Privacy Policy

We collect information that you provide directly to us when you create an account, request a demo, contact us, or use our platform. This includes your name, email address, phone number, organisation name, job title, and any other information you choose to provide.

When you use the Critical Range platform, we automatically collect certain technical information including IP address, browser type, operating system, access times, and pages viewed. This information is used solely for platform operation and security monitoring.

For exercise participation, we collect performance data including challenge completions, scores, time spent, and skill progression. This data is used for assessment, reporting, and adaptive training purposes.

We use the information we collect to: (a) provide, maintain, and improve the Critical Range platform; (b) process transactions and send related information; (c) send technical notices, updates, security alerts, and administrative messages; (d) respond to your comments, questions, and requests; (e) generate aggregated, anonymised analytics for platform improvement.

We do not sell, rent, or share your personal data with third parties for their marketing purposes. We do not use your data for automated decision-making or profiling that produces legal effects.

For on-premises deployments, all user data remains entirely within your infrastructure. We have no access to data on air-gapped or on-premises installations unless explicitly granted for support purposes.

Data is stored on infrastructure within India. For cloud-hosted deployments, we use enterprise-grade cloud infrastructure with ISO 27001 aligned security controls. For on-premises deployments, data remains entirely on customer-owned infrastructure.

We implement industry-standard security measures including: encryption at rest (AES-256) and in transit (TLS 1.3), role-based access control (RBAC), multi-tenant data isolation, regular security audits, and automated vulnerability scanning.

Access to personal data is restricted to authorised personnel who require it for platform operation. All access is logged and auditable.

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

(a) Right to Access: You may request a summary of the personal data we process about you and the processing activities undertaken.

(b) Right to Correction and Erasure: You may request correction of inaccurate or misleading data, completion of incomplete data, updating of data that is no longer current, and erasure of data that is no longer necessary for the purpose for which it was collected.

(c) Right of Grievance Redressal: You have the right to have your grievances addressed in a timely manner. Our Grievance Officer can be contacted at privacy@criticalrange.com.

(d) Right to Nominate: You may nominate any other individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact our Data Protection Officer at privacy@criticalrange.com. We will respond to your request within 30 days.

We use strictly necessary cookies for platform authentication and session management. These cookies are essential for the platform to function and cannot be disabled.

We use analytics cookies (only with your consent) to understand how the platform is used and to improve the user experience. You can manage your cookie preferences at any time through your browser settings.

We do not use third-party advertising cookies or tracking pixels.

We may use the following categories of third-party services: (a) cloud infrastructure providers for hosted deployments; (b) email delivery services for transactional communications; (c) analytics services for platform usage insights; (d) payment processors for subscription management.

All third-party service providers are contractually bound to process personal data only as instructed by us and to implement appropriate security measures. We do not share personal data with third parties located outside India unless adequate safeguards are in place as required by the DPDP Act.

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

Data Protection Officer, Zindagi Technologies Private Limited, 301, 3rd Floor, Bakshi House, Nehru Place, New Delhi - 110019, India.

Email: privacy@criticalrange.com | Phone: +91 9773973971

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act 2023.