Legal
Privacy Policy
We respect your privacy and are committed to protecting your personal data.
Effective Date: 1 March 2026 ·
Last Updated: 1 March 2026 ·
Version: 1.0
1. Who We Are
ZingoorCRM ("we", "us", "our") operates the SaaS platform accessible at app.zingoorcrm.com and the marketing website at zingoorcrm.com. We provide task management and CRM software to small and medium businesses.
For the purposes of data protection laws, ZingoorCRM is the data controller of the personal data described in this policy. Our primary contact for privacy matters is: legal@zingoorcrm.com.
2. Data We Collect
2.1 Account & Profile Data
- Name (first name, last name), email address, mobile number (with country code)
- Company / organisation name, role or designation
- Profile avatar / photo (if uploaded or linked via OAuth)
- Password (stored as a one-way hash — we never store your plain-text password)
2.2 Billing & Payment Data
- Billing name, address, and GST / tax identification number (if applicable)
- Subscription plan, billing cycle, and transaction history
- We do not store payment card numbers. All payment transactions are processed by our PCI-DSS compliant payment gateway partners (currently Sabpaisa and/or Stripe). Card details are entered directly on the payment gateway's secure page.
2.3 Content & Usage Data
- Tasks, comments, categories, and other content you create within the platform
- Files and attachments you upload
- External participant details you add to tasks (name, email, mobile)
- Feature usage patterns, login timestamps, session activity
2.4 Technical & Device Data
- IP address, browser type and version, operating system
- Device identifiers, time zone, and language settings
- Referral URL and pages visited on our website
- Crash reports and error logs (no personal content included)
2.5 Communications Data
- Emails, support tickets, and live chat messages you send to us
- Survey responses and feedback you voluntarily provide
2.6 OAuth / Social Login Data
If you sign in via Google, Microsoft, or LinkedIn, we receive your name, email, and profile picture from that provider. We do not receive or store your social media passwords.
3. How We Use Your Data
- To provide and operate the service — account creation, authentication, task management features, file storage, notifications, and reminders
- To process payments and issue invoices — subscription billing, order confirmation, GST invoices
- To send transactional communications — email notifications for tasks, comments, reminders, magic links, and system alerts (these are service-critical and cannot be opted out of while the service is active)
- To send commercial communications — product updates, new features, newsletters (you can unsubscribe at any time)
- To provide customer support — responding to inquiries and resolving issues
- To improve the platform — analysing usage patterns, fixing bugs, and developing new features
- To comply with legal obligations — tax records, fraud prevention, regulatory requirements
- To enforce our Terms of Service — detecting abuse, protecting security, and resolving disputes
4. Legal Basis for Processing
For users in the European Economic Area (EEA) and United Kingdom, we process your data under the following legal bases (GDPR Article 6):
- Contract performance — processing necessary to deliver the service you subscribed to
- Legitimate interests — security, fraud prevention, product improvement, and direct marketing to existing customers
- Legal obligation — compliance with Indian tax laws, audit requirements, and applicable regulations
- Consent — marketing emails to prospects and optional analytics cookies (you may withdraw consent at any time)
For users in India, processing is conducted in accordance with the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act).
5. Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We share data only as described below:
5.1 Payment Processors
Sabpaisa (SabPaisa Payments Solutions Pvt. Ltd.) and Stripe, Inc. process payments on our behalf. Your payment data is governed by their respective privacy policies.
5.2 Cloud Infrastructure
Our servers are hosted on managed cloud infrastructure. Your data is stored on servers that may be located in India or other jurisdictions, subject to adequate data protection measures.
5.3 Email Delivery
We use third-party email delivery providers to send transactional emails (notifications, invoices, magic links). These providers process email addresses and message content on our behalf under data processing agreements.
5.4 Analytics
We may use anonymised usage analytics tools. No personally identifiable information is shared for analytics purposes.
5.5 Legal & Regulatory Disclosures
We may disclose your data if required by law, court order, or government authority, or if necessary to protect the rights, property, or safety of ZingoorCRM, its users, or the public.
5.6 Business Transfers
In the event of a merger, acquisition, or sale of business assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.
6. Data Retention
- Active accounts: Data is retained for as long as your account is active.
- After cancellation: Your data remains accessible for 30 days after subscription cancellation or account closure, during which you can export it. After 30 days, data is permanently deleted from our systems.
- Billing records: Invoices, payment records, and associated personal data are retained for 7 years to comply with Indian tax and accounting laws.
- Support communications: Retained for 3 years for audit and quality purposes.
- Server logs: Retained for up to 90 days for security and debugging, then automatically purged.
7. Security
We implement industry-standard security measures to protect your data, including:
- TLS/HTTPS encryption for all data in transit
- Passwords stored using one-way cryptographic hashing (bcrypt)
- Role-based access controls — staff access to customer data is strictly limited and logged
- Regular security reviews and dependency updates
- Firewall protection and intrusion detection on server infrastructure
No system is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet. You are responsible for keeping your login credentials confidential.
8. International Data Transfers
Our primary servers are located in India. If your data is transferred internationally (e.g., through email delivery or payment processing partners), we ensure adequate protections are in place — such as Standard Contractual Clauses (SCCs) for EEA transfers, or equivalent mechanisms.
By using our service, you acknowledge that your data may be processed in countries outside your own, where data protection laws may differ.
9. Your Rights
9.1 Rights for All Users
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate or incomplete data
- Deletion — Request deletion of your personal data (subject to legal retention obligations)
- Data Portability — Export your tasks and data in CSV/JSON format from within the application
- Withdraw Consent — Unsubscribe from marketing emails at any time via the unsubscribe link in any email
9.2 Additional Rights for EEA / UK Users (GDPR)
- Right to Restriction — Request that we limit how we use your data in certain circumstances
- Right to Object — Object to processing based on legitimate interests
- Right to Lodge a Complaint — You may lodge a complaint with your national data protection supervisory authority
9.3 Rights for California Users (CCPA)
- Right to know what personal information is collected and how it is used
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising your privacy rights
9.4 Rights under India's DPDP Act, 2023
- Right to access information about personal data processed
- Right to correction and erasure of personal data
- Right to grievance redressal
- Right to nominate another person to exercise rights on your behalf
To exercise any of the above rights, email us at legal@zingoorcrm.com. We will respond within 30 days.
10. Cookies
We use cookies and similar tracking technologies on our website and application:
- Essential cookies — Required for authentication, session management, and security. Cannot be disabled.
- Preference cookies — Remember your settings (e.g., currency preference on our website).
- Analytics cookies — Anonymised data to understand how visitors use our site (optional, consent-based).
You can control non-essential cookies through your browser settings. Disabling cookies may affect certain features of the service.
11. Children's Privacy
Our service is intended for business use by individuals aged 18 years or older. We do not knowingly collect personal data from children under 18. If you believe a minor has provided us with personal data, please contact us immediately at legal@zingoorcrm.com and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify registered users by email at least 14 days before the changes take effect
- For significant changes, display a prominent notice within the application
Continued use of the service after the effective date of changes constitutes acceptance of the revised policy.
For any privacy-related questions, requests, or concerns, please contact our Privacy team: