1. Introduction
Curiosity Automation OPC Private Limited ("Curiosity Automation", "we", "our", "us") respects your privacy and is committed to protecting personal information handled in connection with our website, software development, automation products, digital marketing services, mobile applications, and any other online or offline interactions (collectively, the "Services"). By accessing or using our Services, you agree to this Privacy Policy.
This Policy is designed to meet requirements of applicable Indian laws (including the Information Technology Act, 2000, the Information Technology [Reasonable Security Practices and Procedures and Sensitive Personal Data or Information] Rules, 2011, and the Digital Personal Data Protection Act, 2023), and—where relevant—global frameworks like the EU/UK GDPR and the California CCPA/CPRA. Where these laws apply, we will honor the respective rights and obligations.
2. Scope & Definitions
Scope. This Policy applies to personal information we process as a controller/ data fiduciary when you visit our website, make inquiries, sign contracts, subscribe to communications, participate in campaigns, or use our software and marketing solutions.
Definitions (plain-language).
- Personal Information / Personal Data: Any information that can identify you directly or indirectly (e.g., name, email, phone, online ID).
- Sensitive Personal Data: Certain categories requiring extra protection, such as financial details, authentication data, precise geo-location, health data, etc. We collect these only when necessary and with appropriate safeguards.
- Processing: Any operation performed on data such as collecting, storing, using, sharing, or deleting.
- Data Processor / Data Processor (GDPR): A vendor that processes data on our behalf.
- Consent: Your clear, unambiguous permission to process data for a specified purpose.
3. Information We Collect
3.1 Directly from You
- Identity data: name, company, designation.
- Contact data: email, phone, address.
- Account data: usernames, preferences, support tickets.
- Transactional data: invoices, payments (processed via PCI-DSS-compliant gateways; we do not store full card details).
- Content you provide: brief, files, feedback, testimonials, survey responses.
3.2 Automatically Collected
- Log/usage data: IP address, device/OS, browser type, pages viewed, time on page, referring URLs.
- Cookie & pixel data: unique IDs, session IDs, attribution data, ad clicks and conversions.
- Approximate location derived from IP; precise GPS only if you explicitly allow it in an app.
3.3 Sensitive/High-Risk Data (only if required)
We generally avoid collecting sensitive data. If a project requires it (e.g., authentication tokens, limited financial data, employee data for HR software), we will obtain appropriate consent/authority and apply strict safeguards.
4. Sources of Data
- Direct interactions (forms, emails, calls, meetings, support chat).
- Automated technologies (cookies, SDKs, server logs).
- Third parties and public sources (lead partners, ad platforms, analytics, LinkedIn, event registrations) in compliance with the law.
5. How We Use Data
- Provide and improve our software, automation, and marketing Services.
- Respond to inquiries, proposals, demos, and provide customer support.
- Set up and manage projects, accounts, and users; authenticate logins.
- Process payments and send billing communications.
- Run analytics to measure performance and improve user experience.
- Personalize content, emails, and ads based on your interests.
- Conduct A/B tests, attribution, and campaign optimization.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations and enforce agreements.
6. Legal/Lawful Basis for Processing
Depending on your location and the context, we rely on one or more of the following legal bases:
- Consent (e.g., newsletters, cookies, remarketing).
- Contractual necessity (to deliver requested Services or take steps prior to a contract).
- Legitimate interests (to operate, secure, and improve Services; prevent fraud; market to existing customers) balanced against your rights.
- Legal obligation (tax, accounting, compliance).
7. Marketing, Advertising & Analytics
We may use analytics and advertising technologies (e.g., Google Analytics/GA4, Google Ads, Meta Pixel, LinkedIn Insight Tag, YouTube, marketing automation/CRM tools) to measure usage and deliver ads. These tools may set cookies or read device identifiers to understand how you interact with our site and campaigns.
- You can opt out of marketing emails anytime via the unsubscribe link.
- Ad preference controls are available on platform settings (e.g., Google Ads Settings, Facebook Ad Preferences, LinkedIn Ads Settings).
- We honor Do Not Sell or Share requests (where applicable under CCPA/CPRA) and provide opt-out choices for cross-context behavioral advertising.
8. Cookies & Similar Technologies
We use the following categories of cookies/trackers. You may manage non-essential cookies via our banner (where available) or your browser settings. Blocking some cookies can impact functionality.
| Category | Purpose | Examples | Retention |
|---|---|---|---|
| Strictly Necessary | Core site functions, security, session management. | Session ID, CSRF token | Session / up to 12 months |
| Analytics | Measure traffic, engagement, troubleshoot. | GA4 (_ga), server logs | Up to 24 months |
| Marketing/Advertising | Remarketing, conversion tracking, attribution. | Google Ads, Meta Pixel, LinkedIn | Up to 24 months (per provider) |
| Functional | Remember preferences, chat widgets. | Locale, theme, chat session | Up to 12 months |
9. Sharing & Disclosures
We do not sell personal data. We may share information with:
- Vendors/Processors (hosting, cloud, analytics, payment gateways, CRM, marketing tools, customer support). We bind them by contracts and confidentiality.
- Business partners/clients where necessary to fulfill a project you request.
- Authorities when required by law, legal process, or to protect rights, safety, and security.
- Corporate transactions (merger, acquisition, restructuring) subject to appropriate safeguards.
10. Data Retention
We retain personal data only as long as needed for the purposes described or to comply with legal obligations. Typical retention periods:
| Data Type | Typical Retention |
|---|---|
| Account & project records | Life of contract + 3–7 years |
| Billing & tax records | 8 years (or as required by law) |
| Marketing lists | Until you unsubscribe/opt out |
| Support tickets | 2–5 years |
| Server logs & analytics | 6–24 months |
11. Security Measures
- HTTPS/SSL, HSTS, and encryption in transit; encryption at rest where feasible.
- Role-based access control, MFA for admin systems, least-privilege principles.
- Network security (firewalls, WAF/CDN), secure backups, and disaster recovery planning.
- Secure SDLC practices: code reviews, dependency scanning, vulnerability management.
- Employee confidentiality and security awareness training.
- Incident response & breach notification procedures consistent with applicable law.
No system is 100% secure. If you suspect a security issue, please contact us immediately (see Section 18).
12. Your Privacy Choices & Rights
You may exercise the following, subject to verification and legal limits:
- Access, correct, update, or delete your personal data.
- Withdraw consent (e.g., marketing emails, non-essential cookies).
- Object or restrict certain processing (e.g., direct marketing).
- Data portability (receive a copy in a usable format where applicable).
- Opt-out of targeted ads / cross-context behavioral advertising (where applicable).
To submit a request, email us at info@curiosity.org.in. We aim to respond within applicable timelines (e.g., 15–30 days in India; 30 days under GDPR).
13. International Data Transfers
We may process data in India and other countries. Where required, we use appropriate safeguards (e.g., standard contractual clauses, service provider agreements, and risk assessments) to protect cross-border data transfers.
14. Automated Decision-Making & Profiling
We do not engage in automated decisions that produce legal or similarly significant effects without human involvement. We may use limited profiling (e.g., lead scoring, ad segmenting) to tailor communications and ads. You may object to such profiling where applicable.
15. Children’s Privacy
Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child provided us data, contact us so we can delete it.
16. Third-Party Sites & Services
Our website may link to third-party sites. Their privacy practices are governed by their own policies. Please review them before providing personal information.
17. Changes to This Policy
We may update this Policy periodically to reflect legal, technical, or business changes. When we post changes, we will revise the “Last Updated” date and, where appropriate, provide additional notice (e.g., banner or email).
18. Contact, Data Protection & Grievance Redressal
Company Details
Curiosity Automation OPC Private LimitedHNO 35, At Post Sansar Tal Indapur Dist Pune Maharashtra India 413104
Phone: [+91 777 600 6929]
Email: info@curiosity.org.in
Grievance Officer / Data Protection Contact
In compliance with the IT Rules, 2011 and DPDP Act, 2023.
- Name: Adv. Shrikant Ghadage
- Email: info@curiosity.org.in
- Address: HNO 35, At Post Sansar Tal Indapur Dist Pune Maharashtra India 413104
We aim to acknowledge grievances within 24–72 hours and resolve them within 30 days or applicable statutory timelines.
Compliance Note: This template aligns with Indian law (IT Act 2000, IT Rules 2011, DPDP Act 2023) and references GDPR/CCPA concepts for global users. Adapt retention periods and vendor names to reflect your actual practices. Nothing herein is legal advice.
Version: v1.0 • Last Updated: 20/08/2025