Privacy Policy
Last Updated: 17th Nov 2025

1. Introduction

Mutex Lock Technologies Pvt Ltd  (“we,” “us,” “our”) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, retain, and dispose of personal information when you (or your organization) use our services, website, or otherwise interact with us.

2. Scope & Applicability

This policy applies to:

  • Users of our software-as-a-service (SaaS) platform for software supply chain security.

  • Visitors to our website.

  • Prospective or existing customers, business partners, and third parties whose data we process.

3. Information We Collect

We may collect the following categories of personal information:

  1. Contact Information: Name, email address, phone number, company name, job title.

  2. Account Information: Credentials, usage metadata, activity logs related to how you interact with our platform.

  3. Behavioral / Operational Data: Telemetry, security events, audit logs, risk data (relevant to supply chain security).

  4. Device & Technical Data: IP address, browser type, device identifiers, operating system, cookies.

  5. Support Data: When you contact support, we may collect transcripts, logs, diagnostic data, and any information you share to resolve your issue.

  6. Third-Party Data: Data we receive from our customers (e.g., their users, via integrations), or from subprocessors/vendors.

4. Legal Basis & Consent

  • We will collect and process personal information based on relevant legal bases (e.g., contractual necessity, legitimate interest, consent).

  • For data collected via our website (e.g., contact forms), we may rely on explicit consent.

  • For operational data (e.g., security logs), we rely on legitimate interest, since it’s essential for providing and securing our services.

  • We provide mechanisms for you to withdraw consent where applicable.

5. Use of Personal Information

We use personal information for the following purposes:

  • To provide, maintain, and improve our services (including security, compliance, and operational features).

  • To communicate with you (e.g., onboarding, support, product updates).

  • To perform analytics, diagnostics, and threat detection relevant to software supply chain security.

  • To comply with legal, regulatory, and contractual obligations.

  • To manage third-party vendors and sub-processors securely.

  • To respond to user requests, such as access, correction, or deletion.

6. Retention & Disposal

  • We retain personal information only as long as needed to fulfill the purposes for which it was collected, or as required by law or contractual obligations.

  • We define specific retention periods for different categories of data (e.g., account data, logs, telemetry).

  • When data is no longer needed, we securely dispose of it (or anonymize it), using industry-standard methods appropriate to the data type and risk.

7. Access, Correction & Deletion

  • You have the right to access the personal data we hold about you.

  • You may request correction of inaccurate or incomplete data.

  • You may request deletion of your personal data, subject to our obligations to retain certain data (e.g., for security/audit purposes).

  • To make access/correction/deletion requests, please contact us at: [Contact Email / Data Protection Officer (DPO) Contact].

8. Disclosure to Third Parties

We may share personal information with:

  • Sub-processors / Vendors: Third parties who perform services on our behalf (e.g., cloud providers, analytics).

  • Customers: When their data flows through our system (e.g., via integrations), we may share data back as per contractual agreements.

  • Legal / Regulatory Authorities: If required by applicable law, regulation, or to respond to lawful requests.

  • Business Transfers: In event of a merger, acquisition, or sale, personal data may be transferred, subject to confidentiality and data protection safeguards.

When we disclose, we ensure:

  • Appropriate contractual agreements (e.g., Data Processing Agreements) are in place.

  • Vendors are assessed for data protection practices.

  • Transfers outside your region are governed by appropriate safeguards (e.g., Standard Contractual Clauses) if relevant.

9. Security of Personal Information

  • We implement technical and organizational measures to protect personal data, consistent with our SOC 2 controls (e.g., encryption, access controls, monitoring).

  • We maintain an incident response plan for any data breaches, and will notify affected parties in line with applicable laws and our contractual obligations.

  • We conduct regular audits, risk assessments, and third-party reviews to ensure the robustness of our controls.

10. Cookies & Tracking Technologies

  • We use cookies, web beacons, and similar technologies on our website.

  • We explain the categories (e.g., essential, analytics) and provide options to manage preferences via a cookie banner or settings.

  • We do not use tracking for behavioral advertising beyond what is necessary for our service.

11. International Data Transfers

  • If we transfer data internationally, we ensure it is protected under recognized legal mechanisms (e.g., EU Standard Contractual Clauses) or under other data transfer frameworks, depending on destination.

  • We periodically review our data flows and ensure compliance with relevant data protection laws.

12. Children’s Privacy

  • Our services are not intended for children under [age].

  • We do not knowingly collect personal data from minors. If we become aware, we will take steps to delete it.

13. Data Subject Rights (Depending on Jurisdiction)

Depending on your location, you may have additional rights under privacy laws (e.g., GDPR, CCPA):

  • Rights to object or restrict processing

  • Right to data portability

  • Right to withdraw consent

  • Right to lodge a complaint with a supervisory authority

Check your local or regional privacy laws or contact us to know more.

14. Monitoring & Enforcement

  • We maintain internal processes to monitor compliance with this Privacy Policy, aligned to SOC 2 “Monitoring & Enforcement” criteria.

  • We periodically review and update this policy, and communicate material changes via our website or direct notice to users.

15. Changes to This Policy

  • We may update this Privacy Policy from time to time.

  • Material changes will be notified to users via email or prominent notice on our site.

  • The “Last Updated” date at the top reflects when the current version took effect.

 

Contact Us