Privacy Policy

WhizCrow Technologies Pvt. Ltd. ("WhizCrow", "We", "Us") serves as a global steward of reputation intelligence. Headquartered in Mumbai, India, we recognize data privacy not merely as a compliance requirement but as a fundamental tenet of corporate integrity.

This Privacy Policy outlines our comprehensive framework for data processing, aligned with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, the Information Technology Act, 2000, and international standards including the GDPR (EU) and CCPA (California).

1. Governance & Jurisdiction

As an Indian-registered entity, our primary data governance framework is mandated by the laws of the Republic of India. However, recognizing the borderless nature of digital reputation, we implement a "highest common denominator" approach to privacy:

• India: Compliance with the DPDP Act, 2023 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
• European Union: Adherence to Articles 13 & 14 of the GDPR for data principals within the EEA.
• United States: Compliance with CCPA/CPRA for California residents.

2. Corporate & Personal Data Collection

We distinguish between "Corporate Intelligence" (publicly available data) and "Personal Data" (identifiable information).

2.1 Personal Data We Process

We collect only what is strictly necessary ("Data Minimization"):

• Identity Data: Full Name, Professional Designation, Corporate Email ID.
• Authentication Data: Login credentials, API keys, and device telemetry (IP address, User Agent) for security auditing.
• Financial Data: GSTIN, PAN (for Indian clients), and billing coordinates. Payment processing is handled by PCI-DSS Level 1 certified gateways (e.g., Stripe, Razorpay); we do not store raw card data.

2.2 Reputation Intelligence Data

The WhizBRAM™ engine aggregates publicly available data from the open web (news sites, social media, forums, search indices). This processing is based on the legal ground of "Legitimate Interest" to provide reputation analysis services. We do not scrape private profiles or breach platform Terms of Service.

3. Purpose of Processing

Your data is utilized for specific, lawful purposes:

• Service Delivery: To generate Reputation Impact Scores, Crisis Alerts, and Search Analysis.
• Security & Integrity: To detect bot farms, synthetic traffic anomalies, and unauthorized access attempts.
• Legal Compliance: To establish audit trails as required by the IT Act, 2000 and for tax/GST filing purposes.
• Communication: To send critical service alerts, crisis notifications, and ROI reports.

4. Data Localization & International Transfer

For Indian Data Principals: Critical personal and financial data is stored on secure servers located within India (AWS Mumbai Region), complying with data localization norms where applicable.

Cross-Border Transfer: For operational redundancy or global analysis, data may flow to servers in the US or EU. Such transfers are protected via Standard Contractual Clauses (SCCs) and strict Data Processing Agreements (DPAs) ensuring equivalent levels of protection.

5. Security Infrastructure

We do not rely on "reasonable" security; we employ maximum security.

• Encryption: AES-256 bit encryption for data at rest; TLS 1.3 for data in transit.
• Access Control: Strict Role-Based Access Control (RBAC) enforced with Multi-Factor Authentication (MFA).
• Audit Logs: Immutable logs of all data access and modifications are retained for forensic analysis.

6. Rights of Data Principals

Under the DPDP Act and GDPR, you possess the following non-negotiable rights:

• Right to Access: Request a summary of personal data being processed.
• Right to Correction: Demand rectification of inaccurate or misleading data.
• Right to Erasure: Request deletion of personal data once the purpose is served, barring statutory retention requirements (e.g., Tax Laws).
• Right to Grievance Redressal: The right to readily available means of grievance resolution.