Glitch Galaxy Studios Logo

Privacy Policy

Last Updated: March 26, 2026

At Glitch Galaxy, based in Bengaluru, Karnataka, we value the trust you place in us. This Privacy Policy describes how we, as a Data Fiduciary, collect, use, process, and disclose your personal information in connection with your access to and use of our website glitchgalaxystudios.vercel.app and our development services.

This policy is drafted to comply with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection (DPDP) Act, 2023.

01. Definitions

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data.
  • "Data Fiduciary" means Glitch Galaxy, which determines the purpose and means of processing personal data.
  • "Data Processor" means any person or entity (like Supabase or Firebase) who processes personal data on behalf of the Data Fiduciary.
  • "Data Principal" refers to you, the individual to whom the personal data relates.

02. Information We Collect

We collect only the minimum information necessary to provide high-quality development services:

  • Identity & Contact Data: Name, email address, phone number, and business designation.
  • Transaction & Billing Data: GST details (where applicable), billing address, and payment history.
  • Project Specific Data: Source code, assets, business logic, and requirements shared during the development lifecycle.
  • Technical Data: IP address, browser type, device information, and site interaction logs collected via cookies for functional improvements.

03. Data Infrastructure & Outsourcing (Data Processors)

Glitch Galaxy does not maintain internal physical servers. We rely on world-class Data Processors to host and secure your information.

  • Primary Processors: We utilize platforms including Supabase, Firebase (Google Cloud), and Vercel.
  • Cross-Border Transfers: You acknowledge that these third-party providers may store data on servers located outside of India. We ensure that these transfers comply with the requirements of the DPDP Act 2023, ensuring the same level of protection is afforded to your data as under Indian law.
  • Security Standards: Our processors maintain rigorous certifications (SOC2, ISO 27001), providing a level of security that exceeds standard internal server capabilities.

04. What We DO NOT Do (Data Integrity Guarantee)

We maintain a strict stance on data ethics:

  • No Sale of Data: We never sell, rent, or trade your personal or project data to third-party marketers or data brokers.
  • No Unauthorized Sharing: We do not disclose your data to any third party except as required to fulfill our service (e.g., hosting providers) or when legally mandated by Indian law enforcement.
  • No Hidden Tracking: We do not engage in invasive behavioral tracking or profiling.

05. Use of Information & Legal Basis

We process your data under the following legal bases:

  • Consent: When you voluntarily provide details for a quote or project.
  • Contractual Necessity: To perform the development services you have hired us for.
  • Legitimate Interest: To maintain the security of our platform and improve our service efficiency.

06. Data Retention

We retain your personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected.
  • Comply with statutory periods under Indian tax and corporate laws.
  • Provide ongoing support for your developed projects.

Once the data is no longer required, we perform secure deletion from our cloud environments.

07. Your Rights as a Data Principal

Under the DPDP Act 2023, you have the following rights:

  • Right to Access: Obtain a summary of your personal data being processed.
  • Right to Correction: Update or complete any inaccurate or incomplete data.
  • Right to Erasure: Request the deletion of your data once the purpose of processing is finished.
  • Right to Grievance Redressal: The right to have your concerns addressed by our Grievance Officer.

08. Data Security

We implement "Reasonable Security Practices and Procedures" as defined under Section 43A of the IT Act. This includes:

  • Encrypted communication (SSL/TLS).
  • Strict access controls for project databases.
  • Regular monitoring of our third-party infrastructure for vulnerabilities.

09. Grievance Officer

To exercise your rights or report a concern, please contact our designated Grievance Officer in accordance with the IT Rules, 2021:

  • Name: Bhuvan J G
  • Designation: Grievance Officer
  • Email: glitchgalaxy.in@outlook.com
  • Address: Bengaluru, Karnataka, India

We will acknowledge your grievance within 24 hours and aim to provide a resolution within 15 days.

10. Updates to This Policy

We reserve the right to modify this policy to remain compliant with evolving Indian regulations. Significant changes will be notified via our website or email. Your continued use of our services constitutes acceptance of the updated policy.

END OF DOCUMENT // SYS.CORE.PRIVACY