INTRODUCTION

CrowCrowCrow ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our website (crowcrowcrow.com) and services.

By using our platform, you agree to the collection and use of information in accordance with this policy.

LEGAL COMPLIANCE & COMPANY DETAILS

Legal Framework This Privacy Policy complies with:

• •Information Technology Act, 2000
• •Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
• •Digital Personal Data Protection Act, 2023 (DPDP Act)
• •Consumer Protection Act, 2019
• •Consumer Protection (E-Commerce) Rules, 2020

Company Information

Registered Address: 2nd & 3rd Floor, Vrindavan Building Survey No K-3970, Mira Gaon Mira Road (East), Thane – 401107 Maharashtra, India

Data Controller We, Color Papers India Private Limited, are the data controller for your personal information collected through crowcrowcrow.com.

INFORMATION WE COLLECT

Personal Information You Provide When you create an account or make a purchase, we collect:

• •Name and contact information (email address, phone number)
• •Shipping and billing address
• •Payment information (processed securely by our payment partners)
• •Order history and preferences
• •Communication preferences
• •Customer service correspondence

Information Collected Automatically When you visit our website, we automatically collect:

• •Device information (device type, browser type, operating system)
• •IP address and location data
• •Browsing behavior and pages visited
• •Referring website or source
• •Date and time of access
• •Cookies and similar tracking technologies

Purchase and Transaction Information

• •Products ordered
• •Order amounts and payment details
• •Shipping information
• •Returns and refunds
• •Customer reviews and ratings

HOW WE USE YOUR INFORMATION

We use your information to:

Provide Our Services

• •Process and fulfill your orders
• •Arrange shipping and delivery
• •Handle customs clearance
• •Process payments and refunds
• •Provide customer support
• •Send order confirmations and updates

Improve Your Experience

• •Personalize product recommendations
• •Remember your preferences
• •Optimize website performance
• •Analyze shopping trends
• •Develop new features and services

Communicate With You

• •Send order status updates via email and SMS
• •Provide customer support responses
• •Send promotional offers (with your consent)
• •Request feedback and reviews
• •Notify you of policy changes

Security and Fraud Prevention

• •Verify your identity through OTP authentication
• •Detect and prevent fraudulent transactions
• •Comply with legal obligations
• •Enforce our terms and conditions

ACCOUNT ACCESS & AUTHENTICATION

Secure OTP System CrowCrowCrow uses a One-Time Password (OTP) authentication system for account access. We do NOT use or store traditional passwords.

How It Works:

• •Enter your email address or mobile number to sign up or log in
• •We send you a unique, time-limited OTP code
• •Enter the OTP code to access your account
• •Each code is valid for one session only and expires within minutes

Security Benefits:

• •No passwords to remember or store
• •Unique code for each login session
• •Codes cannot be reused
• •Reduces risk of unauthorized access
• •Protection against password theft

DATA SECURITY & ENCRYPTION

SSL Protection Our website uses SSL (Secure Sockets Layer) encryption technology to protect your data during transmission. All pages on crowcrowcrow.com use the HTTPS protocol.

This means:

• ✓Data transmitted between your browser and our servers is encrypted
• ✓Your personal and payment information is protected
• ✓Secure communication for all transactions
• ✓Look for "https://" in the URL and the padlock icon in your browser

Additional Security Measures:

• •Secure data centers with restricted access
• •Regular security audits and updates
• •Employee training on data protection
• •Encrypted database storage
• •Compliance with international security standards

PAYMENT SECURITY

Secure Payment Processing All payments are processed through RazorPay, an RBI-approved and PCI-DSS compliant payment gateway.

Security Features:

• •256-bit SSL encryption for all transactions
• •PCI-DSS Level 1 certified infrastructure
• •Tokenization of card data (we never store complete card details)
• •3D Secure authentication for card transactions
• •Multiple payment options: credit/debit cards, UPI, net banking, wallets
• •Real-time fraud detection and monitoring

What We Don't Store: ✗ Complete credit/debit card numbers ✗ CVV/CVC security codes ✗ Card PINs or passwords

What We Store:

• ✓Last 4 digits of card (for order reference)
• ✓Payment method type
• ✓Transaction ID
• ✓Payment status

RazorPay handles all sensitive payment data securely. For RazorPay's security practices, visit: razorpay.com/security

HOW WE SHARE YOUR INFORMATION

We share your information only when necessary:

Service Providers We work with trusted partners who help us operate our business:

• •Shipping and logistics companies (for order delivery)
• •Payment processors (to process transactions)
• •Email and SMS service providers (for notifications)
• •Cloud storage providers (for data hosting)
• •Customer service platforms (for support)
• •Analytics providers (for website improvement)

Legal Requirements We may disclose information when required by law:

• •To comply with legal processes or government requests
• •To protect our rights, property, or safety
• •To investigate fraud or security issues
• •To enforce our terms and conditions

Business Transfers If CrowCrowCrow is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner.

With Your Consent We may share information for other purposes with your explicit consent.

We DO NOT: ✗ Sell your personal information to third parties ✗ Share your data for third-party marketing without consent ✗ Rent or trade your information

COOKIES AND TRACKING TECHNOLOGIES

What Are Cookies? Cookies are small text files stored on your device when you visit our website.

We Use Cookies To:

• •Remember your preferences and settings
• •Keep you logged in during your session
• •Analyze website traffic and performance
• •Personalize content and recommendations
• •Improve security and prevent fraud
• •Enable shopping cart functionality

Types of Cookies We Use:

Essential Cookies Required for basic website functionality. Cannot be disabled.

Performance Cookies Help us understand how visitors use our site to improve performance.

Functionality Cookies Remember your preferences and provide enhanced features.

Advertising Cookies (with consent) Show you relevant ads based on your interests.

Your Cookie Choices: You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

YOUR PRIVACY RIGHTS

You have the right to:

Access Your Information Request a copy of the personal data we hold about you.

Correct Your Information Update or correct inaccurate information in your account settings.

Delete Your Information Request deletion of your personal data (subject to legal obligations).

Object to Processing Object to certain uses of your information, such as marketing communications.

Data Portability Request your data in a portable format to transfer to another service.

Withdraw Consent Withdraw consent for data processing where we rely on consent.

To Exercise Your Rights:

• •Log in to your account and update your settings
• •Contact us at care@crowcrowcrow.com
• •Submit a request through your account dashboard

We will respond to your request within 30 days.

MARKETING COMMUNICATIONS

Opt-In Marketing We send promotional emails and SMS only with your consent.

What You'll Receive:

• •New product announcements
• •Exclusive offers and discounts
• •Sale notifications
• •Personalized recommendations

Unsubscribe Anytime:

• •Click the "unsubscribe" link in any promotional email
• •Reply "STOP" to SMS messages
• •Update preferences in your account settings
• •Contact us at care@crowcrowcrow.com

DATA RETENTION

How Long We Keep Your Data:

Active Accounts We retain your information as long as your account is active.

Closed Accounts Information may be retained for up to 7 years after account closure for legal, tax, and audit purposes.

Transaction Records Order and payment records are kept for 7 years to comply with financial regulations.

Marketing Data If you unsubscribe from marketing, we'll stop sending promotions but may retain your email on our suppression list to honor your preference.

CHILDREN'S PRIVACY (DPDP Act, 2023 Compliance)

Our services are intended for individuals aged 18 years and above. We do not knowingly collect, process, or store personal data of children (individuals under 18 years of age) as defined under the Digital Personal Data Protection Act, 2023.

Specific Protections:

• •We do not knowingly process personal data of children without verifiable parental or guardian consent
• •We do not engage in tracking, behavioural monitoring, or targeted advertising directed at children
• •We do not process children's data in any manner that could cause harm to a child
• •If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such data within 72 hours of discovery

If you believe a child has provided us with personal information, please contact us immediately at care@crowcrowcrow.com. We will investigate and delete any such data promptly.

INTERNATIONAL DATA TRANSFERS

CrowCrowCrow operates globally. Your information may be transferred to and stored in countries outside your country of residence, including countries with different data protection laws.

We ensure appropriate safeguards are in place:

• •Standard contractual clauses
• •Adequacy decisions by regulatory authorities
• •Your consent where required

THIRD-PARTY LINKS

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any information.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email or website notice.

Continued use of our services after changes indicates acceptance of the updated policy.

DATA BREACH NOTIFICATION (DPDP Act, 2023 Compliance)

In the event of a personal data breach affecting your information, we will:

• •Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, as required under the Digital Personal Data Protection Act, 2023
• •Notify affected Data Principals (you) within 72 hours of becoming aware of the breach
• •Provide clear details of: (a) nature of the breach, (b) categories of data affected, (c) approximate number of individuals affected, (d) likely consequences, and (e) measures taken or proposed to address the breach
• •Take immediate action to contain and secure data
• •Provide guidance on protective measures you can take
• •Maintain a record of all breaches and remedial actions taken

CONTACT US

Questions About Privacy?

📧 Email: care@crowcrowcrow.com 💬 Live Chat: Available on our website 📱 Phone: +91 9403891289 🏢 Address: Color Papers India Private Limited 2nd & 3rd Floor, Vrindavan Building Survey No K-3970, Mira Gaon Mira Road (East), Thane – 401107 Maharashtra, India

For privacy-specific inquiries, please mark your message "Privacy Request" for priority handling.

CONSENT MECHANISM (DPDP Act, 2023 Compliance)

Under the Digital Personal Data Protection Act, 2023, we process your personal data based on:

Consent-Based Processing:

• •Your explicit, informed, and freely given consent obtained at the time of account creation or data collection
• •Consent is specific to the purpose for which data is collected
• •You may withdraw consent at any time by contacting care@crowcrowcrow.com or through your account settings
• •Withdrawal of consent does not affect the lawfulness of processing done before withdrawal

Legitimate Uses (Without Separate Consent):

• •Processing necessary to fulfil your order (contractual obligation)
• •Compliance with legal obligations (tax, regulatory filings)
• •Responding to legal processes or government requests
• •Protecting against fraud or security threats

Data Deletion Rights: Upon withdrawal of consent or account closure request:

• •We will delete or anonymise your personal data within 30 days
• •Certain data may be retained for up to 7 years where required by tax, legal, or regulatory obligations
• •We will confirm deletion via email to your registered address

YOUR CONSENT

By using CrowCrowCrow, you consent to this Privacy Policy and agree to its terms. Your consent is voluntary and you may withdraw it at any time, subject to the provisions above.

This Privacy Policy is governed by the laws of India and complies with the Information Technology Act, 2000, SPDI Rules 2011, Digital Personal Data Protection Act, 2023, and Consumer Protection Act, 2019. Company: Color Papers India Private Limited (registered with the Ministry of Corporate Affairs and GST authorities). All data transmission on crowcrowcrow.com is encrypted using SSL technology (HTTPS protocol). We use OTP-based authentication and do not store traditional passwords. Your personal information is never sold to third parties. Payments are securely processed by RazorPay, an RBI-approved payment gateway. We reserve the right to update this policy as needed to reflect changes in our practices or legal requirements.