Your privacy is important to us. This Privacy Policy explains how NerdCRM,
operated by Nerddevs Ltd ("we", "us", or "our"), collects, uses, discloses,
and safeguards your information when you use our web application, mobile application, and
related services (collectively, the "Service").
1.1 Information You Provide
When you register for and use NerdCRM, we may collect the following information:
- Account Information: Name, email address, password, and organization details.
- CRM Data: Contacts, companies, deals, activities, notes, and any other data you enter into the Service.
- File Uploads: Documents, images, and other files you upload as attachments.
- Communication Data: Information you provide when contacting our support team.
1.2 Information Collected Automatically
When you access or use our Service, we may automatically collect:
- Device Information: Device type, operating system, unique device identifiers, and mobile network information.
- Log Data: IP address, browser type, pages visited, time and date of access, and referring URLs.
- Usage Data: Features used, actions taken, and interaction patterns within the Service.
1.3 Information from Third Parties
We may receive information from third-party services if you choose to integrate them with NerdCRM, such as email providers or calendar services.
2. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To provide, maintain, and improve the NerdCRM platform.
- Authentication: To verify your identity and manage your account securely.
- Organization Management: To support multi-tenant data isolation and role-based access control within your organization.
- Communication: To send service-related announcements, updates, security alerts, and support messages.
- Analytics: To understand usage patterns and improve user experience.
- Security: To detect, prevent, and address technical issues, fraud, and unauthorized access.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
3. Data Sharing and Disclosure
We do not sell your personal information. We may share your information only in the following circumstances:
- Within Your Organization: Data entered into NerdCRM is accessible to members of your organization based on their assigned roles and permissions.
- Service Providers: We may share data with trusted third-party service providers who assist us in operating the Service (e.g., hosting, analytics), subject to strict confidentiality obligations.
- Legal Requirements: We may disclose information if required by law, regulation, legal process, or government request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
- With Your Consent: We may share information with third parties when you have given explicit consent.
4. Data Storage and Security
We take the security of your data seriously and implement appropriate technical and organizational measures, including:
- Encryption of data in transit using TLS/SSL protocols.
- Secure authentication with JWT tokens and HTTP-only cookies.
- Role-based access control to restrict data access within organizations.
- Regular security assessments and updates.
- Secure server infrastructure with access controls and monitoring.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account Data: Retained for the duration of your account and deleted upon account termination, subject to any legal retention requirements.
- CRM Data: Retained as long as your organization's account is active. You may export or delete your data at any time.
- Log Data: Retained for up to 12 months for security and analytics purposes.
- Backups: May be retained for up to 30 days after deletion for disaster recovery purposes.
6. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal obligations.
- Export: Export your data in a machine-readable format (e.g., CSV).
- Restriction: Request restriction of processing of your personal data.
- Objection: Object to processing of your data for certain purposes.
- Withdraw Consent: Withdraw previously given consent at any time.
To exercise any of these rights, please contact us using the information provided in the Contact Us section.
7. Cookies and Tracking Technologies
NerdCRM uses cookies and similar technologies for the following purposes:
- Essential Cookies: Required for authentication, security, and core functionality of the Service. These cannot be disabled.
- Analytics Cookies: Help us understand how users interact with the Service to improve performance and user experience.
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.
8. Third-Party Services
Our Service may contain links to or integrate with third-party services. We are not responsible for the privacy practices of these services. We encourage you to review their privacy policies before providing any personal information.
Third-party services we may use include:
- Cloud hosting and infrastructure providers
- Analytics and monitoring services
- Email delivery services
9. Children's Privacy
NerdCRM is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.
When we transfer your data internationally, we take appropriate safeguards to ensure your information is protected in accordance with this Privacy Policy and applicable laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you of significant changes via email or through the Service.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: