Privacy Policy

1. Introduction

Chromastome Private Limited (“Chromastome,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you visit chromastome.com (the “Website”) or use any product, application, or service we provide (collectively, the “Services”).

This Policy applies to all users of the Services, regardless of location. By accessing or using the Services, you acknowledge that you have read and understood this Policy.

2. Information We Collect

2.1 Information You Provide Voluntarily

When you contact us by email, sign up for a waitlist, purchase a product, or otherwise communicate with us, we receive the information you choose to share — typically your email address and the contents of your message. For purchases, additional information such as your name and billing details may be collected by our payment processor, as described in Section 7.

2.2 Information Collected Automatically

When you visit the Website, standard log information common to all web servers may be received by our hosting provider, including:

• IP address (used only for security and abuse prevention; not retained long-term)
• Browser type and version
• Operating system
• Pages visited and timestamps
• Referring URL

This information is retained only for as long as necessary to operate and secure the Services.

3. What We Do Not Collect

We have deliberately designed the Services to avoid collecting information we do not need. Specifically, we do not:

• Use third-party advertising trackers or behavioural advertising networks
• Embed social-media tracking pixels, like buttons that track you, or share buttons that report back to other companies
• Use device or browser fingerprinting techniques
• Run third-party analytics platforms that build user profiles across sessions or sites
• Request access to your contacts, photos, microphone, camera, location, or any device permission unless a specific product feature requires it — and we will always disclose the need transparently before requesting access
• Collect sensitive personal information (such as health, biometric, financial, or political data) unless a specific product feature requires it and you have provided explicit consent
• Build advertising profiles or use your information for any form of behavioural targeting

4. How We Use Information

We use the limited information described in Section 2 solely to:

• Respond to your inquiries and provide customer support
• Operate, maintain, secure, and improve the Services
• Process transactions you initiate (delegated to trusted payment processors)
• Comply with applicable legal obligations
• Detect, prevent, and address fraud, abuse, or security issues

We do not use your information for advertising, profiling, automated decision-making with legal or similarly significant effects, or any purpose unrelated to the operation of the Services.

5. Legal Basis for Processing

Where the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the United Kingdom GDPR, or any comparable data-protection regime applies, we process personal data under one or more of the following lawful bases:

• Consent — for communications or features you have voluntarily initiated or opted into
• Performance of a contract — to deliver products or services you have requested or purchased
• Legitimate interests — to operate, secure, and improve the Services, provided those interests are not overridden by your rights and freedoms
• Legal obligation — to comply with statutory or regulatory requirements

For users in India, processing is undertaken in accordance with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the Information Technology Act, 2000, as amended from time to time.

6. Cookies and Similar Technologies

The Website uses only strictly necessary cookies required for basic functionality, such as remembering preferences within a single session. We do not use advertising, marketing, retargeting, or third-party analytics cookies. Because only strictly necessary cookies are used, no consent banner is required, but you may clear or block them at any time through your browser settings.

7. Sharing and Disclosure

We do not sell, rent, trade, or otherwise transfer your personal information to third parties for their own marketing or commercial purposes.

We may share limited information only with:

• Service providers acting strictly as processors on our behalf (such as hosting and email-delivery providers), under written confidentiality and data-protection obligations
• Payment processors as required to complete purchases you initiate (currently Gumroad — see Section 7.1)
• Law enforcement or regulators, only when required by valid legal process and only to the extent strictly required
• A successor entity, in the event of a merger, acquisition, reorganisation, or sale of substantially all assets, where continuity of these privacy commitments will be a condition of any transfer

7.1 Payment Processing

Purchases of our products are processed by independent third-party payment platforms (currently Gumroad). When you make a purchase, you provide payment details directly to that platform, and that platform's own privacy policy governs the processing of those details. We receive only the transaction confirmation and minimal information necessary to fulfil your order. We never store, process, or have access to your full payment card details.

8. Data Retention

We retain personal information only as long as necessary to fulfil the purpose for which it was collected, to provide ongoing support, or as required by applicable law. Email correspondence is retained as needed to maintain a continuous record of communication. Server logs are rotated and discarded on a routine schedule.

You may request earlier deletion at any time by contacting us, subject to any overriding legal retention requirements.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• The right to access the information we hold about you
• The right to correct inaccurate or incomplete information
• The right to delete your information, subject to legal retention requirements
• The right to restrict or object to certain processing
• The right to data portability in a structured, machine-readable format
• The right to withdraw consent at any time where consent is the basis of processing
• The right to lodge a complaint with a competent supervisory authority

For users in India, your rights under the DPDP Act include the right to access, correction, completion, and erasure of your personal data, the right to nominate another person to exercise rights in the event of your death or incapacity, and the right to grievance redressal as described in Section 15.

To exercise any of these rights, contact us at info@chromastome.com. We will respond within the timeframes required by applicable law and may request verification of your identity before fulfilling a request.

10. International Transfers

Chromastome is incorporated in India. If you access the Services from outside India, your information may be transferred to, stored in, and processed in India or in any country where our service providers operate. Where applicable, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for such cross-border transfers, in accordance with the laws of your jurisdiction.

11. Children's Privacy

The Services are not directed to children under the age of sixteen (16), or such higher minimum age as may apply in your jurisdiction. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child without verifiable parental consent, we will delete that information promptly. Parents or guardians who believe their child has provided personal information to us may contact us at info@chromastome.com.

12. Security

We implement reasonable technical and organisational measures designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. These measures include access controls, encrypted transmission where feasible, and routine review of our practices.

However, no method of transmission over the Internet or method of electronic storage is one-hundred percent (100%) secure. While we strive to use commercially acceptable means to protect your information, we cannot and do not guarantee its absolute security, and you acknowledge that you provide information to us at your own risk.

13. Product-Specific Privacy Commitments

Chromastome's products are designed with privacy by default:

• Offline-first products (such as CrownConvert) operate entirely on your device. We do not receive, transmit, or have any access to the files, documents, or media you process within them.
• Mobile, web, and connected products that may communicate with our infrastructure will be limited to the minimum data required for the feature in question. Any such data flows will be disclosed in product-specific documentation and, where required, separately consented to before use.

A feature-specific privacy notice will be provided where any product requires more detailed disclosure beyond this overarching Policy.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the Services we offer. When we do, we will revise the “Last Updated” date at the top of this Policy. Material changes will be communicated through the Website or, where appropriate, by direct notice. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

15. Grievance Officer (India)

In accordance with the Information Technology Act, 2000 (and the rules made thereunder) and the DPDP Act, 2023, the designated Grievance Officer for Chromastome Private Limited is:

Grievances will be acknowledged within forty-eight (48) hours and resolved within the timeframes prescribed by applicable law.

16. Contact Us

For any questions about this Privacy Policy or our privacy practices, please contact us at: