capScrum | Custom Software Development & SaaS Engineering Agency

1 Introduction

At capScrum ("we", "us", or "our"), we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you visit capscrum.com or use our services.

We comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR and PECR, the California Consumer Privacy Act (CCPA/CPRA), and India's Digital Personal Data Protection Act (DPDPA). This policy applies to all users of our website, regardless of their location.

By using our website, you acknowledge that you have read this Privacy Policy. For details about cookies specifically, please see our Cookie Policy.

2 Information We Collect

We may collect the following types of information:

Personal Identification Information: Name, email address, phone number, and company name — provided voluntarily through our contact forms.
Usage Data: Pages visited, time spent on pages, click patterns, and referring URLs.
Technical Data: IP address (anonymized where possible), browser type and version, operating system, device type, screen resolution, and time zone.
Cookie Data: Information collected through cookies and similar technologies. See our Cookie Policy for full details.
Communication Data: Records of correspondence if you contact us via email, phone, or our contact form.

We do not knowingly collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data) unless you voluntarily provide it.

3 How We Collect Information

We collect information through:

Direct interactions: When you fill out our contact form, send us an email, or call us.
Automated technologies: As you navigate our website, we may automatically collect technical and usage data through cookies, server logs, and similar technologies (subject to your consent where required).
Third-party sources: We may receive data from analytics providers (if consent is given for analytics cookies) or public business directories.

4 How We Use Your Data

We use the information we collect for the following purposes:

Service delivery: To respond to your inquiries, provide quotes, and deliver our software development services.
Communication: To send you updates about your projects, respond to your requests, and provide customer support.
Website improvement: To understand how visitors use our website and improve its content, navigation, and performance.
Security: To protect our website and services from fraud, abuse, and unauthorized access.
Legal compliance: To comply with applicable laws, regulations, and legal processes.
Marketing: With your explicit consent, to send you information about our services, case studies, or industry insights. You can unsubscribe at any time.

We practice data minimization: we only collect data that is necessary for the purposes stated above and do not process it further in a manner incompatible with those purposes.

5 Legal Bases for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

Consent (Art. 6(1)(a))

For non-essential cookies, marketing communications, and analytics. You may withdraw consent at any time.

Contract (Art. 6(1)(b))

For processing necessary to respond to your service inquiries and deliver services you have requested.

Legitimate Interest (Art. 6(1)(f))

For essential cookies, website security, fraud prevention, and internal analytics to improve our services.

Legal Obligation (Art. 6(1)(c))

For processing required by applicable law, such as tax and accounting obligations.

6 Data Sharing & Third Parties

We do not sell your personal data. We may share your information only in the following circumstances:

Service providers: Third-party vendors who assist us in operating our website and delivering services (e.g., email delivery via Resend, cloud hosting). These providers are contractually bound to protect your data.
Analytics providers: If you have consented to analytics cookies, anonymized usage data may be shared with analytics services.
Legal requirements: We may disclose your information if required by law, court order, or governmental regulation.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with notice provided to you.

7 International Data Transfers

capScrum is based in Hyderabad, India. If you access our website from the EU, UK, or other regions, your data may be transferred to and processed in India or other countries where our service providers operate.

When transferring data outside the EEA/UK, we ensure appropriate safeguards are in place, which may include Standard Contractual Clauses (SCCs) approved by the European Commission, or other valid transfer mechanisms recognized under applicable law.

8 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:

Contact form submissions: Retained for up to 3 years from the date of submission, or until you request deletion.
Cookie consent records: Retained for up to 1 year, after which consent is re-requested.
Website analytics data: Anonymized and aggregated data may be retained indefinitely for statistical purposes.
Business records: Retained as required by applicable tax, accounting, and legal obligations.

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

9 Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

Right of access: You can request a copy of the personal data we hold about you.
Right to rectification: You can ask us to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): You can request deletion of your personal data in certain circumstances.
Right to restrict processing: You can ask us to limit how we use your data.
Right to data portability: You can request your data in a structured, commonly used format.
Right to object: You can object to processing based on legitimate interest or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at info@capscrum.com. We will respond within 30 days as required by the GDPR. You also have the right to lodge a complaint with your local data protection authority.

10 Your Rights Under CCPA / CPRA

If you are a California resident, the CCPA and CPRA provide you with additional rights:

Right to know: You can request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.
Right to delete: You can request deletion of your personal information, subject to certain exemptions.
Right to correct: You can request correction of inaccurate personal information.
Right to opt-out of sale/sharing: You can opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to limit sensitive data: You can limit the use and disclosure of sensitive personal information.
Right to non-discrimination: We will not discriminate against you for exercising any of these rights.

To submit a request, email info@capscrum.com. We will verify your identity and respond within 45 days.

11 Do Not Sell or Share My Personal Information

capScrum does not sell your personal information. We do not exchange personal data for monetary or other valuable consideration. If any future use of cookies or third-party tools constitutes a "sale" or "sharing" under CCPA, you can opt out by disabling marketing cookies in our Cookie Settings or by contacting us.

We honor Global Privacy Control (GPC) signals as a valid opt-out of the sale or sharing of personal information. If your browser sends a GPC signal, we treat it as a request to opt out.

12 Children's Privacy

Our website and services are not directed at individuals under the age of 16 (or 13 where applicable). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete it. If you believe we may have collected information from a child, please contact us at info@capscrum.com.

13 Security Measures

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

HTTPS encryption for all data in transit.
Access controls limiting data access to authorized personnel only.
Regular security reviews and updates of our infrastructure.
Data minimization and privacy-by-design principles in our development process.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our safeguards.

14 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:

We will update the "Last updated" date at the top of this page.
For significant changes, we will provide a prominent notice on our website.
Where required by law, we will seek your renewed consent.

We encourage you to review this policy regularly to stay informed about how we protect your data.

15 Contact Us

For any questions, concerns, or requests related to your privacy or this policy, please reach out to us:

capScrum

Email: info@capscrum.com

Phone: +91 9381088878

Location: Hyderabad, India

We aim to respond within 30 days for GDPR requests and 45 days for CCPA requests. For EU/UK residents, you may also contact your local data protection authority if you are not satisfied with our response.