Cropsly

Privacy Policy

Last updated: March 2026

1. Who We Are

Cropsly Solutions Pvt Ltd (“Cropsly”, “we”, “us”) is an AI engineering company registered in India. We process personal data as a controller for our website visitors and as a processor for our clients' projects.

2. Data We Collect

Website visitors: We collect analytics data (page views, referrer, device type) via PostHog. No cookies are used for tracking — PostHog runs in cookieless mode.

Contact form: Name, email, company, role, project details. Collected with your consent when you submit the form.

Newsletter: Email address only. Double opt-in with confirmation email. You can unsubscribe at any time.

Client projects: Data processed on behalf of our clients is governed by individual Data Processing Agreements (DPAs).

3. How AI Is Used

Our website uses AI-generated content through our content agent. Blog posts may be drafted by AI and reviewed by our team before publication.

For client projects involving AI: we never use client data to train AI models without explicit, documented consent. On-device AI models process data locally — no data is sent to external servers.

When we use third-party AI APIs (e.g., Anthropic Claude), we filter personally identifiable information (PII) before sending data to the API.

4. Legal Basis (GDPR)

We process personal data under the following legal bases:

  • Consent: Contact forms, newsletter subscriptions
  • Legitimate interest: Website analytics (cookieless), security monitoring
  • Contractual necessity: Client project data processing

5. Data Storage & Infrastructure

All data is stored on self-hosted Kubernetes infrastructure in EU data centers (Hetzner Cloud, Germany). We do not use third-party SaaS for primary data storage.

Encryption: AES-256 at rest, TLS 1.3 in transit. Daily backups with 30-day retention.

6. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Port your data to another service
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, email [email protected]. We respond within 30 days.

7. Data Retention

Contact form submissions: 2 years. Newsletter subscriptions: until unsubscribed. Client project data: as defined in DPA. Analytics data: 12 months.

8. India — Digital Personal Data Protection Act, 2023

As a company registered in India, we comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) in addition to GDPR. Under the DPDP Act:

  • Data Fiduciary: Cropsly Solutions Pvt Ltd acts as a Data Fiduciary for personal data collected through this website, and as a Data Processor for client project data.
  • Consent: We obtain free, specific, informed, unconditional, and unambiguous consent before processing personal data. Consent can be withdrawn at any time by contacting us.
  • Purpose Limitation: Personal data is processed only for the specific purpose for which consent was given, as outlined in Section 2 above.
  • Data Principal Rights: Under the DPDP Act, you have the right to: access your personal data, request correction and erasure, nominate a representative, and seek grievance redressal.
  • Grievance Redressal: To raise a grievance regarding your personal data, email [email protected]. We will acknowledge your grievance within 48 hours and resolve it within 30 days.
  • Data Protection Board: If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act.

9. Information Technology Act, 2000

This privacy policy is published in compliance with Section 43A of the Information Technology Act, 2000 and Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

10. Contact

For privacy-related inquiries: [email protected]