Privacy — SK Creatives

1. Who we are

"SK Creatives" refers to the consultancy operating at skcreatives.tech, headquartered in Delhi NCR, India. For privacy enquiries, write to [email protected].

For DPDP-related grievances, the nodal contact is [email protected]. A dedicated Grievance Officer designation will be published here when DPDP Rules notification requires it.

2. Data this website collects

The skcreatives.tech website does not run cookies, analytics, advertising tags, fingerprinting scripts, or third-party trackers from this domain. We do not embed third-party widgets that read your activity outside our pages.

Standard HTTP request data — your IP address, user agent string, referer, and the page you requested — is processed transiently by the underlying hosting and content-delivery infrastructure for the technical purpose of delivering the page and protecting the site against abuse. We do not access or retain those logs.

3. Cookies and similar technologies

This website does not set cookies of its own for analytics or marketing purposes. Operational cookies that may be issued at the infrastructure layer (for example, Cloudflare's __cf_bm bot-management cookie or cf_clearance security-challenge cookie) are transient and are not used to identify or profile visitors. These cookies expire on a short cycle and carry no information SK Creatives can read or correlate.

4. Contact and enquiry data

If you contact us — by email, by WhatsApp, by LinkedIn, or via the contact form on this site — the content of your message and the identifiers it carries (your name, email, phone number, professional details you choose to share) are processed by SK Creatives for the purpose of replying to you and considering whether an engagement is the right fit.

The contact form on this site is delivered to us via a third-party form-processing service. SK Creatives receives only the message you submit; the processor's own privacy policy applies to the transit step.

We retain enquiry correspondence for the duration of any active engagement, plus a defined period thereafter — typically up to seven years — to comply with Indian tax, accounting, and contractual-record obligations. After this period, correspondence is purged or anonymised. Engagement-specific records are governed by the engagement's NDA and SLA, which may specify shorter retention. We do not sell, rent, or share enquiry data with third parties for marketing purposes.

5. Marketing and outreach

We do not run a public newsletter. Outreach to clients and prospects is conducted on a one-to-one basis through the channels above. If we add a notify-list mechanism for a specific product launch, we will collect only the email address you provide for that single purpose, on the basis of explicit opt-in, and every message will include a one-click unsubscribe. We will not use a notify-list email address for unrelated marketing.

6. Children

This website and our products are intended for adult professional audiences in defence, government, law-enforcement, and corporate contexts. We do not knowingly collect personal information from children under 16.

7. International transfers

SK Creatives is based in India. Data routed through GitHub Pages and Cloudflare may be processed in jurisdictions where those providers operate infrastructure, including the United States and the European Union. Where you write to us from a region with cross-border-transfer requirements (notably the EU/EEA, the UK, and the Russian Federation), please consider that constraint when deciding what to share by email; we are happy to switch to an in-region channel for sensitive specifics.

8. Your rights

Depending on your jurisdiction, you may have rights of access, correction, deletion, restriction, objection, and portability with respect to personal data we hold about you. To exercise any of these, write to [email protected] from the email address you used in correspondence with us, indicating the right you are exercising. We will respond within a reasonable period and in any event within statutory deadlines.

If you are in the EU/EEA or the UK, you may also lodge a complaint with your national data-protection authority. Note that personal data of Russian residents is not actively processed at the consultancy or product layer; we operate no telemetry inside the products themselves.

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) afford you the right to know what personal information is collected, the right to delete, the right to correct inaccurate information, the right to opt out of sale or sharing of personal information (we do not sell or share personal information for cross-context behavioural advertising), and the right to non-discrimination for exercising your rights. To exercise these, write to [email protected] from the address you used in correspondence with us.

Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), individuals (referred to in the Act as "Data Principals") have rights of access, correction, completion, erasure, and grievance redressal with respect to personal data processed by SK Creatives in the capacity of a Data Fiduciary. To exercise these rights, write to [email protected].

9. Security

We use commercially reasonable measures to protect data in transit (TLS for the website and product communications) and at rest (encryption of stored deliverables, access controls scoped to the engagement team). No system is perfectly secure; for sensitive engagement data we work inside our clients' perimeter and reduce data retention to the operational minimum.

10. Changes to this notice

This notice may be updated from time to time — for example, when we ship a new product or add a contact form. The "Last updated" date at the top of the page indicates the current revision. Material changes will be flagged on the page itself.

Per-product addenda

Privacy notes for SK Creatives software.

Each addendum below describes data handling for a specific SK Creatives product. The addendum is the canonical privacy reference for that product's store listing.

OSINT Recon Toolkit

Product: Browser extension for Chrome, Edge, Firefox.

Data flows: The OSINT Recon Toolkit performs all extraction client-side, inside your browser. No page content, no extracted data, no usage analytics, and no personal information are transmitted to SK Creatives servers.

Local storage: The extension stores its preferences and case-file data locally in your browser's IndexedDB / extension storage. Nothing leaves your machine unless you explicitly use the export feature, which writes a file to your downloads folder.

Pro-tier unlock: Pro features (CSV/PDF export, AJAX interception, batch extraction) unlock through a third-party payment processor. Payment data — card details, billing address, and full transaction metadata — is handled by that processor's own systems and the upstream card networks they use. SK Creatives does not see your card details, billing address, or full payment metadata. We see only the entitlement state ("paid" / "not paid") tied to your extension installation. The processor's own privacy policy applies to the payment transaction; a link to that policy is provided inside the extension's upgrade flow.

Outbound network requests: When you explicitly request an enrichment lookup (for example, a domain WHOIS or certificate-transparency check), the extension fetches public data from the relevant third-party API. These requests carry standard HTTP headers (your IP, user agent) to that third party. SK Creatives does not log, mirror, or proxy these requests.

Permissions: The extension requests host permissions only on the pages you actively use it on, and the permissions it requests are explained in the store listing. It does not run code on pages where you have not invoked it.

What we do not do: No telemetry. No "phone home" pings. No reading of other extensions' storage. No cookies set by the extension itself. No background page-content scraping.

OSINT Recon Pro Darknet

Product: Tor-Browser-tested variant of the OSINT Recon Toolkit, distributed as an XPI directly to vetted buyers.

The data-handling posture of the Pro Darknet variant matches the OSINT Recon Toolkit addendum above: client-side extraction, no telemetry, and local storage of preferences and case data. Additionally, the variant is engineered to coexist with Tor Browser's privacy guarantees — it does not introduce non-Tor network requests, does not break Tor Browser's first-party isolation, and does not relax Tor Browser's default permission scope.

Direct distribution means there is no store-side payment flow; commercial terms are established under NDA before delivery.

Page Forensics

Product: In development. Privacy notes will be published here at the time of public release.

Design commitment: client-side capture only, with explicit user-initiated bundle creation. No telemetry. Sealed forensic bundles are written to the user's downloads folder and remain under the user's exclusive control.

LinguaIntel