Back to home

Legal

Clykur · Bengaluru

Privacy Policy

This policy explains what data we collect, why we use it, and how we protect it.

This Privacy Policy describes how Clykur collects, processes, stores, and shares personal data when you visit our website, communicate with us, or contract for our services. We align with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and rules thereunder (as and when notified and enforceable). We also follow sensible practice for transparency, security, and legitimate business needs—for clients in India and overseas—while respecting your rights.

Last updated16 April 2026

1. Data fiduciary and contact

Clykur operates from Bengaluru, Karnataka, India. We act as the data fiduciary for personal data processed through this website and for typical business-development activities.

If a separate agreement names another entity (for example a group company) as controller for a specific product, that document controls for that product.

For privacy rights requests, security incidents involving your data, or questions about this Policy, contact info@clykur.com with the subject line “Privacy request”.

We may ask reasonable questions to confirm your identity before we disclose or correct information.

Where the DPDP Act requires a named grievance or data protection contact, the same channel applies until we publish a dedicated role on this page. We will respond within timelines the law prescribes when those rules are in force.

2. Categories of personal data

The data we process depends on how you interact with us. We practise data minimisation: we collect what is necessary, relevant, and not excessive for the purposes we state.

  • Identifiers and professional context: full name, work email, telephone, job title, organisation, industry, billing address, GSTIN or other tax identifiers you provide, and names of signatories.
  • Usage and device data: IP address, cookie IDs, browser type and language, device category, approximate location from IP, referring URL, pages viewed, scroll or click analytics where we use them, timestamps, and diagnostic logs we need for security.
  • Engagement and project data: messages; call recordings only if you consent; meeting notes you share; support tickets; repository identifiers; and configuration details we need to deliver Services.
  • Financial and compliance: bank or payment metadata, invoices, credit checks where the law allows, and know-your-customer documents if a higher-risk engagement requires them.

We do not knowingly collect sensitive personal data within the meaning of the DPDP Act through our marketing website unless you send it voluntarily (for example health information in an unsolicited email).

Please do not share unnecessary sensitive data through unsecured channels.

3. Purposes and lawful bases

We process personal data for purposes that include:

  • Contract performance: negotiating, executing, and delivering statements of work; invoicing; and support.
  • Consent: marketing communications, non-essential cookies, or optional surveys. If you withdraw consent, we stop that processing unless another lawful basis applies.
  • Legitimate interests: securing networks, keeping the website reliable, limited business analytics, and asserting legal claims—while respecting your rights.
  • Legal obligation: tax and accounting; responding to lawful government requests after appropriate review; and complying with court orders.

Automated decision-making that produces legal or similarly significant effects is not central to how we run this website today.

If that changes, we will update this Policy and give clear information about the logic involved and your rights.

4. Cookies and similar technologies

We use cookies, local storage, pixels, or SDKs where needed to operate and measure our digital properties.

You can control many cookies in your browser. If you block strictly necessary cookies, some features (such as login or security) may not work.

Strictly necessary

  • Session continuity and secure operation.
  • Load balancing and bot mitigation.
  • Storing your cookie or consent preferences where we offer a choice.

Analytics

  • Aggregated or pseudonymous insight into navigation paths and conversion funnels, so we can improve the site.

Functional

  • Remembering UI choices such as language, where we provide that option.

5. Processors, sharing, and cross-border transfers

We share personal data with vendors who process it on our instructions (“processors”). That includes providers of cloud infrastructure, email, CRM, analytics, accounting, and collaboration tools.

Our contracts require confidentiality, appropriate security, and help with data-subject requests where that is practical.

Personal data may leave India when we serve international clients or use global cloud regions.

Where the DPDP Act limits transfers, we use permitted mechanisms—for example government notifications, standard contractual clauses, approved intra-group schemes, or your explicit consent—and we document what the final rules require.

We do not sell personal data in the usual sense of trading mailing lists for cash. We disclose data for operations, legal compliance, or contract performance.

6. Retention

How long we keep data depends on statute, dispute risk, and genuine business need.

  • We observe statutory minima where they apply (for example certain Indian tax records for up to seven years when relevant).
  • We align with limitation periods that could affect legal claims.
  • We refresh or delete marketing contacts after bounces, unsubscribe, or long inactivity.
  • Project material may sit in encrypted backups with tight access until our deletion cycle finishes.

7. Security measures

We use administrative, technical, and organisational measures that match the risk. Examples include role-based access, MFA on sensitive systems, encryption in transit, logging and alerts, vendor reviews, and staff confidentiality training.

No online system is perfectly secure. Please use strong passwords, guard API tokens, and tell us promptly if you suspect an incident.

8. Your rights and how to exercise them

Under applicable law—including the DPDP Act when it applies—you may have rights such as:

  • Access to your personal data.
  • Correction of inaccurate data.
  • Erasure or restriction where the law allows.
  • Nomination of a representative for handling your data after death or incapacity, where provided for.
  • Grievance escalation under the statutory framework.
  • Withdrawal of consent where processing is based on consent.

In the EEA, UK, and some other regions you may also have rights such as objection or data portability.

We verify requests reasonably to prevent fraud. We respond within statutory deadlines.

If you remain concerned, you may complain to the Data Protection Board of India when it is operational, or to an overseas supervisory authority if GDPR or similar law governs our processing of your data.

9. Children

Our services are not aimed at children below the age of digital consent under Indian law—or below eighteen where consent cannot validly be given.

If we learn we collected a child’s data without proper authority, we delete it as soon as we reasonably can, subject to any legal retention duty.

10. International users

If you browse our site from outside India, your data may be processed in India and in other countries where we or our processors operate.

We apply the safeguards described in this Policy. If local law gives you further rights, we honour them where they apply to us.

11. Changes to this Policy

We may update this Policy for legal, regulatory, or operational reasons. The “Last updated” date shows the current version.

Important changes that affect ongoing Services will be communicated by reasonable means—for example email, in-product notice, or an updated contract exhibit—where the law requires it.

Questions about these documents? Write to us at info@clykur.com. We will respond within a reasonable time, subject to legal or technical complexity.