Skip to main content
Privacy PolicyLast updated · 5 June 2026

How we handle your information.

We've tried to write this the way you'd actually want to read it, short, in plain English, and honest about who touches your data. If anything is unclear, write to us at [email protected] and we'll explain.

Who we are

RoseLeap is a digital studio operating roseleap.com. In this policy “we,” “us,” and “RoseLeap” mean the studio; “you” means anyone who visits the website, fills out a form, or otherwise interacts with us.

We are the data controller for any personal information collected through roseleap.com.

What information we collect

There are two kinds.

1 · Information you give us

When you fill out the contact form (or email us directly), we receive what you send: your name, email address, company name, the track you selected (Build / Comply / Guard / Other), any track-specific detail you added, and the message you wrote. The form also asks you to tick a consent box before submission. We use what you send to reply to you and to discuss the engagement, nothing else.

2 · Information we collect automatically

When you visit roseleap.com, our hosting and analytics tools record basic technical information about the visit: the page you viewed, your approximate country, your device type (mobile/desktop), the referring site if any, and the time of the visit. This information is aggregated and is not used to identify you personally.

We do not run advertising pixels. We do not build behavioural profiles. We do not follow you across other websites. See the “Cookies” section below for a precise breakdown of what is set and why.

Why we collect it

  • To respond to enquiries and discuss projects with you.
  • To understand which pages are popular so we can improve the site.
  • To keep the site secure (detecting abusive traffic, blocking bots, preventing spam).
  • To meet our legal and tax obligations as a business operating in India.

We do not sell your information. We do not share it with advertisers. We do not use it to target you with ads on other platforms.

How long we keep it

  • Contact-form submissions:until we've resolved the conversation, or for up to 24 months, whichever comes first. We periodically prune old enquiries.
  • Client project records: for the life of the engagement plus seven years (to meet Indian tax and accounting requirements).
  • Analytics data: retained by our analytics provider according to their default policy (see below). The data is aggregated and not personally identifying.

Who else touches your data

We use a small number of trusted third-party services to operate the website and respond to you. These are our sub-processors, and we disclose them because transparency is the right default, and because India's DPDP Act and the GDPR require it.

  • Hosting · Vercel Inc. (USA)

    roseleap.com is hosted on Vercel. When you visit, Vercel's edge network handles your request and logs basic technical metadata (IP, user agent, response status) for the purposes of operating the service and detecting abuse.

  • Analytics · Vercel Web Analytics (cookieless)

    We use Vercel's built-in Web Analytics to count visits and understand which pages are read. It does not use cookies, does not identify individuals, and does not follow you across the internet. Vercel processes this data on our behalf.

  • Performance · Vercel Speed Insights (cookieless)

    We use Vercel Speed Insights to measure real-user page-load performance (LCP, INP, CLS) and find slow pages. It is cookieless, processes IP and user-agent only for vitals computation, and does not identify individuals.

  • Search visibility · Google Search Console & Bing Webmaster Tools

    We use these tools to see which search queries lead people to roseleap.com. They report aggregate, non-identifying data.

  • Source code · GitHub Inc. (USA)

    The source code for roseleap.com is version-controlled on GitHub. No visitor or customer data is stored here, just the website's own code.

  • Email · Standard email provider

    When you email us, directly, or through a contact form, that message lands in our normal business inbox. We treat it with the same care as any other professional correspondence.

Each of these providers has its own privacy policy and security commitments. If a client engagement requires a formal sub-processor list with contractual terms (a common pharma / healthcare / enterprise requirement), we will provide it on request.

International data transfers

Some of our sub-processors are based outside India (Vercel and GitHub are US-incorporated). Your information may therefore be processed in countries with different data-protection regimes. We choose providers with strong security and clear data-processing terms, and we only transfer what is necessary.

Your rights

Under India's Digital Personal Data Protection Act (2023), where you are a Data Principal: and the EU/UK GDPR (where applicable), you have the right to:

  • Ask what personal data we hold about you, and request a copy.
  • Ask us to correct information that is wrong or incomplete.
  • Ask us to delete your information (subject to our legal record-keeping obligations).
  • Withdraw any consent you previously gave (which does not affect lawful processing carried out before the withdrawal).
  • Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity (a right specific to the DPDP Act).
  • Lodge a complaint with the Data Protection Board of India (once operational), or with your local supervisory authority if you are in the EU/UK.

To exercise any of these rights, write to [email protected] from the address you originally contacted us with, and we'll respond within 30 days.

Grievance Officer

In accordance with the DPDP Act and the Information Technology Act, 2000:

Grievance Officer, RoseLeap
Email: [email protected]
Subject line: “Privacy grievance”

We acknowledge grievances within 7 working days and aim to resolve them within 30 days, in line with statutory expectations.

Children

roseleap.com is a business-to-business website and is not aimed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have, please contact us and we will delete it.

Security

We take reasonable, current-practice steps to protect the information we hold: HTTPS everywhere, hardened response headers, no admin login on the public website, least-privilege access to internal tools, secrets kept out of code. No system is perfectly secure; if a breach affects your data, we will tell you promptly and honestly, and notify the Data Protection Board of India where required.

Cookies & similar storage

We try to keep this site as cookie-light as possible. In practice that means:

  • Strictly necessary: small amounts of local storage may be set to remember your cookie-banner choice and to make the site work correctly. These are essential and not optional.
  • Optional analytics: Vercel Web Analytics and Vercel Speed Insights are cookieless by design (no identifiers stored in your browser). They send aggregate, non-identifying measurements only.
  • No advertising, no remarketing, no social pixels. We do not run Facebook Pixel, Google Ads, LinkedIn Insight Tag, or any behavioural tracking.

On your first visit you will see a banner inviting you to accept or declineoptional cookies. Your choice is stored locally so we don't ask you again on every visit. You can change your choice at any time by clearing your browser's site data for roseleap.com.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will always tell you when. For material changes (new sub-processor, new purpose, new data category), we'll do more than that, we'll note the change on the site for a reasonable period and, where required, ask for fresh consent.

Contact us

The fastest way to reach a real person about anything in this policy is [email protected]. We will normally respond within one business day.

RoseLeap.

Rooted in Data · Built to Bloom