Privacy Policy

Cresard Software Services ("Cresard", "we", "us") is a software development company based in Chennai, Tamil Nadu, India. This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website (cresard.com), contact us or engage us for services. We comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the IT Act 2000 and align with the Digital Personal Data Protection Act (DPDP Act), 2023 (India).

• •Contact details: your name, email address, phone number when you fill a form or contact us.
• •Project details: requirements, company name, budget range and timeline you share with us during inquiry.
• •Usage data: browser type, IP address, pages visited and referral source (via analytics).
• •Communication records: emails, messages and call notes when you correspond with us.
• •Payment information: processed securely via payment gateways; we do not store card numbers or banking credentials.
• •Community board: your email address when you request a magic link to participate in the community. We store a hashed session token (not your password) valid for 30 days so you can post, comment and vote. Your email and a display name derived from it are associated with any posts you make.
• •Client Portal: your email address when you request a portal access link. We store a short-lived token (24 hours) to authenticate your portal session. No password is ever created or stored.
• •Support Tickets: your name, email, and conversation messages when you open a support ticket. A secure random token (viewToken) is generated to let you access your conversation without exposing your email in the URL.

• •To respond to your inquiries and project proposals.
• •To deliver software services and communicate about your project.
• •To send occasional newsletters or updates (only with your consent. you can unsubscribe anytime).
• •To improve our website and services using anonymised analytics.
• •To moderate community posts and blog comments. Our community board uses an automated review step (including the named 'Cognitive' AI personas — Mona, Sardo, Ibernia, Taprobana, Formosa, Serendib and Thynia) that may flag, restrict or occasionally reply to content. Genuinely uncertain cases are reviewed by our team.
• •To comply with legal obligations under Indian law.
• •We do NOT sell, rent or share your personal data with third parties for marketing purposes.

Your data is stored on secure cloud servers (including Vercel and MongoDB Atlas). We implement industry-standard security measures including encryption in transit (TLS), access controls and regular security reviews. While we take all reasonable precautions, no internet transmission is 100% secure and we cannot guarantee absolute security. Community session tokens are stored as SHA-256 hashes in our database. We never store the raw token. Support ticket view tokens are unique 48-character random hex strings that are not guessable. Client portal magic link tokens expire automatically after 24 hours. Session identifiers (community board) are stored in your browser's localStorage and are never transmitted to third parties. You can clear them at any time by signing out or clearing your browser storage. Data may be stored and processed on servers located outside India. Where this occurs, we ensure appropriate contractual safeguards are in place in accordance with applicable Indian law.

• •Inquiry and contact data is retained for up to 3 years to support potential future engagements.
• •Active client project data is retained for the duration of the engagement and 5 years after.
• •Newsletter subscriber data is retained until you unsubscribe.
• •You may request deletion of your data at any time by writing to contact@cresard.com.

Our website uses essential cookies for basic functionality and analytics cookies to understand site usage. We use tools such as Google Analytics (anonymised) to understand visitor behaviour. No advertising or retargeting cookies are set. You can disable cookies in your browser settings at any time.

We use trusted third-party providers to operate our business. These include Vercel (web hosting), MongoDB Atlas (database), Resend (transactional email) and Google Analytics (anonymised website analytics). Each provider has their own privacy policy and processes data only as necessary to provide the service. We do not permit these providers to use your data for their own marketing purposes.

Under Indian privacy law and as a matter of good practice, you have the right to:

• •Access the personal data we hold about you.
• •Correct inaccurate or outdated information.
• •Request deletion of your personal data (subject to legal obligations).
• •Withdraw consent for newsletter communications at any time.
• •Lodge a grievance with our designated Grievance Officer.

To exercise any of these rights, write to contact@cresard.com. We aim to respond within 30 days.

As required under the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have designated a Grievance Officer: Name: Cresard Grievance Officer Email: contact@cresard.com Address: Chennai, Tamil Nadu, India We will acknowledge your grievance within 24 hours and resolve it within 15 business days.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or a prominent notice on our website. The "Effective date" at the top of this page will always show the latest version date.