Who We Are
CrestPulse is a digital marketing agency legally registered as Rayosanskriti Tech Solutions (GSTIN: 07AOIPD4410M1Z2), operating from Rohini Sector 07, New Delhi – 110085, India. We provide Social Media Management, Meta Ads Management, Web Development, and AI Content & UGC Ads services to businesses and individuals across India.
For the purposes of this Privacy Policy, CrestPulse acts as the Data Fiduciary — the entity that determines the purpose and means of processing personal data — as defined under the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.
This Privacy Policy applies to:
- All visitors to our website at www.crestpulse.in
- All prospective clients who contact us via any channel (website, WhatsApp, phone, email, social media)
- All active and past clients who have engaged CrestPulse for any service
- Any individual whose data is shared with us in connection with the delivery of our services
Personal Data We Collect
We collect the following categories of personal data depending on your interaction with us:
- Full name
- Email address
- Phone number and WhatsApp number
- Business name, designation and industry
- Business address and GST number (for invoicing purposes)
- Payment records and invoice history
- UPI IDs or bank transfer references (we do not store card details)
- GST registration details for tax invoice generation
- Social media account credentials or admin access granted for service delivery (stored only for the duration of the engagement)
- Meta Business Manager and Ad Account access details
- Website CMS login credentials where applicable for web development services
- IP address and approximate geographic location
- Browser type, version and operating system
- Pages visited, time spent, referral source and click behaviour
- Device type (desktop, mobile, tablet)
- Content of emails, WhatsApp messages and enquiry form submissions sent to us
- Call records where calls are logged for quality or follow-up purposes
- Feedback, reviews or testimonials provided voluntarily
- Brand assets including logos, images, videos and brand guidelines shared for content creation or web development
- Campaign data, ad performance metrics and audience information shared within ad accounts
- Business strategies, pricing, offers and other commercially sensitive information shared during onboarding
We do not collect: sensitive personal data such as Aadhaar numbers, PAN card numbers, health information, biometric data, or financial account passwords. We also do not store payment card details — all payments are processed through third-party payment gateways.
How We Collect Your Data
We collect personal data through the following channels:
| Collection Method | Data Collected |
|---|---|
| Website contact / enquiry forms | Name, email, phone, message content |
| WhatsApp conversations | Name, phone, message content, business details |
| Email correspondence | Name, email, business details, project requirements |
| Phone / video calls | Name, business details, verbal information shared |
| Social media DMs & comments | Public profile name, platform username, message content |
| Client onboarding process | Full business profile, brand assets, account access |
| Payment processing | Transaction reference, GST details, payment confirmation |
| Website cookies & analytics | IP address, browser data, page interactions |
| Third-party referrals | Contact details shared by an existing client or partner with consent |
How We Use Your Personal Data
We use the personal data we collect for the following purposes only:
- Service delivery: To provide, manage and improve the digital marketing, web development or content creation services you have engaged us for.
- Client communication: To respond to enquiries, provide project updates, send reports and maintain regular communication throughout our engagement.
- Invoicing & payments: To generate GST-compliant invoices, process payments and maintain financial records as required by Indian tax law.
- Account management: To access and manage client social media accounts, ad accounts or website backends solely for the purpose of delivering agreed services.
- Legal compliance: To comply with applicable Indian laws, tax regulations, and legal obligations including the DPDP Act 2023 and GST Act.
- Marketing (with consent): To send newsletters, service updates or promotional communications to contacts who have opted in or enquired about our services. You may opt out at any time.
- Website improvement: To analyse website usage patterns, identify technical issues and improve the user experience on crestpulse.in.
- Portfolio & case studies: To showcase non-confidential work in our portfolio with client consent. We will always seek explicit approval before featuring your brand publicly.
- Fraud prevention & security: To detect and prevent fraudulent activity, unauthorised access and misuse of our services.
We do not sell your data. CrestPulse does not sell, rent or trade your personal data to any third party for their own marketing or commercial purposes, under any circumstances.
Legal Basis for Processing Your Data
Under the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, we process personal data on the following lawful bases:
| Processing Activity | Legal Basis |
|---|---|
| Delivering contracted services to clients | Performance of contract |
| Generating invoices and tax records | Legal obligation (GST Act, Income Tax Act) |
| Responding to enquiries and consultations | Legitimate interest / consent |
| Website analytics and performance tracking | Legitimate interest |
| Sending marketing and promotional communications | Consent (opt-in) |
| Portfolio and case study use of client work | Consent |
| Fraud prevention and security measures | Legitimate interest |
| Compliance with law enforcement / court orders | Legal obligation |
Service-Specific Data Handling
The nature of data we handle varies by service. The following sets out how data is handled for each CrestPulse service specifically:
- We are granted admin or editor-level access to the client's Instagram, Facebook and other social media accounts for the purpose of posting content, responding to comments and managing DMs where agreed.
- We may access audience analytics (follower demographics, reach and engagement data) on behalf of the client to inform content strategy. This data is used solely for the client's benefit.
- We will never use the client's social media accounts to post unauthorised content, access private messages beyond the agreed scope, or collect follower data for CrestPulse's own use.
- We are granted access to the client's Meta Business Manager and Ad Account. All campaign data — including ad spend, impressions, clicks, leads and audience data — belongs to the client and remains within their own Meta account.
- We access and use Meta's audience targeting tools, Custom Audiences and Pixel data on behalf of the client. We handle this data strictly in accordance with Meta's Data Policy and the client's instructions.
- Any lead data generated through Meta Lead Generation ads is owned by and stored in the client's Meta account or CRM. CrestPulse does not retain lead data beyond what is needed to optimise campaign performance and report results.
- We collect brand assets (logos, images, copy, videos) provided by the client to build their website. These materials are used exclusively to deliver the agreed project and deleted from our systems within 90 days of project completion unless the client requests otherwise.
- Where websites are built with contact forms or analytics tools, those tools are configured to collect visitor data on behalf of the client. The client becomes the Data Fiduciary for their website visitors' data once the site is live.
- Temporary access to hosting accounts, domain registrars or CMS platforms is revoked upon project completion and handover.
- Brand details, tone of voice, product/service descriptions and visual materials provided by the client are used as inputs to AI content generation tools (such as HeyGen, ElevenLabs, Midjourney) to produce agreed deliverables.
- Client data submitted to third-party AI tools is governed by those tools' own privacy and data policies. We use only reputable, professional AI platforms and do not submit sensitive personal data to AI tools.
- If a client provides real video footage or voice recordings for use in AI content, these are handled with strict confidentiality and deleted upon project completion.
Cookies & Tracking Technologies
Our website crestpulse.in uses cookies and similar tracking technologies to improve your browsing experience and analyse website performance.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Required for the website to function correctly (navigation, forms, security) | Session |
| Analytics cookies | Collect anonymised data about how visitors use our site (Google Analytics) | Up to 2 years |
| Meta Pixel | Tracks website visits to enable Meta ad retargeting (if installed) | Up to 180 days |
| Preference cookies | Remember your settings and preferences for return visits | Up to 1 year |
You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website. Continuing to use our website without changing your cookie settings constitutes acceptance of our cookie use.
We use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymised usage data and does not identify individual users. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
Sharing Your Data with Third Parties
We do not sell, rent or trade your personal data. We may share your data with trusted third parties only in the following limited circumstances:
- Service delivery partners: Freelancers, contractors or sub-agencies who assist in delivering specific components of our services (e.g. video editing, copywriting). These parties are bound by confidentiality obligations and may only use your data for the specific task assigned.
- Payment processors: Payment gateways such as Razorpay to process transactions. These providers have their own privacy policies and handle payment data under PCI-DSS standards.
- Cloud storage & project tools: We use Google Workspace (Drive, Gmail, Meet) and project management tools for internal communications and file storage. Files may be stored on Google's servers, subject to Google's Privacy Policy.
- Legal & regulatory bodies: If required by Indian law, court order or regulatory authority, we may be legally obligated to disclose certain data. We will notify you where legally permissible before doing so.
- Business transfers: In the event of a merger, acquisition or sale of CrestPulse's business, client data may be transferred to the successor entity. You will be notified of any such transfer.
We will never share your data with advertisers, data brokers, competitors, or any third party for their own commercial benefit without your explicit written consent.
Third-Party Platforms & Their Privacy Policies
Our services involve the use of third-party platforms that have their own independent privacy policies. By engaging CrestPulse services that involve these platforms, you acknowledge and agree that your data may be processed by them:
- Meta (Facebook / Instagram): Campaign management, audience targeting, ad delivery and performance data are governed by Meta's Privacy Policy.
- Google (Analytics, Workspace, Search Console): Website analytics and cloud storage are governed by Google's Privacy Policy.
- WhatsApp: Client communications via WhatsApp are governed by WhatsApp's Privacy Policy.
- Razorpay: Payment processing is governed by Razorpay's Privacy Policy.
- AI tools (HeyGen, ElevenLabs, Midjourney, Runway ML etc.): AI content generation tools used for the AI Content & UGC Ads service process input data under their own respective privacy policies.
CrestPulse is not responsible for the privacy practices of these third-party platforms. We encourage you to review their policies independently.
Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable Indian law. The following retention periods apply:
| Data Category | Retention Period |
|---|---|
| Invoices and financial records | 7 years (as required by the Income Tax Act and GST Act) |
| Active client project files and communications | Duration of engagement + 2 years |
| Enquiry / lead data (non-converting) | 12 months from last contact |
| Website analytics data | Up to 26 months (Google Analytics default) |
| Client brand assets (post-project) | Deleted within 90 days of project completion |
| Account credentials (social / ad accounts) | Deleted immediately upon service termination |
| WhatsApp & email communications | Duration of engagement + 1 year |
| Marketing email list (opted-in) | Until opt-out or 3 years of inactivity |
When data is no longer required, we securely delete or anonymise it. Where technical limitations prevent immediate deletion, we ensure the data is isolated and not used until deletion is complete.
Data Security
CrestPulse takes the security of your personal data seriously and implements the following technical and organisational measures to protect it:
- Encrypted communications: Our website uses SSL/TLS encryption. All sensitive communications are handled through encrypted channels.
- Access controls: Access to client data and accounts is restricted to authorised CrestPulse team members only, on a need-to-know basis.
- Secure storage: Files and data are stored in password-protected cloud environments (Google Workspace) with two-factor authentication enabled.
- Credential management: Client account credentials are stored in secure, encrypted password managers and are never shared beyond the project team.
- Confidentiality obligations: All CrestPulse team members and contractors are bound by confidentiality agreements and data protection obligations.
- Incident response: In the event of a data breach that poses a risk to your rights and interests, we will notify affected individuals and the relevant authorities as required by the DPDP Act 2023 within 72 hours of becoming aware of the breach.
No method of data transmission over the internet or electronic storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. We encourage clients to use strong passwords and enable two-factor authentication on all accounts shared with us.
Your Data Rights
Under the Digital Personal Data Protection Act 2023 (DPDP Act) and applicable Indian law, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at info@crestpulse.in. We will respond within 30 days.
Please note that certain rights may be limited where we are required to retain data by law (e.g. financial records under the GST Act) or where deletion would impair our ability to defend legal claims. We will clearly explain any limitations when responding to your request.
Children's Privacy
CrestPulse's website and services are intended exclusively for adults aged 18 and above. We do not knowingly collect or process personal data from individuals under the age of 18.
If you are a parent or guardian and believe that a minor has provided us with personal data without your consent, please contact us immediately at info@crestpulse.in and we will take prompt steps to delete such data.
Under the DPDP Act 2023, processing of personal data of children requires verifiable parental consent. We do not target, market to or process data of children under any circumstances.
Links to External Websites
Our website may contain links to third-party websites, social media platforms or partner pages. These links are provided for your convenience and information only.
CrestPulse has no control over the content, privacy practices or data handling of third-party websites. Clicking on external links and visiting those websites is entirely at your own risk. We strongly encourage you to review the privacy policy of any third-party website you visit.
The inclusion of a link on our website does not constitute an endorsement or recommendation of that website, its owner or its content.
WhatsApp & Communication Channels
CrestPulse uses WhatsApp as a primary client communication channel. By contacting us via WhatsApp, you acknowledge the following:
- Your WhatsApp number and name become part of our contact records and are used solely for business communication related to your enquiry or project.
- WhatsApp messages are stored within our WhatsApp Business account and in our internal project records for the duration specified in Section 10 (Data Retention).
- We may send you service updates, invoices, content drafts and project communications via WhatsApp. These are not marketing messages and are part of service delivery.
- If you contact us via our website's WhatsApp button, you consent to being contacted by CrestPulse via WhatsApp in response to your enquiry.
- WhatsApp communications are subject to Meta's WhatsApp Privacy Policy. CrestPulse is not responsible for the data handling practices of WhatsApp/Meta.
Marketing Communications
We may send you marketing communications (newsletters, service announcements, promotional offers) in the following circumstances:
- You have explicitly opted in by submitting your contact details with consent to receive marketing communications.
- You are an existing client and we are contacting you about similar services — a lawful basis permitted under the DPDP Act 2023.
You may withdraw consent for marketing communications at any time by:
- Clicking the “Unsubscribe” link in any email we send you.
- Sending an opt-out request to info@crestpulse.in with the subject line “Unsubscribe”.
- Messaging us on WhatsApp with “Please remove me from your marketing list.”
We will action all opt-out requests within 5 business days. Please note that opting out of marketing does not affect transactional or service-related communications essential to your ongoing engagement with us.
Cross-Border Data Transfers
CrestPulse is based in India and primarily processes data within India. However, certain third-party tools and platforms we use (including Google Workspace, Meta, AI content tools) may store or process data on servers located outside India.
Where data is transferred internationally, we ensure that:
- The recipient country or organisation provides an adequate level of data protection, or appropriate safeguards are in place.
- Such transfers occur only to the extent necessary for service delivery and are governed by the data policies of the respective platforms.
- We comply with any cross-border transfer restrictions notified under the DPDP Act 2023 as and when such restrictions come into force.
By engaging CrestPulse services, you acknowledge and consent to the possibility that your data may be processed outside India by third-party platforms as described in this policy.
Changes to This Privacy Policy
CrestPulse reserves the right to update or revise this Privacy Policy at any time to reflect changes in our practices, services, legal requirements or regulatory guidance.
When we make material changes, we will:
- Update the “Last Updated” date at the top of this page.
- Where reasonably practicable, notify existing clients via email or WhatsApp of significant changes.
We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any update constitutes your acceptance of the revised policy. The current version is always available at crestpulse.in/privacy-policy.
Governing Law & Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of India, including but not limited to:
- The Digital Personal Data Protection Act, 2023 (DPDP Act)
- The Information Technology Act, 2000 and IT (Reasonable Security Practices) Rules, 2011
- The Consumer Protection Act, 2019
Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Delhi, India. Any complaints regarding data processing may also be raised before the Data Protection Board of India once constituted under the DPDP Act 2023.
Contact Us & Grievance Officer
If you have any questions, concerns or requests regarding this Privacy Policy or the handling of your personal data, please contact us. Under the DPDP Act 2023, we have designated a Grievance Officer to handle data-related complaints:
- Company: Rayosanskriti Tech Solutions (CrestPulse)
- Grievance Officer: Director, CrestPulse
- Address: Rohini Sector 07, New Delhi – 110085, India
- Email: info@crestpulse.in
- Phone / WhatsApp: +91-8920610393
- GSTIN: 07AOIPD4410M1Z2
- Response time: We aim to acknowledge all privacy requests within 3 business days and resolve them within 30 days.
Escalation: If you are not satisfied with our response to your privacy complaint, you have the right to escalate your complaint to the Data Protection Board of India, once established under the DPDP Act 2023, or to seek remedies through the appropriate courts of Delhi, India.