Privacy Policy
Last updated: January 15, 2025 | Effective date: January 15, 2025
By using our website and services, you accept and consent to the practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our website or services.
1. Who we are
Curlscape Solutions Pvt. Ltd. (“Curlscape,” “we,” “us,” or “our”) operates the website https://www.curlscape.com (the “Site”) and provides AI based consulting services (collectively, the “Services”).
2. What this policy covers
This policy explains:
- The personal data we collect
- How and why we use it
- Your choices and rights
- How to contact us
It applies whenever you visit or interact with our Site or use our Services. It does not cover third-party websites or services we do not control.
3. The information we collect
| Category | Examples | Legal basis (GDPR) / Purpose |
|---|---|---|
| Account & contact data | Name, email, phone, company, job title | Contract performance; legitimate interest (customer support, account management) |
| Usage & device data | IP address, browser type, pages viewed, time spent, click streams | Legitimate interest (Site security, analytics, product improvement) |
| Payment data | Last 4 digits of card, billing address (processed by Stripe) | Contract performance |
| Conversation data | Audio/text transcripts processed by our AI models | Contract performance; legitimate interest (service delivery, quality improvement) |
| Marketing preferences | Newsletter opt-in/opt-out status | Consent |
Note: No special-category data (e.g., racial or health information) is intentionally collected.
4. How we collect data
- Directly from you when you create an account, fill in forms, upload content, or communicate with us.
- Automatically via cookies and similar technologies when you browse the Site.
- From third parties such as payment processors, CRM integrations, or single-sign-on providers, as authorised by you.
5. Why we use your data
- Provide the Services and fulfil our contract with you.
- Operate and secure our Site (fraud detection, abuse prevention).
- Improve features, models, and user experience through analytics and feedback.
- Send service-related communications (transactional emails, security alerts).
- Send marketing communications if you have opted-in (you may unsubscribe anytime).
- Comply with legal obligations and enforce our Terms of Service.
6. Cookies & tracking technologies
We use:
| Type | Purpose | Opt-out |
|---|---|---|
| Essential cookies | Site functionality, security, log-in sessions | Cannot be disabled |
| Analytics cookies (Google Analytics 4) | Measure traffic and performance | Disable in cookie banner |
| Marketing cookies (LinkedIn Insight Tag) | Targeted ads, conversion tracking | Disable in cookie banner |
A banner appears on your first visit allowing you to accept, reject, or customise cookie settings.
7. How we share data
We do not sell personal data. We share it only with:
- Service providers who process data on our behalf (e.g., cloud hosting on AWS, payment processors, customer-support tools).
- Business partners you explicitly connect to our platform (e.g., CRM integrations).
- Legal authorities when required by law or to protect rights, property, or safety.
- Successors in the event of a merger, acquisition, or asset sale, subject to this Policy.
All vendors are bound by contracts with strict confidentiality and security obligations.
8. International data transfers
We store data on AWS us-east-1 and eu-central-1 servers. When we transfer data outside India or the European Economic Area, we rely on EU Standard Contractual Clauses or equivalent safeguards.
9. Data retention
| Data type | Retention period |
|---|---|
| Account data | While account is active + 2 years |
| Financial records | 7 years (statutory) |
| Logs & analytics | 12 months, then aggregated or deleted |
| AI conversation data | 30 days (unless you enable “extended history”) |
We delete or anonymise data at the end of these periods unless we must keep it for legal claims.
10. Your rights
Depending on your location (e.g., EU GDPR, UK DPA 2018, California CCPA/CPRA, India DPDP Act), you may:
- Access, correct, or delete your personal data
- Object to or restrict processing
- Withdraw consent at any time
- Receive a portable copy in a structured format
- Lodge a complaint with your local data-protection authority
To exercise rights, email privacy@curlscape.com. We will respond within 30 days.
11. Security
We use technical and organisational measures such as:
- TLS encryption in transit and AES-256 at rest
- Role-based access controls
- Continuous vulnerability scanning and penetration testing
- ISO 27001-aligned policies and employee training
No Internet service is 100% secure, so we cannot guarantee absolute security.
12. Third-party links
Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s website. We strongly advise you to review the Privacy Policy of every site you visit, as we have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
13. Children’s privacy
Our Site and Services are not directed to children under 13 (or the minimum legal age in your jurisdiction). We do not knowingly collect data from minors. Contact us if you believe a child has provided personal data.
14. Changes to this policy
We may update this policy periodically. If changes are material, we will notify you by email or by prominently posting on the Site at least 14 days before they take effect.
15. Contact us
Data controller:
Curlscape Solutions Pvt. Ltd.
2302, Tower 18, Blueridge, Hinjewadi Phase 1, Pune, Maharashtra, India - 411057