Privacy Policy

Effective Date: 20 Septemper 2025

Last Updated: 18 October 2025

1. Introduction

Welcome to Credantium LLP ("Credantium", "we", "our", or "us").

Credantium is an AI and automation company registered in India, with operations in the United Arab Emirates, United Kingdom, Singapore, and India.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website https://credantium.com ("Website") or use our products and services ("Services").

By using our Website or Services, you consent to the terms of this Privacy Policy.

2. Scope of This Policy

This Policy applies to:

  • Visitors and users of our website.
  • Clients and prospective clients using our automation, AI, and workflow products.
  • Communication through emails, chatbots, or integrations we operate.

This Policy is designed to comply with:

  • India's Digital Personal Data Protection Act (DPDP Act, 2023)
  • EU and UK General Data Protection Regulation (GDPR)
  • UAE Personal Data Protection Law (PDPL, 2021)
  • Singapore Personal Data Protection Act (PDPA, 2012)

3. Information We Collect

A. Information You Provide Directly

  • Contact information: name, company name, email address, phone number, job title.
  • Business information: workflow details, automation requirements, CRM or integration data provided for audits or implementation.
  • Billing details: payment information, tax information, billing address (processed securely through third-party gateways).
  • Communications: messages, feedback, and support tickets.

B. Automatically Collected Information

When you use our Website, we automatically collect:

  • IP address, browser type, device identifiers, and operating system.
  • Access times, referring URLs, and pages viewed.
  • Cookies and analytics data (Google Analytics, Vercel analytics, etc.).

C. Third-Party Data

We may receive or process limited data from:

  • CRM or automation platforms (e.g., HubSpot, Zapier, WhatsApp API, OpenAI, Twilio, etc.) used by your business.
  • Partners or vendors assisting in service delivery.

We do not store your customers' data unless explicitly required to provide a service, and always under contractual protection.

4. How We Use Your Information

We use collected data to:

  • Provide and maintain our Services.
  • Communicate with you about audits, demos, updates, and support.
  • Customize and improve AI workflows and automation systems.
  • Process payments, contracts, and compliance documentation.
  • Conduct analytics, quality assurance, and performance monitoring.
  • Detect and prevent fraud, misuse, or security threats.
  • Comply with applicable legal and regulatory obligations.

We never sell personal data to third parties.

5. Legal Basis for Processing (GDPR)

For users in the EU or UK, processing is based on:

  • Consent – e.g., when you subscribe to updates or request a demo.
  • Contractual necessity – when processing is needed to deliver our services.
  • Legitimate interest – improving our systems, ensuring security, or marketing to existing clients.
  • Legal obligation – compliance with tax or data laws.

6. Data Sharing and Disclosure

We may share data only with:

  • Service providers and contractors who assist with hosting, analytics, CRM, automation, or communications (under strict confidentiality).
  • Affiliated companies or consultants in the UAE, UK, Singapore, or India, bound by this same policy.
  • Legal or regulatory authorities, if required by applicable law or to protect our rights.
  • Business successors (e.g., during merger, acquisition, or restructuring), under confidentiality.

We do not permit partners or subcontractors to use your data for their own purposes.

7. International Data Transfers

Your information may be stored and processed in multiple jurisdictions where we or our partners operate, including India, UAE, UK, EU, and Singapore. Where required, we implement Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure lawful international data transfer.

8. Data Retention

We retain personal data only as long as necessary to:

  • Fulfil contractual obligations.
  • Comply with legal or regulatory requirements.
  • Resolve disputes or enforce agreements.

After that, data is securely deleted or anonymized.

9. Security Measures

We implement appropriate technical and organizational measures, including:

  • HTTPS/TLS encryption for data in transit.
  • Secure access control and authentication.
  • Regular vulnerability and compliance audits.
  • Minimal data collection and principle of least privilege.

Despite these measures, no system is completely secure. By using our Services, you acknowledge and accept this inherent risk.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or update your personal information.
  • Request deletion or restriction of your data.
  • Withdraw consent at any time.
  • Request a copy of your data in portable format.
  • Object to automated decision-making or profiling.

To exercise these rights, contact us at privacy@credantium.com. We respond within the timelines required by law.

11. Cookies and Tracking Technologies

We use cookies, pixels, and analytics tools to:

  • Improve website performance and personalization.
  • Understand visitor behaviour and traffic patterns.
  • Deliver relevant marketing content.

You can control or delete cookies in your browser settings.

12. Children's Privacy

Our Services are intended for businesses and professionals aged 18 or older. We do not knowingly collect data from minors. If you believe a minor has provided personal information, please contact us for immediate removal.

13. Third-Party Services and Integrations

Our Services may integrate with or link to third-party tools such as:

  • WhatsApp Business API
  • Google Workspace / Cloud
  • Zapier, Make, HubSpot, CRMs
  • OpenAI or other AI model APIs

We are not responsible for third-party privacy practices. Users are advised to review those providers' policies before enabling integrations.

14. Limitation of Liability

Credantium shall not be held liable for:

  • Any data loss, breach, or unauthorized access caused by third-party integrations or user negligence.
  • Indirect, incidental, or consequential damages arising from the use or misuse of data.

Our total liability is limited to the fees paid for the specific service giving rise to the claim.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in laws or our practices. The revised version will be posted on our website with a new "Effective Date". Continued use of our Services after such updates constitutes your consent to the revised policy.