← Back to Cru
POLICY 1: PRIVACY POLICY
POLICY 1: PRIVACY POLICY
Defensive Version – Compliance with Indian Law
1.1 Introduction
1.1.1 CRU is a digital platform owned and operated by Cruvels Private Limited, a company incorporated under the laws of India, having its registered office at: Building bearing No.19/35, V456, First Floor, Mount Road, Little Mount, Chennai-600015, Tamil Nadu, India.
1.1.2 This Privacy Policy governs the collection, processing, storage, transfer, and protection of personal data in accordance with:
• (a) Information Technology Act, 2000
• (b) Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
• (c) Digital Personal Data Protection Act, 2023
1.1.3 By creating an account or using CRU, you provide free, informed, specific, and unambiguous consent to the processing of your personal data in accordance with this Policy.
1.2 Definitions
For purposes of this Policy:
1.2.1 "Platform" means CRU (Civic Reputation & Understanding Network).
1.2.2 "Company" means Cruvels Private Limited.
1.2.3 "User" means any individual accessing or using CRU.
1.2.4 "Personal Data" means any data about an identifiable individual.
1.2.5 "Processing" includes collection, storage, use, disclosure, transfer, or deletion of data.
1.2.6 "Sensitive Data" includes financial, authentication, and government-identified information where applicable.
1.2.7 "Content" means any text, images, videos, audio, or other materials posted, uploaded, or shared by Users on the Platform.
1.2.8 "Moderation" means the review, evaluation, labeling, restriction, or removal of Content in accordance with Platform policies and applicable law.
1.2.9 "Civic Credibility Score" means an automated platform ranking signal based on User engagement quality, rule compliance, and interaction patterns, used to allocate platform features such as content visibility and debate participation priority.
1.3 Eligibility
1.3.1 CRU is strictly available to individuals 18 years and above.
1.3.2 By registering, you represent and warrant that you are at least 18 years of age.
1.3.3 Accounts found to belong to individuals under 18 may be suspended or deleted without notice.
1.4 Data Collection
1.4.1 Account Data
• (a) Mobile number (mandatory)
• (b) OTP authentication logs
• (c) Linked email address
• (d) Username / display name
• (e) Profile details
1.4.2 User-Generated Content
• (a) Posts, debates, comments
• (b) Civic and public policy discussions (including political discussions as one category)
• (c) Uploaded media
1.4.3 Technical & Device Data
• (a) IP address
• (b) Device type
• (c) Browser and OS
• (d) Access logs
• (e) Cookies and session identifiers
1.4.4 Transaction Data
• (a) Subscription details
• (b) Payment transaction metadata (Note: Full card/banking data is not stored by CRU)
1.5 Data Minimization Principle
1.5.1 CRU collects only data that is:
• (a) Necessary for account functionality
• (b) Required for legal compliance
• (c) Essential for platform security
• (d) Required for moderation and fraud prevention
1.5.2 We do not collect excessive or unrelated personal data.
1.6 Purpose of Processing
1.6.1 Your data is processed for:
• (a) User authentication
• (b) Platform functionality, including Civic Credibility Score calculation
• (c) AI-assisted moderation and content safety
• (d) Civic discourse support tools (contextual information, evidence-based resources)
• (e) Political advertisement transparency (where applicable)
• (f) Fraud detection and platform integrity
• (g) Legal compliance
• (h) Security monitoring
• (i) Service improvement
1.6.2 We do not sell personal data.
1.6.3 Personal data is not used for political micro-targeting or to manipulate electoral outcomes.
1.7 Legal Basis for Processing
1.7.1 Data is processed under:
• (a) User consent
• (b) Contractual necessity (account access)
• (c) Legal obligations
• (d) Legitimate business interests
1.8 AI & Automated Decision-Making
1.8.1 CRU uses AI-based tools to:
• (a) Detect harmful or unlawful content
• (b) Flag policy violations
• (c) Identify political advertisements
• (d) Prevent platform abuse
1.8.2 Automated systems may affect content visibility, ranking, or removal.
1.8.3 Users may request human review by contacting: grievance@cruvels.com
1.9 Data Storage & Localization
1.9.1 All primary user data is stored on AWS data centers located in India.
1.9.2 Access to data is restricted via:
• (a) Role-based controls
• (b) Encryption in transit
• (c) Secure infrastructure standards
1.10 Cross-Border Data Transfers
1.10.1 If cross-border processing occurs:
• (a) It will comply with applicable Indian law
• (b) Appropriate contractual safeguards will be implemented
• (c) Transfers will be limited to permitted jurisdictions
1.11 Data Retention
1.11.1 User Content may be retained for an indefinite period subject to operational requirements and legal obligations, unless:
• (a) Deleted by User
• (b) Account termination occurs
• (c) Legal removal is required
1.11.2 Certain records (transaction logs, moderation records, Civic Credibility Score histories, political advertisement records) may be retained for regulatory compliance, fraud prevention, and legal defense purposes.
1.11.3 For detailed retention periods by data category, refer to the Data Retention Policy.
1.12 Account Suspension & Termination
1.12.1 If an account is suspended or terminated:
• (a) Public content may remain visible where legally required
• (b) Certain records may be retained for compliance
• (c) Access credentials will be disabled
1.13 User Rights
1.13.1 Subject to applicable law, users may:
• (a) Access personal data
• (b) Request correction
• (c) Withdraw consent
• (d) Request deletion
• (e) Request grievance review
• (f) Seek explanation of automated decisions
1.13.2 Requests may be submitted to: legal@cruvels.com
1.14 Cookies & Tracking Technologies
1.14.1 CRU uses cookies and session technologies to:
• (a) Maintain login sessions
• (b) Improve security
• (c) Analyze usage trends
• (d) Prevent abuse
1.14.2 Users may control cookies via browser settings.
1.15 Data Breach Notification
1.15.1 In the event of a data breach:
• (a) The Company will assess risk promptly
• (b) Notify affected users where legally required
• (c) Notify regulatory authorities where required under law
• (d) Take corrective measures
1.16 Civic Content & Sponsored Communication
1.16.1 CRU supports a broad range of civic discourse, including political discussions as one category among many topics.
1.16.2 Political advertisements (when applicable):
• (a) Will be clearly labeled
• (b) Must disclose sponsor identity
• (c) Are subject to moderation
• (d) Records are maintained internally for regulatory purposes
1.16.3 For full details, refer to the Political Advertising & Sponsored Content Policy.
1.17 Law Enforcement Requests
1.17.1 The Company may disclose data:
• (a) In response to lawful court orders
• (b) Government directives
• (c) National security requirements
1.17.2 Such disclosures will comply strictly with applicable law.
1.18 Security Measures
1.18.1 We implement:
• (a) Encryption
• (b) Secure hosting infrastructure
• (c) Access logging
• (d) Incident response protocols
• (e) Internal data access restrictions
1.18.2 However, no digital system is completely secure.
1.19 Limitation of Privacy Liability
1.19.1 While we implement reasonable safeguards, the Company shall not be liable for:
• (a) Unauthorized access caused by external cyberattacks
• (b) User negligence
• (c) Force majeure events
1.19.2 Liability limitations are further governed by the Terms of Service.
1.20 Ongoing Consent
1.20.1 By creating an account and using the Platform, you provide consent to data processing as described in this Policy.
1.20.2 Continued use of the Platform constitutes ongoing consent for processing necessary for service delivery and legal compliance.
1.21 Changes to This Policy
1.21.1 We may update this Privacy Policy periodically.
1.21.2 Material changes will be notified through:
• (a) Website notice
• (b) Registered email communication
1.21.3 Continued use after notification constitutes acceptance of the updated Policy.