This Privacy Policy explains how Merudan Future Labs Private Limited ("Merudan", "we", "us", or "our"), operating the CRETechHub platform and website, collects, uses, discloses, and safeguards personal data. It also describes the rights available to you under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and rules made thereunder, as applicable in India.
By using this website or submitting information to us (for example, by requesting a demo), you acknowledge that you have read and understood this Policy.
1. Who we are
Merudan Future Labs Private Limited is a DPIIT-recognised company based in Hyderabad, India, and is the Data Fiduciary responsible for personal data processed through the CRETechHub website and platform. For enquiries about this Policy or your data, contact our Grievance Officer using the details in Section 13.
2. Scope
This Policy applies to personal data we process about:
- Website visitors — anyone who browses cretechhub or interacts with our web pages;
- Prospects and contacts — individuals who request a demo, contact us, or otherwise engage with our sales and marketing;
- Customer personnel — authorised users of building owners, operators, and occupiers who use the CRETechHub platform.
Where we process operational or building data on behalf of a customer under a separate agreement, we act as a Data Processor and process such data only on the customer's documented instructions. That customer is the Data Fiduciary for such data, and their own privacy notice governs it.
3. Information we collect
3.1 Information you provide to us
- Contact and identity details — name, business email address, phone number, job title, and company name;
- Enquiry content — the message, portfolio details, or requirements you share when requesting a demo or contacting us;
- Correspondence — records of communications you have with us by email, form, phone, or meeting.
3.2 Information we collect automatically
- Usage data — pages viewed, links clicked, referring URLs, and time spent;
- Device and log data — IP address, browser type, device type, operating system, and approximate location derived from IP;
- Cookies and similar technologies — see Section 5. Note that your theme preference is stored locally in your browser (a
localStoragevalue) and is not transmitted to us.
3.3 Operational and platform data (customers)
Where you are an authorised user of a customer deployment, the platform processes building-system, IoT sensor, asset, and facilities data supplied by or on behalf of that customer, together with your account and activity records. Such data is processed under our agreement with the customer, not this website Policy.
4. How and why we use personal data
| Purpose | Legal basis (DPDP Act) |
|---|---|
| Respond to demo requests and enquiries; provide information you ask for | Your consent / to take steps at your request |
| Operate, secure, and improve the website and platform | Certain legitimate uses / performance of services |
| Send you service, transactional, and (where permitted) marketing communications | Your consent; you may withdraw at any time |
| Analyse aggregate usage to understand and improve our offerings | Certain legitimate uses |
| Comply with legal obligations and enforce our rights | Compliance with applicable law |
We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you without a lawful basis and appropriate safeguards.
5. Cookies and analytics
We use strictly necessary cookies to make the site work, and may use analytics cookies to understand usage. You can control cookies through your browser settings; disabling some cookies may affect site functionality. Where required by law, we will request your consent before setting non-essential cookies.
6. How we share personal data
We do not sell your personal data. We share it only as follows:
- Service providers (Data Processors) — hosting, email, CRM, and analytics providers who process data on our behalf under contract and only on our instructions;
- Professional advisers — auditors, lawyers, and insurers, where necessary;
- Corporate transactions — in connection with a merger, acquisition, or reorganisation, subject to appropriate safeguards;
- Legal and safety — where required by law, regulation, legal process, or to protect rights, property, or safety.
7. International transfers
We are based in India and primarily process data here. Where a service provider processes data outside India, we transfer it only to jurisdictions permitted under applicable law and subject to appropriate contractual safeguards.
8. Data retention
We keep personal data only for as long as necessary for the purposes described in this Policy, to comply with legal, accounting, or reporting obligations, or to resolve disputes. When personal data is no longer required, we securely delete or anonymise it. Prospect enquiry data is retained for a reasonable period to follow up on your interest and is deleted on request.
9. Security
We maintain reasonable technical and organisational security measures — including access controls, encryption in transit, and monitoring — to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Your rights
Subject to applicable law, and in particular the DPDP Act, you have the right to:
- Access a summary of the personal data we process about you and how it is processed;
- Correction and updating of inaccurate or incomplete data, and completion of incomplete data;
- Erasure of your personal data where it is no longer required for the purpose it was collected;
- Withdraw consent at any time, where processing is based on consent (this does not affect prior processing);
- Grievance redressal — to a readily available means of registering a complaint with us; and
- Nominate another individual to exercise your rights in the event of death or incapacity.
To exercise any right, contact our Grievance Officer (Section 13). We may need to verify your identity before acting on a request. If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India.
11. Children
Our website and platform are intended for business users and are not directed at children. We do not knowingly collect personal data of children (as defined under the DPDP Act) without verifiable parental consent. If you believe we have done so, please contact us and we will delete it.
12. Third-party links and content
Our website may contain links to third-party sites and may display third-party trademarks and logos (for example, client and partner marks). We are not responsible for the privacy practices or content of third parties. Trademarks remain the property of their respective owners.
13. Grievance Officer and contact
For any questions, requests, or complaints regarding this Policy or your personal data, contact:
Grievance Officer
Merudan Future Labs Private Limited
Hyderabad, Telangana, India
Email: support@cretechhub.com
We will acknowledge and respond to your request within the timelines required by applicable law.
14. Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices or the law. We will revise the "Last updated" date above and, where changes are material, provide additional notice. Your continued use of the website after an update constitutes acceptance of the revised Policy.
