top of page

Privacy Policy

A legal disclaimer

Effective Date: 06/04/2025
Entity: BrandCraft – Marketing & Advertising (a sole proprietorship), Mumbai, Maharashtra, India (“BrandCraft”, “we”, “us”, “our”)
Website: https://www.brandcraft.marketing/ (“Site”)

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit our Site, communicate with us, or use our services.

We comply with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and, to the extent applicable, the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“IT SPDI Rules”).

1) Who we are & roles under law

BrandCraft is a sole proprietorship digital marketing and advertising agency.

  • When we decide the purposes and means of processing (e.g., our own Site, lead forms, WhatsApp outreach), we act as a Data Fiduciary (controller).

  • When we process data strictly on clients’ instructions (e.g., running ads, CRM uploads, WhatsApp API flows), we act as a Data Processor on their behalf.

2) What data we collect

We collect the following categories (as applicable):

  • Identity & contact: name, business name, email, phone/WhatsApp, job title.

  • Business details: service interests, campaign goals, budgets, industry vertical, meeting notes.

  • Technical & usage: device/browser info, IP address, timestamps, pages viewed, UTM codes, cookies, GA4 identifiers.

  • Communications: emails, form messages, chat transcripts, ORM messages, support queries.

  • Marketing & analytics: consent preferences, campaign interactions, ad clicks, video views (YouTube), social handles if you share them.

We do not intentionally collect financial information or government IDs via the Site. Please do not submit sensitive personal data unless we explicitly ask for it.

3) Sources of data

  • Directly from you (forms, emails, calls, WhatsApp).

  • Automatically via cookies/analytics when you use our Site.

  • From authorized partners/platforms (e.g., Google Analytics 4, Google Ads, Meta Ads, YouTube, WhatsApp Business API) when you have interacted with our content.

4) Why we process your data (purposes)

  • To respond to enquiries, provide proposals, execute contracts, deliver campaigns.

  • To run SEO, paid ads, social media, YouTube optimization, WhatsApp API flows, and reporting.

  • To improve Site performance, UX, and security; to measure marketing effectiveness.

  • To send service updates, case studies, invitations, and lawful marketing (with your consent/opt-in where required).

  • To comply with legal obligations and enforce our agreements.

Legal bases (DPDP): your consent, performance of a contract, and other legitimate uses permitted under the DPDP Act (e.g., prevention of fraud, compliance).

5) Cookies & analytics

We use cookies and similar technologies for essential functions, analytics (e.g., GA4), and performance measurement. You may control cookies via your browser settings. Some features may not function without certain cookies.

6) Sharing & disclosure

We do not sell personal data. We share data only as needed:

  • Vendors/Processors: hosting, analytics, CRM/marketing tools, email/WhatsApp providers, ad platforms, design/video tools—each under confidentiality and data-protection obligations.

  • Clients (when we act as Processor): performance reports generated from campaigns.

  • Legal & compliance: to comply with law, court orders, or to protect rights, safety, or prevent fraud.

  • Business changes: if we reorganize our sole proprietorship (e.g., conversion to another entity), data may transfer subject to this Policy.

Some partners may process data outside India; we apply reasonable security measures and contractual safeguards consistent with Indian law.

7) Data security

We implement reasonable security practices consistent with Rule 8 of the IT SPDI Rules and industry standards (administrative, technical, and physical safeguards). No method is 100% secure; we regularly review controls and vendor practices.

8) Data retention

  • Enquiry and marketing leads: typically 24 months from last interaction.

  • Contract and billing records: up to 7 years or as required by law.

  • Campaign analytics: per client agreement or as needed for reporting/performance, then archived/anonymized.

We retain data only as long as necessary for the purposes stated above or to meet legal requirements.

9) Your rights (DPDP)

Subject to the DPDP Act and applicable rules, you may have the right to:

  • Access information about how we process your data.

  • Correct or erase your personal data.

  • Withdraw consent (processing before withdrawal remains lawful).

  • Grievance redressal through our Grievance Officer.

  • Nominate another person to exercise your rights in certain situations (as per DPDP).

To exercise rights, email support@brandcraft.marketing with the subject “Data Rights Request”. We may verify identity before acting.

10) Children’s privacy

Our Site and services are intended for business users. We do not knowingly process personal data of children (under 18 years). If you believe a child has provided data, please contact us for prompt deletion.

11) Third-party links & embeds

Our Site may link to third-party websites or embed content (e.g., YouTube, social networks). We do not control those sites and are not responsible for their privacy practices. Please review their policies.

12) WhatsApp Business & communications

If you opt in, we may use WhatsApp Business (API) for updates, reminders, or support. Standard messaging rates may apply. You can opt out at any time by replying STOP or emailing us.

13) When we act as a Data Processor for clients

For client projects (ads, CRM lists, WhatsApp flows, analytics), we process personal data solely per the client’s documented instructions, with confidentiality, limited access, and security controls. Clients remain responsible for their own legal basis and notices to their end users.

14) Changes to this Policy

We may update this Policy from time to time. The updated version will be posted with a new Effective Date. Significant changes may be notified by email/notice on the Site.

15) Contact & grievance redressal

Data Protection / Privacy Contact:
Email: support@brandcraft.marketing |


Address: BrandCraft – Marketing & Advertising, Bandra, Maharashtra, India Mumbai, Maharashtra, India

We aim to acknowledge grievances within 48 hours and resolve them within 30 days in line with Indian norms.

16) Governing law & dispute resolution

This Policy and any disputes are governed by the laws of India. Any dispute shall be subject to the exclusive jurisdiction of courts at Mumbai, Maharashtra, or resolved by arbitration under the Arbitration and Conciliation Act, 1996 (seat: Mumbai), as mutually agreed.

bottom of page