Privacy
Policy.
Our Privacy Pledge
Cresard is designed so that privacy is the default, not an option. We don’t verify your trust; we earn it by technical restraint.
1. Scope of This Policy
This policy applies to cresard.com, app.cresard.com, and all Cresard services, integrations, and APIs. By using Cresard, you agree to the practices described in this policy.
2. Legal Framework (India)
Cresard complies with the Digital Personal Data Protection Act, 2023 (India), applicable IT Rules under the Information Technology Act, 2000, and contractual obligations under Google, Slack, Razorpay, and OpenAI platform policies. Where required, we follow international best practices (GDPR-aligned principles) even if not legally mandated.
3. Information We Collect
3.1 Account Information
When you sign up, we collect your Name, Email address, Profile photo (via Google OAuth), and connection identifiers.
3.2 Gmail Data (VERY IMPORTANT)
Cresard connects to Gmail only after explicit user consent.
- Access sent emails only
- Subject, timestamp, recipients
- Email content temporarily for promise detection
- We do NOT read received emails to create promises
- We do NOT send emails on your behalf
- We do NOT modify, delete, or archive emails
- We do NOT permanently store raw email bodies
3.3 Google Calendar & Meet Data
If enabled by you, we access Event titles, Due dates, and Meet links created via Calendar. We only create or update events after you confirm a promise.
3.4 Slack Integration Data
If you connect Slack, we verify Workspace ID, User ID, Slash command usage, and messages sent directly to Cresard.
- Read private conversations
- Monitor channels silently
- Auto-create promises from Slack
3.5 Payment Information (Razorpay)
Payments are processed by Razorpay. Cresard does not store Card numbers, CVV, or Bank credentials. We may store Payment status, Plan type, and Transaction reference IDs.
3.6 Application Data
This includes Promises you confirm, Due dates, Status (pending, completed, overdue), and Metadata (timestamps, source integration).
3.7 AI Processing Data (OpenAI)
Cresard uses OpenAI APIs to detect commitments, suggest due dates, and summarize promise context.
- Data is not used to train OpenAI models
- Requests are scoped, minimal, and anonymized where possible
- Raw data is not retained beyond processing
4. How We Use Your Data
We process your data to fulfill the promises you track.
What we do
What we do NOT do
5. Data Storage & Infrastructure
Cresard uses Vercel (hosting), MongoDB (encrypted storage), Google APIs (OAuth-secured), OpenAI (AI inference), and Razorpay (payments). Data may be processed outside India (e.g., cloud servers), but we apply contractual and technical safeguards.
6. Data Retention
Upon deletion, all personal data is permanently erased within a reasonable period. Legal or accounting data may be retained if required by law.
- Account data is retained while your account is active
- Email content is processed temporarily and discarded
- Promise metadata is retained until you delete it
- You may delete your account at any time
7. User Rights (India – DPDP Act)
You have the right to access your personal data, correct inaccurate data, withdraw consent, delete your account, request data export, and file a grievance.
8. Security Measures
However, no system is 100% secure. You use Cresard at your own risk.
- Encryption at rest and in transit
- OAuth 2.0 authentication
- Principle of least privilege
- Access logging and monitoring
10. Children’s Privacy
Cresard is not intended for users under 18. We do not knowingly collect data from minors.
11. Third-Party Services
Cresard integrates with Google (Gmail, Calendar, Meet), Slack, Razorpay, and OpenAI. Their privacy policies apply independently. Cresard is not responsible for third-party practices.
12. Changes to This Policy
We may update this policy occasionally. Significant changes will be notified via email or in-app notice.
13. Contact & Grievance Officer (India)
As required by Indian law, we aim to resolve complaints within a reasonable time.
14. Our Privacy Promise
Cresard exists to protect trust — starting with yours.