Privacy Policy

Last Updated: 19th February 2026

1. Introduction

Welcome to Crest.Digital by Crest Veda TechWorks Private Limited (“CVT”) (“Company”, “we”, “us”, “our”).

This Privacy Policy explains how we collect, use, store, and protect personal data when authorised users access our Software-as-a-Service (SaaS) platform (“Platform”).

Our Platform is a license-based enterprise solution. Access is granted only to users authorized by organizations that have executed a commercial agreement with us.

There are no public sign-ups or direct consumer registrations.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors of our website
  • Authorised users accessing the Platform via login
  • Representatives of client organisations

It does not apply to data processed by our client organizations within the Platform, where we act as a Data Processor.

3. Categories of Data We Collect

A. Website Visitors

When you visit our website (including login page), we may collect:

  • IP address
  • Browser type & version
  • Device information
  • Access timestamps
  • Referring URLs
  • Cookies and analytics data

This data is used for:

  • Website security
  • Performance monitoring
  • Fraud prevention
  • Improving user experience

B. Authorised Platform Users (Enterprise Users)

When your organization provides your details for account provisioning, we may collect:

  • Name
  • Official email address provided or though Microsoft/Google Auth.
  • Organization name
  • Designation/role
  • Login credentials (encrypted)
  • Activity logs within the platform
  • Access logs and audit trails

We do not collect personal data beyond what is required for enterprise access and security.

4. Nature of Data Processing

4.1 As a Data Controller

For:

  • Website visitors
  • Login authentication
  • Account provisioning
  • Communication

We determine the purpose and means of processing.

4.2 As a Data Processor

For:

  • Vendor data
  • Due diligence information
  • Risk assessments
  • Uploaded documents

We process data strictly under client instructions as defined in executed agreements.

5. Legal Basis for Processing

We process personal data based on:

  • Contractual necessity (enterprise agreements)
  • Legitimate business interests (security, fraud prevention)
  • Legal compliance requirements
  • Consent where applicable

For India-based operations, processing aligns with the Digital Personal Data Protection Act, 2023 (DPDP Act).

6. Cookies & Tracking Technologies

We may use:

  • Essential cookies (authentication/session)
  • Security cookies
  • Performance analytics tools

We do not sell personal data.

We do not use advertising trackers on the login environment.

Users may manage cookies through browser settings.

7. Data Security Measures

We implement industry-standard security controls, including:

  • Encrypted transmission (HTTPS/TLS)
  • Role-based access control (RBAC)
  • Multi-Factor Authentication (optional/if enabled)
  • Audit logs
  • Secure cloud infrastructure
  • Data encryption at rest (where applicable)
  • Regular vulnerability monitoring

Access is restricted to authorised personnel only.

8. Data Retention

We retain:

  • Website logs: As required for security monitoring
  • User accounts: For the duration of the enterprise agreement
  • Audit logs: As required under contractual and regulatory requirements

Upon termination of the agreement:

  • Access is disabled
  • Data is retained or deleted as per contractual terms

9. Data Sharing & Sub-Processors

We may engage trusted service providers for:

  • Cloud hosting
  • Email services
  • Infrastructure management
  • Security monitoring

All sub-processors are bound by confidentiality and data protection obligations.

We do not sell, rent, or trade personal data.

10. International Transfers

If data is stored or processed outside India, we ensure:

  • Adequate security safeguards
  • Contractual data protection clauses
  • Compliance with applicable cross-border transfer regulations

11. User Rights

Depending on jurisdiction, authorised users may request:

  • Access to personal data
  • Correction of inaccurate data
  • Deletion (subject to contractual limitations)
  • Restriction of processing

Requests should be routed through the respective client organisation or directly to us at:

📩 privacy@crest.digital

12. Platform Use Disclaimer

Access to this Platform is restricted to authorised enterprise users only.

Unauthorised access attempts may be monitored, logged, and legally pursued.

13. Changes to This Policy

We may update this Privacy Policy periodically.

Updated versions will be published on this page with a revised “Last Updated” date.

14. Contact Information

For any privacy-related queries, please contact:

Crest.Digital
privacy@crest.digital
Website: www.crest.digital

Crest Footer Preview
Ready to get started?
Move Beyond Manual
Third-Party Risk.

Bring structure, automation, and continuous intelligence to your vendor risk lifecycle — without adding headcount.

★ Schedule a Demo Crest Intelligence