Privacy Policy

Last updated: June 14, 2025Effective: July 1, 2025

At The Greps CRM, we take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it.

๐Ÿ”’ GDPR-aligned๐Ÿ‡ฎ๐Ÿ‡ณ IT Act 2000๐Ÿ“œ Plain English

Jump to section

1Data We Collect

We collect information you provide directly to us when you create an account, use our services, or contact support. This may include:

  • Full name, email address, and phone number
  • Business name, store location, and GST number
  • Customer lists and product catalogues you upload
  • WhatsApp campaign content and recipient data
  • Billing information (processed securely via Razorpay โ€” we never store card details)

Automatically Collected Data

When you use The Greps CRM, we may automatically collect certain technical information:

  • IP address, browser type, and operating system
  • Pages visited, time spent, and click patterns
  • Device identifiers and session tokens
  • Error logs and crash reports to improve product stability

2How We Use Your Data

We use the information we collect to provide, maintain, and improve our services. Specifically, we use your data to:

  • Create and manage your CRM account
  • Enable WhatsApp campaign delivery through our messaging infrastructure
  • Process payments and send invoices
  • Respond to support requests and provide technical assistance
  • Send product updates, security notices, and service announcements
  • Analyse usage patterns to improve features and fix bugs
  • Comply with legal obligations under Indian law

We Never Sell Your Data

The Greps CRM does not sell, rent, or trade your personal information or your customers' data to third parties for marketing purposes. Your data is yours โ€” we are simply the custodian.

3Data Sharing & Third Parties

We may share your information with trusted third-party service providers who assist us in operating our platform:

  • WhatsApp Business API providers for message delivery
  • Razorpay for payment processing (PCI DSS compliant)
  • AWS and Google Cloud for secure data hosting
  • Intercom for in-app customer support
  • PostHog for anonymised product analytics

Each provider is contractually bound to handle your data only for the specified purpose and in compliance with applicable data protection laws.

4Data Retention

We retain your account data for as long as your account remains active. If you delete your account:

  • Your personal data is deleted within 30 days
  • Customer lists and campaign data are purged within 30 days
  • Billing records are retained for 7 years as required by Indian GST regulations
  • Anonymised, aggregated analytics may be retained indefinitely

5Your Rights

You have the following rights with respect to your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal data (subject to legal obligations)
  • Portability: Export your data in a machine-readable format
  • Objection: Opt out of certain types of processing

To exercise any of these rights, contact us at privacy@The Grepscrm.com. We will respond within 30 days.

6Security

We implement industry-standard security measures to protect your data, including:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all API calls
  • Two-factor authentication support for all accounts
  • Regular third-party penetration testing
  • SOC 2 Type II certification (in progress)

Despite these safeguards, no system is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication.

7Cookies

We use cookies and similar tracking technologies to operate and improve our service. Please see our Cookie Policy for full details. You can control cookie preferences through your browser settings.

8Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by displaying a prominent notice within the product at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance.

9Contact Us

If you have questions about this Privacy Policy or your data, please reach out:

  • Email: privacy@The Grepscrm.com
  • Address: The Greps Technologies Pvt. Ltd., Connaught Place, New Delhi โ€” 110001
  • Grievance Officer: Arjun Mehta (grievance@The Grepscrm.com)

This document was last reviewed by our legal team

June 14, 2025 ยท Questions? legal@The Grepscrm.com