Privacy and Policy

Effective version and date: V1.0, Dated: 18.03.2026

Welcome to CROCO. By using our website, you agree to these terms and conditions. Please read them carefully before making a purchase.

1. Introduction

This Privacy Policy explains how we collect, use, store, share, and protect personal data in the course of providing cybersecurity consulting, security assessments, penetration testing, compliance audits, incident response, and advisory services. We are committed to processing personal data lawfully, fairly, and securely in accordance with the DPDP Act, 2023. By engaging with our services or interacting with our application, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

Data Principal: The individual to whom personal data relates
Data Fiduciary: The entity that determines the purpose and means of processing personal data.
Data Processor: Any entity that processes personal data on behalf of a Data Fiduciary.
Personal Data: Any data about an individual who is identifiable by or in relation to such data.
Depending on the engagement, we may act as a Data Fiduciary (e.g., for our employees, Application users) or a Data Processor (e.g., when processing client-provided data during application usage).

3. Categories of Personal Data We Collect

We may collect and process different types of personal data depending on how you interact with our platform.

  • 3.1 From Customers
    • Names, email addresses, and phone numbers
    • User access logs and system identifiers (if applicable)
  • 3.2 From Website Visitors
    • Details submitted through contact forms
    • IP address, browser metadata, and cookies
  • 3.3 From Job Applicants
    • Resumes, qualifications, and employment history
    • Contact details

We do not intentionally collect sensitive personal data unless it is required for a specific engagement and has been explicitly authorized.

4. Purpose of Processing

We use personal data only for lawful, specific, and limited purposes connected to marketing consulting and related services. These purposes include:

  • Delivering the best and immersive free styling experience
  • Improving our services, website functionality, and user experience
  • Managing client relationships and communication
  • Providing recommendations and remediation guidance
  • Ensuring the security of our systems and infrastructure
  • Recruitment and HR operations
  • Maintaining legal, regulatory, and contractual compliance
  • Collecting customer feedback

We do not use personal data for purposes unrelated to the original intent unless required by law or with explicit consent.

5. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent – When individuals voluntarily provide personal data for a specific purpose (e.g., website forms, marketing communications)
  • Contractual Necessity – To provide services and fulfill our obligations to clients efficiently
  • Legal Obligations – To comply with applicable laws and regulatory requirements (e.g., reporting obligations)
  • Legitimate Interests – For purposes such as improving service quality and monitoring security

Where consent is required, it is obtained in a free, specific, informed, and unambiguous manner.

6. Data Sharing & Disclosure

We may share personal data with the following entities where necessary:

  • Authorized internal teams involved in service delivery
  • Third-party service providers supporting our operations
  • Regulatory authorities, when legally required
  • Clients, strictly as per contractual obligations

We do not sell or trade personal data.

Cross-border transfers are carried out only under permitted conditions and with appropriate safeguards in place.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected, comply with legal requirements, or meet contractual obligations.

Once the retention period expires, the data is securely deleted or anonymized in accordance with applicable standards.

8. Security Safeguards

We implement appropriate technical and organizational measures to protect personal data, including:

  • Access control mechanisms and the principle of least privilege
  • Multi-factor authentication (MFA)

9. Rights of Data Principals

Data Principals have the following rights regarding their personal data:

  • Request access to their personal data
  • Request correction or updating of inaccurate data
  • Request erasure of personal data
  • Withdraw consent at any time
  • Nominate another individual to exercise their rights

All requests will be processed within a reasonable timeframe as mandated by the DPDP Act, 2023.

10. Personal Data Breach Notification

In the event of a personal data breach, we will take appropriate steps to notify:

  • The Data Protection Board of India
  • Affected Data Principals

Notifications will be made in accordance with the requirements of the DPDP Act, 2023 and applicable rules.

Breach notification is a core obligation of a Data Fiduciary, and we are committed to ensuring timely and transparent communication in such situations.

11. Grievance Redressal

For any concerns or complaints regarding your personal data, you may contact our Grievance Officer:

  • Name: Shikhar Chhibber
  • Email: support@stylkart.com

12. Children’s Data

We do not knowingly collect personal data of children (below 18 years of age) unless it is explicitly required for a specific engagement and permitted under applicable law.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal, technical, or operational requirements.

The most recent version of this Privacy Policy will always be available on our website.