1. Scope, Controller Identity & Legal Framework

This Privacy Policy applies to all Hasster Services defined in TC Section 1, including mobile apps, web platforms, APIs, AI systems, off-platform tracking pixels, SDKs, and developer tools. Hasster is operated by Crambo Tech Private Limited (registered office: Auravelly Colony, Sarojani Nagar, Natkur, Lucknow – 226008, Uttar Pradesh, India). For any privacy-related matters, contact: [email protected].

This Policy complies with the Information Technology Act, 2000 (India), IT Rules 2021, Digital Personal Data Protection Act, 2023 (DPDPA), GDPR/UK GDPR, CCPA/CPRA, LGPD (Brazil), and UAE PDPL — applying the highest standard where multiple regimes overlap.

2. Categories of Personal Data Collected & Sources

Hasster collects the following categories of personal information to provide, personalize, secure, and improve the Services:

• Identity & profile data: name, username, email, phone number, profile picture, date of birth (for age verification).
• User Content & communications: posts, messages, images, videos, livestreams, comments, reactions, and metadata.
• Technical & device data: IP address, device identifiers, browser type, OS version, timezone, carrier, and sensor data (where permitted).
• Activity & behavioral data: clicks, scrolls, watch time, likes, shares, follows, search queries, and session replays (anonymized for debugging).
• Off‑Platform data (TC Section 7): interactions with Hasster plugins, embedded content, conversion pixels, and login integrations on third‑party sites.
• Inferred & derived data: interest clusters, affinity scores, safety risk signals, and engagement propensity models generated by AI systems.

Data is collected directly from you, via automated technologies (cookies, SDKs, pixels), and from authorized partners (advertising platforms, identity verification services, or public sources) where legally permissible.

3. Legal Bases for Processing (Global Compliance)

Hasster processes your personal data only on valid legal grounds under applicable law. Depending on the context, we rely on:

• Contractual necessity: to provide the Hasster Services you requested (account creation, content sharing, messaging).
• Legitimate interests: fraud prevention, platform security, AI training, personalization, ad measurement, and service improvement — always balanced against your rights.
• Consent: for certain cookies, precise geolocation, health or biometric data (if any), and where required by law (e.g., personalised ads in specific jurisdictions).
• Legal obligation: to comply with court orders, government requests (Section 69A IT Act), or retention mandates.
• Vital interests & public task: in rare cases of emergency or statutory function.

4. AI Systems & Machine Learning Training (TC Section 8)

You expressly grant Hasster a perpetual, worldwide, royalty‑free license to use User Content for training, fine‑tuning, and deploying artificial intelligence models, including large language models, computer vision systems, recommendation engines, and safety classifiers. This includes creating derived representations (embeddings, weights) that cannot be reversed.

Even after content deletion, AI models that have already been trained will not be retracted, but Hasster provides prospective opt‑out: email [email protected] with subject “AI Training Opt‑Out — [Username]”. Opt‑out applies only to future training cycles and does not affect already deployed models or aggregated datasets used for security.

5. Off-Platform Tracking, Cross-Device Data & Attribution (TC Section 7)

Hasster uses off‑platform data collection (pixels, embedded widgets, login plugins) to measure ad effectiveness, attribute conversions, detect spam, and improve recommendation systems. We may link your activity across devices using deterministic (hashed login tokens) or probabilistic methods (device fingerprinting).

You can restrict off‑platform tracking via: Settings → Privacy Controls → Off‑Platform Activity Management. Disabling limits personalization but does not block core functionality.

6. Cross-Border Data Transfers & Storage Locations

As a global platform, Hasster stores and processes data in India, the United States, the European Union, Singapore, Brazil, and the UAE via secure cloud providers (AWS, GCP, Cloudflare). For transfers from the EEA, UK, or other adequacy‑restricted regions, Hasster implements Standard Contractual Clauses (SCCs), supplementary technical measures (encryption, pseudonymization), and Data Processing Agreements (DPAs).

You acknowledge that data protection laws in certain jurisdictions may differ from your home country. However, Hasster applies consistent security and contractual safeguards across all regions.

7. How We Share Personal Data

Hasster does not sell your personally identifiable information. We share data only in the following scenarios:

• Service providers & subprocessors: hosting, CDN, analytics, fraud detection, support (under strict confidentiality).
• Advertising partners: aggregated or pseudonymized insights (e.g., “users aged 18–24 in Lucknow liked this ad”), but never your name/email.
• Legal & regulatory authorities: where required under Section 69A of IT Act, court orders, or lawful government requests.
• Corporate restructuring: merger, acquisition, or asset sale — with notice to affected users.
• With your explicit consent: for any other sharing not described herein.

8. Data Retention & Deletion Schedule

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law (e.g., DPDPA, IT Rules, tax/commercial statutes). Specific retention criteria:

When data is no longer required, we securely delete or irreversibly anonymize it. Some residual copies may remain in backup systems for limited periods.

9. Your Privacy Rights (Regional & Global Matrix)

Depending on your jurisdiction, you may exercise the following rights. Hasster will respond within 30 days (extendable by 60 days for complex requests) after identity verification.

• Right to Access – confirm what data we process and receive a copy.
• Right to Rectification – correct inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”) – delete your data, subject to legal or security exceptions (TC Section 12).
• Right to Restrict Processing – limit how we use your data under specific conditions.
• Right to Data Portability – receive machine‑readable copy (structured, commonly used format).
• Right to Object – object to processing based on legitimate interests (including profiling).
• Right to Opt‑Out of Sale/Sharing (CCPA/CPRA) – Hasster does not sell PI, but you may opt‑out of cross‑context behavioral advertising via GPC signal or settings.
• Right to Withdraw Consent – anytime where consent is the legal basis.
• Right to Nominate (India – DPDPA) – nominate another person to exercise rights in case of death or incapacity.

10. Automated Decision-Making & Profiling

Hasster uses automated systems and profiling that may produce legal or similarly significant effects (e.g., content ranking, account suspension, advertising eligibility). This includes:

• Content moderation classifiers – AI models that flag violations of Community Guidelines.
• Recommendation algorithms – personalising feeds and suggested connections.
• Risk scoring – detection of fraudulent activity, inauthentic behavior, or spam.

You have the right to object to solely automated decisions and request human review. To appeal an automated enforcement decision, use the in‑platform appeal mechanism (TC Section 11).

11. Security Measures & Breach Notification

Hasster implements state‑of‑the‑art security: encryption at rest (AES‑256) and in transit (TLS 1.3), regular penetration testing, access control, and intrusion detection. In the unlikely event of a personal data breach that poses a risk to your rights, we will notify you and relevant supervisory authorities within 72 hours where legally required (e.g., GDPR Article 33, DPDPA Section 8).

12. Cookies, Pixels & Similar Technologies

We use strictly necessary, functional, analytics, and advertising cookies. You can manage your cookie preferences via the consent banner or browser settings. Essential cookies (authentication, security) cannot be disabled. For targeted advertising, we provide an opt‑out mechanism via your account’s “Ad Preferences” dashboard.

13. Grievance Officer & Data Protection Contact

As required under the IT Rules, 2021 and DPDPA, Hasster has designated a Grievance Officer for privacy‑related complaints:

• Mr. Vivek Suryakant – Grievance Officer
• Email: [email protected] / [email protected]
• Postal address: Crambo Tech Private Limited, Auravelly Colony, Sarojani Nagar, Natkur, Lucknow – 226008, India

The Grievance Officer acknowledges complaints within 24 hours and resolves within 15 business days where feasible. If you are in the EU, you also have the right to lodge a complaint with your local Data Protection Authority.

14. Children’s Data & Age Restrictions

Hasster is not intended for individuals under 13 years of age (or higher age of digital consent in your jurisdiction, e.g., 16 in some EU states). If we discover that we have collected personal data from a child without verified parental consent, we will delete it promptly. Parents/guardians may request removal by contacting [email protected].

15. Updates & Modifications to This Policy

We may revise this Privacy Policy to reflect changes in law, our data practices, or platform features. Material changes will be notified via in‑app notification or email at least 14 days in advance, where required by law. Your continued use after the effective date constitutes acceptance of the updated Policy. For non‑material changes (typos, clarifications), the updated version is effective immediately.

16. Dispute Resolution & Binding Arbitration (Privacy Claims)

Any dispute arising from this Privacy Policy or your personal data processing shall be subject to exclusive binding arbitration under the Indian Council of Arbitration (ICA), seated in Lucknow, Uttar Pradesh, India, in accordance with TC Section 16. The arbitration will be conducted in English. Class actions and representative proceedings are waived. You retain the right to lodge a complaint with a supervisory authority, but any legal recourse against Hasster must follow the arbitration framework.

17. Governing Law & Jurisdiction

This Privacy Policy and any non‑arbitrable disputes shall be governed by the laws of India, and the competent courts of Lucknow shall have exclusive jurisdiction, without regard to conflict of laws. Where mandatory local consumer laws (e.g., EU GDPR’s “one‑stop‑shop”) provide otherwise, Hasster will comply but the governing law for contractual interpretation remains Indian law.

18. Data Protection Impact Assessments (DPIAs)

For high‑risk processing activities (e.g., large‑scale AI training, behavioral tracking of vulnerable groups), Hasster conducts DPIAs and, where required, consults with the relevant supervisory authority (e.g., Indian Data Protection Board, European DPAs). DPIAs are reviewed annually or before launching new high‑risk features.

19. Third‑Party Links & Integrations

Hasster Services may contain links to external sites or third‑party plugins (e.g., payment gateways, embedded tweets). This Privacy Policy does not apply to those third parties. We encourage you to review their privacy notices before sharing any personal information. Hasster is not responsible for the privacy practices of third‑party services.

20. No Discrimination & CCPA/CPRA Notice at Collection

Hasster will not discriminate against you for exercising any privacy rights (e.g., denying goods, charging different prices). Under California law, we provide a “Notice at Collection”: we collect categories listed in Section 2 for the business purposes set forth in Section 3. We do not “sell” or “share” personal information for cross‑context behavioral advertising without offering an opt‑out (via Global Privacy Control or browser opt‑out preferences).

21. Survival & Post‑Termination Data Use

Even after account termination, Hasster may retain certain data as permitted or required by law (TC Section 22), including for fraud prevention, legal compliance, dispute resolution, and security audits. Anonymized or aggregated data derived from your activity may be retained indefinitely for research and service improvement.

22. Entire Agreement & Contact

This Privacy Policy, together with the Hasster Terms of Service and incorporated policies, constitutes the entire agreement regarding your personal data. For any questions not addressed herein, or to submit a data subject request, please contact:

By using Hasster, you acknowledge that you have read, understood, and agree to this Global Privacy & Data Protection Policy, including binding arbitration seated in Lucknow, cross‑border data transfers, and AI training as described herein.