Privacy Policy — Zyro CRM

1. Overview

Zyro CRM ("we", "our", "us") is a customer relationship management platform built on Krayin CRM by Webkul. We operate this service to help businesses manage leads, track deals, and communicate with customers across multiple platforms including Meta, Google, Slack, and WhatsApp.

This Privacy Policy applies to all users of Zyro CRM services, including our web application, APIs, and any connected third-party integrations. By using Zyro CRM, you agree to the collection and use of information described in this policy.

We are committed to protecting your privacy and handling your data in an open and transparent manner, consistent with applicable data protection regulations including the GDPR, India's Digital Personal Data Protection Act (DPDPA), and applicable Meta Platform Policies.

2. Information We Collect

We collect information you provide directly and information generated through your use of the platform:

Account & Profile Information

Name, email address, phone number, and company details
Profile photo and job title (optional)
Billing information (handled securely via payment processors)
Login credentials (passwords stored as one-way cryptographic hashes)

CRM Data

Lead and contact records you create or import
Deal information, pipeline stages, notes, and activity logs
Files and attachments you upload
Custom field values and tags

Integration Data

OAuth tokens and access permissions for Meta, Google, Slack, and WhatsApp
Lead data received from connected advertising platforms
Message metadata from WhatsApp Business API conversations
Slack channel IDs and webhook configurations

Usage & Technical Data

IP address, browser type, operating system
Pages visited, features used, and time spent on the platform
Error logs and performance data
Cookie and session data

3. How We Use Your Data

We use the information we collect for the following purposes:

Service Delivery: To operate, maintain, and improve Zyro CRM features and functionality.
Integration Operations: To sync lead data from Meta and Google Ads, send notifications via Slack, and facilitate WhatsApp messaging on your behalf.
Account Management: To create and manage your account, process payments, and provide customer support.
Communications: To send transactional emails, product updates, security alerts, and (with consent) marketing communications.
Analytics & Improvement: To understand how the platform is used and make data-driven improvements.
Security & Compliance: To detect and prevent fraud, abuse, and security incidents, and to comply with legal obligations.
Legal Basis (GDPR): Processing is based on contract performance, legitimate interests, legal obligation, or your explicit consent — whichever applies.

4. Sharing & Disclosure

We do not sell your personal data. We share data only in these circumstances:

With Your Consent: When you explicitly authorise sharing with a third-party integration or service.
Service Providers: With hosting providers, email services, and payment processors who process data solely on our behalf under strict data processing agreements.
Platform Integrations: Data is exchanged with Meta, Google, Slack, and WhatsApp only as necessary to provide the integration features you have enabled.
Legal Requirements: When required by law, court order, or government authority.
Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
Safety: To protect the rights, property, or safety of Zyro CRM, our users, or the public.

5. Meta Integration

When you connect Zyro CRM to your Meta Business account, we access data in accordance with Meta's Platform Policies.

Data we access from Meta:

Lead form submission data from your Facebook/Instagram Lead Ads
Ad campaign performance metrics (impressions, clicks, spend)
Page and Business account metadata needed for API authentication

How we use this data:

To create and update lead records in your CRM automatically
To attribute leads to specific campaigns for ROI reporting
We do not use Meta data for advertising targeting on other platforms

Data deletion: You may disconnect the Meta integration at any time from your account settings. Upon disconnection, we revoke all access tokens. You may also request deletion of all Meta-sourced data via our Data Deletion Request page, as required by Meta's Platform Policies.

Meta's own privacy: Zyro CRM is subject to Meta's Terms of Service. Meta's privacy practices are governed by their own Privacy Policy.

6. Google Integration

Our Google integration complies with Google API Services User Data Policy, including the Limited Use requirements.

Data we access from Google:

Google Ads lead form data and campaign performance metrics
Google Contacts (read/write) when enabled by you
Google OAuth identity information (email, name) for authentication

Limited Use Disclosure: Zyro CRM's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertisements.

You can revoke Google access at any time through Google Account Permissions or from your Zyro CRM settings.

7. Slack Integration

Our Slack integration is built in accordance with Slack's API Developer Policy.

Data we access from Slack:

Workspace and channel information required to deliver notifications
Slack user identity for associating alerts with the correct team members

Data we send to Slack:

New lead notifications including name, source, and deal value
Pipeline stage change alerts and task reminders
We do not send sensitive personal data (e.g., financial records) to Slack

You can disconnect the Slack integration from your CRM settings at any time. Zyro CRM does not store Slack message history.

8. WhatsApp Integration

Our WhatsApp integration uses the WhatsApp Business API in compliance with WhatsApp's Business Policy and Commerce Policy.

Data we process via WhatsApp:

Phone numbers of contacts you choose to message through the CRM
Message content and templates you create and send
Delivery and read receipt metadata

Important: You are responsible for ensuring you have valid consent from contacts before messaging them via WhatsApp through Zyro CRM. We log message metadata for audit purposes and store it in accordance with our retention policy.

WhatsApp messages are transmitted via Meta's infrastructure. Meta's Privacy Policy governs their handling of message data on their platform.

9. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve Zyro CRM:

Essential Cookies: Required for authentication, session management, and core functionality. Cannot be disabled.
Analytics Cookies: Help us understand how users interact with the platform (e.g., pages visited, features used). Can be opted out.
Preference Cookies: Remember your settings and preferences (e.g., language, timezone).

You can manage cookies through your browser settings. Disabling essential cookies may affect platform functionality. We do not use third-party advertising cookies.

10. Security

We implement industry-standard security measures to protect your data:

TLS/SSL encryption for all data in transit
Encryption at rest for databases and file storage
Passwords stored using bcrypt hashing (never in plain text)
OAuth 2.0 for secure third-party authentication
Role-based access controls within your organisation
Regular security audits and vulnerability assessments
Two-factor authentication (2FA) available for all accounts

Despite these measures, no internet transmission is 100% secure. If you discover a security vulnerability, please contact us immediately at security@zyrocrm.com.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate or incomplete personal data.
Erasure: Request deletion of your personal data ("right to be forgotten"). See our Data Deletion Request page.
Portability: Receive your data in a structured, machine-readable format.
Restriction: Request that we limit processing of your data in certain circumstances.
Objection: Object to processing based on legitimate interests.
Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at privacy@zyrocrm.com. We will respond within 30 days.

12. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

Active Accounts: Data is retained for the duration of your subscription plus 90 days after cancellation.
After Deletion Request: Personal data is deleted within 30 days of a verified deletion request. Some data may be retained in anonymised form for analytics.
Legal Holds: We may retain certain data longer if required by law (e.g., financial records for tax purposes).
Backups: Data may persist in encrypted backups for up to 90 days after deletion, after which it is permanently purged.

13. Children's Privacy

Zyro CRM is a business-to-business platform intended for use by adults (18+). We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that a minor has provided us with personal information, we will delete it promptly. If you believe a minor has submitted data to us, please contact privacy@zyrocrm.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Send an in-app notification and/or email to registered users
Provide a summary of key changes where applicable

Continued use of Zyro CRM after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out:

mail

Privacy Team

privacy@zyrocrm.com

delete_forever

Data Deletion

Submit a request →