Privacy Policy

1. Introduction and Scope

Welcome to Cherrypic

This Privacy Policy (the “Policy”) governs the manner in which Nomad Products LLP, the owner entity, operating the product named Cherrypic ("we", "our", or "us"), collects, processes, utilizes, maintains, and discloses personal data collected from users (each, a “User” or “you”) of the https://cherrypic.in website, our proprietary browser extensions, desktop applications, mobile applications, and Application Programming Interfaces (collectively, the “Services”).

This Policy has been drafted to comply with international data protection frameworks, including but not limited to the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), the UK GDPR, and applicable local privacy legislation. By accessing or utilizing our Services, you acknowledge that you have read, understood, and agree to be bound by the data practices described in this comprehensive Policy.

2. Identity of the Data Controller

For the purposes of applicable data protection legislation, the Data Controller responsible for the processing of your personal data is:

Nomad Products LLP,
Cinema Road, Baramati, Maharashtra, India - 413102
General Inquiries: hello@cherrypic.in
Privacy & Data Subject Requests: dpo@cherrypic.in

3. Categories of Personal Data Collected

We adhere to the principle of data minimization, collecting only the personal data strictly necessary to provision, maintain, and optimize the Services.

3.1 Account & Identity Information: Upon registration or subscription, we collect your explicit identifiers, including your name and primary email address, to establish and authenticate your user profile.

3.2 Usage, Technical, and Telemetry Data: We automatically collect metadata pertaining to your interaction with the Services. This includes your Internet Protocol (IP) address, browser type and version, operating system, unique device identifiers, timestamp logs, language and version of the browser software and crash reports. This data is strictly utilized for security auditing, network stability, and service optimization.

3.3 Cookies and Similar Technologies: A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer or mobile device. You can control cookies through your browser settings. If you disable cookies or similar technologies, some parts of the Services may not work properly. The Services may include previews, embeds, or links to third-party content, such as YouTube videos. These third parties may use their own cookies or similar technologies, and their processing is governed by their own terms and privacy policies.

3.4 Browser extension: The extension may show whether the current page has already been saved in your account, such as by displaying a indicator icon (checkbox icon/emoji). This check is performed locally on your device, and we do not send the current tab URL to our servers or third parties just to check its saved status. If you choose to save the page, the page URL and any related information you provide will be sent to us so we can store it in your account.

3.5 Payment and Billing Information (Paddle Integration): We do not directly collect, process, or store credit card details or financial instrumentation. Our authorized Merchant of Record (MoR) and payment processor is Paddle. When you initiate a subscription or purchase, your billing information is transmitted directly to Paddle via secure, encrypted protocols. All such payment data is subject to, and governed by, Paddle’s own Privacy Policy (available at https://www.paddle.com/legal/privacy).

4. Legal Basis and Purposes of Processing

We process your personal data under the following legal bases and for the specified purposes:

• Performance of a Contract: To provide the core features of the Service, create and manage your account, sync your data across authorized devices, provide customer support, and manage subscriptions through our payment processor.
• Legitimate Interests: To maintain, secure, troubleshoot, and improve the Service; prevent fraud, abuse, and unauthorized access; analyze service performance; and enforce our agreements, provided these interests are not overridden by your rights and freedoms.
• Consent: Where explicitly granted, to provide personalized communications or experimental features.

5. Artificial Intelligence and Machine Learning

The service may offer advanced, AI-powered functionalities (e.g., vector search, automated metadata generation, or automated tagging).

We do not use your personal notes, bookmarks, or private User Content to train or fine-tune AI models. When you use AI features, relevant content may be processed only to provide the requested functionality. Where third-party AI providers are used, we apply available safeguards designed to prevent your content from being used for model training.

6. Data Disclosure and Third-Party Service Providers

We do not sell your personal data.

We may share personal data with trusted third-party service providers that help us provide, secure, support, bill for, analyze, and improve the Services. These providers may include:

• Cloud Infrastructure Providers: for hosting, storage, backups, database services, and data synchronization. We aim to use EU-region infrastructure for core service data where available and configured.
• Merchant of Record and Payment Processor: Paddle, for billing, tax, invoicing, subscription management, and payment processing.
• Analytics, Diagnostics, and Support Providers: tools used for error monitoring, crash reporting, product diagnostics, customer support, and service reliability, such as Sentry or similar services.
• Communication Providers: tools used to send account, security, billing, support, and service-related messages.

These service providers are required to process personal data under contractual obligations designed to protect the data and support compliance with applicable data protection laws.

We may also disclose personal data where required by law, legal process, court order, regulatory request, or other enforceable legal obligation, or where reasonably necessary to protect the rights, safety, security, or property of the service, our users, or others.

7. International Data Transfers

Nomad Products LLP is domiciled in India. We primarily host and process service data in the European Union using EU-region infrastructure providers. Some of our service providers may be headquartered or operate outside the EEA, Switzerland, or the UK, and limited personal information may be transferred internationally where necessary to provide, secure, support, or administer the Service. Where such transfers occur, we rely on appropriate safeguards under applicable data protection laws, such as adequacy decisions, the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, the Swiss-U.S. Data Privacy Framework, the EU-U.S. Data Privacy Framework where applicable, and equivalent contractual protections.

8. Data Retention and Account Deletion

We retain personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, prevent abuse, and enforce our agreements. You may request deletion of your account at any time. After receiving a valid deletion request, we will delete or anonymize your account information and user content from active systems within 30 days, unless we are required or permitted to retain certain information by law. Residual copies may remain in backups for a limited period until they are overwritten or deleted according to our backup retention schedule. We do not use backup copies for ordinary business purposes, and deleted data will not be restored except where necessary for security, disaster recovery, or legal compliance.

9. Your Statutory Data Protection Rights

Depending on your jurisdiction (specifically under the GDPR and UK GDPR), you are vested with the following unalienable rights regarding your personal data:

• Right of Access: To request a comprehensive disclosure of the personal data we hold about you.
• Right to Rectification: To mandate the correction of any inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): To demand the deletion of your account and associated personal data.
• Right to Data Portability: To export your User Content in universally machine-readable, structured formats without hindrance.
• Right to Restrict or Object: To formally object to specific processing activities, including processing based on legitimate interests.

To seamlessly exercise any of these rights, submit a formal request to our Data Protection Officer at dpo@cherrypic.in. We shall acknowledge and fulfill all verifiable requests within the statutory timeframe of one month.

10. Modifications to this Privacy Policy

We reserve the right to unilaterally amend or update this Privacy Policy to reflect evolving legal, technical, or business developments. In the event of material alterations to our processing methodologies, we shall provide conspicuous preliminary notice via an in-app administrative broadcast and/or a direct email communication to your registered address prior to the changes taking legal effect. Your continued utilization of the Services following the effective date of an updated Policy constitutes your formal acceptance of the revised terms.

11. Children’s Privacy

The Services are not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13.

If you believe that a child has provided us with personal data, please contact us atprivacy@cherrypic.in, and we will take appropriate steps to delete such information where required by law.

If a higher minimum age applies in your jurisdiction, you must meet that age requirement to use the Services.