizard: click "Clear saved progress" to delete all answers from your browser instantly.
• After submitting the contact form: you can request access to, correction of, deletion of, or a copy of any data we hold by contacting us per Section 25. We will respond within the timelines required by applicable law (typically 30 days).
• Marketing follow-up: you can opt out of marketing emails at any time via the unsubscribe link in any message we send (see Section 20).

Data retention for calculator submissions

Calculator submissions that reach our CRM are retained for the duration of an active sales conversation and for up to 24 months after the last interaction, after which they are anonymized or deleted unless you become a client (in which case retention is governed by the engagement agreement) or you have asked us to retain longer for ongoing follow-up. See Section 10 (Data Retention) for the broader retention framework.

19. AI Services & Client Data

For client engagements involving AI development, model training, RAG pipelines, chatbots, or AI integrations:

• We process client-provided data strictly for the purpose defined in the project contract or Statement of Work (SOW).
• We do not use client confidential data to train general-purpose models for unrelated parties.
• Where third-party model providers are used (for example, large language model APIs from OpenAI, Anthropic, Google, etc.), we configure them to disable training on submitted data wherever the provider supports that option, and we use enterprise / API endpoints that offer such guarantees where applicable.
• For NSFW or adult-content projects (a documented Triple Minds practice area), additional safeguards including stricter access controls and review of content moderation are applied as defined in the project agreement.
• Specific data-handling commitments — including retention, deletion, sub-processors, and incident response — are governed by the signed agreement between Triple Minds and the client and, where applicable, a Data Processing Agreement (DPA).
• Outputs generated by AI systems may be probabilistic and should be reviewed by a qualified human before being used in production or for decisions affecting individuals.

20. Marketing & Email Communications

We may send you marketing emails about Triple Minds' services, case studies, blogs, calculators, events, and partnership opportunities. Where required by law, we will obtain your consent before doing so. You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email we send.
• Emailing sales@tripleminds.co with the subject line "Unsubscribe".

Even if you opt out of marketing, we may still send you transactional and service communications related to an active engagement (for example, project updates, invoices, security notices).

21. Do Not Track Signals

Most web browsers offer a "Do Not Track" (DNT) signal. Because there is currently no industry-wide standard for honouring DNT signals, our website does not respond to them. You can manage tracking through your browser settings, our cookie banner where available, or by following the opt-out instructions in section 8.

22. Data Breach Notification

In the unlikely event of a personal data breach affecting your information, Triple Minds will:

• Notify the relevant data protection authority (such as the Data Protection Board of India under the DPDP Act, or the relevant EU/UK supervisory authority) within 72 hours of becoming aware of the breach, where required.
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
• Take reasonable steps to contain, investigate, and remediate the incident, and to prevent recurrence.

23. Grievance Officer

In compliance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the Grievance Officer for Triple Minds is:

We will acknowledge complaints within 24 hours and aim to resolve them within 15 days of receipt, in line with applicable law.

24. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this page indicates when it was last revised. Material changes will be communicated through the website or, where appropriate, by direct notice. Your continued use of the website or services after such updates constitutes acceptance of the revised policy.

25. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your information, please reach out:

• Email: sales@tripleminds.co
• Phone (USA): +1 (929) 230-1231
• Phone (India): +91 0805 450 0666
• WhatsApp: +1 929 230 1231 (USA) · +971 55 107 6049 (UAE) · +44 7454 617546 (UK)
• Website: tripleminds.co