ElmasLabs complies with the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000.

We follow their obligations by:

• Collecting and processing data lawfully with client consent.

• Implementing strong security measures to safeguard personal and research data.

• Under no circumstances do we retain your data beyond 15 days once a project is completed.

• We only ask for the information strictly necessary for analysis. For example, we do not request details such as which set is wild-type vs. mutant, control vs. treated, or the name of the drug.

• Providing transparency, access, and correction rights to data principals.

We also align with global standards (ISO/IEC 27001, GDPR) as best practices and are preparing for formal certification to further strengthen client trust.