Facebook Pixel Privacy Policy

Privacy Policy

This Privacy Policy is published in compliance with:

(i) The Digital Personal Data Protection Act, 2023 (“DPDP Act”);
(ii) The Digital Personal Data Protection Rules, 2025 (“DPDP Rules”);
(iii) Section 43A of 'The Information Technology Act, 2000'; and
(iv) 'The Consumer Protection Act, 2019' read with 'The Consumer Protection (E- Commerce) Rules, 2020'.

1. DEFINITION

a) "Data Fiduciary": Parthtech Developers LLP, determining the purpose and means of processing digital personal data;

b) "Data Principal": Any natural person to whom the digital personal data relates (i.e., you, the user);

c) "Data Processor": Any person who processes digital personal data on behalf of the Data Fiduciary;

d) "Digital Personal Data": Personal data in digital form or personal data that has been digitized;

e) "Personal Data": Any data about an individual who is identifiable by or in relation to such data, including but not limited to name, email address, phone number, age, gender, location, financial information, and other information that directly or indirectly identifies you;

f) "Processing": Any operation performed on digital personal data, including collection, recording, organization, structuring, storage, use, sharing, erasure, or destruction;

g) "Consent": Free, specific, informed, unconditional, and unambiguous indication of your wishes by a clear affirmative action signifying agreement to the processing of your personal data;

h) "Data Protection Board": The Data Protection Board of India established under Section 18 of the DPDP Act;

i) "Data Protection Officer" or "DPO": The person designated by Parthtech to handle queries and grievances related to personal data processing;

j) "User ID": An identification code assigned as a unique identifier to each user through cookies or similar technologies; and

k) "Child": An individual who has not completed the age of 18 years.

2. INTRODUCTION

Parthtech Developers LLP ("Company" or "Parthtech" or "PARTH" or "We" or "Data Fiduciary") operates under the legal framework of the Digital Personal Data Protection Act, 2023, and is committed to protecting and respecting your privacy and personal data.

This Privacy Policy describes how we collect, use, process, store, share, and protect your digital personal data when you access or use our Website(s)/Mobile Application(s) ("Platform").

Important Notice: As a Data Principal under the DPDP Act, 2023, you have specific rights regarding your personal data. This Privacy Policy must be read in conjunction with our Terms of Use published on our Platform.

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE OUR PLATFORM.

3. LAWFUL BASIS FOR PROCESSING PERSONAL DATA

We process your digital personal data based on the following lawful grounds:

A. With Your Consent

Your consent is the primary basis for processing personal data. We will obtain your free, specific, informed, unconditional, and unambiguous consent through clear affirmative action before collecting or processing your personal data.

B. Legitimate Uses (Without Consent)

In limited circumstances, we may process your personal data without consent for the following legitimate purposes:

(i) When you voluntarily provide your personal data for a specified purpose
(ii) For performing functions under any law for the time being in force
(iii) Compliance with any judgment or order of any court or tribunal
(iv) Responding to a medical emergency involving a threat to your life or health
(v) Taking measures to ensure safety during a disaster or breakdown of public order
(vi) Processing for employment-related purposes

4. CATEGORIES OF PERSONAL DATA WE COLLECT

When you register or use our Platform, we may collect the following categories of digital personal data:

A. Information You Provide Directly:

a) Identification Information: Name, date of birth, age, gender.
b) Contact Information: Email address, phone number, postal address, PIN code.
c) Account Information: Username, password, profile picture.
d) Financial Information: Credit/debit card details, bank account information, payment instrument details, transaction history.
e) Demographic Information: Occupation, interests, preferences, location.
f) Health Information (if applicable): Medical records and history, physical or mental health condition.
g) Other Information: Any other information you voluntarily provide.

B. Information Collected Automatically:

a) Device Information: Device ID, operating system, browser type and version, mobile network information.
b) Usage Information: IP address, pages visited, time spent on pages, links clicked, features used
c) Location Information: Approximate location based on IP address or precise location (with your permission).
d) Log Data: Access times, error logs, system activity.
e) Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies.

C. Information from Third Parties:

a) Information received from social media platforms (Google, Facebook, etc.) when you choose to login through them.
b) Updated contact information from third parties to correct our records.
c) Information from our service providers, partners, and cloud storage providers.

5. PURPOSE OF PROCESSING YOUR PERSONAL DATA

We process your digital personal data for the following specific purposes:

a) Account Management: To create, manage, and maintain your user account.
b) Service Delivery: To provide, maintain, improve, and personalize our services.
c) Authentication: To verify your identity and authenticate access to your account.
d) Communication: To communicate with you about services, updates, offers, and promotions.
e) Customer Support: To respond to your queries, complaints, and provide grievance redressal.
f) Analytics and Improvements: To understand user behavior, preferences, and improve our Platform.
g) Advertising: To display relevant advertisements and promotional content (with your consent).
h) Security: To detect, prevent, and address technical issues, fraud, and security threats.
i) Legal Compliance: To comply with applicable laws, regulations, and legal processes.
j) Business Operations: To conduct research, analysis, and business planning.

We will not process your personal data for purposes other than those for which consent was obtained unless you provide fresh consent for such new purpose.

6. YOUR RIGHTS AS A DATA PRINCIPAL

Under the DPDP Act, 2023, you have the following rights:

A. Right to Access:

You have the right to obtain from us:

a) Confirmation of whether your personal data is being processed
b) A summary of personal data being processed
c) Details of processing activities undertaken
d) Identities of all Data Fiduciaries and Data Processors with whom your data has been shared
e) Any other information as prescribed under the DPDP Rules

B. Right to Correction and Completion

You have the right to:
a) Correct inaccurate or misleading personal data
b) Complete incomplete personal data
c) Update your personal data

C. Right to Erasure

You have the right to request erasure of your personal data when:

a) Consent is withdrawn
b) The purpose of processing has been fulfilled
c) Personal data is no longer necessary for the specified purpose

D. Right to Grievance Redressal

You have the right to an accessible and effective grievance redressal mechanism for any concerns related to your personal data.

E. Right to Nominate

You have the right to nominate an individual who may exercise your rights under this Privacy Policy in the event of your death or incapacity.

F. Right to Withdraw Consent

You may withdraw your consent at any time, as easily as you gave it. Withdrawal of consent will not affect the lawfulness of processing based on consent before withdrawal.

G. Right to Complain

You have the right to lodge a complaint with the Data Protection Board of India if you believe your rights have been violated.

7. EXERCISING YOUR RIGHTS

Contact our Data Protection Officer:

Email: support@crex.com; support@crex.live
Subject Line: "Data Principal Rights Request"

Required Information:

a) Your registered name and email address
b) Specific right(s) you wish to exercise
c) Details of your request
d) Any identifiers we may have provided to you

Response Timeline:

We will respond to your request within a reasonable period, not exceeding 90 days from the date of receipt of your request.

Mechanism for Rights Exercise:

a) Access your personal data through your account settings
b) Update or correct your information
c) Download your data
d) Delete your account
e) Withdraw consent for specific processing activities
f) Manage cookie preferences

8. CONSENT MANAGEMENT

A. How We Obtain Consent

Before processing your personal data, we provide you with a clear, standalone notice that includes:

a) An itemized list of personal data to be collected
b) Specific purposes of processing
c) Duration for which data will be retained
d) How to withdraw consent
e) How to exercise your rights
f) How to file a complaint with the Data Protection Board
g) Contact details of our Data Protection Officer

B. Withdrawal of Consent

You may withdraw your consent at any time through your account settings, contacting our Data Protection Officer, or using the withdrawal mechanism provided in our communications.

C. Consent for Marketing Communications

We obtain separate consent for marketing and promotional communications. You can opt out at any time by clicking "unsubscribe" in our emails or adjusting preferences in your account settings.

9. CHILDREN'S PERSONAL DATA

We are committed to protecting children's privacy and comply with stringent provisions under the DPDP Act.

A. Definition of Child

A "Child" means any individual under the age of 18 years.

B. Verifiable Parental Consent

We obtain verifiable parental consent through:

a) Government-issued digital identity tokens
b) Existing verified account details
c) Other reliable verification methods prescribed by the DPDP Rules

10. DATA RETENTION AND ERASURE

A. Retention Period

We retain your personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal, accounting, or regulatory requirements
  • Establish, exercise, or defend legal claims

Minimum Retention: Personal data and associated logs will be retained for at least one year from the date of collection or last transaction to support breach detection, investigation, and accountability, even if you delete your account or withdraw consent during this period.

Extended Retention: Certain data may be retained for longer periods as required by:

  • Tax laws and accounting standards
  • Consumer protection regulations
  • Legal proceedings or investigations

B. Data Erasure

We will erase your personal data when:

  • You withdraw consent and the purpose is fulfilled
  • The purpose of processing has been completed
  • Personal data is no longer necessary for the specified purpose
  • Legally mandated retention period has expired

Residual Copies: After erasure, residual copies may temporarily remain in our backup systems but will be permanently deleted within a reasonable period.

11. DATA SECURITY MEASURES

We implement comprehensive technical, organizational, operational, and physical security measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.

A. Technical Measures

  • Encryption: End-to-end encryption for data in transit (HTTPS/TLS) and at rest
  • Access Controls: Role-based access control ensuring only authorized personnel can access personal data
  • Authentication: Multi-factor authentication for sensitive operations
  • Obfuscation and Masking: Personal data is obfuscated or masked where appropriate
  • Tokenization: Use of virtual tokens mapped to personal data
  • Firewalls and Intrusion Detection: Advanced firewall and intrusion detection systems

B. Organizational Measures

  • Regular security audits and assessments
  • Employee training on data protection and privacy
  • Confidentiality agreements with all employees and contractors
  • Incident response and breach management protocols
  • Regular updates to security policies and procedures

C. Physical Security

  • Secure data centers with restricted physical access
  • 24/7 monitoring and surveillance
  • Disaster recovery and business continuity plans

D. Data Processing Agreements

We ensure that all Data Processors with whom we share your personal data:

  • Sign comprehensive Data Processing Agreements
  • Implement equivalent security measures
  • Process data only as per our instructions
  • Maintain confidentiality and security

E. Third-Party Cloud Services

We use reputable third-party cloud service providers such as:

  • Google Cloud Services
  • Amazon Web Services
  • GoDaddy

These providers maintain internationally recognized security certifications (ISO 27001, SOC 2, etc.) and implement industry-leading security practices.

Limitation: While we implement reasonable security measures as required under the DPDP Act and Information Technology Act, 2000, no security system is completely impenetrable. We cannot guarantee absolute security against all possible cyber threats.

12. DATA BREACH NOTIFICATION

In the event of a personal data breach that compromises the confidentiality, integrity, or availability of your personal data, we will:

A. Notification to Data Protection Board

  • Immediately notify the Data Protection Board of the likely impact and nature of the breach.
  • Provide a detailed report within 72 hours including:
    • Circumstances and cause of the breach
    • Nature, scope, timing, and extent of the breach
    • Categories and approximate number of Data Principals affected
    • Remedial actions taken or proposed
    • Mitigation steps to prevent future breaches
    • Evidence of notifications sent to affected Data Principals

B. Notification to Data Principals

We will notify you without undue delay if the breach affects your personal data, providing:

  • Description of the breach
  • Potential consequences
  • Measures taken to address the breach
  • Steps you can take to mitigate harm
  • Contact information for further assistance

C. Documentation

We maintain detailed logs of all breaches, including:

  • Facts surrounding the breach
  • Effects and impacts
  • Remedial actions taken
  • Lessons learned and preventive measures implemented

13. CROSS-BORDER DATA TRANSFERS

A. General Principle

We may transfer your personal data outside India to our service providers, partners, or affiliates for processing in accordance with this Privacy Policy.

B. Restrictions

We will NOT transfer your personal data to any country or territory that has been restricted or blacklisted by the Government of India under the DPDP Act.

C. Safeguards

When transferring data internationally, we ensure:

  • Adequate data protection measures are in place
  • Recipients comply with data protection standards equivalent to Indian law
  • Contractual protections are established
  • You are informed of such transfers

D. Your Control

You have the right to:

  • Be informed of international data transfers
  • Object to transfers to specific countries
  • Withdraw consent for cross-border processing

14. COOKIES AND TRACKING TECHNOLOGIES

A. What Are Cookies

Cookies are small text files placed on your device to collect information about your browsing behavior and preferences.

B. Types of Cookies We Use:

  • Essential Cookies: Necessary for the Platform to function properly (e.g., authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytical Cookies: Help us understand how users interact with our Platform (e.g., Google Analytics)
  • Advertising Cookies: Used to deliver relevant advertisements

C. Third-Party Cookies

Our Platform may use third-party code and libraries (including advertisers) that use cookies to:

  • Compile reports on Platform activity
  • Provide advertisements about goods and services of interest
  • Improve their services

We do not control these third-party cookies. Please review the privacy policies of these third parties.

D. Managing Cookies

You can control and manage cookies through your browser settings:

  • Accept: Allow all cookies
  • Block: Reject all cookies
  • Selective: Choose which cookies to accept

Note: Blocking cookies may impact your experience and limit access to certain features of our Platform.

E. Google Analytics

We use Google Analytics to analyze Platform usage. Google Analytics uses cookies to collect information including:

  • IP addresses (anonymized)
  • Usage patterns
  • Device information

This information is transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your use of our Platform, compile reports, and provide related services.

Opt-Out: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

15. SHARING OF PERSONAL DATA

We respect your privacy and will not sell, rent, or trade your personal data. However, we may share your personal data in the following limited circumstances:

A. With Your Consent

We will share your personal data with third parties when you have given explicit consent for such sharing.

B. With Data Processors

We may share your personal data with Data Processors who provide services on our behalf, including:

  • Cloud storage and hosting providers
  • Payment processing companies
  • Analytics service providers
  • Marketing and advertising partners
  • Customer support platforms

Safeguards: All Data Processors are bound by contractual obligations to:

  • Process data only as per our instructions
  • Implement adequate security measures
  • Maintain confidentiality
  • Not use data for their own purposes

C. With Group Companies and Affiliates

We may share your personal data with our group companies, affiliates, subsidiaries, and partners for:

  • Internal business operations
  • Service improvement
  • Consolidated reporting

These entities are bound by confidentiality obligations and this Privacy Policy.

D. Legal and Regulatory Requirements

We may disclose your personal data without consent when:

  • Required by law, regulation, or legal process
  • Requested by government agencies, courts, or law enforcement
  • Necessary to protect the rights, property, or safety of Parthtech, users, or the public
  • Necessary to prevent or investigate fraud, security issues, or illegal activities
  • Required for compliance with a court order or legal obligation

E. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of such transfer and any changes to this Privacy Policy.

F. With Advertisers (Non-Personally Identifiable Information Only)

We may share aggregated, anonymized, non-personally identifiable information with advertisers and partners to:

  • Understand our audience demographics
  • Provide relevant advertisements
  • Improve Platform performance

We do NOT share personally identifiable information with advertisers without your explicit consent.

16. THIRD-PARTY LINKS AND SERVICES

A. Third-Party Websites and Applications

Our Platform may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy does not apply to those third-party platforms.

Disclaimer: We are not responsible for the privacy practices, content, or security of third-party websites or applications. We encourage you to read their privacy policies before providing any personal data.

B. Third-Party Advertisers

Third-party advertising companies may serve ads on our Platform. These companies may use cookies and tracking technologies to collect non-personally identifiable information about your visits to provide relevant advertisements.

We do not share personally identifiable information with third-party advertisers without your consent.

C. Social Media Integration

Our Platform may integrate with social media platforms (Facebook, Twitter, LinkedIn, etc.). When you interact with these features:

  • Your activity may be visible to your social media connections
  • The social media platform may collect information about your visit
  • Their privacy policies apply to such interactions

17. DATA PROTECTION OFFICER (DPO)

We have designated a Data Protection Officer to oversee compliance with the DPDP Act and this Privacy Policy.

Contact Information:

Name: Mr. Aditya Kaushik
Email: support@crex.com; support@crex.live

Role: Responsible for handling queries, complaints, and requests related to personal data processing

Responsibilities:

  • Ensure compliance with DPDP Act and Rules
  • Handle Data Principal rights requests
  • Coordinate breach notifications
  • Liaise with the Data Protection Board
  • Oversee grievance redressal mechanism

You may contact our DPO for:

  • Questions about this Privacy Policy
  • Exercising your rights as a Data Principal
  • Filing complaints or grievances
  • Reporting data breaches or security concerns

18. GRIEVANCE REDRESSAL MECHANISM

We are committed to addressing your concerns promptly and effectively.

A. Filing a Grievance

To file a grievance related to your personal data or this Privacy Policy:

Step 1: Contact our Data Protection Officer
Email: support@crex.com; support@crex.live Subject: "Grievance - [Brief Description]"

Step 2: Provide Details

  • Your name and contact information
  • Description of your grievance
  • Any supporting documentation
  • Relief sought

B. Response Timeline

  • Acknowledgment: Within 48 hours of receipt
  • Resolution: Within a reasonable period, not exceeding 90 days
  • Status Updates: We will keep you informed of the progress

C. Escalation to Data Protection Board

If you are not satisfied with our response or resolution, you have the right to file a complaint with:

Data Protection Board of India
Website: [To be updated when made available by the government authorities]
Process: As prescribed under the DPDP Rules

19. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data processing practices
  • Legal or regulatory requirements
  • Technological advancements
  • Feedback from Data Principals

A. Notification of Changes

When we make material changes to this Privacy Policy, we will:

  • Update the "Last Updated" date at the bottom of this document.
  • Notify you through email, Platform notification, or prominent notice.
  • Provide a summary of key changes.

B. Review by Data Principals

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

C. Continued Use

Your continued use of our Platform after changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, please discontinue using our Platform and contact us to exercise your erasure rights.

20. LEGITIMATE INTERESTS AND PROPORTIONALITY

In all our data processing activities, we:

  • Ensure that processing is necessary and proportionate to the purpose
  • Balance our legitimate business interests with your rights and freedoms
  • Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities
  • Implement privacy-by-design principles in our systems and operations

21. ACCOUNTABILITY AND TRANSPARENCY

As a Data Fiduciary under the DPDP Act, we are committed to:

  • Transparency: Providing clear information about our data processing practices
  • Accountability: Taking responsibility for compliance with data protection laws
  • Record-Keeping: Maintaining detailed records of processing activities, consents, and compliance measures
  • Audits: Conducting regular internal audits and engaging independent auditors for verification
  • Cooperation: Cooperating with the Data Protection Board in investigations and inquiries

22. COMPLIANCE WITH INFORMATION TECHNOLOGY ACT, 2000

In addition to the DPDP Act, we comply with:

  • Section 43A of the Information Technology Act, 2000
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (to the extent not superseded by DPDP Act)
  • Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020

23. EXCLUSIONS FROM THIS PRIVACY POLICY

This Privacy Policy does NOT apply to:

  • Personal data processed by you for personal or domestic purposes
  • Personal data that you have made publicly available
  • Personal data that is publicly available under any law for the time being in force
  • Anonymized or aggregated data that cannot be used to identify you

24. INTERNATIONAL USERS

Our Platform is primarily intended for users in India. If you access our Platform from outside India:

  • You consent to the transfer of your personal data to India
  • You acknowledge that Indian data protection laws apply
  • You are responsible for compliance with local laws in your jurisdiction

25. CONSENT FOR ELECTRONIC COMMUNICATIONS

By providing your email address and phone number, you consent to receive:

  • Transactional communications (account notifications, security alerts)
  • Service-related updates
  • Marketing and promotional communications (with separate consent)

You may opt out of promotional communications at any time while continuing to receive essential transactional messages.

26. LANGUAGE

This Privacy Policy is available in English. Upon request, we can provide translations in languages specified in the Eighth Schedule of the Constitution of India to facilitate your understanding.

27. CONTACT INFORMATION

For any questions, concerns, or requests related to this Privacy Policy or your personal data:

Data Fiduciary: Parthtech Developers LLP
Data Protection Officer: Mr. Aditya Kaushik
Email: support@crex.com; support@crex.live
Subject: "Privacy Inquiry - [Topic]"

Grievance Officer: Mr. Aditya Kaushik
Email: support@crex.com; support@crex.live

Mailing Address:
Parthtech Developers LLP
Vatika Atrium, 4th Floor, Block B, Sector 53,
Golf Course Road, Gurugram-122002 (Haryana), India

28. GOVERNING LAW AND JURISDICTION

This Privacy Policy is governed by:

  • The Digital Personal Data Protection Act, 2023
  • The Digital Personal Data Protection Rules, 2025
  • The applicable laws of India

Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of courts in Gurugram, Haryana, India, and the Data Protection Board of India.

29. SEVERABILITY

If any provision of this Privacy Policy is found to be unenforceable or invalid under applicable law, such provision shall be severed, and the remaining provisions shall continue in full force and effect.

ACKNOWLEDGMENT

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. You affirm that you are of legal age to provide consent or have obtained parental consent if you are a child (under 18 years of age). If you do not agree with this Privacy Policy, please do not use our Platform and contact us to exercise your rights.


Last Updated: December 18, 2025
Effective Date: December 18, 2025

Note to Users: We strongly encourage you to read both this Privacy Policy document and our Terms of Use carefully. If you have any questions or concerns, please contact our Data Protection Officer before using the Platform. Your privacy and data protection rights are important to us, and we are committed to transparency and compliance with the Digital Personal Data Protection Act, 2023.