Privacy Policy

Effective Date: 24 December 2025

This Privacy Policy explains how Tech PR77 Labs Pvt Ltd, a company incorporated in India with its principal place of business in New Delhi ("Company", "we", "our", or "us"), collects, uses, discloses, and protects personal data in connection with the use of hookVM (the "Service").

1. Application and Scope

hookVM is a business-to-business (B2B) software-as-a-service (SaaS) platform.

This Privacy Policy applies to:

  • Business customers that create accounts with hookVM
  • Authorized users acting on behalf of customers
  • End users whose data is processed as part of a customer's implementation of the Service

This Privacy Policy does not apply to personal data that customers process using the Service for their own purposes. Customers are responsible for ensuring compliance with applicable data protection laws for such processing.

The Service is not intended for personal, household, or consumer use.

2. Roles and Responsibilities

For account management, billing, and operational data, Tech PR77 Labs Pvt Ltd acts as a data controller.

For data, payloads, content, or information submitted by customers or their end users ("Customer Data"), the Company acts as a data processor and processes such data solely on documented instructions from the customer, as governed by applicable data processing agreements.

3. Categories of Information We Collect

3.1 Account and Business Information

  • Name
  • Work email address
  • Authentication information (such as hashed passwords, API keys, or access tokens)
  • Organization name and account identifiers

3.2 Billing and Payment Information

  • Billing address
  • Transaction metadata
  • Subscription and invoice records

Payments are processed by Razorpay, which acts as an independent data controller. We do not store full card numbers or sensitive payment credentials.

3.3 Customer Data

Customer Data includes any data, payloads, files, API requests or responses, logs, webhook data, or other information submitted to the Service by or on behalf of customers. The nature, scope, and purpose of Customer Data are determined solely by the customer.

3.4 Automatically Collected Information

  • IP address
  • Browser type, operating system, and device identifiers
  • Usage logs, timestamps, and interaction metadata

4. Cookies and Analytics

We use cookies and similar technologies for analytics and performance monitoring.

We use Google Analytics to understand aggregate usage trends, feature adoption, and system performance. We do not use cookies for targeted advertising or behavioral marketing.

Where required by applicable law (including EU ePrivacy and GDPR), we obtain user consent before placing non-essential cookies. Users may manage cookie preferences through our cookie banner or browser settings.

5. Purposes of Processing

We process personal data for the following purposes:

  • Provisioning, operating, and maintaining the Service
  • User authentication and access control
  • Processing subscriptions and payments
  • Providing customer support and resolving issues
  • Monitoring system performance, reliability, and security
  • Preventing fraud, abuse, or misuse of the Service
  • Sending transactional communications and service-related updates
  • Sending marketing communications where permitted by law or based on user consent
  • Compliance with legal and regulatory obligations

6. Legal Bases for Processing

Where applicable under GDPR, UK GDPR, and similar laws, we rely on the following legal bases:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests in operating, securing, and improving the Service
  • User consent, where required by law

7. Data Sharing and Subprocessors

We do not sell personal data.

We may share personal data with trusted subprocessors solely to operate and support the Service, including:

  • Google Cloud Platform (infrastructure and hosting)
  • Razorpay (payment processing)
  • Google Analytics (usage analytics)

All subprocessors are contractually bound to process data only as instructed and to implement appropriate security measures. An updated list of subprocessors is available upon request.

8. International Data Transfers

Personal data may be processed in countries outside your jurisdiction, including the United States and the European Union.

Where required by law, international data transfers are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms. EU-region data storage may be available for certain subscription plans.

9. Data Retention

  • Account and billing data is retained for up to 30 days after account termination, unless longer retention is required by law, dispute resolution, or legitimate business purposes.
  • Customer Data is retained for up to 30 days after termination and is then deleted or anonymized, unless otherwise required by law or agreed with the customer.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, monitoring, and incident response procedures. Security controls are designed in line with industry best practices.

11. Data Subject Rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete personal data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent where processing is based on consent

Requests may be submitted using the contact details below. We may verify your identity before responding.

12. Marketing Communications

We may send marketing communications related to the Service. Where required by law, such communications are sent only with prior consent. Users may opt out at any time using the unsubscribe link in emails or by contacting us directly.

13. Regulatory Compliance

We comply with applicable data protection laws, including:

  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • India Digital Personal Data Protection Act, 2023

Grievance Officer (India DPDP Act)

For grievances under the India DPDP Act, 2023:

  • Grievance Officer
  • Email: privacy@hookvm.com

Response time will be in accordance with applicable law.

14. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated effective date.

15. Contact Information

For privacy-related inquiries or requests:

  • Email: privacy@hookvm.com
  • Company: Tech PR77 Labs Pvt Ltd
  • Location: New Delhi, India