Skip to Content

Privacy Policy

End User Privacy Policy


At CloudCCTV, we take your privacy seriously.


1.  WHO WE ARE

Securizen SaaS LLP (referred to in this Policy as "Securizen SaaS", "we", "us", or "our") is a Limited Liability Partnership registered in India and the owner and operator of the CloudCCTV platform and the cloudcctv.app website. We provide cloud-based video recording, storage, and analytics services to businesses and channel partners across India.

This Privacy Policy describes how we collect, use, store, share, and protect personal data when you use our website (cloudcctv.app), the CloudCCTV platform, our mobile applications, and related services (collectively, the "Services"). It also describes your rights under the Indian Digital Personal Data Protection Act, 2023 ("DPDP Act") and the rules made under it.

This Privacy Policy is written to comply with the Digital Personal Data Protection Act, 2023 of India. If you have questions about this Policy, please contact our Grievance Officer using the contact details in Section 12.


2.  KEY TERMS USED IN THIS POLICY

·  "Personal Data" means any data about an individual who is identifiable by or in relation to such data.

·  "Data Principal" means the individual to whom the Personal Data relates. If the individual is a child (any person below the age of 18 years in India) or a person with a disability, the Data Principal includes the parent or lawful guardian.

·  "Data Fiduciary" means any person who, alone or in conjunction with others, determines the purpose and means of processing Personal Data. Under this Policy, we are the Data Fiduciary.

·  "Data Processor" means any person who processes Personal Data on behalf of a Data Fiduciary.

·  "Processing" means any operation performed on Personal Data, such as collection, storage, use, disclosure, sharing, or deletion.

  

3.  WHAT PERSONAL DATA WE COLLECT

3.1  Data You Provide Directly

·  Identity and contact details: name, email address, phone number, designation, company name, billing address, GSTIN, PAN.

·  Authentication credentials: usernames, passwords (stored only in encrypted form), multi-factor authentication tokens.

·  Payment details: bank account details for refunds and commission payouts; we do not store credit/debit card numbers.

·  Communications: enquiries, support tickets, feedback, and any other information you choose to send us.

3.2  Data Collected When You Use the Service

·  Video and image data: footage, snapshots, and metadata captured by cameras connected to the CloudCCTV platform by our subscribers. This may include images of individuals captured by those cameras.

·  Event data: AI-generated alerts (motion, fire, smoke, vehicle plate, face match), event timestamps, camera identifiers.

·  Usage data: log-in times, IP addresses, device type, browser, mobile operating system, and pages or features accessed within the Service.

·  Cookies and similar technologies: see our separate Cookie Policy for details.

3.3  Data About Children

CloudCCTV is a business surveillance platform and is not directed to children. If our subscriber's cameras incidentally capture images of children (for example, in a school, paediatric ward, or society), processing that data is the responsibility of the subscriber as the Data Fiduciary in respect of those individuals. Subscribers are required, under our Service Agreement, to obtain any consents required by law including verifiable parental consent where applicable.

We do not knowingly process Personal Data of children for any purpose other than service delivery to our business subscribers. If you believe we have inadvertently collected such data, please contact our Grievance Officer.


4.  WHY WE COLLECT YOUR PERSONAL DATA  (Purposes)

We process Personal Data only for the following specific, lawful purposes:

·  To provide the Services you have subscribed to: account creation, camera provisioning, recording, playback, alerts, AI analytics, mobile and web access.

·  To bill you and accept payment: invoice generation, GST compliance, payment reconciliation, refunds.

·  To support you: respond to enquiries, resolve issues, provide training, send service notifications.

·  To improve our Services: analyse aggregated, non-identifying usage patterns to improve features, performance, and reliability.

·  To comply with law: respond to lawful requests from regulators, courts, and law enforcement; meet our tax, accounting, and audit obligations under Indian law.

·  To protect our rights and safety: prevent fraud, abuse, or misuse of the Services; investigate security incidents.

  We do not sell your Personal Data. We do not use your video content or AI events for marketing or to train external AI models. We do not share Personal Data with advertisers.

 

 5.  ON WHAT BASIS WE PROCESS DATA  (Lawful Grounds)

Under the DPDP Act, we process Personal Data on the following grounds:

5.1  Consent

For most processing, we rely on your consent, which is obtained at the time of sign-up via a clear, specific, and informed consent statement separate from this Policy. You may withdraw your consent at any time using the procedure in Section 8.

5.2  Legitimate Uses

In limited cases permitted under the DPDP Act, we process Personal Data for:

·  Performance of obligations under any law, including tax, GST, and accounting compliance.

·  Compliance with court orders or judicial decrees.

·  Responding to medical or public emergencies.

·  Employment-related purposes (for personal data of our employees).

 

6.  WHO WE SHARE YOUR DATA WITH

We share Personal Data only as described below and only to the extent necessary for the stated purpose:

6.1  Third-Party Infrastructure Providers

We use third-party cloud and platform infrastructure providers to deliver the Services. These providers are contractually bound to confidentiality, security, and DPDP-aligned handling of Personal Data, and they process data only on our written instructions and for the purposes for which we engage them.

A list of categories of such providers (and, where required by a regulator or contractually committed to a subscriber, the specific identity of the providers) is available on written request to our Grievance Officer.

6.2  Channel Partners and Authorised Resellers

We engage authorised channel partners across India for sales, deployment, and field-level support. Channel partners receive only the Personal Data required to perform their assigned tasks (typically the subscriber's contact and site information). They are contractually bound to confidentiality and DPDP-aligned handling.

6.3  Group Entities

We share limited Personal Data with our group entity Securizen SaaS LLP where Securizen SaaS LLP acts as an authorised reseller of the CloudCCTV Services. Both entities are bound by inter-party agreements that flow down DPDP obligations.

6.4  Professional Advisors

We share Personal Data on a need-to-know basis with our professional advisors (chartered accountants, legal counsel, auditors) who are bound by professional confidentiality obligations and engaged for tax, audit, regulatory or legal advice.

6.5  Law Enforcement and Regulators

We disclose Personal Data when legally required to do so — for example, in response to a court order, summons, lawful investigation, or to protect against imminent threat to life or property. We disclose only what is necessary and we keep an internal record of every such disclosure.

6.6  Business Transfer

If we undergo a merger, acquisition, sale of assets, or business reorganisation, Personal Data may be transferred to the successor entity. In such cases we will give you notice and the successor entity will continue to be bound by privacy commitments equivalent to those in this Policy.

  We do not share, sell, rent, or trade your Personal Data with marketers, data brokers, or any party for commercial purposes outside the scope described above.

  

7.  CROSS-BORDER DATA TRANSFER

The CloudCCTV platform is currently hosted on tier-1 cloud infrastructure outside India (in the United States and / or European Union, depending on routing). We are working with our infrastructure partners on India region availability.

By using the Services, you consent to the transfer of your Personal Data outside India for the purposes described in this Policy. The transfer is made under contractual safeguards that require the recipient to handle the data with confidentiality and security standards equivalent to those described in this Policy and as required under the DPDP Act.

If the Government of India notifies any country or jurisdiction as one to which Personal Data may not be transferred under the DPDP Act, we will adjust our infrastructure and inform affected subscribers accordingly.

 

8.  YOUR RIGHTS UNDER THE DPDP ACT

As a Data Principal under the DPDP Act, you have the following rights in respect of Personal Data we process about you:

8.1  Right to Access Information

You may request a summary of (a) the Personal Data we process about you, (b) the purposes of processing, (c) the categories of recipients with whom your Personal Data has been shared.

8.2  Right to Correction and Erasure

You may request that we correct any inaccurate or misleading Personal Data, complete any incomplete Personal Data, update outdated Personal Data, or erase Personal Data that is no longer required for the stated purposes (subject to legal retention requirements).

8.3  Right to Withdraw Consent

You may withdraw your consent for processing at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Where withdrawal makes it impossible to continue providing the Services, we will assist you in winding down your account in accordance with our Service Agreement.

8.4  Right to Grievance Redressal

You may raise a grievance about how we process your Personal Data. We will acknowledge your grievance promptly and make our best effort to resolve it within thirty (30) days, or any shorter period that may be prescribed under the DPDP Rules.

8.5  Right to Nominate

You may nominate any other individual to exercise your rights under the DPDP Act in the event of your death or incapacity. To exercise this right, please contact our Grievance Officer in writing.

8.6  How to Exercise These Rights

To exercise any of the rights listed above, please contact our Grievance Officer using the contact details in Section 12. We will verify your identity before responding to a request to protect against fraudulent claims.

There is no charge for exercising these rights. We respond within thirty (30) days of receipt of a valid request, or any shorter period prescribed under the DPDP Rules.


9.  HOW WE PROTECT YOUR DATA  (Security)

We implement reasonable technical and organisational measures to protect Personal Data, including:

·  Encryption: Personal Data, including video footage, is encrypted in transit using TLS/SSL and at rest using AES-256 server-side encryption (or equivalent).

·  Access controls: Role-based access control with granular permissions; multi-factor authentication available for end users and mandatory for system administrators.

·  Network security: Web application firewalls, intrusion detection, network segmentation, and continuous monitoring.

·  Vulnerability management: Regular internal vulnerability assessments and penetration tests of the platform infrastructure.

·  Personnel: All personnel with access to Personal Data are bound by confidentiality obligations and receive periodic training.

·  Vendor management: Third-party service providers are bound by written agreements that flow down equivalent security obligations.

·  Incident response: A documented incident response programme to detect, contain, investigate, and remediate security incidents.

No method of electronic transmission or storage is fully secure. While we strive to protect your Personal Data, we cannot guarantee absolute security. If you suspect any unauthorised access to your account, please notify us immediately at sales@cloudcctv.app.


10.  HOW LONG WE KEEP YOUR DATA

We retain Personal Data only for as long as necessary for the purposes for which it was collected, or for periods required under applicable law:

·  Subscriber account data and contact information: For the duration of the subscription, plus 2 years for accounting, tax, and audit obligations under Indian law.

·  Video recordings and AI events: For the retention period selected by the subscriber (between 1 day and 365 days, as per the chosen plan). At the end of the retention window, recordings are automatically and irreversibly deleted on a rolling basis.

·  Billing and tax records: For 8 years from the relevant financial year, as required under the GST and Income Tax laws.

·  Communications and support tickets: Up to 3 years from the date of last interaction.

·  Cookies: As described in our Cookie Policy.

On termination of a subscription, all subscriber data including recordings, account configurations, and AI events is permanently and irreversibly deleted. Subscribers are responsible for downloading any required footage to local storage prior to termination, as no platform-side export is available after the account is closed.


11.  COOKIES AND SIMILAR TECHNOLOGIES

Our website uses cookies and similar technologies to enable essential site functionality, remember your preferences, and analyse aggregated site usage. We obtain your consent for non-essential cookies through a cookie banner. For full details, please see our separate Cookie Policy.


12.  GRIEVANCE OFFICER

As required by the DPDP Act, we have designated a Grievance Officer to receive and respond to questions and complaints about how we process Personal Data.

 

Designation

Grievance Officer

Entity

Securizen SaaS LLP

Office Address

Mumbai, Maharashtra, India (full postal address available on request)

Email

sales@cloudcctv.app

Phone / WhatsApp

+91 72180 50050

Office Hours

Monday to Saturday, 10:00 to 18:00 IST

Response Time

Acknowledgement within 2 working days; resolution within 30 days

If you are not satisfied with the resolution provided by our Grievance Officer, you may also lodge a complaint with the Data Protection Board of India (or any successor regulatory body) once it is operational.


13.  DATA BREACH NOTIFICATION

In the event of a personal data breach affecting your Personal Data, we will notify the Data Protection Board of India and the affected Data Principals as required under the DPDP Act and the rules made under it. Notification will be made without undue delay and within the timelines prescribed under applicable law.

Our notification will include, to the extent known: a description of the breach, categories of data affected, likely consequences, measures taken or proposed to mitigate the breach, and contact information for further enquiries.


14.  CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, applicable law, or regulatory requirements. The effective date at the top of this Policy indicates when the most recent revision was made. For material changes, we will provide reasonable advance notice through the Services or by email.

Your continued use of the Services after the effective date of any update constitutes your acceptance of the updated Policy. If you do not agree with the updated Policy, you may withdraw your consent and stop using the Services.


15.  GOVERNING LAW AND JURISDICTION

This Privacy Policy is governed by the laws of the Republic of India. Any dispute arising out of or in connection with this Policy is subject to the exclusive jurisdiction of the courts at Mumbai, Maharashtra.


16.  HOW TO CONTACT US

For any questions, requests, or concerns regarding this Privacy Policy or our handling of your Personal Data, please contact:

 

Securizen SaaS LLP

Mumbai, Maharashtra, India

Email: sales@cloudcctv.app

Phone / WhatsApp: +91 72180 50050

Website: https://www.cloudcctv.app