Statsby Solutions
Effective Date: May 4, 2026
Last Updated: May 4, 2026
Statsby Solutions builds AI and data products and solutions, and consulting services. Privacy and data protection are integral to that work — not because regulation requires it, but because the buyers, partners, and candidates who interact with us operate in environments where data is treated with care.
This Policy describes the personal information we handle through our website at statsby.ai and through our broader business interactions, the choices you have over that information, and the way we approach data protection across the regions where we operate. We have written it to be readable rather than exhaustive — if a section raises a question that the text does not answer, the contact details at the end are the right place to start.
Throughout this Policy, "Statsby", "we", "us", and "our" refer to Statsby Solutions Pvt. Ltd., a company incorporated in India. "You" refers to anyone who visits our website, communicates with our team, or otherwise interacts with us in the ways described below.
Your use of our website is also governed by our Website Terms and Conditions. In the event of a conflict between this Policy and those Terms with respect to the handling of personal information, this Policy shall prevail.
This Policy applies when you visit statsby.ai, request information about our products or services, attend a demonstration or discovery session, download gated content from our website, apply for a role with us, or communicate with us through our contact channels. In these contexts, Statsby determines the purposes for which your personal information is processed and acts as the data controller (under the GDPR), data fiduciary (under India's DPDP Act), or business (under the CCPA/CPRA).
Where we deliver products or consulting services to a client organization under a separate written agreement, the terms of that agreement — including any Data Processing Agreement, Business Associate Agreement, or comparable instrument — govern how data is handled within the engagement. In those contexts, the client organization typically determines the purposes and means of processing, and Statsby acts on the client's instructions. The handling of data within those engagements is not within the scope of this Policy.
We receive information in three ways: from you directly, automatically when you visit our website, and from third-party sources. We aim to collect only what is reasonably necessary for the purposes described below, while recognizing that you may share additional information voluntarily in the course of speaking with us.
When you reach out about a product demonstration, a discovery session, a consulting engagement, or any other enquiry, you may share information such as your name, business email, phone number, organization, role or job title, country, and any context you choose to give us about what you are looking to solve, the systems you are working with, or your evaluation timeline. You may also discuss your team, your organization, or your specific use case during our conversations.
When you submit a contact form or send an email, you may share your name, email address, organization, and the message itself — including any documents, links, or attachments you choose to send.
When you download gated content from our website, such as a solution overview or whitepaper, we typically ask for your name, business email, organization, role, and country.
When you apply for a role at Statsby or get in touch about working with us, you may share your name, contact details, CV or resume content (covering your work history, education, certifications, skills, references, and salary expectations), cover letter, links to professional profiles, and any other information you choose to include. You may also share information during interviews and reference conversations. If your application materials contain special-category data (for example, information about health, ethnicity, or trade-union membership), we will process it only to the extent strictly necessary for evaluating your application and will redact or delete it where it is not required.
When you meet our team at industry events, register for our webinars, or interact with us at conferences, you may share your name, business email, organization, role, and any other details you provide with your consent at the time.
In the course of any other business interaction or correspondence, you may share additional information with us. We will handle that information in line with this Policy and applicable law.
When you visit our website, we and our service providers may automatically collect technical and usage information about the visit. This typically includes your IP address, approximate geographic location at the country or region level, characteristics of your device and browser, the pages you view, the time you spend on each page, referring and exit URLs, and the date and time of access. Most of this information is gathered through cookies and similar technologies — see the Cookies section below.
We sometimes receive information about you from third-party sources. This may include business contact databases used lawfully for B2B outreach to professionals at pharmaceutical and clinical research organizations; publicly available sources such as professional networking sites and corporate websites; referrals from existing clients, partners, or contacts who have a legitimate basis to share your details; and event organizers, where you have consented to share your information with sponsors or exhibitors.
We do not seek out special categories of personal data — such as health, biometric, genetic, racial or ethnic origin, religious belief, or political opinion data — through our website. Where such information would not normally be relevant to the purposes set out in this Policy, please refrain from sharing it with us.
We use the information we hold for legitimate business purposes connected to our website, products, and services. Specifically:
We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.
Where the GDPR applies, the legal bases on which we process personal information are consent, contract (or steps prior to entering into a contract), legitimate interests (weighed against your rights and freedoms), and legal obligation. Where the DPDP Act applies, processing is grounded in your consent or in a legitimate use as defined under the Act.
Our website uses cookies and similar technologies to make the site work, understand how it is used, and improve the experience of visiting it. A cookie is a small text file placed on your device when you visit a website. The categories we use are:
Our website currently uses third-party tools that may set cookies or process data, including Google Analytics for website analytics and HubSpot for sales and marketing operations. We may engage additional third-party tools and service providers from time to time — for purposes such as analytics, marketing automation, advertising, customer support, video and webinar hosting, and content management. Where the changes are material, we will update this Policy and, where required, ask for fresh consent.
You can accept or reject non-essential cookies through the banner shown on your first visit, and you can change your choices at any time through the cookie settings link in the website footer. Browser settings can also be used to block or remove cookies, though doing so may affect how parts of the website work.
We do not sell your personal information for monetary consideration in the ordinary course of business, and we do not share it for cross-context behavioral advertising as defined under the CCPA/CPRA or comparable laws. We share information only as set out below, and only with parties bound by appropriate confidentiality and data protection obligations.
We work with third-party service providers who process information on our behalf to support our operations. These may include cloud hosting and infrastructure providers, customer relationship management and marketing automation tools, website analytics, email and productivity services, payment and billing providers, and professional advisors (such as legal, accounting, and audit advisors) bound by confidentiality. The specific providers we work with may change over time. Each is required to process personal information only on our instructions and to maintain appropriate security measures.
We may share information with our affiliates and any companies that may join the Statsby group in the future, for the purposes set out in this Policy and subject to the protections described here.
We may disclose information where required by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to comply with applicable laws or legal process; protect the rights, property, or safety of Statsby, our clients, our employees, or the public; detect, prevent, or address fraud, security, or technical issues; or enforce our agreements.
If Statsby is involved in a merger, acquisition, financing, reorganization, or sale of all or part of its business or assets, personal information may be transferred to the relevant party as part of that transaction. We will provide notice as required by applicable law.
Statsby is headquartered in India and works with clients, candidates, and service providers globally. Your personal information may be transferred to, stored in, and processed in countries outside your country of residence — including India, the United States, the European Union, the United Kingdom, and other regions where our service providers and clients are based.
Where we transfer personal information internationally, we put in place safeguards required by applicable law. For transfers from the EU and UK, this typically means the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA), supplemented by additional measures where appropriate. For transfers involving Indian personal data, we follow the requirements set out under the DPDP Act. For transfers involving other jurisdictions, we apply equivalent contractual and technical safeguards. You can request a copy of the relevant safeguards by writing to privacy@statsby.ai.
We hold personal information only for as long as we need it for the purposes described in this Policy, including to meet legal, accounting, and reporting obligations.
In practice, we keep marketing leads and prospect information for up to 18 months from the last meaningful interaction we have with you, after which we delete or anonymize it unless you have explicitly consented to a longer period. Contact form and general enquiry records are typically held for up to 36 months from our last communication. Client and contractual records are kept for the duration of the engagement and the period required by applicable contract, tax, accounting, and statutory record-keeping laws — typically up to seven years from the end of the engagement. Recruitment records for unsuccessful applicants are held for up to 12 months from the recruitment decision, unless you ask to be retained in our talent pool for longer. Website analytics is retained per the default settings of the relevant providers. Cookies persist for the duration set out in our cookie banner.
We may keep certain information for longer where required to comply with legal obligations, resolve disputes, or enforce our agreements. When information is no longer needed, we securely delete or anonymize it.
We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, modification, disclosure, loss, or destruction. The specific measures we apply are calibrated to the nature and sensitivity of the data we handle and to evolving industry practice and applicable legal requirements.
No system or method of internet transmission is fully secure, and we cannot guarantee the absolute security of personal information. If you have reason to believe an interaction with us has been compromised, please write to us at privacy@statsby.ai.
In the event of a personal data breach affecting your information, we will notify you and the relevant supervisory authority as required by applicable law and within the timeframes prescribed under the GDPR, the DPDP Act, and other applicable regimes.
Depending on where you live and which laws apply to you, you may have rights over the personal information we hold about you. These rights commonly include:
Residents of US states with comprehensive privacy laws (including California, Virginia, Colorado, Connecticut, Utah, and others as enacted) have rights substantially similar to those listed above, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We honor these rights as required by the applicable state law.
To exercise any of these rights, please email us at privacy@statsby.ai with a clear description of your request and enough information for us to verify your identity. We will respond within the timeframes required by applicable law — generally within 30 days under the GDPR, 45 days under the CCPA/CPRA (with extension where permitted), and within applicable timeframes under the DPDP Act and other regimes. We do not charge a fee for responding, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline the request as permitted by law.
Statsby works with individuals and organizations across many jurisdictions, and several privacy and data protection laws may apply to how we handle your information. The principal regimes we have designed this Policy around are India's Digital Personal Data Protection Act, 2023, the EU and UK General Data Protection Regulation, and the California Consumer Privacy Act as amended by the California Privacy Rights Act, alongside other comprehensive US state privacy laws.
We also recognize that personal information may be subject to other applicable data protection laws. Where any of these apply to our processing of your information, we work to meet the requirements they impose.
If you have questions about how a specific privacy law applies to your interactions with us, please contact us at privacy@statsby.ai.
Our website may include links to websites and services operated by third parties. This Policy does not extend to those third parties. We encourage you to read the privacy notices of any third-party website you visit.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will update the "Last Updated" date at the top of this Policy and, where required by applicable law, give additional notice — for example, by email or a prominent notice on our website. We encourage you to read this Policy periodically.
We have designated a Data Protection Officer to address questions, comments, and complaints related to your personal information. Our Data Protection Officer also serves as our Grievance Officer for purposes of the Digital Personal Data Protection Act, 2023, and is the point of contact for rights requests under the GDPR, CCPA/CPRA, and other applicable laws. We will acknowledge your communication promptly and aim to resolve the matter within the timeframes required by applicable law.
For all privacy-related matters, please write to: privacy@statsby.ai
© 2026 Statsby Solutions Pvt. Ltd. All rights reserved.
statsby.ai/privacy