← Return to Home

Privacy Policy

Last Updated: January 2026

Applicable Frameworks: Digital Personal Data Protection Act 2023 (India) & EU General Data Protection Regulation (GDPR)

Role Designation:
For account and billing data, Urbane Labs acts as the Data Fiduciary/Controller. For supply chain documents uploaded via our platform or Zero-Login Supplier Portal, the Customer acts as the Data Controller, and Urbane Labs acts strictly as the Data Processor.

1. Data We Collect

Example data types we collect include:

  • Identity Data: Name, Email Address (via Supabase/Privy).
  • Financial Data: Billing address, Payment method details (processed by Stripe).
  • Technical Data: IP Address, Wallet Public Key, Browser type and version.
  • Supplier & OCR Data: Invoices, certificates, and compliance documents uploaded for processing. We extract text via AI models solely for your compliance mapping. This data is never used to train foundational AI models.

2. The Blockchain & Immutability

Due to the immutable nature of the Solana blockchain, data explicitly minted on-chain (Product GTINs, Carbon Scores, Batch IDs, Public Keys) cannot be edited or erased.

By using our "Mint" feature, you consent to this specific data becoming a permanent public record. For all off-chain data (Account details, Drafts), you retain full rights to correction and erasure.

3. Confidential Computing

For highly sensitive supply chain data (e.g., Tier 2/Tier 3 Supplier Identities, exact BOM costs), Urbane Labs utilizes Arcium's Confidential Computing Network. This ensures your proprietary trade secrets are processed inside encrypted enclaves (Multi-Party Computation) and are never exposed in plaintext to our servers, unauthorized third parties, or the public blockchain.

4. Cross-Border Data Transfer

We process data primarily in India and the United States (via SOC2-compliant infrastructure partners). By utilizing our platform, EU-based Customers consent to this processing under standard contractual clauses (SCCs) ensuring GDPR-equivalent data protection.

5. Grievance Redressal

In accordance with the Information Technology Act 2000 and the Digital Personal Data Protection Act 2023, the contact details of the Grievance Officer are provided below:

Name: Aditya R (Founder)

Designation: Grievance Officer

Email: adityaranjan@urbanelabs.xyz

Address: Bangalore, Karnataka, India

We will respond to all grievances within 24 hours and redress them within 15 days of receipt.

6. Your Rights

  • Right to Access: Request a summary of personal data processed.
  • Right to Correction: Update inaccurate or misleading personal data.
  • Right to Erasure: Request deletion of data (subject to blockchain limitations).
  • Right to Grievance Redressal: As detailed above.

Urbane Labs Inc. • Bangalore, India • Urbane Labs is a data infrastructure provider. Final legal verification of EU compliance data remains the sole responsibility of the brand.