Privacy Policy

Cur8r Technologies Private Limited

CIN: U71200HR2026PTC144528

Registered Office: 290, Sector-8, Faridabad, Haryana 121006

Last updated: May 2026

1. INTRODUCTION

Cur8r Technologies Private Limited ("Cur8r", "we", "us", "our") operates an AI-native procurement intelligence platform accessible at cur8r.in and app.cur8r.in (the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect information about you when you use our Platform and related services.

By accessing or using the Platform, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please discontinue use of the Platform immediately.

This Policy is compliant with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), to the extent applicable and enforced.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

  • Account registration: name, email address, phone number, designation, company name
  • Company Data Vault: company registration documents, GST certificates, PAN, financial statements, past project records, personnel credentials, licenses, equipment records - uploaded voluntarily by you
  • Tender information: URLs, documents, and metadata you submit for analysis
  • Communications: emails, support requests, demo booking information

2.2 Information Collected Automatically

  • Device and browser information (type, OS, browser version)
  • IP address and approximate geographic location
  • Pages visited, features used, time spent on Platform
  • Referral URLs and session identifiers
  • Cookies and similar tracking technologies (see Cookie Policy)

2.3 Information from Third-Party Portals

When you use our tender ingestion features, we access publicly available tender data from government portals including CPPP (eprocure.gov.in), GeM (gem.gov.in), eTenders.gov.in, and state eProcurement portals. This data is publicly mandated under GFR 2017 and CVC guidelines. We do not access any authentication-gated content on your behalf without your explicit instruction and credential provision.

3. HOW WE USE YOUR INFORMATION

We use collected information to:

  • (a) Provide and operate the Platform and all its features including TenderSmart, The Ocean, and Company Data Vault
  • (b) Process tender documents through AI analysis pipelines to generate insights, compliance reports, and bid preparation assistance
  • (c) Cross-reference your Company Data Vault against tender requirements to identify eligibility gaps
  • (d) Send notifications about new tenders, corrigenda, and deadline reminders (where opted in)
  • (e) Improve our AI models and Platform features using anonymised, aggregated usage data
  • (f) Communicate with you about your account, updates, and support
  • (g) Comply with legal obligations and enforce our Terms of Use
  • (h) Detect and prevent fraud, abuse, and security threats

4. COMPANY DATA VAULT - SPECIAL PROVISIONS

The Company Data Vault contains highly sensitive business information including financial records, legal documents, and company credentials.

4.1 Storage and Encryption

All documents uploaded to the Company Data Vault are stored using AES-256 encryption at rest. Documents are stored on servers located in India. Access is role-based and strictly limited.

4.2 Zero-Knowledge Architecture

Cur8r employs a zero-knowledge architecture for Company Data Vault documents. This means:

  • Documents are encrypted before storage
  • Encryption keys are controlled at the client level
  • Cur8r personnel do not have routine access to the plaintext contents of your uploaded documents
  • AI processing is performed in isolated, ephemeral compute environments

4.3 No Sale of Vault Data

We do not sell, license, or commercially exploit any documents or data stored in your Company Data Vault to any third party under any circumstances.

4.4 Data Retention for Vault Documents

Vault documents are retained for the duration of your active subscription plus 90 days following account closure. You may request deletion at any time at ayush.malik@cur8r.in.

5. AI PROCESSING AND DOCUMENT ANALYSIS

5.1 AI Service Providers

Cur8r uses Anthropic Claude (claude.ai API) for AI-powered document analysis. Documents and document excerpts are transmitted to Anthropic's API for processing. Anthropic's data processing is governed by their usage policies and privacy commitments. We do not use Anthropic's API in a manner that allows your data to be used to train their models (we operate under Anthropic's business API terms).

5.2 Embeddings and Vector Storage

Document contents are chunked and converted to vector embeddings stored in our PostgreSQL database with pgvector extension. These embeddings enable semantic search and AI retrieval but do not allow reconstruction of original document text from the embedding alone.

5.3 AI Output Disclaimer

AI-generated analysis, compliance reports, bid summaries, and eligibility assessments are provided for informational purposes only. They do not constitute legal, financial, or professional procurement advice. Users bear full responsibility for verifying AI output before relying on it for bid submissions.

6. DATA SHARING

We do not sell your personal data. We share information only in the following limited cases:

6.1 Service Providers

We engage trusted service providers to operate the Platform including cloud infrastructure (AWS, Vercel), AI APIs (Anthropic), email services (AWS SES), SMS services (Msg91), and analytics. All providers are bound by data processing agreements.

6.2 Legal Requirements

We may disclose information where required by law, court order, or government authority including under the IT Act, DPDP Act, or directions from CERT-In.

6.3 Business Transfer

In the event of a merger, acquisition, or asset sale, user data may be transferred to the acquiring entity subject to the same privacy protections as this Policy.

6.4 Aggregated Analytics

We may share aggregated, de-identified market intelligence data (e.g., sector-level tender volume statistics) with investors, partners, or publicly. This data cannot identify individual users or companies.

7. DATA RETENTION

  • Account data: retained for the duration of your subscription plus 1 year
  • Company Data Vault documents: duration of subscription plus 90 days
  • Tender analysis records: 3 years
  • Usage logs: 12 months
  • Billing records: 7 years (statutory requirement)

8. YOUR RIGHTS

Under applicable Indian law and the DPDP Act (to the extent enforced), you have the right to:

  • (a) Access the personal data we hold about you
  • (b) Correct inaccurate personal data
  • (c) Request deletion of your personal data (subject to legal retention obligations)
  • (d) Withdraw consent for optional data processing
  • (e) Nominate a person to exercise data rights on your behalf

To exercise any of these rights, contact us at ayush.malik@cur8r.in.

Response time: within 30 days

9. SECURITY

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit
  • Role-based access control
  • Regular security reviews
  • Incident response procedures

Despite these measures, no system is completely secure. In the event of a data breach materially affecting your rights, we will notify you as required by applicable law.

10. CHILDREN

The Platform is not directed at children under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact ayush.malik@cur8r.in immediately.

11. CHANGES TO THIS POLICY

We may update this Policy periodically. Material changes will be communicated by email to registered users and by notice on the Platform. Continued use after changes constitutes acceptance.