Privacy Policy

Effective Date: April 4, 2025

Last Updated: April 4, 2025

Registered Entity: Dudi Labs LLP

1. Introduction

At Laritor(Dudi Labs LLP), your privacy is important to us.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services. It also describes your rights under data protection laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), UK Data Protection Act, and applicable Indian data privacy regulations.
This policy applies to:

  • Visitors of our website
  • Registered users of the Laritor platform
  • Anyone who interacts with us in relation to our services (e.g., support, billing, third-party integrations)

By using Laritor, you agree to the terms of this Privacy Policy and consent to the processing of your personal data as described here.
If you have any questions, concerns, or requests related to your personal information, you can contact us at [email protected].

2. Definitions

For the purposes of this Privacy Policy:

  • Personal Data means any information that relates to an identified or identifiable individual. This may include names, email addresses, IP addresses, or other identifiers collected through Laritor.
  • Usage Data refers to data collected automatically, either generated by your use of the service or from the service infrastructure itself. This includes performance metrics, request logs, error traces, and metadata.
  • Processing means any operation performed on Personal Data, whether or not by automated means, such as collection, storage, use, disclosure, or deletion.
  • Data Controller means the legal entity (Laritor, registered in Telangana, India) that determines the purposes and means of the processing of personal data.
  • Data Processor means a third-party service provider who processes personal data on behalf of Laritor, in accordance with our instructions.
  • Subprocessor refers to any Data Processor engaged by Laritor to assist in providing the service, such as hosting providers or analytics vendors.
  • You means the individual or entity accessing or using our service.

3. What Information We Collect

We collect different types of information to provide and improve Laritor’s services. This includes both Personal Data and Usage Data:

3.1 Information You Provide

When you use Laritor, you may voluntarily provide us with:

  • Your name and email address (e.g., during sign-up or support requests)
  • Authentication details (e.g., password, MFA setup)
  • Billing and payment information (processed securely via Paddle or other providers)
  • Project configuration data (e.g., monitored app names, environments)

3.2 Information We Collect Automatically (When you install our software in your system)

We automatically collect technical and usage data from your interactions with our platform, including:

  • Application performance metrics (e.g., request durations, task health)
  • Server and application logs
  • IP address and device information
  • Timestamps, user agent data, and geographic region (based on IP)

3.3 Cookies and Tracking Technologies

We use minimal and essential cookies for:

  • User authentication and session management
  • Security and fraud prevention
  • Consent preference tracking

For analytics, we use privacy-friendly solutions (e.g., cookieless Google Analytics) that do not store personal identifiers. You will not be tracked without consent where required by law.

3.4 Third-Party Integrations

When you connect Laritor to a third-party service (e.g., Slack, Microsoft Teams), we process and transmit only the data necessary to deliver alerts and notifications through that service. We do not access or store more data than required for these integrations.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 To Provide and Operate the Service

  • Monitor application and server performance
  • Detect and notify you of incidents, anomalies, or performance regressions
  • Deliver insights, dashboards, and alerting functionality
  • Enable third-party integrations you authorize (e.g., Slack notifications)

4.2 To Improve and Optimize the Platform

  • Analyze usage trends and user behavior
  • Conduct internal research to improve system performance and feature effectiveness
  • Ensure infrastructure stability, availability, and scalability

4.3 For Communication and Support

  • Respond to support inquiries and technical requests
  • Send important service-related communications (e.g., outages, feature updates)
  • Deliver onboarding or educational resources to help you use Laritor more effectively

4.4 For Billing and Account Management

  • Process subscription payments and overage charges
  • Notify users of expiring trials, failed payments, or billing issues
  • Manage account upgrades, downgrades, or cancellations

4.5 For Legal and Compliance Obligations

  • Enforce our Terms of Service and Acceptable Use Policy
  • Detect and prevent fraud, abuse, or security breaches
  • Comply with applicable data protection laws and respond to lawful data access requests

We do not sell or rent your personal data. We do not use your data for third-party advertising or profiling.

5. Legal Basis for Processing (for GDPR users)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction where the General Data Protection Regulation (GDPR) applies, we process your personal data based on the following lawful bases:

5.1 Performance of a Contract

We process your data as necessary to provide the Laritor service you have subscribed to, including monitoring, alerting, reporting, and technical support.

5.2 Your Consent

Where required, we rely on your explicit consent for:

  • Setting optional cookies and tracking technologies
  • Connecting to third-party services (e.g., Slack)
  • Receiving marketing communications (if enabled)

You may withdraw consent at any time by updating your preferences or contacting us at [email protected].

5.3 Legitimate Interests

We may process your data for purposes such as improving service functionality, ensuring platform security, or performing internal analytics — provided these interests do not override your fundamental rights and freedoms.

5.4 Legal Obligations

We may process your data to comply with tax, regulatory, cybersecurity, or legal reporting obligations.

5.5 Vital Interests (Rare Cases)

In rare and exceptional cases, we may process personal data to protect your vital interests or those of another individual (e.g., security-related emergencies).

6. How We Share Your Data

We value your trust and are committed to limiting how your personal data is shared. Laritor does not sell or rent your data to third parties. We only share data as described below and only to the extent necessary to operate our service effectively.

6.1 User-Authorized Third-Party Integrations

We share data only with third-party services that you explicitly connect, such as:

  • Slack, Microsoft Teams, or other alerting tools
  • Incident management tools like PagerDuty (if integrated)

Only relevant data (e.g., incident messages, performance alerts) is sent. We do not share full application logs or sensitive data unless explicitly required by the integration.

6.2 Service Providers and Subprocessors

We use trusted third-party vendors (subprocessors) to support key parts of our service:

  • Cloud infrastructure and storage (e.g., Digital Ocean, AWS, GCP)
  • Payment processing (e.g., Paddle)
  • Analytics and monitoring services
  • Email and communication platforms

All subprocessors are contractually bound by data protection agreements, and we ensure they comply with relevant laws (e.g., GDPR, CCPA).

6.3 Legal and Regulatory Compliance

We may disclose your personal data if required to do so by law or in response to valid legal requests by public authorities, including:

  • Court orders
  • Subpoenas
  • Law enforcement investigations

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or asset sale, your personal data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

7. International Data Transfers

Laritor operates globally, and your data may be transferred to and processed in countries other than your country of residence. This includes, but is not limited to, transfers to:

  • India (where Laritor is headquartered and registered)
  • The United States (for infrastructure and subprocessors)
  • European Union or other jurisdictions based on service dependencies

We ensure that such transfers are carried out in compliance with applicable data protection laws and that your rights are protected.

7.1 EU and UK Users

For users located in the European Economic Area (EEA) or the United Kingdom, we implement the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding contractual obligations with subprocessors to maintain GDPR-compliant practices

7.2 Indian Users

Data transfers from or to India are performed in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

7.3 Other Jurisdictions

We comply with other applicable international privacy laws and ensure that any third parties processing data on our behalf offer comparable levels of protection.

8. How We Secure Your Data

At Laritor, protecting your data is a top priority. We implement industry-standard technical and organizational measures to safeguard your information from unauthorized access, disclosure, alteration, or destruction.

8.1 Data in Transit

  • All data transmitted between your systems and Laritor is encrypted using SSL/TLS (HTTPS) protocols.
  • API traffic and third-party integrations are secured using token-based authentication.

8.2 Data at Rest

  • Data stored in our systems and databases is protected using encryption and access controls.
  • Sensitive user credentials (e.g., passwords) are stored using industry-approved hashing algorithms.

8.3 Access Controls

  • We use role-based access control (RBAC) to restrict access to personal and application data.
  • Only authorized employees or contractors with a business need can access user data, and all access is logged and monitored.

8.4 Platform Hardening

  • Regular vulnerability scans and security audits are performed.
  • Dependencies and infrastructure are kept up-to-date with security patches.
  • Systems are protected with firewalls and monitored for anomalous behavior.

8.5 Security Best Practices

  • Multi-Factor Authentication (MFA) is supported for account access.
  • Users are encouraged to follow strong password policies and review their API access regularly.

While we take extensive measures to protect your data, no system can be completely secure. If you believe your data has been compromised, please contact us immediately at [email protected].

9. Data Retention

We retain personal and performance data only for as long as necessary to provide our services and fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

9.1 Application and Usage Data

  • Performance metrics, logs, and related data are retained for up to 3 months by default.
  • This data is automatically purged unless your subscription tier includes extended retention options.

9.2 Account Information

  • Your account details (e.g., name, email, billing history) are retained for as long as your account is active.
  • Upon account deletion, we retain only the minimal data necessary for legal, tax, and fraud prevention purposes for a limited period, after which it is securely deleted.

9.3 Backups and Logs

  • System backups and logs may persist for a short period (typically 30–60 days) as part of our disaster recovery and audit processes. These are securely stored and automatically purged on a rolling basis.

9.4 Data Deletion Requests

  • You may request the deletion of your personal data at any time by contacting us at [email protected].
  • We will respond within 30 days and complete the deletion unless retention is required by law or contractual obligation.

10. Your Rights and Choices

Depending on your location and applicable data protection laws (such as GDPR, CCPA, UK DPA, or India's IT Rules), you may have specific rights regarding your personal data.

10.1 Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete information.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Restrict Processing: Ask us to limit how we use your data.
  • Data Portability: Request your data in a structured, commonly used format and transmit it to another controller.
  • Object to Processing: Object to our use of your data where we rely on legitimate interests or direct marketing.
  • Withdraw Consent: Where processing is based on consent (e.g., cookies, integrations), you may withdraw it at any time.

10.2 Exercising Your Rights

You can submit a request by contacting us at [email protected]. We will respond within the timeframe required by applicable law (typically within 30 days).
For security purposes, we may verify your identity before processing your request.

10.3 California Residents (CCPA Specific)

If you're a California resident, you also have the right to:

  • Request details of the categories of personal information we collect and disclose
  • Opt out of the sale of personal data (note: Laritor does not sell personal data)
  • Not be discriminated against for exercising your rights under CCPA

You can contact us at [email protected] to exercise your CCPA rights.

11. Cookies and Tracking Technologies

Laritor uses cookies and similar technologies to enhance user experience, secure sessions, and support essential functionality. We keep our use of tracking technologies minimal and respectful of user privacy.

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember user preferences, session data, and other useful information.

11.2 Types of Cookies We Use

  • Essential Cookies: These are required for the operation of our website and service. They enable core functions such as secure logins, account management, and session tracking. These cookies do not require user consent.
  • Functional Cookies (Optional): Used to enhance features (e.g., saving preferences). These are only set with your explicit consent.
  • Analytics (Cookieless Mode): Laritor uses privacy-first, cookieless analytics (e.g., Google Analytics configured without cookies or personally identifiable information) to understand user interactions and improve the service. No personal data is tracked unless consented.

11.3 Managing Your Preferences

You can control or disable cookies through:

  • Your browser settings
  • Built-in privacy settings in the Laritor platform (where applicable)
  • Consent banner (if required by law in your jurisdiction)

11.4 Do Not Track

Laritor respects “Do Not Track” (DNT) signals set by browsers, where supported.

12. AI and Automated Suggestions

Laritor uses AI-powered tools to provide automated performance insights and recommendations, such as identifying slow database queries or application bottlenecks.
These insights are:

  • For informational purposes only
  • Not binding or enforced automatically
  • Not used to make decisions that affect your rights or access to the service

You remain in full control of whether and how to act on any AI-generated suggestions. We do not use AI to make automated decisions about user access, billing, or service availability.
All data used in these AI suggestions is processed in compliance with our Privacy Policy and applicable data protection laws.

13. Data Breach Notification

We take data security seriously and have implemented strict measures to prevent unauthorized access, disclosure, or loss of personal information. However, in the event of a data breach affecting your personal data, we will take the following actions:

13.1 Notification Timeline

We will notify affected users without undue delay, and in any case, within 72 hours of becoming aware of the breach, where feasible and required by law.

13.2 Notification Method

Notifications may be made via email, in-app messages, or public notices (depending on the severity and scope of the breach).

13.3 Regulatory Compliance

If required, we will also notify relevant supervisory authorities such as:

  • The Information Commissioner’s Office (ICO) in the UK
  • The Data Protection Authority in applicable EU/EEA countries
  • The Indian Computer Emergency Response Team (CERT-In) in India
  • The California Attorney General for CCPA-regulated incidents

13.4 Mitigation Measures

  • We will promptly investigate the incident, contain its impact, and take necessary remediation steps to prevent recurrence.
  • You may also be advised on steps to further protect your account or data in response to the breach.

If you believe your data has been compromised, please contact us immediately at [email protected].

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service enhancements.

14.1 Notification of Changes

When we make material changes, we will:

  • Post the updated policy on our website with a new effective date
  • Notify you by email or through in-app notifications if the changes significantly affect your rights or how we process your data

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14.2 Effective Date

The date at the top of this document indicates when the policy was last revised and became effective.