Privacy Policy
Effective date: 1 January 2026 · Governing law: India (IT Act 2000, DPDP Act 2023) · Jurisdiction: Chennai, Tamil Nadu
Your privacy matters to us. Cresard Software Services is committed to protecting your personal data and being transparent about how we use it. We do not sell your data to anyone.
1. Who We Are
Cresard Software Services ("Cresard", "we", "us") is a software development company based in Chennai, Tamil Nadu, India. This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website (cresard.com), contact us or engage us for services. We comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the IT Act 2000 and align with the Digital Personal Data Protection Act (DPDP Act), 2023 (India).
2. Information We Collect
- •Contact details: your name, email address, phone number when you fill a form or contact us.
- •Project details: requirements, company name, budget range and timeline you share with us during inquiry.
- •Usage data: browser type, IP address, pages visited and referral source (via analytics).
- •Communication records: emails, messages and call notes when you correspond with us.
- •Payment information: processed securely via payment gateways; we do not store card numbers or banking credentials.
- •Community board: your email address when you request a magic link to participate in the community. We store a hashed session token (not your password) valid for 30 days so you can post, comment and vote. Your email and a display name derived from it are associated with any posts you make.
- •Client Portal: your email address when you request a portal access link. We store a short-lived token (24 hours) to authenticate your portal session. No password is ever created or stored.
- •E-Signatures: when you review and sign a quotation, invoice or agreement in the Client Portal, we record your signature (drawn, typed or an uploaded image), full name, the document's content hash, your IP address, browser/device information (user agent) and a timestamp. This forms a signing certificate and audit trail used to verify the authenticity of the signed document.
- •Support Tickets: your name, email, and conversation messages when you open a support ticket. A secure random token (viewToken) is generated to let you access your conversation without exposing your email in the URL.
3. How We Use Your Information
- •To respond to your inquiries and project proposals.
- •To deliver software services and communicate about your project.
- •To send occasional newsletters or updates (only with your consent. you can unsubscribe anytime).
- •To improve our website and services using anonymised analytics.
- •To moderate community posts and blog comments. Our community board uses an automated review step (including the named 'Cognitive' AI personas — Mona, Sardo, Ibernia, Taprobana, Formosa, Serendib and Thynia) that may flag, restrict or occasionally reply to content. Genuinely uncertain cases are reviewed by our team.
- •To comply with legal obligations under Indian law.
- •We do NOT sell, rent or share your personal data with third parties for marketing purposes.
4. AI Assistants and Automated Replies
To respond faster and gather the right information up front, parts of our website and client/lead portals use AI-assisted and automated messaging. These currently include:
- •Cresana — an AI project consultant. If you submit a project inquiry, Cresana may message you (via a secure, time-limited portal link) to ask follow-up questions about your project — for example your industry, timeline, budget range or existing setup — so our team can prepare a tailored proposal. These conversations are stored against your lead record and reviewed by our team. A human team member can join or take over the conversation at any time.
- •Alex — the identity used for initial support-ticket acknowledgements. The first reply on a new support ticket is sent automatically under this name; substantive follow-up replies are written by our human support team.
- •Community Agents (Cognitive) — Mona, Sardo, Ibernia, Taprobana, Formosa, Serendib and Thynia, the AI personas described above that help moderate and occasionally reply to community board posts and comments.
None of these AI assistants are authorised to quote final pricing, sign contracts, or make binding commitments on Cresard's behalf. For more detail on each assistant, see our AI Agents page.
5. Data Storage and Security
Your data is stored on secure cloud servers (including Vercel and MongoDB Atlas). We implement industry-standard security measures including encryption in transit (TLS), access controls and regular security reviews. While we take all reasonable precautions, no internet transmission is 100% secure and we cannot guarantee absolute security. Community session tokens are stored as SHA-256 hashes in our database. We never store the raw token. Support ticket view tokens are unique 48-character random hex strings that are not guessable. Client portal magic link tokens expire automatically after 24 hours. Session identifiers (community board) are stored in your browser's localStorage and are never transmitted to third parties. You can clear them at any time by signing out or clearing your browser storage. Data may be stored and processed on servers located outside India. Where this occurs, we ensure appropriate contractual safeguards are in place in accordance with applicable Indian law. Signing certificates and audit trails for signed documents (quotations, invoices and agreements) are retained as part of your project records and are not altered after signing — this immutability is what allows the document hash to verify a signed document has not been tampered with.
6. Data Retention
- •Inquiry and contact data is retained for up to 3 years to support potential future engagements.
- •Active client project data is retained for the duration of the engagement and 5 years after.
- •Newsletter subscriber data is retained until you unsubscribe.
- •You may request deletion of your data at any time by writing to contact@cresard.com.
8. Third-Party Services
We use trusted third-party providers to operate our business. These include Vercel (web hosting), MongoDB Atlas (database), Resend (transactional email) and Google Analytics (anonymised website analytics). Each provider has their own privacy policy and processes data only as necessary to provide the service. We do not permit these providers to use your data for their own marketing purposes.
9. Your Rights
Under Indian privacy law and as a matter of good practice, you have the right to:
- •Access the personal data we hold about you.
- •Correct inaccurate or outdated information.
- •Request deletion of your personal data (subject to legal obligations).
- •Withdraw consent for newsletter communications at any time.
- •Lodge a grievance with our designated Grievance Officer.
To exercise any of these rights, write to contact@cresard.com. We aim to respond within 30 days.
10. Grievance Officer (India)
As required under the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have designated a Grievance Officer: Name: Cresard Grievance Officer Email: contact@cresard.com Address: Chennai, Tamil Nadu, India We will acknowledge your grievance within 24 hours and resolve it within 15 business days.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or a prominent notice on our website. The "Effective date" at the top of this page will always show the latest version date.
