Nashik-based software development company building custom web platforms, React Native mobile apps, and MVPs that help founders launch faster and grow revenue across India.

CraftDesk SolutionsCraftDesk

Privacy Policy

How CraftDesk Solutions collects, uses, shares, and protects your personal information when you use our website and engage our software development services.

Last updated: 20 June 2026Effective: 20 June 2026Jurisdiction: India
India DPDP Act 2023 + GDPR-aligned. This policy explains what personal information we collect, why we collect it, how we use and share it, and the rights and choices you have.

1. Introduction

CraftDesk Solutions ("CraftDesk," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights and choices you have.

This policy applies to information collected through our website, our enquiry and newsletter forms, and our communications and services. By using our website or engaging us, you confirm that you have read and understood this policy. If you do not agree, please do not use our website or services.

2. Who we are

CraftDesk Solutions is a software development company based in Nashik, Maharashtra, India. We design and build MVPs, custom web applications, and mobile applications for startups and businesses.

For the purposes of the Digital Personal Data Protection Act, 2023 (India) ("DPDP Act") and, where applicable, the EU/UK General Data Protection Regulation ("GDPR"), we act as a Data Fiduciary / Controller for information about our prospects, clients, and website visitors, and as a Data Processor / Processor for personal data contained within Client Materials that you ask us to handle during an engagement.

3. Scope of this policy

This policy describes our general practices. Specific engagements may be governed by additional terms in a Proposal or data-processing agreement that supplement this policy. Where we process personal data on your behalf as part of building or maintaining your product, you remain the controller of that data and are responsible for its lawful collection and use.

4. Information we collect

We collect information in three broad ways:

4.1 Information you give us

  • Contact & identity: your name, business name, email address, phone number, and role.
  • Project details: information you share when requesting a quote or consultation, including your requirements, budget range, and timelines.
  • Engagement & billing: billing name, address, GSTIN (where applicable), and invoice history. Payment credentials are processed directly by our payment partners and are not stored on our servers.
  • Client Materials: content, credentials, designs, and data you provide so we can deliver the Services.
  • Support & communications: emails, chat messages, and call notes when you contact us.

4.2 Information we collect automatically

  • Usage data: pages visited, links clicked, and basic interaction data used to improve the website.
  • Device & network: IP address, browser type and version, operating system, language, time zone, and referring URL.
  • Cookies & local storage: see Section 13.

4.3 Information from third parties

  • Analytics providers: aggregated, pseudonymised statistics about website usage.
  • Payment providers: transaction status, reference IDs, and limited masked payment metadata.
  • Public sources: publicly available business information used to understand enquiries and prevent fraud.

5. How we use your information

  • Respond to enquiries, prepare quotes, schedule consultations, and set up engagements.
  • Provide, manage, and improve the Services you request.
  • Process billing, generate invoices, take payments, and detect fraud.
  • Send service communications (project updates, security, billing) and, where you have opted in, newsletters and marketing.
  • Maintain the security and reliability of our website and systems.
  • Comply with legal, tax, and accounting obligations.

6. Legal bases for processing

Where the GDPR or comparable laws apply, we rely on the following legal bases:

  • Performance of a contract — to provide the Services you engaged us for.
  • Legitimate interests — to operate, secure, and improve our website and Services and to prevent fraud, balanced against your privacy rights.
  • Consent — for optional processing such as marketing emails and non-essential cookies; you can withdraw consent at any time.
  • Legal obligation — to comply with applicable laws, regulations, and tax / accounting requirements.

7. Sharing & disclosure

We do not sell your personal data. We share it only as described below:

  • With sub-processors that help us run our business (hosting, analytics, email, payments) — see Section 8.
  • With professional advisors such as auditors, lawyers, and accountants under confidentiality obligations.
  • For legal reasons where we believe in good faith that disclosure is necessary to comply with law, enforce our terms, or protect rights, property, or safety.
  • In a business transaction such as a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

8. Sub-processors

We engage carefully selected sub-processors to help operate our website and Services. These typically include cloud hosting and CDN providers, transactional email providers, analytics tools, and payment processors. Each is bound by confidentiality and limited-use obligations.

For an up-to-date list of key sub-processors, or to be notified of changes, email craftdesk.tech@gmail.com.

9. International data transfers

We are based in India and primarily process data on infrastructure located in India. Some sub-processors may process data in other regions, including the United States and the European Union. Where we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or recognised adequacy mechanisms.

10. Data retention

  • Enquiry and prospect data — kept for as long as needed to respond and follow up, then deleted or anonymised.
  • Client account and project data — for the life of the engagement and a reasonable period afterwards to satisfy audit and dispute-resolution needs.
  • Billing records & invoices — retained as long as required by Indian tax and accounting regulations (typically up to 8 years).
  • Backups — rolling encrypted backups; deleted data is purged within the backup cycle.

11. Security

We apply reasonable administrative, technical, and physical safeguards to protect personal data, including encryption in transit, access controls on a least-privilege basis, secure handling of credentials, and regular review of our practices.

No system is completely secure. If you believe your data has been compromised or you discover a vulnerability, please email craftdesk.tech@gmail.com immediately.

12. Your rights & choices

Subject to applicable law (including the DPDP Act and the GDPR), you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data, subject to legal retention requirements.
  • Restriction & objection — ask us to pause certain processing or object to processing based on legitimate interests.
  • Portability — receive your data in a structured, commonly used, machine-readable format.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting prior processing.
  • Complain — lodge a complaint with the Data Protection Board of India or your local supervisory authority.

13. Cookies & similar technologies

We use a small number of cookies and similar technologies to keep our website working and to understand usage:

  • Strictly necessary — for core site functionality and security.
  • Preferences — to remember settings such as theme.
  • Analytics — aggregated, pseudonymised usage statistics. We avoid third-party advertising cookies.

14. Children's privacy

Our website and Services are intended for businesses and adults aged 18 or older. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact craftdesk.tech@gmail.com and we will take appropriate steps to delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you. Your continued use of our website or Services after the changes take effect constitutes your acceptance of the updated policy.

16. Grievance officer (India)

In accordance with the Information Technology Act, 2000, the related Intermediary Guidelines, and the DPDP Act, 2023, you may contact our Grievance Officer for any privacy-related complaint. We acknowledge complaints promptly and aim to resolve them within the timeframes required by law.

  • Grievance & Data Protection contact: CraftDesk Solutions
  • Email: craftdesk.tech@gmail.com
  • Phone: +91 94034 29923
  • Address: Ashoka Marg, Nashik, Maharashtra, India

17. How to contact us

For any privacy-related question or request, contact us at:

  • Email: craftdesk.tech@gmail.com
  • Phone: +91 94034 29923
  • Address: Ashoka Marg, Nashik, Maharashtra, India