Privacy Policy

At CraftWebHub ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or purchase our products.

1. Information We Collect

1.1 Personal Information

We collect information that identifies, relates to, describes, or could reasonably be linked with you ("Personal Information"). This includes:

• Contact Information: Name, email address, phone number, postal address
• Business Information: Company name, job title, industry type
• Account Information: Username, password, and other account credentials
• Payment Information: Billing address, payment method details (processed securely through our payment gateway)
• Communication Data: Information from your communications with us, including emails, chat messages, and support tickets
• Technical Information: IP address, browser type, operating system, device information

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and usage patterns:

• Log data (IP address, browser type, pages visited, time spent)
• Cookies and similar tracking technologies
• Device identifiers and characteristics
• Geolocation data (with your consent)
• Analytics data about how you interact with our website

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Payment processors (Razorpay for Indian customers, other gateways for US customers)
• Analytics providers
• Marketing partners
• Social media platforms (if you choose to link your accounts)

2. How We Use Your Information

We use the collected information for various purposes, including:

2.1 Service Delivery

• Processing and fulfilling your orders for products and services
• Providing website development, design, and IT services
• Delivering digital products and software
• Managing your account and providing customer support
• Communicating with you about your orders and services

2.2 Payment Processing

• Processing payments securely through Razorpay (India) and other authorized payment gateways (USA)
• Preventing fraud and unauthorized transactions
• Issuing refunds in accordance with our refund policy
• Maintaining transaction records for accounting and compliance

2.3 Business Operations

• Improving our website, products, and services
• Conducting market research and analytics
• Personalizing your experience on our website
• Sending administrative information and updates
• Responding to inquiries and providing support

2.4 Marketing and Communications

• Sending promotional emails about new products, services, and special offers (with your consent)
• Conducting surveys and feedback requests
• Providing relevant content and recommendations

2.5 Legal Compliance

• Complying with legal obligations and regulatory requirements
• Enforcing our terms and conditions
• Protecting our rights, privacy, safety, and property
• Detecting and preventing fraud, security incidents, and illegal activities

3. Payment Information and Security

3.1 Payment Gateway - Razorpay (India)

For customers in India, we use Razorpay as our payment gateway. When you make a purchase:

• Your payment information is transmitted directly to Razorpay using secure encryption
• We do not store your complete credit/debit card information on our servers
• Razorpay complies with PCI DSS (Payment Card Industry Data Security Standards)
• Transaction data is securely stored by Razorpay in accordance with their privacy policy
• We receive only transaction confirmation and basic payment details for order fulfillment

3.2 Payment Security for US Customers

For customers in the United States, we utilize PCI-compliant payment processors that ensure:

• End-to-end encryption of payment data
• Tokenization of sensitive payment information
• Compliance with US payment security standards
• Secure storage of transaction records

3.3 Security Measures

We implement industry-standard security measures to protect your information:

• SSL/TLS encryption for data transmission
• Secure servers with restricted access
• Regular security audits and vulnerability assessments
• Employee training on data protection and privacy
• Multi-factor authentication for sensitive operations

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. These include:

4.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and cannot be disabled
• Performance Cookies: Help us understand how visitors interact with our website
• Functionality Cookies: Remember your preferences and personalize your experience
• Marketing Cookies: Track your online activity to deliver relevant advertisements

4.2 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information, please refer to our Cookie Policy.

5. How We Share Your Information

We do not sell your personal information to third parties. However, we may share your information with:

5.1 Service Providers

• Payment processors (Razorpay and other authorized gateways)
• Cloud hosting and storage providers
• Email service providers
• Analytics and marketing platforms
• Customer support tools

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders or legal processes
• Government or regulatory requests
• Protection of our legal rights
• Prevention of fraud or illegal activities
• Emergency situations involving safety

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to:

• Fulfill the purposes outlined in this Privacy Policy
• Comply with legal, tax, and accounting requirements (typically 7 years for financial records)
• Resolve disputes and enforce our agreements
• Maintain business records and analytics

When your information is no longer needed, we will securely delete or anonymize it in accordance with applicable data protection laws.

7. Your Rights and Choices

7.1 For Indian Users (Under IT Act, 2000 and DPDP Act)

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Withdrawal of Consent: Withdraw consent for processing at any time
• Data Portability: Receive your data in a structured, machine-readable format
• Grievance Redressal: File complaints with our Grievance Officer

7.2 For US Users (Under CCPA/CPRA and Other State Laws)

If you are a California resident or resident of other US states with privacy laws, you have:

• Right to Know: Information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell personal information)
• Right to Correct: Request correction of inaccurate information
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
• Right to Limit: Limit the use of sensitive personal information

7.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframe required by applicable law (typically 30 days).

7.4 Marketing Preferences

You can opt-out of marketing communications by:

• Clicking the "unsubscribe" link in our emails
• Updating your preferences in your account settings
• Contacting us directly

8. International Data Transfers

As we operate in both India and internationally (including the USA), your information may be transferred to and processed in countries other than your own. We ensure that:

• Adequate safeguards are in place to protect your information
• Transfers comply with applicable data protection laws
• Recipients provide an adequate level of data protection
• Standard contractual clauses or other legal mechanisms are used when required

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

10. Third-Party Links and Services

Our website may contain links to third-party websites, plugins, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or website notice
• Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Legal Compliance

12.1 India - Compliance

This Privacy Policy complies with:

• The Information Technology Act, 2000
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Digital Personal Data Protection Act, 2023 (DPDP Act)
• Reserve Bank of India (RBI) guidelines for online payment security

12.2 United States - Compliance

For US-based users, we comply with:

• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Other applicable state privacy laws
• Federal Trade Commission (FTC) guidelines

13. Grievance Officer / Data Protection Contact

14. Consent

By using our website and services, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. For certain processing activities, we will seek your explicit consent, which you may withdraw at any time by contacting us.