Privacy Policy

We collect information necessary to provide, maintain, and improve our CRM services. This includes:

We never collect sensitive personal data (health, biometric, political views) unless explicitly provided by you for legitimate business purposes.

Your data is used exclusively for legitimate business purposes under GDPR Article 6:

• Service delivery: Provide, maintain, and continuously improve the Nexgen CRM platform
• Customer support: Respond to inquiries, troubleshoot issues, and send essential service communications
• Security & compliance: Detect and prevent fraud, enforce terms of service, and comply with legal obligations
• Product improvement: Analyze usage patterns to prioritize feature development and enhance user experience
• Billing & account management: Process payments, manage subscriptions, and send renewal reminders

We never sell your personal data to third parties or use it for behavioral advertising.

We implement enterprise-grade security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access controls: Role-based access, multi-factor authentication, and least-privilege principle
• Monitoring: 24/7 intrusion detection, automated threat response, and regular penetration testing
• Backups: Encrypted daily backups stored in geographically redundant locations
• Certifications: SOC 2 Type II compliant infrastructure (audited annually)

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy:

• Active accounts: Data retained for the duration of your subscription plus 30 days
• Deleted accounts: Data permanently erased within 30 days after verification of deletion request
• Backup retention: Automated backups retained for 90 days maximum
• Legal compliance: Some transaction data retained for 7 years to comply with tax laws (invoices, payment records)
• Analytics data: Aggregated, anonymized usage data retained for 24 months

Under GDPR (Europe), CCPA (California), and similar privacy laws, you have the following rights:

• Right to access (Art. 15): Request a copy of all personal data we hold about you
• Right to rectification (Art. 16): Correct inaccurate or incomplete information
• Right to erasure (Art. 17): Request permanent deletion of your data (Right to be Forgotten)
• Right to restrict processing (Art. 18): Limit how we use your data
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to object (Art. 21): Object to data processing for direct marketing
• Right to withdraw consent: Withdraw any previously given consent at any time

To exercise these rights, use our Data Deletion Request form or email us directly. We respond within 30 days.

We engage trusted third-party processors to deliver our services. All processors are bound by strict Data Processing Agreements (DPAs) and GDPR-compliant terms:

• Cloud infrastructure: AWS (Ireland) — Data storage and compute
• Database: PostgreSQL (managed) — Encrypted data storage
• Email delivery: SendGrid / AWS SES — Transactional email
• Payment processing: Razorpay / Stripe — Subscription payments (PCI DSS Level 1)
• Monitoring & analytics: Sentry (error tracking), Mixpanel (anonymized usage)
• Customer support: Zendesk — Support ticket management

We never share your personal data with advertising networks, data brokers, or marketing platforms.

We use cookies and similar technologies to enhance your experience:

• Essential cookies (necessary): Enable core functionality (authentication, security, session management)
• Preference cookies: Remember your settings, language, and display preferences
• Analytics cookies: Help us understand usage patterns (anonymized, no personal data)
• Security cookies: Detect and prevent fraud, protect against CSRF attacks

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Nexgen CRM is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

Your data may be transferred to and processed in countries with different data protection laws. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Adopted for all international data transfers
• Data residency: Primary data stored in India and EU (Ireland) regions
• Backup locations: Geographically redundant storage in EU and APAC regions

For privacy-related questions, data requests, or to report a concern, contact our Data Protection Officer (DPO):

• Email: privacy@nexgencrm.com / info@tissertechnologies.com
• Address: Second Floor, M D Commercial Centre, KK Road, Kottayam, Kerala 686001
• Phone: +91 80751 02790 (Support)
• Response time: We aim to respond to all privacy inquiries within 2 business days

You also have the right to lodge a complaint with your local supervisory authority (e.g., EU Data Protection Authority or India's MeitY).