Privacy Policy - CloutSecure

Privacy Policy

Last Updated: August 01, 2025

CloutSecure (“we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy explains what information we collect from users of our website and services, how we use and share that information, and the rights you have regarding your data. By using CloutSecure’s services, you agree to the practices described in this Privacy Policy.

Information We Collect

We collect various types of personal and usage information in order to provide and improve our cybersecurity services for content creators:

Personal Identifiers: When you sign up for a free audit or create an account, we collect information such as your name, email address, and social media usernames or handles. This includes any contact details and profile information you provide in forms or registration fields.
Account Access Data: If you request services like social media account audits or digital vault setup, we may collect platform-specific information or metadata related to accessing those accounts (for example, user credentials tokens or security settings metadata). We only gather what is necessary to perform the service and with your authorization.
User-Provided Content: Any information you voluntarily submit through our forms or portal—such as survey responses, inquiries, or content for emergency response—will be collected. This can include descriptions of security issues, feedback, and other details you provide about your social media accounts or digital assets.
Usage Data: We automatically collect technical data when you interact with our website or client portal. This includes your IP address, browser type, device information, pages visited, and the dates/times of access. We use this usage data to analyze how our site and services are used and to secure our platform from fraudulent or unauthorized activity.
Cookies and Tracking Technologies: We use cookies and similar technologies to remember your preferences and enhance your experience. Cookies may collect information about your browsing activities on our site (e.g., which pages you viewed and for how long). For detailed information on how we use cookies, see Cookies and Analytics below.

We do not collect any more personal data than necessary for the purposes described. In particular, we do not intentionally collect any sensitive personal data (such as financial information, government ID numbers, or biometric data) except what you choose to provide for security services. Our services are intended for adults; we do not knowingly collect information from children under 18 without parental consent, and our site is not directed to minors.

How We Use Your Information

We use the collected information for the following purposes:

To Provide Services: We process your personal information to conduct social media security audits, generate personalized risk reports, deliver emergency response assistance, and set up your digital vault. For example, we use your social media usernames and any access tokens to review your account security settings and produce a report, and we use your contact information to send you the results.
Account and Portal Access: If you create an account on our secure portal, we use your login credentials and profile data to authenticate you and allow you to view personalized content (such as your risk score dashboard and security reports). We may also use information about your previous interactions to tailor the content you see on your portal.
Communication: We use your email (and any other contact method you provide) to send service-related communications. This includes sending free audit results, notifying you about important security alerts or incidents, sending periodic risk assessment updates, and responding to your inquiries or support requests. We may also send newsletters or promotional materials about new features with your consent or as permitted by law – you can opt out of marketing emails at any time.
Service Improvement and Analytics: Internal analytics are performed on usage data to understand how users engage with our site and services. This helps us troubleshoot problems, improve usability, and develop new cybersecurity features. For instance, we might analyze aggregated data to identify common security weaknesses among content creators and improve our audit checklists.
Security and Fraud Prevention: We may use personal and technical information to protect our platform, our users, and their accounts. This includes monitoring for suspicious activities, enforcing our Terms of Service, and verifying user identities as needed. If you use our emergency response service, information you provide about an incident may be used to investigate and prevent unauthorized access to your accounts.
Legal Compliance: Where necessary, we will use your information to comply with applicable laws and regulations. For example, we may retain certain data or disclose it to authorities if required by law (such as complying with a legal process or government request), or use your data to enforce agreements and protect our rights.

We will only use your personal data for the purposes we have described. If we need to use your data for an unrelated purpose, we will seek your consent or rely on an appropriate legal basis. We do not engage in automated decision-making or profiling that has legal or similarly significant effects on you, except for generating risk scores which are purely to inform you about your security posture (and not used to deny services or such).

Cookies and Analytics

Cookies: CloutSecure uses cookies and similar tracking technologies to collect usage information and improve user experience. Cookies are small text files stored on your device when you visit our site. They serve functions such as:

Essential Cookies: These are necessary for the website and portal to function properly. For example, they keep you logged in during your session or remember your input in forms. You cannot opt out of essential cookies as they are needed for core functionality.
Analytics Cookies: We use these to understand how visitors navigate our site, which pages are most viewed, and how our marketing campaigns perform. This helps us optimize content and layout. For instance, we use Google Analytics or similar services that set cookies to gather website traffic statistics (e.g., number of visitors, referrers, and conversion rates). The information collected is typically aggregated and does not directly identify you.
Preference Cookies: These remember choices you make (like language or region preference) to provide a more personalized experience.
Security Cookies: We may use cookies to help identify and prevent security risks. For example, cookies can store session identifiers to detect if someone else is attempting to impersonate your account.

Managing Cookies: When you first visit our site, you may be presented with a cookie notice or settings that allow you to accept or reject certain cookies. You can also manage cookies through your browser settings. Most web browsers let you control cookies, including blocking or deleting them. However, please note that if you disable cookies, some features of our site (especially the client portal and login functionality) may not work properly.

Analytics and Third-Party Tools: In addition to our own analysis, we may use third-party analytics tools (like Google Analytics) which utilize their own cookies or tracking technologies. These tools help us measure user interactions on our site. The information generated by the cookies about your use of the website (such as your IP address and browsing behavior) may be transmitted to and stored by the analytics provider on their servers. We configure such tools to respect privacy as much as possible (for example, by anonymizing IP addresses where feasible). These third-party analytics providers are prohibited from using the data collected on our behalf for purposes other than providing us with analytic information.

We do not use cookies for advertising or share cookie-derived data with advertisers. Currently, we do not respond to “Do Not Track” signals, as there is no universal standard for that, but we give you the ability to control cookies as described.

Data Sharing and Disclosure

We value your privacy and handle your personal data with care. We do not sell or rent your personal information to third parties for their own marketing purposes. We only share information in the following circumstances:

Service Providers: We employ third-party companies and individuals to help us operate our services (“Service Providers”). This includes web hosting providers, cloud storage services, email delivery services, customer support tools, payment processors for handling subscription payments, and analytics providers. These Service Providers process personal data on our behalf and are bound by contractual obligations to keep your information confidential and to use it only for providing their services to us.
Partners for Core Services: In some cases, we may partner with specialized third parties to deliver certain features. For example, if our emergency response team works with a social media platform’s security team to secure a compromised account, we would share only the information necessary (such as the affected username and relevant incident details) to resolve the issue. Similarly, if setting up a digital vault involves a third-party security product, we will transfer necessary data to facilitate that service with your knowledge or consent.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). We will also share information when we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.
Business Transfers: If CloutSecure undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or a portion of our assets, your personal data may be among the assets transferred. We will ensure the successor entity honors the commitments we have made in this Privacy Policy, and we will notify you (for example, via email or a prominent notice on our site) of any such change in ownership or control of your personal information.
With Your Consent: Apart from the cases above, we will request your explicit consent before sharing your personal data with any third party for purposes not covered by this Privacy Policy. You have the right to withdraw such consent at any time.

When we share information with third parties, we adhere to the principle of data minimization – only the data that is strictly necessary for the purpose will be shared. All third parties are expected to provide an adequate level of data protection in line with applicable privacy laws. We do not allow our third-party service providers to use your personal data for their own purposes.

International Data Transfers

CloutSecure is a global service. Your information may be stored and processed in multiple countries, depending on where our operations, personnel, and service providers are located. For example, if you are located outside of India (where our headquarters and primary servers are based), your data may be transferred to and stored on servers in India or other jurisdictions. Likewise, if you are in the European Economic Area (EEA) or United Kingdom, your data might be transferred to India or another country that may have different data protection laws than those in your jurisdiction.

Regardless of where your data is processed, we take steps to ensure that your information is protected in accordance with this Privacy Policy and applicable law:

Adequacy and Safeguards: When transferring personal data internationally, we will do so only under conditions that provide appropriate safeguards. For EEA/UK users, this may involve using European Commission-approved Standard Contractual Clauses (SCCs) or ensuring the recipient country is recognized for adequate data protection standards. For Indian users under the forthcoming regulations, we will avoid transferring data to any country that is officially blacklisted or prohibited for data transfers by the Indian government.
Legal Compliance: We comply with local legal requirements governing the transfer of personal data. If required by applicable law, we will obtain your consent for international transfers or implement other necessary measures before transferring your personal data across borders.
Our Operations: Access to personal data is limited to our personnel or partners who need the data to perform their tasks and are subject to strict confidentiality obligations. Whether our team members are in India, the United States, or elsewhere, they must follow our data protection policies and procedures.

Your Consent to Transfer: By using our website or services or by providing us with any personal data, you consent to the transfer, processing, and storage of your information in countries outside of your country of residence. We understand that different countries may have different data protection standards, but we want to assure you that we will handle your personal data with the utmost care no matter where it is processed.

If you have questions about our international data transfer practices or need more information about the safeguards in place, please contact us using the information provided in the Contact Us section of this policy.

Your Rights and Choices

We respect your rights to control your personal data. Depending on the laws that apply to your jurisdiction (for example, Indian law, GDPR in Europe, or other global data protection laws), you may have some or all of the following rights regarding your personal information:

Right to Information: You have the right to be informed about the personal data we collect and how we process it. This Privacy Policy is one way we fulfill this right. You can also ask us for confirmation as to whether we are processing your personal data.
Right of Access: You can request a copy of the personal data we hold about you. We will provide this information, subject to some exceptions (for instance, we might not disclose data that includes others’ personal information or is protected for legal reasons). For registered users, much of your basic information and reports are accessible by logging into your client portal.
Right to Correction: If any of your information is inaccurate or incomplete, you have the right to ask us to correct or update it. You can also correct certain information yourself by logging into your account and editing your profile details.
Right to Erasure: You may request that we delete your personal data, sometimes known as the “right to be forgotten.” We will honor such requests to the extent required by applicable law. For example, if you withdraw consent or terminate your services with us, you can request deletion of the data we no longer have a legal reason to keep. Note that we might retain certain information if necessary for legal obligations or legitimate interests (e.g., record-keeping or fraud prevention), but we will let you know if that’s the case.
Right to Object or Withdraw Consent: Where we rely on consent to process your data (such as for marketing emails), you have the right to withdraw that consent at any time. You can also object to certain processing (for instance, if we were processing your data for direct marketing or for a purpose based on our legitimate interest). In jurisdictions like the EU, you can object to processing that you believe is not justified. If you lodge an objection, we will reassess your case and either stop the processing or explain why we are legally permitted to continue.
Right to Data Portability: In some cases, you can request to receive your personal data in a structured, commonly used, and machine-readable format, and have the data transmitted to another service provider where technically feasible. This typically applies to data processed by automated means that you provided to us, under the GDPR or similar laws.
Right to Restriction of Processing: You have the right to ask us to limit the processing of your data in certain situations – for example, while we address a claim that the data is inaccurate or if you have objected to processing and we are determining whether our legitimate grounds override your objection.
Right to Nominate (India-specific): If you are covered by India’s Digital Personal Data Protection Act, you have a right to nominate a representative to exercise your data rights in the event of your death or incapacity. If you wish to designate such a nominee, please contact us with the relevant details.
Rights in case of Automated Decisions: CloutSecure does not make any legally significant decisions about you solely by automated means (without human involvement). However, if this changes, you would have the right not to be subject to a decision based only on automated processing that significantly affects you, and to request human intervention.
Right to Complain: If you believe your data protection rights have been violated, you have the right to lodge a complaint. If you’re in India, you can approach the Data Protection Board of India or another relevant authority. If you’re in the EU or UK, you may contact your local Data Protection Authority. Of course, we encourage you to contact us first so we can address your concerns directly.

Exercising Your Rights: To exercise any of your rights, please contact us at the email or mailing address listed in the Contact Us section. We may need to verify your identity before fulfilling certain requests (to ensure we don’t disclose data to the wrong person). In your request, please clearly describe which right you want to exercise and the scope of the request. We will respond within the timeframe required by law (for example, under GDPR, typically within one month). There is no fee for exercising your rights, with the exception that if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it.

Choices for Marketing: If you have subscribed to our newsletter or are receiving promotional communications, you can opt out at any time by clicking the “unsubscribe” link in those emails or by adjusting your email preferences in your account settings. Even if you opt out of marketing, we may still send you service-related or transactional messages (such as security alerts or account notifications) as these are not promotional.

Security Measures

CloutSecure takes the security of your personal information seriously. As a cybersecurity-focused company, we implement a variety of technical and organizational measures to safeguard the data we hold against unauthorized access, alteration, disclosure, or destruction:

Data Encryption: All sensitive personal data (such as login credentials or access tokens) is encrypted both in transit and at rest. Our website and portal employ HTTPS (TLS encryption) to protect data transmitted between your device and our servers.
Access Controls: Personal data is accessible only to those team members and Service Providers who need it to perform their duties (principle of least privilege). We restrict administrative access to our systems and require strong authentication measures for all accounts with access to personal data.
Secure Infrastructure: We host our platform on reputable cloud providers that maintain high standards of physical and network security. Regular security audits, vulnerability assessments, and penetration testing are conducted on our systems to identify and remediate potential weaknesses.
Employee Training and Policies: Our staff is trained on data protection best practices and is bound by confidentiality obligations. We maintain internal security policies to guide how personal data must be handled and kept secure.
Threat Monitoring: Given that ongoing threat monitoring is one of our services, we also apply similar monitoring to our own systems. We deploy firewalls, intrusion detection systems, and anti-malware tools to continuously watch for and block suspicious activities on our platform.

While we strive to use commercially acceptable means to protect your personal data and follow reasonable security practices to prevent data breaches, no method of transmission over the Internet or method of electronic storage is completely secure. No cybersecurity service can guarantee 100% protection against all threats. Therefore, we cannot warrant absolute security of your data. In the unfortunate event of a data breach affecting your personal information, we will notify you and the appropriate authorities as required by law, and we will take immediate steps to mitigate the impact and prevent future occurrences.

Access via Client Portal

CloutSecure provides a secure client portal where you can access your personalized dashboard, risk scores, audit reports, and other content relevant to your account. We want to address how your data is handled within this portal and what measures are in place to protect it:

Authentication: The client portal is protected by username and password (and we support two-factor authentication, if available). Only you (or individuals you authorize) can access your account. We strongly encourage you to keep your login credentials confidential and to use a strong, unique password. CloutSecure staff will never ask you for your password. If you suspect unauthorized access to your portal account, please notify us immediately.
Data Displayed: Once logged in, you will be able to view information such as your profile details (name, email, etc.), your recent security audit results, ongoing threat monitoring alerts, and any digital vault details we maintain for you. This information is pulled from our databases and displayed to you in real time. None of your personal reports or risk metrics are visible to other users; every account’s data is isolated.
User Controls: Through the portal, you may have the ability to update certain personal information (e.g., change your contact details or social media handles on file), adjust settings (like notification preferences), and initiate certain requests (such as generating a new audit or downloading your report). Any changes you make through the portal (for example, updating your email address or changing a password) are logged and processed immediately by our system.
Portal Usage Data: We may collect metadata about your portal usage (such as last login time, actions performed, or clicks) to help us audit access and ensure security. This usage data within the portal is used solely for protecting your account and improving portal functionality; it is not shared with any third party except as needed for security (for example, if investigating a security incident).
Session Security: The portal will automatically log you out after a period of inactivity to reduce the risk of unauthorized access, especially if you are using a public or shared computer. Please ensure that you log out and close your browser when you have finished accessing your portal, particularly on shared devices.
Access by Our Team: In general, our support or security team will not access the content of your portal without your permission. However, if you request support or if troubleshooting is required for an issue you raised, authorized personnel may access relevant parts of your account to assist you. All such access is logged, and our personnel are bound to maintain confidentiality.
User Responsibilities: We remind you that while we secure the portal on our side, you play a crucial role in maintaining security on your side. This includes keeping your password secret, using a private and secure internet connection when accessing sensitive information, and not sharing your portal content with untrusted parties. We cannot be responsible for breaches of privacy that result from your own failure to adequately secure access to the portal (for example, if you share your password or leave your device unattended while logged in).

Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. The exact duration depends on the type of data and the context of its collection:

Account Information: If you create an account or subscribe to our services, we will retain your personal information as long as your account is active or as needed to provide you with services. If you cancel your subscription or request deletion of your account, we will remove or anonymize your personal data within a reasonable timeframe, except to the extent we need to keep it for legal reasons (e.g., retaining transaction records for accounting/tax, or records of consent).
Audit and Service Data: Data collected for the purpose of social media audits, emergency response, threat monitoring, or vault setup will be kept for as long as is necessary to complete the service and for an appropriate period thereafter so that you can access historical reports. We periodically review the personal data we hold; if it is no longer needed (for example, older audit logs that are no longer relevant), we may delete or anonymize it. If you have an ongoing subscription, we may keep past reports for your reference unless you request otherwise.
Communication Records: Emails and communications you send to us may be retained for a period to allow us to effectively manage our relationship and to train our customer service (for instance, we might keep support emails for a certain period to track recurring issues).
Usage Data: Aggregated analytics data (which does not identify you personally) may be retained indefinitely for statistical purposes. For personal data associated with usage (like IP addresses in logs), we typically retain such logs for a short period, unless it is used for security investigations. When usage data is used for security (e.g., access logs), we might retain it longer (until the relevant issue is resolved or the data is no longer needed).
Legal Compliance: In cases where certain information must be retained to comply with legal obligations (such as records of consents, opt-out requests, tax information for purchases, or data necessary for dispute resolution), we will retain that information as long as required by applicable law. Additionally, if we are under a legal obligation to preserve data (due to a litigation hold, for example), we will retain data until that obligation is lifted.

After the retention period expires or purposes are fulfilled, we will securely destroy or anonymize your personal data. When anonymized, data will no longer be associated with you and may be used for analytical or statistical purposes without further notice to you.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we make material changes, we will notify you by posting a prominent notice on our website or via email (if we have your email on file) prior to the change becoming effective. The “Last Updated” date at the top of this policy indicates when the latest changes were made.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of our website or services after any changes to this policy constitutes your acceptance of the updated terms.

If we seek to use your personal data for a new purpose not originally outlined in this policy, we will obtain your consent if required by law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:

CloutSecure Privacy Team
Email: privacy@cloutsecure.com
Mailing Address: CloutSecure Pvt. Ltd., 123 Cyber Avenue, Mumbai, Maharashtra, India

We will do our best to address and resolve your inquiries in a timely manner. Your privacy is important to us, and we welcome your feedback.