Privacy Policy

1. Introduction

This Privacy Policy describes how Avinya Infotech, the owner and operator of FormuLabz ("FormuLabz", "we", "us", or "our"), collects, uses, stores, discloses, transfers, and protects information when you access or use the FormuLabz service ("the Service").

This Privacy Policy applies to personal data and related information processed in connection with the Service. It should be read together with the Terms and Conditions. If you do not agree with this Privacy Policy, do not use the Service.

2. Information We Collect

2.1 Account and Identity Information

• Name, email address, phone number, company name, company address, role, and similar account profile information.
• Authentication information such as hashed passwords, login timestamps, IP addresses, and user-agent details.
• Terms and Privacy acceptance records, including accepted versions, date, time, IP address, and user-agent information.

2.2 Billing and Transaction Information

• Billing contact details, billing country, tax information, transaction references, invoices, subscription status, and purchase history.
• Payment method information processed by Stripe or another payment processor. FormuLabz does not store full card numbers.

2.3 Business, Product, and Workflow Information

• Formulations, ingredient lists, concentrations, phase structures, labels, warnings, claims, testing records, quality data, batch records, workflow status, and related product information you create or upload.
• Supplier, client, manufacturer, laboratory, and operational information you enter into the Service.
• Documents, attachments, certificates, images, and other files you upload.

2.4 AI and Support Interaction Information

• Prompts, messages, attached context, AI outputs, and records of AI-assisted actions taken in the Service.
• Support requests, onboarding communications, implementation questions, and related correspondence.

2.5 Usage, Device, and Technical Information

• Browser type, operating system, device information, IP address, approximate location derived from technical signals, pages viewed, features used, logs, diagnostics, and performance information.
• Security, fraud-prevention, abuse-detection, monitoring, and audit information relating to account activity and Service usage.

3. How We Use Information

We may use information we collect to:

• Provide, operate, host, support, maintain, improve, and secure the Service.
• Create, store, display, transmit, export, and manage customer records, formulations, testing data, documents, and related workflow information.
• Process subscriptions, purchases, taxes, renewals, cancellations, refunds, credits, and payment-related support.
• Authenticate users, manage accounts, administer access, and enforce plan and feature restrictions.
• Provide AI-assisted features and related outputs.
• Respond to support requests, onboarding inquiries, and operational communications.
• Detect, investigate, and prevent fraud, abuse, misuse, security incidents, unauthorized access, chargebacks, and violations of our Terms.
• Comply with legal obligations, enforce contracts, resolve disputes, and protect our rights, users, and providers.
• Send service-related notices, billing notices, renewal notices, security alerts, legal notices, and other operational communications.
• Send product updates, newsletters, promotional emails, sponsored communications, and partner-related offers sent by FormuLabz, subject to the Privacy Policy, your preferences, and applicable law.

4. Marketing and Communications

• We may use your email address to send service announcements, account notices, billing notices, security notices, product updates, newsletters, promotions, and sponsored or partner-related messages sent by FormuLabz.
• We do not disclose your email address or personal data to third parties for their own independent marketing or advertising purposes unless you separately consent or applicable law otherwise permits it.
• You may opt out of promotional emails using the unsubscribe mechanism in the message or by contacting us, but you may still receive non-promotional operational or legal notices.

5. Third-Party Providers

We use third-party service providers to operate the Service. Those providers may process information on our behalf and may have their own privacy policies or service terms governing their services.

5.1 Payment Processing

Payments are processed through Stripe or another payment processor. Those providers receive payment and billing information necessary to process transactions. Their handling of payment information is governed by their own terms and privacy policies.

5.2 Hosting, Storage, and Infrastructure

Customer documents, files, attachments, logs, backups, and other information may be hosted or stored by third-party cloud, storage, infrastructure, monitoring, and email providers selected by FormuLabz. Those providers may be located in the United States or other jurisdictions.

5.3 AI Providers

If you use AI-enabled features, your prompts, attached context, and related information may be processed by third-party AI providers selected by FormuLabz. Those providers may have their own privacy policies and service terms. FormuLabz does not control all downstream practices of those providers.

5.4 Other Service Providers

We may also use providers for analytics, tax calculation, fraud prevention, communications, identity or business verification, and related operational support.

Our use of providers does not mean that their privacy policies replace this Privacy Policy. FormuLabz's own handling of data remains governed by this Privacy Policy and applicable law.

6. Aggregated and Summarized Information

We may create and use summarized, aggregated, and deidentified information for data analytics, pattern recognition, service analysis, reliability, security review, and similar internal business purposes, provided that the resulting information does not identify and is not reasonably linkable to any individual, company, product, formula, or confidential business information.

7. Sharing and Disclosure

We may disclose information in the following circumstances:

• To payment processors, cloud providers, hosting providers, storage providers, AI providers, email providers, tax providers, monitoring providers, and other service providers as reasonably necessary to operate the Service.
• To affiliates, contractors, advisors, auditors, insurers, or professional service providers who need the information for legitimate business, legal, security, or operational purposes and are subject to appropriate obligations.
• To comply with law, court orders, subpoenas, lawful requests, regulatory requirements, tax obligations, or legal process.
• To investigate, prevent, or respond to fraud, abuse, misuse, security incidents, Terms violations, suspected unlawful activity, or threats to the rights, property, or safety of FormuLabz, our users, providers, or others.
• In connection with a merger, acquisition, financing, restructuring, sale of assets, bankruptcy, or similar business transaction, subject to appropriate protections where required.
• With your direction or consent, such as where you intentionally share or export information using features of the Service.

8. International Transfers and Cross-Border Processing

FormuLabz and its providers may access, host, store, back up, transmit, or process information in the United States and other jurisdictions. As a result, your information may be transferred to countries that may have data protection laws different from those in your country or region.

Where required by applicable law, we may use contractual, organizational, technical, or other legally recognized safeguards for cross-border processing. Depending on the jurisdiction, additional steps, agreements, or safeguards may be required before certain uses of the Service are appropriate.

9. Legal Bases for Processing

Depending on your location and applicable law, we may process information on one or more of the following bases:

• To perform our contract with you and provide the Service you request.
• To comply with legal obligations.
• For our legitimate interests, including operating, securing, maintaining, improving, and protecting the Service, so long as those interests are not overridden by applicable legal rights.
• With your consent, where consent is required.

10. Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with law, resolve disputes, enforce agreements, maintain backups, and protect against fraud or abuse.

• Active account information is generally retained while the account remains active.
• Billing, tax, and transaction records may be retained as required for accounting, tax, audit, legal, and operational purposes.
• Support records, usage logs, security records, and audit records may be retained for legitimate operational, legal, fraud-prevention, and security purposes.
• Deleted information may remain in residual backups, archives, or legal preservation systems for a limited period consistent with our retention practices and legal obligations.

11. Security

We use commercially reasonable administrative, technical, and organizational safeguards intended to protect information processed through the Service. These may include access controls, authentication measures, encrypted transmission, audit logging, provider controls, and other security practices.

However, no system, network, cloud service, storage environment, algorithm, or transmission method is completely secure or guaranteed to be free from unauthorized access, loss, misuse, breach, or other security incidents.

To the extent permitted by applicable law, FormuLabz is not responsible for data breaches, leaks, unauthorized access, or security incidents that occur despite reasonable safeguards or that arise from causes beyond our reasonable control, subject to any non-waivable legal obligations.

12. Your Choices and Rights

Depending on your location and applicable law, you may have rights to access, correct, update, delete, restrict, object to, or request portability of personal data. You may also have rights relating to consent withdrawal, direct marketing, or complaints with a regulator.

• You may update certain account information through the Service.
• You may opt out of promotional emails while continuing to receive essential operational communications.
• You may request access, correction, deletion, or other privacy-related action by contacting us using the details below.

We may need to verify your identity or authority before acting on certain requests, and we may decline or limit requests where permitted by law.

13. Children's Privacy

The Service is not directed to children and is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child in a manner inconsistent with applicable law, we will take reasonable steps to delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We may provide notice of material changes by email, in-product notice, posted update, or other reasonable means. The version date at the top of the Privacy Policy indicates when it was last updated.

15. Contact

For privacy-related requests or questions, please contact:

• Privacy: privacy@formulabz.com
• Legal: legal@formulabz.com
• Support: support@formulabz.com
• Grievance officer (India, if applicable): grievance@formulabz.com