Privacy Policy

Last Revised: April 1, 2026

This privacy notice for DarkLion Studio (“we,” “us,” “our,” or “the Company”). We are a HumanAI Brand Building Studio operating from India, focused on AI-powered experiences, agentic systems, intelligent workflows, and comprehensive brand building services through our two divisions: Team HumanAI and DarkLion Productions.

We are committed to protecting your privacy and ensuring the security of your personal information in compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) of India, as well as international data protection standards where applicable.

This Privacy Policy explains in detail how we collect, use, disclose, transfer, and safeguard your information when you:

  • Visit our website at https://darklion.studio
  • Use our services, products, or platforms
  • Interact with us through contact forms, RFP submissions, or other communications
  • Engage with Team HumanAI for AI-powered solutions
  • Work with DarkLion Productions for brand traction services

 

Important: By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services. Your continued use of our services following the posting of changes to this Privacy Policy will constitute your acceptance of such changes.

1. WHAT INFORMATION DO WE COLLECT?

We collect various types of information to provide and improve our services. The information we collect falls into the following categories:

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

Contact and Business Information: When you interact with us through our website or services, we collect:

  • Full name and professional title
  • Business email address and phone number
  • Company name, industry, and website
  • Location and time zone
  • Company phase (Idea/Pre-MVP, MVP in Market, Seed-Series A, Series B+/Growth, Established Enterprise)
  • Professional social media profiles (LinkedIn, Twitter, etc.)

 

Project and Service Information: When you submit a Request for Proposal (RFP) or service inquiry:

  • Service requirements (Brand Design Partnership, Brand Building Partnership, AI Automation & Agents)
  • Timeline targets (ASAP 0-30 days, 1-3 months, 3-6 months, Ongoing partnership)
  • Budget range (<$5k/₹0-4L, $5k-$15k/₹4-12L, $15k-$50k/₹12-40L, $50k+/₹40L+)
  • Detailed project descriptions, objectives, and requirements
  • Target audience and market information
  • Technical specifications and integration requirements
  • Supporting documents, presentations, and reference materials

 

Career and Recruitment Information: When you apply for positions through our Careers page:

  • Resume/CV and cover letter
  • Educational background and professional qualifications
  • Work history and references
  • Portfolio, work samples, and GitHub/professional profiles
  • Interview notes and assessment results

 

Communication Records: We maintain records of:

  • Email correspondence and chat transcripts
  • Meeting notes and call recordings (with prior consent)
  • Feedback, testimonials, and reviews
  • Support tickets and customer service interactions

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information
  • Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Information collected from other sources

In Short: We may receive information about you from third-party sources to enhance our understanding and improve service delivery:

  • Business partners and affiliates who refer you to our services
  • Analytics providers (Google Analytics, Mixpanel, etc.)
  • Social media platforms (LinkedIn, Twitter, etc.)
  • Publicly available sources and company databases
  • Marketing and advertising platforms
  • Data enrichment services for business intelligence

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We use the information we collect for legitimate business purposes to provide, maintain, protect, and improve our services. Here’s how we use your information:

Service Delivery and Client Management

  • Process and respond to your inquiries, RFPs, and service requests
  • Evaluate project feasibility and provide accurate cost estimates
  • Assign appropriate team members and allocate resources
  • Design and develop AI-powered products, agentic systems, and intelligent workflows
  • Deliver brand building services and customer traction strategies
  • Manage contracts, invoicing, and payment processing
  • Provide ongoing support, maintenance, and updates

Communication and Marketing

  • Send transactional emails (order confirmations, project updates, invoices)
  • Deliver newsletters, case studies, and industry insights (with your consent)
  • Invite you to webinars, events, and exclusive workshops
  • Share relevant service updates and new offerings
  • Conduct satisfaction surveys and gather feedback

Recruitment and Talent Management

  • Review job applications and assess candidate qualifications
  • Conduct interviews and skills assessments
  • Verify references and employment history
  • Maintain a talent pool for future opportunities
  • Manage onboarding and employee records (for hired candidates)

Analytics and Improvement

  • Analyze website traffic patterns and user behavior
  • Identify areas for service enhancement and innovation
  • Optimize website performance, loading times, and mobile responsiveness
  • Conduct A/B testing for improved user experience
  • Develop insights into market trends and client needs

Security and Compliance

  • Detect, prevent, and investigate fraudulent activity or security breaches
  • Monitor for unauthorized access and unusual activity patterns
  • Enforce our Terms of Service and other legal agreements
  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and prevent harm

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
    • Send users information about special offers and discounts on our products and services
    • Develop and display personalized and relevant advertising content for our users
    • Analyze how our Services are used so we can improve them to engage and retain users
    • Support our marketing activitie
    • Diagnose problems and/or prevent fraudulent activities
    • Understand how our users use our products and services so we can improve user experience
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production or records
  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations

4. AI and Automated Data Processing

Transparency in AI Usage: As a studio focused on AI-powered experiences, products, and agentic systems, we leverage artificial intelligence and machine learning technologies extensively. We believe in transparent AI practices and want you to understand how AI impacts your data.

How We Use AI

  • Project Analysis: AI algorithms analyze RFP submissions to match requirements with appropriate services and team expertise
  • Workflow Optimization: Machine learning models optimize project timelines, resource allocation, and delivery schedules
  • Content Personalization: AI tailors website content, recommendations, and communications based on your interests and behavior
  • Quality Assurance: Automated systems test and validate AI solutions before deployment
  • Predictive Analytics: AI predicts market trends, customer needs, and service improvements
  • Chatbots and Virtual Assistants: AI-powered tools provide instant responses to common inquiries

AI Safeguards and Ethics

  • Data Minimization: AI systems only access data necessary for specific processing purposes
  • Human Oversight: Critical decisions involving your data are reviewed by human team members
  • Bias Prevention: We regularly audit AI systems for algorithmic bias and fairness
  • Data Isolation: Client project data is processed in isolated environments and never used to train general AI models without explicit consent
  • Explainability: We can explain how AI-driven decisions affecting you are made upon request
  • Right to Object: You can request that certain AI processing be limited or stopped

Automated Decision-Making

We do not make solely automated decisions that significantly affect you without human involvement. Any automated processing that impacts your rights (e.g., job application screening) includes human review and the opportunity to contest the decision.

5. WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION?

In Short: We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances and with appropriate safeguards:

Within DarkLion Studio

Information may be shared between our divisions (Team HumanAI and DarkLion Productions) when necessary to provide integrated services, coordinate projects, or deliver comprehensive brand building solutions. All internal sharing is governed by strict access controls and need-to-know principles.

Service Providers and Partners

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Cloud Infrastructure: AWS, Google Cloud Platform, Microsoft Azure for hosting and storage
  • Analytics: Google Analytics, Mixpanel, Hotjar for website analysis
  • Email Services: SendGrid, Mailchimp for communications
  • Payment Processing: Stripe, PayPal, Razorpay for financial transactions
  • Customer Support: Zendesk, Intercom for helpdesk services
  • Project Management: Asana, Jira, Notion for collaboration
  • AI/ML Services: OpenAI, Anthropic, specialized AI platforms for development


All service providers are bound by data processing agreements and are only authorized to use your information as necessary to provide services to us. They are contractually obligated to maintain confidentiality and security.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy. You will have the opportunity to opt out of such transfer if the new entity’s practices differ materially from this Privacy Policy.

Legal Requirements and Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or governmental requests
  • Enforce our Terms of Service, Privacy Policy, or other agreements
  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Respond to claims that content violates the rights of third parties

With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent. You can withdraw such consent at any time.

6. Data Security and Protection Measures

In Short: We implement comprehensive technical, organizational, and administrative security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

Technical Safeguards

  • Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256) using industry-standard protocols
  • Access Controls: Role-based access controls (RBAC) and multi-factor authentication (MFA) for all systems
  • Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS protection
  • Secure Development: Secure coding practices, code reviews, and vulnerability scanning
  • Data Masking: Sensitive data is masked or tokenized in non-production environments
  • Backup and Recovery: Regular encrypted backups with tested disaster recovery procedures

Organizational Safeguards

  • Privacy by Design: Privacy considerations integrated into all system design and development
  • Employee Training: Mandatory privacy and security training for all staff members
  • Confidentiality Agreements: All employees and contractors sign NDAs
  • Incident Response Plan: Documented procedures for identifying, responding to, and recovering from security incidents
  • Vendor Management: Due diligence and ongoing monitoring of third-party service providers

Compliance and Auditing

  • Security Assessments: Regular internal and external security audits
  • Penetration Testing: Annual third-party penetration tests and vulnerability assessments
  • Compliance Monitoring: Ongoing monitoring for compliance with applicable regulations
  • Activity Logging: Comprehensive logging and monitoring of system access and data processing activities

 

Important Notice: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information using industry best practices and continuously improving our security posture.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

  • Active Clients: Data retained for the duration of the business relationship plus 7 years for tax and legal purposes
  • Inactive Prospects: Contact information retained for 3 years after last interaction, unless you opt out
  • Job Applicants: Application materials retained for 2 years for potential future opportunities
  • Website Analytics: Aggregated and anonymized data retained indefinitely; individual-level data retained for 26 months
  • Legal Holds: Data preserved as required for ongoing litigation or regulatory investigations

Data Disposal

When we no longer need your information, we securely delete or anonymize it using industry-standard methods, including cryptographic erasure, secure wiping algorithms, and physical destruction of storage media where applicable. Backups are purged according to our data retention schedule.

8. YOUR RIGHTS AND CHOICES

In Short: We respect your rights regarding your personal information. Depending on your location and applicable laws, you may have the following rights:

Access and Portability

  • Right to Access: Request a copy of the personal information we hold about you
  • Data Portability: Receive your data in a structured, commonly used, machine-readable format (CSV, JSON) and transmit it to another service provider

Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal information, subject to legal obligations and legitimate business needs

Processing Restrictions

  • Right to Restriction: Request restriction of processing in certain circumstances (e.g., during accuracy disputes)
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Automated Decision-Making: Object to decisions based solely on automated processing that significantly affect you

Consent Management

  • Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of processing before withdrawal
  • Marketing Opt-Out: Unsubscribe from marketing communications via the “unsubscribe” link in emails or by contacting us

Exercising Your Rights

To exercise any of these rights, please contact us using the information in Section 17. We will:

  • Respond within 30 days (or as required by applicable law)
  • Verify your identity before processing requests
  • Provide information free of charge (except for manifestly unfounded or excessive requests)
  • Explain if we cannot fully comply with your request

Right to Lodge a Complaint: If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority. For Indian users, this is the relevant authority under the Information Technology Act, 2000.

9. Cookies and Tracking Technologies

In Short: We use cookies, web beacons, pixels, and similar tracking technologies to enhance your browsing experience, analyze website traffic, understand user behavior, and deliver personalized content.

What Are Cookies

Cookies are small text files stored on your device that help us remember your preferences, understand how you use our website, and improve your experience. They contain a unique identifier and may store information such as language preferences, session data, and analytics.

Types of Cookies We Use

  • Essential/Strictly Necessary Cookies: Required for website functionality (login sessions, security, form submissions). These cannot be disabled.
  • Functional Cookies: Remember your preferences and settings (language, region, display preferences)
  • Analytics/Performance Cookies: Help us understand visitor behavior through Google Analytics, Mixpanel, Hotjar (anonymized IP addresses)
  • Marketing/Advertising Cookies: Track campaign effectiveness, deliver relevant ads, and measure ROI through platforms like Google Ads, LinkedIn Ads, Facebook Pixel
  • Third-Party Cookies: Set by external services we integrate (social media plugins, embedded videos, payment processors)

Cookie Lifespan

  • Session Cookies: Temporary cookies deleted when you close your browser
  • Persistent Cookies: Remain on your device for a set period (typically 30 days to 2 years) or until manually deleted

Managing Cookie Preferences

You can control cookies through:

  • Browser Settings: Most browsers allow you to refuse or delete cookies. Instructions vary by browser (Chrome, Firefox, Safari, Edge)
  • Cookie Consent Manager: Use our cookie preference center (available on the website) to customize settings
  • Third-Party Opt-Outs: Visit Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA) opt-out pages
  • Do Not Track (DNT): We currently do not respond to DNT signals, but you can disable tracking through other means

 

Note: Disabling certain cookies may limit your ability to use some features of our website, such as personalized content or saved preferences.

10. THIRD-PARTY SERVICES AND LINKS

Our website may contain links to third-party websites, services, or resources that are not operated or controlled by DarkLion Studio. This includes:

  • Social media platforms (LinkedIn, Twitter, Facebook, Instagram)
  • Payment processors and financial institutions
  • Analytics and advertising partners
  • Cloud service providers and infrastructure partners
  • Client websites and portfolio references

 

We are not responsible for the privacy practices, content, or security of these third-party sites. When you leave our website, we encourage you to carefully review the privacy policy and terms of service of each third-party site you visit. Your interactions with third parties are governed by their policies, not this Privacy Policy.

11. CHILDREN'S PRIVACY

Our services are intended for businesses and professionals. We do not knowingly collect personal information from individuals under the age of 18. If you are under 18, please do not use our services or provide any personal information to us.

If we become aware that we have inadvertently collected information from a child under 18, we will take immediate steps to delete such information from our systems. If you believe we have collected information from a child, please contact us immediately using the information in Section 17.

12. INTERNATIONAL DATA TRANSFERS

DarkLion Studio operates from India. If you are accessing our services from outside India (including the European Economic Area, United Kingdom, United States, or other jurisdictions), please be aware that your information may be transferred to, stored, and processed in:

  • India (our primary operations)
  • Countries where our cloud infrastructure providers operate (AWS, Google Cloud, Azure data centers)
  • Locations where our service providers and partners are based

 

These countries may have different data protection laws than your country of residence. When transferring data internationally, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with strict security and privacy requirements
  • Adequacy decisions where available
  • Binding Corporate Rules for intra-company transfers

 

By using our services, you consent to the transfer of your information to countries outside your jurisdiction. You can request more information about the specific safeguards we use by contacting us.

11. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date at the top of this privacy notice. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

We value your privacy and are committed to addressing your concerns. If you have questions, comments, complaints, or requests regarding this Privacy Policy or our data practices, please contact us:

  1. General Inquiries

    DarkLion Studio:     The HumanAI Brand Building Studio

    Location: Punjab, India

    Website: https://darklion.studio

    Contact Form: https://darklion.studio (use the “Let’s Initiate” form)

     

  2. Data Protection Officer (DPO)

    For privacy-specific inquiries, data subject access requests, or concerns about how your information is processed, you may contact our Data Protection Officer:

    Email: roar@darklion.studio

    Subject Line: Include “Privacy Request” or “Data Subject Access Request” for priority handling

     

  3. Grievance Officer (For Indian Users)

    In compliance with the Information Technology Act, 2000 and SPDI Rules, 2011, we have appointed a Grievance Officer to address your concerns:

    Email: roar@darklion.studio

    Response Time: We aim to acknowledge grievances within 48 hours and resolve them within 30 days

     

  4. Response Process

    When you contact us:

    1. We will acknowledge your request within 48 hours
    2. We may request additional information to verify your identity
    3. We will provide a substantive response within 30 days (or as required by applicable law)
    4. If we cannot fulfill your request, we will explain why and inform you of your right to escalate

DarkLion Studio
———————–
Punjab, India 🇮🇳