Privacy Policy
Last Updated: May 08, 2026
1. Introduction & Overview
Thinkraft Technologies (“we,” “us,” “our,” or the “Studio”), a premier product launch studio headquartered in Vadodara, Gujarat, India, is committed to the highest standards of data protection and privacy. This Privacy Policy outlines our practices regarding the collection, use, processing, storage, and protection of information that identifies or can be used to identify a natural person (“Personal Data”).
We believe that privacy is not just a regulatory hurdle, but a fundamental pillar of a healthy digital society. In an era where personal information is frequently commoditized and traded without sufficient oversight, Thinkraft Technologies stands as a bastion of digital sovereignty. Our protocols are designed from the ground up to minimize data surface area, maximize user control, and ensure that every byte of information we handle is treated with the respect it deserves.
This Policy is exhaustive by design. It is intended to provide you with a deep, transparent look into our operations, our relationships with third-party vendors, and the technical safeguards we have implemented to ensure your peace of mind. Whether you are a casual visitor, a potential partner, or a long-term client, this document serves as our binding commitment to your privacy.
2. The Manifesto of Digital Sovereignty
Digital sovereignty is the right of individuals to have control over their own digital presence and data. At Thinkraft Technologies, we operationalize this through three core principles:
I. Explicit Intent
We never collect data through deception or hidden trackers. Every interaction that involves data collection is preceded by a clear, human-readable disclosure.
II. Minimal Surface Area
We only ask for the data we absolutely need to perform the requested service. If a data point doesn't directly contribute to the value we provide you, we don't want it.
III. Immutable Security
Data protection is not a checkbox; it's a constant state of engineering. We use military-grade encryption and zero-trust architectures to protect your information.
3. Comprehensive Data Inventory
To provide our services, we process several categories of information. Each category is handled with a different level of security and sensitivity:
3.1 Technical & Usage Metadata
This data is generated automatically by our infrastructure to ensure the site is running correctly and securely:
- Network Identifiers: We process redacted IP addresses. Our systems automatically mask the last octet of your IP address before it is recorded in any permanent log, ensuring we can track general geographic trends without identifying individual households.
- Device Fingerprinting (Minimal): We analyze browser types, screen resolutions, and operating system versions solely to ensure our premium design renders perfectly on your specific hardware. We do not use this to build cross-site profiles.
- Traffic Patterns: We use ephemeral session cookies to understand how users move through our site. This helps us identify confusing navigation paths or broken links.
3.2 Communication & Inquiry Data
Information provided voluntarily when you reach out to the Studio:
- Personal Identifiers: Your full name and professional email address. We use this exclusively to address you personally and provide the requested information.
- Business Context: Your company name, industry, and current technical challenges. This helps us tailor our initial strategy calls to your specific market needs.
- Strategic Ambitions: The details of the project you wish to build. This information is treated as highly confidential and is only shared with the specific engineering leads who would be responsible for the project's execution.
3.3 Financial & Statutory Compliance Data
Strictly for clients who have entered into a formal partnership with Thinkraft Technologies:
- Taxation Identifiers: GSTIN for Indian entities and relevant VAT/Tax IDs for international clients. This is mandatory for our compliance with global financial auditing standards.
- Banking Information: Account numbers and SWIFT codes for processing wire transfers. This data is never stored on our web servers; it is managed through secure, air-gapped financial systems.
- Corporate Verification: Official business addresses and signatory details required for the execution of legally binding Master Services Agreements (MSAs).
4. Deep Dive: Legal Basis for Processing
In accordance with global privacy frameworks like the GDPR and the Indian DPDP Act, every act of processing must have a "lawful basis." Thinkraft Technologies operates under the following four pillars:
A. Explicit & Informed Consent
This is our primary basis for non-essential data. When you fill out our form, you are giving us explicit permission to use that data to contact you. You can withdraw this consent at any time, and we will immediately halt all processing of the associated data.
B. Contractual Obligation
Once you hire Thinkraft Technologies, we process your data because it is necessary to fulfill our side of the contract. This includes project delivery, technical support, and providing you with the final work product and its associated intellectual property rights.
C. Legitimate Business Interest
We process certain metadata to protect our infrastructure. This includes bot detection, preventing brute-force attacks on our inquiry forms, and performing high-level analytics to ensure our website meets the performance expectations of our visitors.
D. Statutory Legal Mandate
We are required by the laws of India and international tax treaties to maintain certain records for specific periods. This includes invoice records, tax withholding documentation, and audit logs required by financial regulators.
5. The Cookie Protocol: A Detailed Breakdown
Thinkraft Technologies does not use cookies for advertising or cross-site tracking. Our cookies are categorized into three distinct tiers of necessity:
Essential Operations Cookies
These are "First-Party" cookies that are strictly necessary for the site to function. They handle session state and CSRF (Cross-Site Request Forgery) protection. They expire as soon as you close your browser tab. They do not contain any information that can be used to track you after you leave our site.
Anonymous Analytics Cookies
Through Google Analytics and Microsoft Clarity, we gather aggregate data about site performance. These cookies are only placed if you affirmatively click "Accept" on our consent banner. We use "IP Masking" to ensure that the data sent to these providers cannot be linked back to your specific internet connection.
Preference & UX Cookies
These remember your personal settings, such as your dark mode preference or your interaction with our floating contact buttons. They aim to make subsequent visits to Thinkraft Technologies more seamless and tailored to your browsing style.
6. Data Retention & Erasure Schedule
"We do not keep data for a minute longer than it provides value to you or meets a legal requirement."
Prospect & Inquiry Data
If an inquiry does not result in an active project within 180 days, we purge the associated personal identifiers. We keep only the project's high-level industry and budget bracket for our internal market trend analysis.
Communication Logs
General email correspondence is archived after 1 year of inactivity and permanently deleted after 3 years, unless there is an ongoing contractual relationship that requires longer retention.
Active Client Data
We retain project-related data for the duration of the project plus 2 years. This allows us to provide technical support and ensure the smooth transition of assets if the client returns for a subsequent phase.
Statutory Financial Records
Invoices, tax identifiers, and payment records are retained for a period of 7 fiscal years to comply with the requirements of the Indian Income Tax Department and the Ministry of Corporate Affairs.
7. The Technical Fortress: Security Infrastructure
Our security protocols are built on the principle of "Defense in Depth." We assume that every layer could be compromised and build redundant protections to ensure your data remains safe:
Encryption Mastery
We use TLS 1.3 for all data in transit and AES-256 for data at rest. Our encryption keys are managed using dedicated Hardware Security Modules (HSMs) and are rotated automatically every 30 days.
Zero-Trust Access
No Thinkraft Technologies employee has standing access to client data. Access is granted on a "Just-in-Time" basis, requires Multi-Factor Authentication (MFA), and is logged in an immutable audit trail.
Edge Protection
We utilize Cloudflare’s global edge network to block DDoS attacks, SQL injections, and other malicious traffic. Our servers are distributed across multiple regions to ensure high availability and data redundancy.
8. International Data Governance
As a global studio, we process data across multiple jurisdictions. We ensure that your information receives the same high level of protection regardless of where it is processed:
Transatlantic Data Flows: For data originating in the European Economic Area (EEA) or the United Kingdom, we rely on Standard Contractual Clauses (SCCs) to ensure that our global infrastructure meets European data protection standards.
US Infrastructure: Our primary hosting partners (Vercel, Supabase) are based in the United States. We ensure they are compliant with the EU-U.S. Data Privacy Framework or provide equivalent contractual protections.
Indian Sovereignty: Our headquarters and core processing operations are located in India. We comply with all directives from the Ministry of Electronics and Information Technology (MeitY) and the Digital Personal Data Protection Act (DPDP).
9. Your Rights: The Comprehensive Catalog
We empower you with the following rights over your personal information. To exercise any of these, simply send a request to our Privacy Officer:
9.1 Right to Transparent Information
You have the right to know what data we collect, why we collect it, and who we share it with. This exhaustive policy is our primary method of fulfilling this right.
9.2 Right of Access & Inspection
You can request a copy of all the personal information we hold about you. We will provide this in a standard JSON format within 30 days.
9.3 Right to Rectification (Correction)
If you find that any of the data we hold is inaccurate or incomplete, we will correct it immediately upon your request.
9.4 Right to Erasure (The "Right to be Forgotten")
You can request the permanent deletion of your data. We will scrub it from all active and backup systems unless we are legally required to retain it for tax purposes.
9.5 Right to Data Portability
You have the right to receive your data in a machine-readable format so that you can transfer it to another service provider without any technical barriers.
9.6 Right to Withdraw Consent
At any time, you can withdraw your permission for us to process your data. This will immediately halt all future processing based on that consent.
10. Specialized Compliance Sections
Children's Online Privacy Protection (COPPA)
Our services are designed strictly for professional business audiences. We do not knowingly collect or solicit personal information from children under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it with maximum urgency. Parents or guardians who believe we have such data should contact us immediately.
California Consumer Privacy Rights (CCPA/CPRA)
For residents of California, we confirm that we do not "sell" your personal information to third parties. We do not use your information for cross-context behavioral advertising. You have the right to opt-out of any processing that does not meet the "Contractual Necessity" or "Legal Obligation" criteria.
Indian Digital Personal Data Protection Act (DPDP 2023)
Thinkraft Technologies adheres to all provisions of the DPDP Act. You have the right to seek grievance redressal and to nominate a person to manage your data rights in the event of your death or incapacity. Our Data Protection Officer (DPO) serves as the primary point of contact for all DPDP-related inquiries.
11. Changes & Evolution of the Protocol
This Privacy Policy is a living document. As technology advances and new regulations emerge, we will update our practices to ensure we remain at the forefront of digital privacy. Significant changes will be announced via:
- An update to the "Last Updated" date at the top of this page.
- A visual notification on our homepage for a period of 30 days following the change.
- A direct email to all current clients and partners with whom we have an active engagement.
We encourage you to review this page periodically to stay informed about our unwavering commitment to protecting your digital sovereignty.
Privacy Concerns? Reach Out.
If you wish to exercise your rights, report a suspected data breach, or seek deeper technical clarification on our security architecture, our Privacy Office is ready to assist.
Primary Channel
connect@thinkraft.techBackup Channel
thinkraftsoftware@gmail.comThinkraft Technologies
B-102, Prakruti Homes, Waghodia Dabhoi Ring Road
Vadodara, Gujarat, India — 390025