CREX - Privacy Policy

Your consent is the primary basis for processing personal data. We obtain your free, specific, informed, unconditional, and unambiguous consent through clear affirmative action before collecting or processing your personal data.

In limited circumstances, we may process your personal data without consent for: performance of state functions under applicable law; compliance with court or tribunal orders; medical emergencies involving a threat to life; and employment-related purposes.

Identification Information: Name, date of birth, age, gender. Contact Information: Email address, phone number, postal address, PIN code. Account Information: Username, password, profile picture. Financial Information: Credit/debit card details, bank account information, payment details, transaction history. Demographic Information: Occupation, interests, preferences, location. Other Information: Any other information you voluntarily provide.

Device Information: Device ID, operating system, browser type and version, mobile network information. Usage Information: IP address, pages visited, time spent on pages, links clicked, features used. Location Information: Approximate location based on IP address or precise location (with your permission). Log Data: Access times, error logs, system activity. Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies.

Information received from social media platforms (Google, Facebook, etc.) when you choose to log in through them. Updated contact information from third parties. Information from our service providers, partners, and cloud storage providers.

When you use CREX Social, we additionally collect the following categories of personal data:

• Images, videos, and text you upload or publish as Social Posts
• Poll questions, answer options, and voting choices you create or participate in
• Comments, reactions, and other interactions with Social Posts
• Captions, descriptions, hashtags, or tags associated with your Social Posts

• Which Social Posts you view, like, share, comment on, or report
• Polls you vote in and your selected answers
• Users you follow or interact with
• Time and frequency of your interactions on CREX Social'

• Records of Social Posts reviewed (manually or by ML models), including the outcome of such review
• Reports submitted by other Users about your Social Posts
• Moderation actions taken on your account or Social Posts
• Appeals submitted by you against moderation decisions and the outcome thereof

• Device information at the time of posting (device type, OS version, app version)
• Network information (IP address, connection type) at the time of posting
• Geolocation data associated with your Social Posts, if you enable location tagging
• File metadata embedded in uploaded images or videos (e.g., EXIF data), which may include location, camera model, or timestamp information

We process your digital personal data for the following specific purposes:

• Account Management: To create, manage, and maintain your user account.
• Service Delivery: To provide, maintain, improve, and personalize our services.
• Authentication: To verify your identity and authenticate access to your account.
• Communication: To communicate with you about services, updates, offers, and promotions.
• Customer Support: To respond to your queries, complaints, and provide grievance redressal.
• Analytics and Improvements: To understand user behavior, preferences, and improve our Platform.
• Advertising: To display relevant advertisements and promotional content (with your consent).
• Security: To detect, prevent, and address technical issues, fraud, and security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Business Operations: To conduct research, analysis, and business planning.

We will not process your personal data for purposes other than those for which consent was obtained unless you provide fresh consent for such new purpose.

To display your Social Posts to other Users; to enable interactions (reactions, comments, poll votes) with Social Posts; to maintain and improve the CREX Social feed and discovery features; and to personalize the Social Posts shown to you based on your interests and interactions.

To review Social Posts using automated ML models for compliance with our Terms of Use; to enable human review of flagged or reported Social Posts; to maintain records of moderation decisions for accountability, appeals, and legal compliance; and to improve the accuracy and fairness of our ML moderation models using anonymized or pseudonymized data.

To detect, investigate, and prevent violations of our Terms of Use, including spam, hate speech, misinformation, harassment, and illegal content; to identify and address coordinated inauthentic behavior, such as bot activity or poll manipulation; and to protect the safety and wellbeing of our Users and the broader community.

To aggregate and display poll results to participating Users; to analyze trends and engagement patterns in polls (in anonymized or aggregated form) to improve the Platform; and to share aggregated poll insights (which do not identify individual Users) with our partners or publicly.

To retain records of Social Posts and moderation decisions as required by applicable law; to respond to legal requests from law enforcement or regulatory bodies; and to maintain audit trails as required under the DPDP Act, 2023 and Information Technology Act, 2000.

When you publish a Social Post, it is processed as follows:

• Automated Screening: ML models analyze the content of your Social Post (including image recognition, text analysis, and video frame analysis) to detect potential violations of our Terms of Use.
• Flagging: If an automated system flags a Social Post, it may be withheld from publication temporarily or immediately removed, depending on the severity of the detected violation.
• Human Review: Flagged posts are reviewed by human moderators who make the final determination.
• Moderation Records: A record of each moderation action is maintained, including the Social Post content (or a reference to it), the reason for flagging, the moderation outcome, and any appeal.

ML models are trained using anonymized or pseudonymized data. We do not use your personal Social Post data to train commercial ML models that are shared with or sold to third parties.

We retain Social Post Data as follows:

• Active Posts: Retained for as long as your account is active and you have not deleted the post.
• Deleted Posts: Removed from public view within 24–48 hours of deletion. Copies in backup systems are deleted within 90 days, except where retention is required by law or ongoing legal proceedings.
• Moderation Records: Retained for a minimum of one year from the date of the moderation action, as required under applicable law and for the purpose of appeals and compliance audits.
• Poll Data: Aggregated poll results (without personal identifiers) may be retained indefinitely for analytics purposes. Individual voting choices linked to your account are retained for the duration of your account and deleted upon account deletion (subject to the minimum one-year retention period).

Your Social Posts (images, videos, text, polls) are by default visible to all registered Users of the Platform. If you choose to publish a Social Post, you accept that it may be: viewed, liked, commented on, or shared by other Users; cached or indexed by third-party services; and included in aggregated analytics reports.

We do not sell your Social Post Data to third parties. We may share anonymized or aggregated Social Post Data (which cannot identify you) with our analytics partners or publish it for public interest purposes (e.g., 'Top Trending Polls').

Our ML-based moderation processes are designed to:

• Detect content that violates our Terms of Use, including hate speech, explicit content, spam, and misinformation
• Operate without discriminating on the basis of religion, caste, gender, race, nationality, or political opinion
• Be regularly audited and updated to reduce bias and improve accuracy

Automated decisions made by ML models do not constitute final determinations. All automated removal decisions may be appealed and reviewed by a human moderator.

CREX Social is not intended for Children (persons under 18 years). If verifiable parental consent has been obtained for a Child's account, additional safeguards apply to the Child's CREX Social Data:

• The Child's Social Posts are not used to personalize advertising
• Poll questions directed at or primarily responded to by Children are subject to enhanced moderation
• A parent or legal guardian may request the deletion of all Social Posts and CREX Social Data associated with a Child's account at any time

Before processing your personal data, we provide a clear, standalone notice that includes: an itemized list of personal data to be collected; specific purposes of processing; duration of retention; how to withdraw consent; how to exercise your rights; how to file a complaint with the Data Protection Board; and contact details of our DPO.

You may withdraw consent at any time through your account settings, by contacting our DPO, or using the withdrawal mechanism in our communications.

By creating a Social Post on CREX Social, you provide specific consent for: the processing of your Social Post content for moderation purposes (automated and manual); the display of your Social Post to other registered Users; the collection of engagement and interaction data related to your Social Post; and the use of anonymized Social Post data to improve our ML moderation models.

You may withdraw consent for CREX Social data processing at any time by deleting your Social Posts and disabling your CREX Social participation through your account settings. Withdrawal of consent does not affect data already lawfully processed.

We retain personal data only for as long as necessary to: fulfill the purposes for which it was collected; comply with legal, accounting, or regulatory requirements; and establish, exercise, or defend legal claims.

Minimum Retention: Personal data and associated logs will be retained for at least one year from the date of collection or last transaction, even if you delete your account or withdraw consent during this period.

As set out in Section 7(B) above, Social Post Data retention is governed by the type of data, applicable legal requirements, and any outstanding legal proceedings or moderation appeals.

We will erase personal data when: you withdraw consent and the purpose is fulfilled; the purpose of processing has been completed; data is no longer necessary for the specified purpose; or the legally mandated retention period has expired. Residual copies in backup systems are permanently deleted within a reasonable period after erasure.

Encryption (HTTPS/TLS in transit; encryption at rest); role-based access controls; multi-factor authentication for sensitive operations; obfuscation and masking; tokenization; firewalls and intrusion detection systems.

Regular security audits; employee training on data protection; confidentiality agreements; incident response and breach management protocols; regular updates to security policies.

• ML moderation outputs are stored securely and access is restricted to authorized moderation staff
• Human moderators are trained on data protection requirements and bound by confidentiality obligations
• Image and video content is scanned for malware before storage
• File metadata (e.g., EXIF data including GPS coordinates) is stripped from uploaded images and videos before storage where technically feasible

Limitation: While we implement reasonable security measures, no system is completely impenetrable. We cannot guarantee absolute security against all possible cyber threats.