Privacy Policy

Effective date: April 18, 2026

ThynkBlox (“ThynkBlox”, “we”, “our”, or “us”) respects your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit thynkblox.com, use any of our web applications, install or use our mobile applications, or otherwise interact with our services (collectively, the “Services”).

This Policy is published in accordance with the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and the rules thereunder, and, where applicable to users in the European Economic Area (EEA) and the United Kingdom, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

1. Information We Collect

1.1 Information You Provide Directly

  • Contact details — name, email address, phone number, company, role, and country, submitted through contact, demo, or quote forms.
  • Project information — descriptions of your project, requirements, budgets, timelines, attachments, and any content you choose to share with us.
  • Account credentials — if any of our applications require an account, your username and a hashed password.
  • Communications — emails, WhatsApp messages, phone calls, and other correspondence.

1.2 Information Collected Automatically

  • Device and usage data — IP address, device identifiers, browser type and version, operating system, referring URLs, pages viewed, time spent, click events, and crash reports.
  • Cookies and similar technologies — see our Cookie Policy for details and how to opt out.
  • Mobile app data — for users of our mobile applications, we may collect device model, OS version, language, time zone, app version, app interaction events, and diagnostic data. We do not access your camera, microphone, contacts, location, or photos unless the specific feature you use requires it and you grant permission.

1.3 Information from Third Parties

We may receive information from analytics providers, advertising platforms, payment processors, hosting partners, and authentication providers (e.g., Google, GitHub) when you interact with us through them.

2. How We Use Your Information

  • To deliver, operate, and maintain the Services.
  • To respond to enquiries, proposals, and support requests.
  • To create, manage, and bill for client engagements.
  • To improve, personalise, and secure the Services, including debugging and abuse prevention.
  • To send transactional emails and, with your consent where required, marketing communications.
  • To comply with legal obligations and enforce our agreements.

3. Legal Basis for Processing (EEA / UK Users)

Where the GDPR applies, we rely on the following lawful bases: (a) consent — for marketing communications and non-essential cookies; (b) contract — to deliver services you have requested; (c) legal obligation — to comply with applicable law; and (d) legitimate interests — to operate, secure, and improve the Services, balanced against your rights and freedoms.

For users in India, we process personal data on the basis of your consent or for the specified legitimate uses permitted under the Digital Personal Data Protection Act, 2023.

4. Sharing and Disclosure

We do not sell your personal information. We share it only as follows:

  • Service providers — cloud hosting, email delivery, analytics, customer support, and payment processing vendors acting on our instructions under written agreements.
  • Affiliates and subcontractors — bound by confidentiality obligations equivalent to those in this Policy.
  • Legal and safety — to comply with law, lawful requests from public authorities, or to protect the rights, property, or safety of ThynkBlox, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

5. International Data Transfers

ThynkBlox is based in India. If you access the Services from outside India, your personal data will be transferred to, stored, and processed in India and other jurisdictions where our service providers operate. Where we transfer personal data of EEA/UK users outside those regions, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer required, we delete or anonymise it.

7. Your Rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of your data;
  • restrict or object to certain processing;
  • withdraw consent at any time without affecting prior lawful processing;
  • request portability of your data in a structured, machine-readable format;
  • nominate another individual to exercise your rights in case of death or incapacity (DPDP Act);
  • lodge a complaint with the Data Protection Board of India or your local supervisory authority (GDPR).

To exercise any of these rights, contact our Grievance Officer using the details in Section 12. We will respond within the timelines required by applicable law.

8. Security

We use administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS), access controls, least-privilege authorisation, security logging, and regular reviews. No system is perfectly secure; if you believe your data has been compromised, contact us immediately.

9. Children’s Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it. Where verifiable parental consent is required under the DPDP Act, we will obtain it before processing children’s data.

10. Mobile Applications — Permissions and Tracking

Our mobile applications may request operating-system permissions (camera, photos, files, notifications, location) only to deliver features you use. You can revoke permissions at any time in your device settings. We comply with the Apple App Store and Google Play policies on data collection, sharing, and tracking, and we declare data practices in the relevant store listings.

11. Changes to This Policy

We may update this Policy from time to time. The “Effective date” at the top indicates when it was last revised. Material changes will be notified through the Services or by email where appropriate.

12. Contact & Grievance Officer

For questions or to exercise your rights, contact our Grievance Officer (designated under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023):