Introduction

Who We Are

Chetaru (“we,” “us,” “our,” or “Company”) is a web development, design, and digital marketing agency based in Indore, Madhya Pradesh, India.

Business Details:

• Business Name: Chetaru
• Website: https://www.chetaru.com
• Email: info@chetaru.com
• Address: [Full Business Address], Indore, Madhya Pradesh, India

Purpose of This Policy

This Privacy Policy describes:

• What personal information we collect
• How we collect your information
• Why we collect and use your information
• With whom we share your information
• How we protect your information
• Your rights regarding your information
• How to contact us about privacy matters

Scope

This Privacy Policy applies to:

• Our website (chetaru.com)
• Our services (web development, design, digital marketing)
• Our client portals and project management systems
• Communications with us (email, phone, contact forms)
• White-label services provided to agency partners

Your Consent

By using our website or services, you consent to the collection and use of your information as described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not:

• Use our website
• Submit information through our forms
• Engage our services
• Subscribe to our communications

Information we collect

Personal Information

Information You Provide Directly:

We collect information you voluntarily provide when you:

Contact Us:

• Name
• Email address
• Phone number
• Company name
• Job title
• Message content
• Inquiry details

Request a Quote or Consultation:

• Business information
• Project requirements
• Budget range
• Timeline
• Industry/vertical
• Website URL (if existing)
• Technical requirements

Become a Client:

• Full name and contact details
• Business/company information
• Billing address
• Payment information (processed securely by payment processors)
• Tax identification numbers (GST, VAT, etc.)
• Project-specific information

Create an Account (Client Portal):

• Username and password
• Profile information
• Communication preferences
• Access credentials for services we manage

Subscribe to Newsletter:

• Email address
• Name (optional)
• Company (optional)
• Preferences and interests

Apply for Jobs:

• Resume/CV
• Cover letter
• Portfolio
• Educational background
• Work experience
• References

Technical Information

Automatically Collected When You Visit Our Website:

Device & Browser Information:

• IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Screen resolution
• Device identifiers

Usage Information:

• Pages visited
• Time spent on pages
• Links clicked
• Referral source (how you found us)
• Search terms used
• Date and time of visit
• Download activity

Location Information:

• Country, region, city (approximate location based on IP)
• Time zone

Cookies & Tracking Data

Information collected through cookies and similar technologies:

• Session information
• User preferences
• Analytics data
• Advertising data

(See Section 6 for detailed cookie information)

Information from Third Parties

We May Receive Information From:

Social Media:

• Public profile information if you interact with our social media
• Information you choose to share when connecting accounts

Business Partners:

• Referral information from partners
• White-label agency information about projects

Service Providers:

• Payment processing information
• Email delivery statistics
• Analytics data

Public Sources:

• Business information from company websites
• LinkedIn profiles (for B2B outreach)
• Public business directories

Project-Related Information

During Service Delivery, We Access:

For Website Projects:

• Domain and hosting credentials
• CMS login credentials
• FTP/SFTP access
• Database access
• Third-party service credentials (as needed)
• Analytics account access
• Social media account access (if managing)

For Marketing Projects:

• Advertising account access
• Social media management access
• Email marketing platform access
• Analytics and reporting tools
• Customer data (as necessary for services)

Note: We only access this information with your explicit permission and for the purpose of delivering services.

How we collect information

Direct Collection

Information You Provide:

• Contact forms on our website
• Email communications
• Phone conversations
• Video calls and meetings
• Project proposals and contracts
• Client portal registrations
• Newsletter subscriptions
• Survey responses
• Job applications

Automatic Collection

Website Visit Information:

• Cookies and similar technologies
• Web server logs
• Analytics tools (Google Analytics, etc.)
• Heatmap tools (Hotjar, Microsoft Clarity)
• Tag management systems (Google Tag Manager)

Third-Party Sources

Business Information:

• LinkedIn and professional networks
• Business directories and databases
• Partner referrals
• Public company information

Service Delivery

Access Provided by Clients:

• Login credentials for platforms we manage
• Access to hosting and servers
• CRM and marketing automation platforms
• Analytics and reporting tools
• Social media accounts

How we use your information

To Provide Services

Service Delivery:

• Respond to inquiries and provide quotes
• Deliver contracted web development, design, and marketing services
• Communicate about projects (updates, requests, approvals)
• Provide technical support and maintenance
• Access necessary systems to complete work
• Deliver project files and documentation
• Train clients on delivered systems

Business Operations

Administrative Purposes:

• Process payments and send invoices
• Maintain client accounts and records
• Manage contracts and agreements
• Verify identity and prevent fraud
• Comply with legal obligations
• Maintain business records

Marketing & Communications

With Your Consent:

• Send newsletters and marketing emails
• Provide updates about our services
• Send promotional offers and announcements
• Share industry insights and tips
• Invite to webinars and events

You can opt-out of marketing communications at any time.

Website Improvement

Analytics & Optimization:

• Analyze website usage and performance
• Understand user behavior and preferences
• Improve website design and functionality
• Optimize user experience
• Test new features and content
• Conduct A/B testing

Legal Compliance

Legal Obligations:

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Enforce our Terms of Service
• Protect our legal rights
• Prevent fraud and abuse
• Comply with tax and accounting requirements

Business Development

Growth & Improvement:

• Develop new services and features
• Conduct market research
• Analyze business performance
• Improve service quality
• Train our team
• Create case studies (with permission)

Portfolio & Marketing

With Client Permission:

• Display completed projects in portfolio
• Create case studies and success stories
• Use project screenshots on website
• Mention client names in client lists
• Share results and metrics (anonymized or attributed)

Note: White-label and NDA-protected projects never publicly displayed without explicit permission.

How we share your information

We Do Not Sell Your Information

Important: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Service Providers

We Share Information With Trusted Service Providers:

Website & Infrastructure:

• Hosting providers (Kinsta, Cloudflare, etc.)
• Domain registrars
• CDN providers
• Email service providers

Business Operations:

• Payment processors (Razorpay, PayPal, Stripe)
• Accounting software
• Project management tools
• CRM systems
• Communication platforms (Slack, email)

Marketing & Analytics:

• Email marketing platforms (Mailchimp, etc.)
• Analytics providers (Google Analytics)
• Advertising platforms (Google Ads, Facebook)
• Heatmap and session recording tools

Professional Services:

• Legal advisors
• Accountants and tax advisors
• Insurance providers
• Banking partners

Service Provider Obligations:

• Use data only for specified purposes
• Maintain confidentiality
• Implement appropriate security measures
• Comply with applicable privacy laws

Business Partners

Limited Sharing With Partners:

Agency Partners (White-Label Services):

• Project information necessary for collaboration
• Technical requirements and specifications
• Timeline and deliverables
• Communication related to shared projects

Referral Partners:

• Information about referred clients (with consent)
• Project outcomes for commission purposes

Legal Requirements

We May Disclose Information When Required:

Legal Obligations:

• To comply with laws, regulations, or legal processes
• To respond to court orders or subpoenas
• To cooperate with law enforcement
• To protect national security
• To comply with tax and accounting requirements

Rights Protection:

• To enforce our Terms of Service
• To protect our legal rights and property
• To prevent fraud or illegal activities
• To protect safety of users or public
• To defend against legal claims

Business Transfers

In Case of Business Transaction:

If we’re involved in merger, acquisition, sale, bankruptcy, or similar transaction:

• Your information may be transferred
• You’ll be notified of any change
• New entity bound by this Privacy Policy
• You’ll have choices regarding your information

With Your Consent

Explicit Permission:

• Display projects in portfolio (with client approval)
• Create public case studies
• Share testimonials and reviews
• Mention client names publicly
• Any other sharing with your explicit consent

Cookies & tracking technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit websites. They help websites remember information about your visit.

Types of Cookies We Use

Essential Cookies (Required):

Purpose: Necessary for website functionality

• Session management
• Security features
• Load balancing
• Form submission
• User authentication (client portal)

Cannot be disabled without affecting website functionality.

Analytics Cookies:

Purpose: Understand how visitors use our website

We Use:

• Google Analytics
• Microsoft Clarity
• Hotjar

Information Collected:

• Pages visited
• Time on site
• Traffic sources
• User behavior patterns
• Device and browser information

You can opt-out via browser settings or opt-out tools.

Marketing Cookies:

Purpose: Deliver relevant advertisements and measure campaign effectiveness

We Use:

• Google Ads
• Facebook Pixel
• LinkedIn Insight Tag

Information Used For:

• Retargeting campaigns
• Conversion tracking
• Ad performance measurement
• Audience building

You can opt-out via browser settings, ad preferences, or opt-out tools.

Preference Cookies:

Purpose: Remember your choices and settings

• Language preference
• Region/location
• Cookie consent choices
• Display preferences

Cookie Duration

Session Cookies:

• Temporary
• Deleted when you close browser
• Used for essential functionality

Persistent Cookies:

• Remain until expiration date or manual deletion
• Duration varies (typically 30 days to 2 years)
• Used for analytics and preferences

Third-Party Cookies

Services That May Set Cookies:

• Google (Analytics, Ads, Tag Manager)
• Facebook (Pixel)
• LinkedIn (Insight Tag)
• YouTube (if we embed videos)
• Other embedded content

Note: We don’t control third-party cookies. Review their privacy policies for details.

Managing Cookies

Your Cookie Choices:

Browser Settings:

• Block all cookies
• Delete existing cookies
• Block third-party cookies
• Receive cookie notifications

Impact of Blocking Cookies:

• Website may not function properly
• Preferences not saved
• Analytics won’t work
• Personalization limited

Opt-Out Tools:

• Google Analytics Opt-out: [Link to Google tool]
• Network Advertising Initiative: http://www.networkadvertising.org/choices/
• Digital Advertising Alliance: http://www.aboutads.info/choices/

Do Not Track (DNT)

Our website currently does not respond to “Do Not Track” signals due to lack of industry standard.

You can manage tracking through:

• Browser settings
• Cookie preferences
• Opt-out tools listed above

Data security

Our Security Measures

We Implement Industry-Standard Security:

Technical Measures:

• SSL/TLS encryption for data transmission
• Encrypted storage for sensitive data
• Secure hosting infrastructure
• Regular security updates and patches
• Firewall protection
• Intrusion detection systems
• Secure authentication protocols
• Regular security audits

Administrative Measures:

• Access controls and permissions
• Employee training on data protection
• Confidentiality agreements with staff
• Background checks for employees
• Regular security policy reviews
• Incident response procedures

Physical Measures:

• Secure office facilities
• Restricted access to systems
• Secure disposal of physical documents
• Locked storage for sensitive materials

Data Encryption

Encryption Standards:

• Data in transit: TLS 1.2 or higher
• Data at rest: AES-256 encryption
• Password hashing: Bcrypt or similar
• Database encryption where applicable

Access Controls

Limited Access:

• Access based on need-to-know
• Role-based permissions
• Multi-factor authentication (where available)
• Regular access reviews
• Immediate revocation upon employee departure

Client Data Protection

For Project Work:

• Credentials stored in encrypted password managers
• VPN used for sensitive connections
• Access logs maintained
• Regular credential rotation
• Secure file transfer protocols

Third-Party Security

Vendor Requirements:

• Security assessments of service providers
• Contractual security obligations
• Compliance certifications reviewed
• Regular security audits

Security Limitations

Important Acknowledgment:

No method of transmission or storage is 100% secure.

While we implement strong security measures:

• Internet transmission has inherent risks
• Unauthorized access possible despite precautions
• You’re responsible for credential security
• Report suspected breaches immediately

Your Responsibility:

• Use strong, unique passwords
• Don’t share credentials
• Log out of shared devices
• Report suspicious activity
• Keep contact information updated

Data Breach Response

If Breach Occurs:

Our Response:

1. Immediate containment of breach
2. Assessment of impact
3. Notification to affected individuals (as required by law)
4. Notification to authorities (as required)
5. Remediation measures
6. Prevention of future incidents

Notification Timeline:

• As required by applicable law
• Typically within 72 hours of discovery
• Via email to affected individuals

Data retention

How Long We Keep Your Data

Retention Periods:

Inquiry Information:

• Contact forms & quotes: 2 years from last contact
• Purpose: Follow-up on inquiries, business development

Client Information:

• Active clients: Duration of relationship + 7 years
• Former clients: 7 years after project completion
• Purpose: Legal obligations, tax records, potential future projects

Financial Records:

• Invoices & payments: 7 years (tax requirement)
• Purpose: Accounting, tax compliance, audits

Project Files:

• Working files: 1 year after project completion
• Final deliverables: 2 years after project completion
• Purpose: Support, warranty, potential future work

Marketing Data:

• Newsletter subscribers: Until unsubscribe
• Marketing contacts: 3 years of inactivity
• Purpose: Marketing communications

Website Analytics:

• Google Analytics: 26 months (default)
• Server logs: 90 days
• Purpose: Website improvement, security

Employment Applications:

• Applications: 1 year from application date
• Purpose: Future opportunities, legal compliance

Factors Affecting Retention

We Consider:

• Legal and regulatory requirements
• Legitimate business needs
• Ongoing client relationships
• Warranty and support obligations
• Dispute resolution needs
• Historical reference value

Retention Extensions

We May Retain Longer If:

• Required by law
• Necessary for ongoing litigation
• Needed for tax audits
• Related to contract disputes
• With your explicit consent

Deletion Process

When Retention Period Ends:

Secure Deletion:

• Secure deletion from active systems
• Removal from backups (over time)
• Destruction of physical records
• Verification of deletion

Your privacy rights

Your Rights

Depending on your location, you may have the following rights:

Right to Access

You Can Request:

• Confirmation we process your data
• Copy of your personal information
• Details about how we use your data
• Information about data sharing

How to Request:

• Email: info@chetaru.com
• Subject: “Data Access Request”
• Include: Name, email, verification details

Response Time: Within 30 days

Right to Rectification

You Can Request:

• Correction of inaccurate information
• Completion of incomplete information
• Updates to outdated information

How to Update:

• Email: info@chetaru.com
• Client portal (if applicable)
• Direct communication with your project manager

Response Time: Within 30 days

Right to Erasure (“Right to be Forgotten”)

You Can Request Deletion If:

• Data no longer necessary for original purpose
• You withdraw consent (where consent was basis)
• You object to processing
• Data processed unlawfully
• Legal obligation requires deletion

Limitations:

• Legal obligations require retention
• Exercise or defense of legal claims
• Public interest reasons
• Legitimate business needs

How to Request:

• Email: info@chetaru.com
• Subject: “Data Deletion Request”

Response Time: Within 30 days

Right to Restriction of Processing

You Can Request We Limit Processing If:

• You contest accuracy of data
• Processing is unlawful but you don’t want deletion
• We no longer need data but you need it for legal claims
• You’ve objected to processing (pending verification)

Effect: We store but don’t actively use your data

Right to Data Portability

You Can Request:

• Your data in structured, commonly used format
• Transfer of data to another service provider

Applies To:

• Data you provided to us
• Data processed based on consent or contract
• Processing carried out by automated means

Format: CSV, JSON, or other machine-readable format

Right to Object

You Can Object To:

• Processing for direct marketing (anytime)
• Processing based on legitimate interests
• Profiling and automated decision-making

How to Object:

• Email: info@chetaru.com
• “Unsubscribe” link in marketing emails

Effect: We stop processing unless compelling legitimate grounds override

Right to Withdraw Consent

If Processing Based on Consent:

• Withdraw consent anytime
• Easy as giving consent
• Doesn’t affect lawfulness of prior processing

How to Withdraw:

• Email: info@chetaru.com
• Unsubscribe from emails
• Update preferences in client portal

Right to Lodge Complaint

If You Believe We Violated Your Privacy Rights:

Contact Us First:

• Email: info@chetaru.com
• We’ll investigate and respond

Contact Supervisory Authority:

• If unsatisfied with our response
• Contact your local data protection authority
• For India: Office of the [Relevant Authority]
• For EU: Your national data protection authority
• For US: FTC or state attorney general

Exercising Your Rights

How to Submit Requests:

Email Us:

• Email: info@chetaru.com
• Subject: Clearly state your request type
• Include: Name, email, and verification details

Verification:

• We may request verification to confirm identity
• Protects against unauthorized access
• May require government ID or other verification

Response Time:

• Within 30 days of verified request
• May extend to 60 days for complex requests
• We’ll inform you of any delays

Free of Charge:

• First request: Free
• Excessive or repetitive requests: May charge reasonable fee

Children’s privacy

Age Restriction

Our Services Are Not Directed to Children:

• Website and services intended for adults (18+)
• We don’t knowingly collect information from children under 13 (US)
• We don’t knowingly collect information from children under 16 (EU)

No Intentional Collection

We do not knowingly:

• Collect personal information from children
• Market to children
• Allow children to use our services
• Create accounts for children

Parental Discovery

If You Believe We Have Child’s Information:

Contact Us Immediately:

• Email: info@chetaru.com
• Subject: “Child Privacy Concern”
• Provide: Details of the situation

Our Response:

• Immediate investigation
• Verification of age
• Prompt deletion of information if confirmed
• Prevention of future access

Parental Rights

Parents/guardians have right to:

• Review child’s information (if any)
• Request deletion
• Refuse further collection
• File complaint with authorities

International data transfers

Data Location

Primary Data Storage:

• India (our primary operations base)
• Cloud servers (may be located internationally)

International Transfers:

• We serve clients globally
• Data may be transferred internationally
• Transferred to countries with adequate protection

Transfer Safeguards

For International Transfers, We Use:

Standard Contractual Clauses:

• EU-approved standard clauses
• Contractual obligations with service providers
• Legal protections for transferred data

Adequate Protection:

• Transfers to countries with adequate data protection laws
• Compliance with applicable transfer mechanisms
• Security measures regardless of location

Service Provider Locations

Our Service Providers May Be Located In:

• United States (Google, AWS, Stripe, etc.)
• European Union
• Other countries with data protection standards

We Ensure:

• Service providers commit to data protection
• Appropriate safeguards in place
• Compliance with applicable laws

Your Rights

For International Transfers:

• Right to information about transfers
• Right to object to transfers (where applicable)
• Right to adequate protection
• Right to legal remedies

Third-party services

Third-Party Links

Our Website May Link To:

• Social media platforms
• Partner websites
• Service provider sites
• Client websites (portfolio)
• Industry resources

Important:

• We don’t control third-party websites
• Their privacy policies apply
• Review their policies before providing information
• We’re not responsible for their practices

Social Media

We Maintain Presence On:

• LinkedIn
• Twitter/X
• Facebook
• Instagram
• GitHub

When You Interact:

• Subject to platform’s privacy policy
• Your profile information visible based on settings
• We see public information you share
• Platform may share analytics with us

Third-Party Service Providers

We Use Various Services:

Analytics:

• Google Analytics
• Microsoft Clarity
• Hotjar

Marketing:

• Google Ads
• Facebook Ads
• LinkedIn Ads
• Mailchimp

Infrastructure:

• Cloudflare (CDN, Security)
• Kinsta (Hosting)
• AWS (Cloud Services)

Communication:

• Email service providers
• Project management tools
• Video conferencing platforms

Each Has Their Own Privacy Policy

Embedded Content

Our Website May Include:

• YouTube videos
• Social media feeds
• Maps (Google Maps)
• Forms (Google Forms, Typeform)

Data Collection:

• These services may set cookies
• May collect usage information
• Subject to their privacy policies

Changes to privacy policy

Right to Update

We reserve the right to update this Privacy Policy at any time to reflect:

• Changes in laws and regulations
• Changes in our business practices
• Changes in technology
• Improvements to data protection
• User feedback

Notification of Changes

How We Notify You:

Minor Changes:

• Updated “Last Modified” date
• Posted on website
• No additional notification required

Material Changes:

• Email notification to active clients and subscribers
• Prominent notice on website
• 30 days notice before changes take effect
• Opportunity to review changes

What Are Material Changes:

• Changes to types of data collected
• New purposes for data use
• Changes in data sharing practices
• Reduction in your rights
• Changes in security practices

Reviewing Changes

We Recommend:

• Review Privacy Policy periodically
• Check “Last Modified” date
• Review before providing new information
• Contact us with questions

Acceptance of Changes

Continued Use = Acceptance:

• Continued website use after changes posted
• Continued use of services
• Provision of information after changes

Don’t Accept Changes:

• Discontinue use of website/services
• Request data deletion
• Contact us to discuss concerns

Previous Versions

Upon Request:

• Can provide previous versions
• Email: info@chetaru.com
• Useful for historical reference

Contact us

Privacy Questions or Concerns?

Contact Our Privacy Team:

Email (Preferred): info@chetaru.com Subject: “Privacy Policy Question” or “Privacy Request”

Phone: +91-999-343-7877 Hours: Monday-Friday, 9 AM – 6 PM IST

Mail: Chetaru Attention: Privacy Officer [Full Business Address] Indore, Madhya Pradesh 452010 India

What to Include in Privacy Requests

For All Requests:

• Your full name
• Email address associated with your data
• Phone number (optional)
• Description of your request
• Verification information

For Specific Requests:

• Access Request: Specify what information you want
• Deletion Request: Confirm you want all data deleted
• Correction Request: Specify what needs correcting
• Objection: Explain your objection
• Complaint: Describe the issue in detail

Response Time

We Commit To:

• Acknowledge receipt within 2 business days
• Provide substantive response within 30 days
• Extend to 60 days for complex requests (with notice)
• Keep you informed of progress

Escalation

If Unsatisfied:

• Request escalation to management
• Contact your local data protection authority
• Seek legal advice
• File formal complaint

Additional information

California Privacy Rights (CCPA)

For California Residents:

Under CCPA, you have additional rights:

• Right to know what information we collect
• Right to know if we sell your information (we don’t)
• Right to opt-out of sale (not applicable)
• Right to non-discrimination
• Right to delete information

Shine the Light Law:

• Request information about sharing with third parties for marketing

Contact: Same contact information as above

European Privacy Rights (GDPR)

For EU/EEA Residents:

Under GDPR, you have enhanced rights:

• All rights listed in Section 9
• Right to lodge complaint with supervisory authority
• Right to effective judicial remedy
• Additional protections for international transfers

Legal Basis for Processing:

• Consent: When you give explicit permission
• Contract: Necessary to provide services
• Legal Obligation: Compliance with laws
• Legitimate Interest: Business operations

Data Protection Officer: For GDPR-related inquiries: info@chetaru.com

Indian Privacy Compliance

Information Technology Act, 2000:

• We comply with IT Act and rules
• Reasonable security practices implemented
• Sensitive personal data protected

Upcoming Legislation:

• Monitoring Digital Personal Data Protection Act
• Will update policy as legislation develops

Consent to privacy policy

By using our website or services, you acknowledge:

• You have read this Privacy Policy
• You understand how we collect and use information
• You consent to collection and use as described
• You have authority to consent (if representing organization)

For Questions: Contact info@chetaru.com

Related policies

Please also review:

• Terms of Service – Governs use of our services
• Cookie Policy – Detailed cookie information
• Terms of Service – Confidentiality – Confidentiality obligations